The ‘7 overwrites to be completely irretrievable’ is mostly just an overabundance of caution.

For example, a single overwrite, there may be some residual charge left behind that could be interpreted as having previously being a 1 or 0. Enough so that strong forensics could make a more conclusive prediction.

It’s been awhile since I’ve read the specifics, but somewhere between 3 to 4 overwrites is enough to render virtually anything unrecoverable on the current tech of the time that it became a standard. However, the US government needing to be absolutely certain that even with current and future tech that they don’t know about (you know, the kind our adversaries *could* theoretically have), data *couldn’t* be recovered. They pretty much doubled (and rounded up) the average number of rewrites they found to be reliable in rendering data completely gone.

It wasn’t that at 6 overwrites they could still recover data but they couldn’t at 7….it was more of a “but what if our enemies have something we don’t know about and *can* recover data more reliably”.

Additionally, zeroing a drive isn’t that reliable in all honesty. If you only do it once or twice, you may still detect enough of a field anywhere there was a one to make the assumption that it used to be a one. Places that have weaker fields would likely have been a zero before the wipe. Realistically you don’t want to zero a drive….you want to overwrite it with random data multiple times and *then* zero, so even if they can recover anything it’ll just be a random assortment of 1s and 0s.

I’d add, for the average user a single overwrite/zero is enough to prevent your data from being recovered. Unless you have some high level forensics team trying to peek at your overwritten data, nobody is going to bother trying to recover something that’s been fully deleted.