Erasing/overwriting previous hard disk

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read how to get help
Post Reply
beginner@linux
Level 1
Level 1
Posts: 5
Joined: Sun Nov 15, 2015 6:45 pm

Erasing/overwriting previous hard disk

Post by beginner@linux » Tue Dec 29, 2015 4:46 am

Hi,

before I've installed Linux 17.3, 64 bit I was running windows 7. There were some sensitive on the hard disk that I hope they're completely wiped by installing Linux. Is this the case or is it possible to retrieve for a 3rd person theme somehow? Suppose there's still data left from that i used in windows, can i wipe them totally, and how do i find them?

Thank you,

Jurgen.
Last edited by xenopeek on Wed Dec 30, 2015 7:40 am, edited 1 time in total.

User avatar
xenopeek
Level 24
Level 24
Posts: 24030
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Erasing/overwriting previous hard disk

Post by xenopeek » Tue Dec 29, 2015 5:03 am

If you didn't use disk encryption with Windows, and you didn't use something like DBAN to wipe your hard disk before installing Linux Mint, then any and all files from Windows may still be recoverable with something like PhotoRec.

Note that there is no reliable way on most SSDs or SSHDs to wipe them (due to firmware wear levelling and spare areas), thus you can only keep files safe on solid state disks by using disk encryption. If you didn't use disk encryption on a solid state disk, there's not much you can do now short of physically destroying all the flash chips on it.

Possibly you can use something like http://wipefreespace.sourceforge.net/ to remove traces from Windows files. If you didn't install Linux Mint will disk encryption, you'll face the same issue in the future with that. In that case I'd say use DBAN to erase your entire disk (assuming it's not some kind of solid state disk) and reinstall Linux Mint and enable disk encryption in the installer.
Image

beginner@linux
Level 1
Level 1
Posts: 5
Joined: Sun Nov 15, 2015 6:45 pm

Re: Erasing/overwriting previous hard disk

Post by beginner@linux » Wed Dec 30, 2015 6:01 am

hi xenopeek,

ik zie dat je van Nederland bent. Ik ben zoals je ziet nog maar net mee op de Linuxtrein gesprongen. Alles is dus nog wat zoeken voor mij. Net zoals de link die je gepost hebt. Dat is voor mij net als chinees. :shock: Bij de installatie heb ik de disk encryption geprobeerd, maar na de installatie weigerde hij steeds mijn paswoord te accepteren. (mss wijziging van toestenborsd?) Dus heb ik dat overgeslagen.
Ik zal je raad opvolgen, DBAN gebruiken om alles te wissen en Linux herinstalleren. Is de gebruikelijke methode via een live boot cd?

Bedankt voor de raad,

Beginner@linux

User avatar
Pierre
Level 18
Level 18
Posts: 8794
Joined: Fri Sep 05, 2008 5:33 am
Location: Perth, AU.

Re: Erasing/overwriting previous hard disk

Post by Pierre » Wed Dec 30, 2015 8:44 am

the best method to use DBAN to erase everything and reinstall Linux, is via the usual method of a live boot CD.
Image
Please edit your original post title to include [SOLVED] - when your problem is solved!
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.

all41
Level 14
Level 14
Posts: 5487
Joined: Tue Dec 31, 2013 9:12 am
Location: Computer, Car, Cage

Re: Erasing/overwriting previous hard disk

Post by all41 » Wed Dec 30, 2015 11:48 am

If the data is extremely sensitive one should consider replacing the hdd and destroying the old one.
This was more cost effective even when drives were expensive.
Destruction was mandated for systems used in military r&d environments where it was carefully controlled, monitored, and documented--even for leased systems.

User avatar
Flemur
Level 17
Level 17
Posts: 7019
Joined: Mon Aug 20, 2012 9:41 pm
Location: Potemkin Village

Re: Erasing/overwriting previous hard disk

Post by Flemur » Wed Dec 30, 2015 2:45 pm

xenopeek
Note that there is no reliable way on most SSDs or SSHDs to wipe them (due to firmware wear levelling and spare areas),
Any storage device can be securely erased just by deleting the sensitive files and then filling the device with junk data, like zeros, or by duplicating (non-sensitive) files until the disk is full, then deleting the duplicate files. If you believe the stuff about the NSA/etc. being able to read residual, over-written values on magnetic drives, do the above a couple of times.

If you don't want to write all over an SSD:
"One way to erase SSDs is to use the manufacturer utilities. Here are some links to get you started."
http://www.zdnet.com/article/how-to-sec ... ives-ssds/
Please edit your original post title to include [SOLVED] if/when it is solved!
Your data and OS are backed up....right?
Mint 19.1 Xfce/fluxbox
Manjaro openbox/fluxbox

User avatar
xenopeek
Level 24
Level 24
Posts: 24030
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Erasing/overwriting previous hard disk

Post by xenopeek » Wed Dec 30, 2015 3:25 pm

SSDs don't work as you seem to think Flemur. When the operating system writes new data to a block on the SSD the SSD firmware uses a wear levelling algorithm (to even out writes across all blocks, as blocks can only be written to a limited number of times) to find a data block that has been written to the fewest times and rewrites the entire original block with the new data to that other block and marks the original as available—but the original data is still on it. The firmware is constantly shuffling around on what block data is stored when writing to it; the firmware translates the block ordering for the operating system so that it doesn't see any of this.

As for secure erase, some SSD manufacturers can be trusted to actually implement that command but too many fake it (not actually erasing anything) to blindly trust it.

All this means that unless you use disk encryption, any and all deleted files can still be stored somewhere on the SSD.
Image

Buzzsaw
Level 6
Level 6
Posts: 1308
Joined: Sat Aug 23, 2014 12:53 pm

Re: Erasing/overwriting previous hard disk

Post by Buzzsaw » Wed Dec 30, 2015 9:52 pm

xenopeek wrote:SSDs don't work as you seem to think Flemur. When the operating system writes new data to a block on the SSD the SSD firmware uses a wear levelling algorithm (to even out writes across all blocks, as blocks can only be written to a limited number of times) to find a data block that has been written to the fewest times and rewrites the entire original block with the new data to that other block and marks the original as available—but the original data is still on it. The firmware is constantly shuffling around on what block data is stored when writing to it; the firmware translates the block ordering for the operating system so that it doesn't see any of this.
Here's how to address that problem:
1. Mount the file system
2. Create one big file that uses up all of the space on the file system. Don't write all 0s since sometimes writing 0s in SSDs is 'optimized' and they're not actually written. Writing random data from /dev/urandom takes ages and uses 100% CPU, so that's also a bad idea. However, writing all 1s should be ok:

Code: Select all

cat /dev/zero | tr '\0' '\377' > /path/to/mount/point/big-file ; sync
3. Delete the file

This wipes all of the space (assuming that there are no bad sectors) because all of the data has to exist simultaneously. However, this can't be trusted 100% if the original file system (in which the sensitive files were stored) has been removed/replaced.

Flemur's suggestion of "duplicating (non-sensitive) files until the disk is full, then deleting the duplicate files" will also work, given that it involves the same principle; but it's much less efficient.

User avatar
xenopeek
Level 24
Level 24
Posts: 24030
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: Erasing/overwriting previous hard disk

Post by xenopeek » Thu Dec 31, 2015 3:49 am

This also doesn't work Buzzsaw. Most SSDs have a spare area, that the operating system doesn't see. Generally somewhere around 7% but there are SSDs where it is up to 30%. The spare area is used to improve both performance and endurance. Whenever there is a high need for blocks to be written to, like when you write to fill the entire disk, the firmware wear levelling algorithm would hurt performance if it needed to hunt for a "least written to block" for each block. To better guarantee a sustained level of performance it can instead swap a block from the spare area every so often, for which it doesn't need to do any complex algorithm. Thus data blocks with your files' data get swapped out to the spare area. (The spare area is also used for endurance, to replace bad blocks.)

I maintain that there are only two ways to guarantee your files can't be accessed. Disk encryption is the best option. If you didn't use disk encryption, the hammer is the only other guaranteed way.
Image

Buzzsaw
Level 6
Level 6
Posts: 1308
Joined: Sat Aug 23, 2014 12:53 pm

Re: Erasing/overwriting previous hard disk

Post by Buzzsaw » Thu Dec 31, 2015 9:15 pm

xenopeek wrote:This also doesn't work Buzzsaw. Most SSDs have a spare area, that the operating system doesn't see. Generally somewhere around 7% but there are SSDs where it is up to 30%. The spare area is used to improve both performance and endurance. Whenever there is a high need for blocks to be written to, like when you write to fill the entire disk, the firmware wear levelling algorithm would hurt performance if it needed to hunt for a "least written to block" for each block. To better guarantee a sustained level of performance it can instead swap a block from the spare area every so often, for which it doesn't need to do any complex algorithm. Thus data blocks with your files' data get swapped out to the spare area. (The spare area is also used for endurance, to replace bad blocks.)

I maintain that there are only two ways to guarantee your files can't be accessed. Disk encryption is the best option. If you didn't use disk encryption, the hammer is the only other guaranteed way.
Drat.

User avatar
Pierre
Level 18
Level 18
Posts: 8794
Joined: Fri Sep 05, 2008 5:33 am
Location: Perth, AU.

Re: Erasing/overwriting previous hard disk

Post by Pierre » Thu Dec 31, 2015 10:51 pm

in the real world, by simply installing a Linux System, you have reduced the chances of any data being recovered.
as most people still can't work with it.

it would take someone with higher than average skill level to reverse a linux installation,
in order to recover some previously available data.
Image
Please edit your original post title to include [SOLVED] - when your problem is solved!
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.

User avatar
MintBean
Level 9
Level 9
Posts: 2967
Joined: Fri Aug 07, 2015 6:54 am
Location: Blighty

Re: Erasing/overwriting previous hard disk

Post by MintBean » Tue Feb 07, 2017 7:12 am

Are you really concerned that someone is going to break into your house and run low level data recovery tools on your disc? I would put it to you that nobody will bother unless they know the drive contains something of sufficient value to warrant the effort - so this means somebody that knows your business.

Post Reply

Return to “Newbie Questions”