Jump to content

Wipe free Space


john_a

Recommended Posts

Hi all

 

This 'Wipe Free Space' option is a bit of a joke, isn't it? Any good intelligence or recovery professional could unencrypt this. I use Kill Disk, which wipes pre-boot, for obvious reasons.

 

Why was this option even added to the latest versions of CCleaner?

Link to comment
Share on other sites

  • Moderators

Just out of interest, how would any recovery professional 'unencrypt' overwritten data, and who advertises that they do this? I agree that for the overwhelming majority of the human race this is a waste of time, but people love gadgets and tweaking stuff.

Link to comment
Share on other sites

Just out of interest, how would any recovery professional 'unencrypt' overwritten data, and who advertises that they do this? I agree that for the overwhelming majority of the human race this is a waste of time, but people love gadgets and tweaking stuff.

It's not hard, just like trying to hear the sounds of a tape you have recorded over.

 

Like, one wipe, not secure, two wipes, more secure..etc etc. CCleaner is like a half wipe.. Kill Disk is one , if not the only, secure deletion method. CCleaner is no better than Webroots 'shredder', or heaps of others.

Link to comment
Share on other sites

It's not hard, just like trying to hear the sounds of a tape you have recorded over.
With Mute selected its good to fall asleep with though if the volume is turned up.

 

Helps to block out the beeping horns, partying neighbors that don't invite you to their party and construction trucks :lol:

 

Like, one wipe, not secure, two wipes, more secure..etc etc. CCleaner is like a half wipe..
I was going to insert the one that begins with "a" but I thought better of it.

 

I prefer the sounds of waves gently breaking at the beach lounging in a chair with a cold beverage on a table beside me.

"Education is what remains after one has forgotten everything he learned in school." - Albert Einstein

IE7Pro user

Link to comment
Share on other sites

  • Moderators

Please quote where.

 

A quick flick on Google with 'recover overwritten data' shows nobody is offering this service. To quote one hit, from Sean Barry (Ontrack's Remote Data Recovery Manager), ?There is no chance of recovery with overwritten clusters. The bit density on hard disk drives is so great now that when the magnetics are rewritten, the data is gone." Ontrack.com claims to be the world leader in data recovery.

Link to comment
Share on other sites

Please quote where.

 

A quick flick on Google with 'recover overwritten data' shows nobody is offering this service. To quote one hit, from Sean Barry (Ontrack's Remote Data Recovery Manager), ?There is no chance of recovery with overwritten clusters. The bit density on hard disk drives is so great now that when the magnetics are rewritten, the data is gone." Ontrack.com claims to be the world leader in data recovery.

Sure, have a read of this: (LINK)

 

Reasons for Concern

 

Widely available disk overwriting software is one of the main reasons why data leaks continue to occur. Many corporate IT departments use these disk overwriting software tools to mitigate potential business risks and legal liabilities but these tools may have significant drawbacks which could compromise an organization's security.

 

According to a memorandum issued by the United States Department of Defense (DoD), (2001, May), overwriting software must have the following functions and capabilities in order to ensure the integrity of the sanitization process:

 

* The ability to purge all data or information, including the operating system (OS), from the physical or virtual drives, thereby making it impossible to recover any meaningful data by keyboard or laboratory attack.

* A compatibility with, or capability to run independent of, the OS loaded on the drive.

* A compatibility with, or capability to run independent of, the type of hard drive being sanitized (e.g., Advanced Technology Attachment (ATA)/Integrated Drive Electronics (IDE) or Small Computer System Interface (SCSI) type hard drives).

* A capability to overwrite the entire hard disk drive independent of any Basic Input/Output System (BIOS) or firmware capacity limitation that the system may have.

* A capability to overwrite using a minimum of three cycles (six passes) of data patterns on all sectors, blocks, and slack or unused disk space on the entire hard disk medium.

* A method to verify that all data has been removed from the entire hard drive and to view the overwrite pattern

Link to comment
Share on other sites

If you are that paranoid why are you using a computer?

"Education is what remains after one has forgotten everything he learned in school." - Albert Einstein

IE7Pro user

Link to comment
Share on other sites

If you are that paranoid why are you using a computer?

Of course, a typical, predictable, yet useless interruption to the conversation.

 

We were discussing the different wipe methods available, and in particular the usefulness/performance of the CCleaner Wipe Free Space function, but hey, thanks for the input..buddy.

Link to comment
Share on other sites

  • Moderators

That article discusses shortcomings in the disk wiper's ability to access every area of the disk (bad sectors etc), the bios not reporting the full size of the disk, and problems with raid configurations.

 

I don't think there's much doubt that, with the right tools and a little work, fragments of data can be retrieved from otherwise inaccessible areas on a disk that the user thought secure. There is a quote somewhere to the effect of "The pagefile is the policeman's friend." However there is no evidence or example of any data - barring a few isolated bits - being recovered after it has been overwritten by anyone anywhere.

 

I don't how CC's free space wipe works, and I don't think think that Piriform would claim that it is a forensic standard wiper. Still, the option appears to be quite popular.

Link to comment
Share on other sites

That article discusses shortcomings in the disk wiper's ability to access every area of the disk (bad sectors etc), the bios not reporting the full size of the disk, and problems with raid configurations.

 

I don't think there's much doubt that, with the right tools and a little work, fragments of data can be retrieved from otherwise inaccessible areas on a disk that the user thought secure. There is a quote somewhere to the effect of "The pagefile is the policeman's friend." However there is no evidence or example of any data - barring a few isolated bits - being recovered after it has been overwritten by anyone anywhere.

 

I don't how CC's free space wipe works, and I don't think think that Piriform would claim that it is a forensic standard wiper. Still, the option appears to be quite popular.

"and I don't think think that Piriform would claim that it is a forensic standard wiper. Still, the option appears to be quite popular."

 

That was a good answer, however, any recovery professional will tell you that a single wipe of free space area is probably quite useless, but as you mention, it seems to be a popular option with CCleaner users, for whatever reason.

 

* A capability to overwrite using a minimum of three cycles (six passes) of data patterns on all sectors, blocks, and slack or unused disk space on the entire hard disk medium.

 

NOTE: As a mentionable tip, if anyone is interested in wiping out free space or old data prior to selling or throwing out their old PC, or for any reason, I'd suggest this: http://www.killdisk.com/

Link to comment
Share on other sites

  • Moderators
any recovery professional will tell you that a single wipe of free space area is probably quite useless

If we concentrate on just one aspect, where is the evidence that any data has ever been recovered after being overwritten? One wipe will do.

 

PS Off to the pub now. Expect wit and wisdom when I return.

Link to comment
Share on other sites

If we concentrate on just one aspect, where is the evidence that any data has ever been recovered after being overwritten? One wipe will do.

 

PS Off to the pub now. Expect wit and wisdom when I return.

Hi

 

I thought you may have found the wit and wisdom at the pub! (Kidding).

 

Anyway, I came across THIS, which seems to be related to the issue you have raised.

 

PS Anticipating a rebuttal.

Link to comment
Share on other sites

I found that the advice Don't argue with an idiot; people watching may not be able to tell the difference works well and they are of the Ferrous Cranus type of troll:

http://redwing.hutman.net/~mreed/warriorsh...erouscranus.htm

"Education is what remains after one has forgotten everything he learned in school." - Albert Einstein

IE7Pro user

Link to comment
Share on other sites

  • Moderators

After slumping in front of a Top Gear rerun (the Vietnamese trip - excellent) thers's not much wit and wisdom left now.

 

The link you posted has nothing to do with whether you can recover overwritten data, but appears to be some misuse or malfunction of Eraser. Indeed the last but one post indicates that overwriting data (by using any method) makes it unrecoverable.

 

One overwrite of data makes that data unrecoverable. That's all there is to it.

Link to comment
Share on other sites

any recovery professional will tell you that a single wipe of free space area is probably quite useless, but as you mention, it seems to be a popular option with CCleaner users, for whatever reason.

This is complete FUD. Where did you get this info? There is no reputable data recovery company who will claim to be able to recover data that has been overwritten.

 

The fact that you compare analog audio tapes to a computer HDD, and refer to recovering overwritten data as "unencrypting" it, should be a warning to anyone reading this thread that you have a limited grasp of the technology.

 

Instead of spreading misinformation, maybe you should concentrate on the more important question - whether or not CCleaner does overwrite all of the data it claims to.

 

Here are some links for you to think about, John:

 

http://www.nber.org/sys-admin/overwritten-data-guttman.html

http://www.h-online.com/news/Secure-deleti...-do-it--/112432

http://www.springerlink.com/content/408263ql11460147/

http://16systems.com/zero.php

http://sansforensics.wordpress.com/2009/01...ard-drive-data/

http://www.securityfocus.com/brief/888?ref=rss

Link to comment
Share on other sites

john_a, how does the ccleaner DOD & NSA deletion options factor into this thread topic. Does that mean they're no more effective than the normal option? (:/

 

thank you in advance!

"Life is not a journey to the grave with the intention of arriving safely in a pretty and well-preserved body, but rather to skid in broadside, thoroughly used up, totally worn out and loudly proclaiming, WOW! What a Ride!"
Link to comment
Share on other sites

  • Moderators

Well, if you agree with the statement that one overwrite makes the previously written data unrecoverable, then any more than one would be superfluous. I guess the DOD etc are just super cautious, or perhaps Mr Gutmann was on board as an advisor.

Link to comment
Share on other sites

I found that the advice Don't argue with an idiot; people watching may not be able to tell the difference works well and they are of the Ferrous Cranus type of troll:

http://redwing.hutman.net/~mreed/warriorsh...erouscranus.htm

Err.., sure.

 

 

Well, if you agree with the statement that one overwrite makes the previously written data unrecoverable, then any more than one would be superfluous. I guess the DOD etc are just super cautious, or perhaps Mr Gutmann was on board as an advisor.

"Well, if you agree with the statement that one overwrite makes the previously written data unrecoverable.."

 

Where did I say that?

 

"According to a memorandum issued by the United States Department of Defense (DoD), (2001, May), overwriting software must have the following functions and capabilities in order to ensure the integrity of the sanitization process: -

 

A capability to overwrite using a minimum of three cycles (six passes) of data patterns on all sectors, blocks, and slack or unused disk space on the entire hard disk medium. "

 

I guess we'll have to leave it to them to recheck their research, I'm sure there will be an amendment if they come across this thread.

Link to comment
Share on other sites

  • Moderators

I made that statement, John.

 

Funnily enough the DoD did check their research, and no version of the manual since 1997 specifies any method of data sanitisation, as they call it. The responsibility for this lies with the Cognizant Security Authority: one of these, The Defense Security Service, provides a Clearing and Sanitization Matrix which does specify methods. In the June 2007 edition of the DSS C&SM (phew!) overwriting is no longer acceptable for sanitisation of magnetic media; only degaussing or physical destruction is acceptable. A problem with disk-wiping is that it can't clean hard drives that have physically failed, presumably why degaussing or physical destruction is specified.

 

Furthermore in late 2004 the U.S. National Security Agency (NSA Advisory LAA-006-2004) found that a single 'DoD' overwrite instead of the three passes is sufficient to render electronic files unrecoverable.

 

There is no way on God's earth that a hypothesis is true because an authority, no matter how high, guards against it. It must be proven, and nobody can prove or show that overwritten data can be recovered. It can however be shown that it is not physically possible to read any magnetic track 'overlays', and if it were it is statistically impossible to recover a single error-free byte.

Link to comment
Share on other sites

Too much noise, so I appear... :lol: LOL

 

The thingy is simple.

 

1- Wiping free space is not necessary unless you are giving away your computer as it is (and even so).

 

2- You should only wipe your entire disk if you are selling it, throwing it away or giving it to someone else.

 

3- You shouldn?t go to the extremes unless you have threatened somebody you shouldn't have messed with.

 

I mean, there's no need of wiping the free space of your drive. This can cause a lot of wear and tear and can shorten its lifespan.

 

If you really want to get rid of your data, just take a hammer and make it dirt.

 

Anyways, great topic, great posts. Thank you all for the great information.

 

Data peace. ;)

Link to comment
Share on other sites

I'm not going to fire a flame war, Just want to say that if you sell a PC should really do a system factory recovery, as that way the new owner can set up their Personal Computer their way!

 

I have used the Wipe space on one PC as a test but Windows displayed a low virtual memory error, but that was the first version with Wipe space.

Link to comment
Share on other sites

I made that statement, John.

 

Funnily enough the DoD did check their research, and no version of the manual since 1997 specifies any method of data sanitisation, as they call it. The responsibility for this lies with the Cognizant Security Authority: one of these, The Defense Security Service, provides a Clearing and Sanitization Matrix which does specify methods. In the June 2007 edition of the DSS C&SM (phew!) overwriting is no longer acceptable for sanitisation of magnetic media; only degaussing or physical destruction is acceptable. A problem with disk-wiping is that it can't clean hard drives that have physically failed, presumably why degaussing or physical destruction is specified.

 

Furthermore in late 2004 the U.S. National Security Agency (NSA Advisory LAA-006-2004) found that a single 'DoD' overwrite instead of the three passes is sufficient to render electronic files unrecoverable.

 

There is no way on God's earth that a hypothesis is true because an authority, no matter how high, guards against it. It must be proven, and nobody can prove or show that overwritten data can be recovered. It can however be shown that it is not physically possible to read any magnetic track 'overlays', and if it were it is statistically impossible to recover a single error-free byte.

There's a lot in there that needs addressing, but I haven't the time atm. I'll get back with a better reply later tomorrow.

 

But for one, lets start with this:

 

"It must be proven, and nobody can prove or show that overwritten data can be recovered. It can however be shown that it is not physically possible to read any magnetic track 'overlays.."

 

I refer to THIS article, and quote:

 

"Wright did find that multiple passes do make it harder to recover data and that data written to a pristine drive is much easier to recover."

 

So I would presume, if the article is to bare any credence, that recovery is in fact possible.

 

My apologies again, but I'm a bit pressed for time right now, I'll get back with a more thorough reply shortly.

Link to comment
Share on other sites

  • Moderators

And here's the full quote:

 

Wright did find that multiple passes do make it harder to recover data and that data written to a pristine drive is much easier to recover. Yet, in the most common case, where the drive has been used and written to multiple times, a user can be assured of their privacy by a single pass.

 

"In many instances, using a MFM (magnetic force microscope) to determine the prior value written to the hard drive was less successful than a simple coin toss."

 

I'm bemused. I would have used the article in John's link (which is titled 'Single drive wipe protects data, research finds'), and the two links that article refers to, as an indication that data overwritten once cannot be recovered by any means.

 

To quote guru Gutmann, from a link in John's article,

 

'On using a Magnetic Force Microscope to recover data from offtrack writes,'

 

'Any modern drive will most likely be a hopeless task, what with ultra-high densities and use of perpendicular recording I don't see how MFM would even get a usable image, and then the use of EPRML will mean that even if you could magically transfer some sort of image into a file, the ability to decode that to recover the original data would be quite challenging. OTOH if you're going to use the mid-90s technology that I talked about, low-density MFM or (1,7) RLL, you could do it with the right equipment, but why bother? Others have already done it, and even if you reproduced it, you'd just have done something with technology that hasn't been used for ten years.'

 

The point stands. Provide any evidence that any data has ever been recovered after being overwritten once, or any company that purports to do this. Although Gutmann says that it has been done on old technology, he cites no examples of it being done for more than a few bits. Where's the oft-quoted missing gaps on the Nixon tapes, technology that's older than Methusela?

Link to comment
Share on other sites

And here's the full quote:

 

Wright did find that multiple passes do make it harder to recover data and that data written to a pristine drive is much easier to recover. Yet, in the most common case, where the drive has been used and written to multiple times, a user can be assured of their privacy by a single pass.

 

"In many instances, using a MFM (magnetic force microscope) to determine the prior value written to the hard drive was less successful than a simple coin toss."

 

I'm bemused. I would have used the article in John's link (which is titled 'Single drive wipe protects data, research finds'), and the two links that article refers to, as an indication that data overwritten once cannot be recovered by any means.

 

To quote guru Gutmann, from a link in John's article,

 

'On using a Magnetic Force Microscope to recover data from offtrack writes,'

 

'Any modern drive will most likely be a hopeless task, what with ultra-high densities and use of perpendicular recording I don't see how MFM would even get a usable image, and then the use of EPRML will mean that even if you could magically transfer some sort of image into a file, the ability to decode that to recover the original data would be quite challenging. OTOH if you're going to use the mid-90s technology that I talked about, low-density MFM or (1,7) RLL, you could do it with the right equipment, but why bother? Others have already done it, and even if you reproduced it, you'd just have done something with technology that hasn't been used for ten years.'

 

The point stands. Provide any evidence that any data has ever been recovered after being overwritten once, or any company that purports to do this. Although Gutmann says that it has been done on old technology, he cites no examples of it being done for more than a few bits. Where's the oft-quoted missing gaps on the Nixon tapes, technology that's older than Methusela?

"Provide any evidence that any data has ever been recovered after being overwritten once.."

 

"Gutmann says that it has been done on old technology.."

 

So obviously it can be done, there's next to nothing written about it, but I would assume newer technology would make the job even easier.

 

The original point I was making, and stand by, is that a single wipe of free space, as used by CCleaner, achieves next to no security (or purpose), if you so desire it.

 

Unless my previously mentioned methods of secure deletion are employed, the whole exercise would seem a waste of time, and a

mere gimmick for people who feel the need for this type of data security.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.