How can hackers recover data?

150 views

I DBAN’d my laptop a while ago and was told that I have to scan over and replace every bit of the hard drive multiple times or else hackers could still get the data. How are they able to do this?

In: Other

When you “delete” a file, your computer simply marks that space as usable for something else. It might get overwritten eventually as you save new stuff, but it also might not. That’s how deleted files can sometimes be recovered.

While i don’t know exactly how the program you use works, it has to do with how computers store data.

When you save a file for example, it stores it in a certain location on the drive, and the marks that location as a saved file so it doesn’t get overwritten.

When you then go an delete that file, all the computer does is remove that “don’t overwrite” mark. So the data is actually still stored there, it’s just free’d up and could get replaced with a new file.

So the original data doesn’t actually disappear until something comes along and replace it or something runs that Forcibly replaces it.

Until then the data is still recoverable.

Again, idk exactly how the program you mentioned works, so maybe it does what I described, maybe it doesn’t. But that is how people can get “deleted” data.

The “wipe multiple times” thing originated with older, magnetic hardware. It was theorized that even if you wipe such hardware once or twice, there might be some magnetic residue you could examine using a microscope to determine previous magnetic states.

It almost has no bearing on modern day magnetic drives and certainly has no bearing on non-magnetic media. Even the US Department of Defense has dropped the “wipe multiple times” standard.

When your computer writes a file to a hard disk, it does two things: it writes the data to a location on the disk and it makes a record in a master data table so that the information can be found again and protected from overwrite.

When you “delete” a file, your computer changes the record in the master data table so that the file will be skipped in searches and the space that it takes up is available for overwrite. The information is not deleted in any real sense. A skilled person who has access to the drive can easily rebuild the master data table and get at the information if it has not been overwritten. This can be done remotely by hackers.

To secure against that you would use a scrubber. That is a program that overwrites the data with zeros or random data and depending on its level of sophistication does a bunch of other things too.

Usually, the scrubber makes several passes changing the data multiple times. It has been rumoured for a long time that physical examination of the hard drive may enable someone to unscrub data. I can’t say if these rumours are true or not. If they are, then I would speculate that they would require physical possession of the hard drive.

DBAN looks like it is a very basic and free scrubber. If you look on their website you will see all the things that their paid app, Blancoo Drive Eraser, does that the free version does not. I say ‘looks like’ because if your data is sensitive enough that it requires scrubbing, you really shouldn’t rely on a third party to scrub it.