Page 1 of 1

Erasing/overwriting previous hard disk

Posted: Tue Dec 29, 2015 4:46 am
by beginner@linux
Hi,

before I've installed Linux 17.3, 64 bit I was running windows 7. There were some sensitive on the hard disk that I hope they're completely wiped by installing Linux. Is this the case or is it possible to retrieve for a 3rd person theme somehow? Suppose there's still data left from that i used in windows, can i wipe them totally, and how do i find them?

Thank you,

Jurgen.

Re: Erasing/overwriting previous hard disk

Posted: Tue Dec 29, 2015 5:03 am
by xenopeek
If you didn't use disk encryption with Windows, and you didn't use something like DBAN to wipe your hard disk before installing Linux Mint, then any and all files from Windows may still be recoverable with something like PhotoRec.

Note that there is no reliable way on most SSDs or SSHDs to wipe them (due to firmware wear levelling and spare areas), thus you can only keep files safe on solid state disks by using disk encryption. If you didn't use disk encryption on a solid state disk, there's not much you can do now short of physically destroying all the flash chips on it.

Possibly you can use something like http://wipefreespace.sourceforge.net/ to remove traces from Windows files. If you didn't install Linux Mint will disk encryption, you'll face the same issue in the future with that. In that case I'd say use DBAN to erase your entire disk (assuming it's not some kind of solid state disk) and reinstall Linux Mint and enable disk encryption in the installer.

Re: Erasing/overwriting previous hard disk

Posted: Wed Dec 30, 2015 6:01 am
by beginner@linux
hi xenopeek,

ik zie dat je van Nederland bent. Ik ben zoals je ziet nog maar net mee op de Linuxtrein gesprongen. Alles is dus nog wat zoeken voor mij. Net zoals de link die je gepost hebt. Dat is voor mij net als chinees. :shock: Bij de installatie heb ik de disk encryption geprobeerd, maar na de installatie weigerde hij steeds mijn paswoord te accepteren. (mss wijziging van toestenborsd?) Dus heb ik dat overgeslagen.
Ik zal je raad opvolgen, DBAN gebruiken om alles te wissen en Linux herinstalleren. Is de gebruikelijke methode via een live boot cd?

Bedankt voor de raad,

Beginner@linux

Re: Erasing/overwriting previous hard disk

Posted: Wed Dec 30, 2015 8:44 am
by Pierre
the best method to use DBAN to erase everything and reinstall Linux, is via the usual method of a live boot CD.

Re: Erasing/overwriting previous hard disk

Posted: Wed Dec 30, 2015 11:48 am
by all41
If the data is extremely sensitive one should consider replacing the hdd and destroying the old one.
This was more cost effective even when drives were expensive.
Destruction was mandated for systems used in military r&d environments where it was carefully controlled, monitored, and documented--even for leased systems.

Re: Erasing/overwriting previous hard disk

Posted: Wed Dec 30, 2015 2:45 pm
by Flemur
xenopeek
Note that there is no reliable way on most SSDs or SSHDs to wipe them (due to firmware wear levelling and spare areas),
Any storage device can be securely erased just by deleting the sensitive files and then filling the device with junk data, like zeros, or by duplicating (non-sensitive) files until the disk is full, then deleting the duplicate files. If you believe the stuff about the NSA/etc. being able to read residual, over-written values on magnetic drives, do the above a couple of times.

If you don't want to write all over an SSD:
"One way to erase SSDs is to use the manufacturer utilities. Here are some links to get you started."
http://www.zdnet.com/article/how-to-sec ... ives-ssds/

Re: Erasing/overwriting previous hard disk

Posted: Wed Dec 30, 2015 3:25 pm
by xenopeek
SSDs don't work as you seem to think Flemur. When the operating system writes new data to a block on the SSD the SSD firmware uses a wear levelling algorithm (to even out writes across all blocks, as blocks can only be written to a limited number of times) to find a data block that has been written to the fewest times and rewrites the entire original block with the new data to that other block and marks the original as available—but the original data is still on it. The firmware is constantly shuffling around on what block data is stored when writing to it; the firmware translates the block ordering for the operating system so that it doesn't see any of this.

As for secure erase, some SSD manufacturers can be trusted to actually implement that command but too many fake it (not actually erasing anything) to blindly trust it.

All this means that unless you use disk encryption, any and all deleted files can still be stored somewhere on the SSD.

Re: Erasing/overwriting previous hard disk

Posted: Wed Dec 30, 2015 9:52 pm
by Buzzsaw
xenopeek wrote:SSDs don't work as you seem to think Flemur. When the operating system writes new data to a block on the SSD the SSD firmware uses a wear levelling algorithm (to even out writes across all blocks, as blocks can only be written to a limited number of times) to find a data block that has been written to the fewest times and rewrites the entire original block with the new data to that other block and marks the original as available—but the original data is still on it. The firmware is constantly shuffling around on what block data is stored when writing to it; the firmware translates the block ordering for the operating system so that it doesn't see any of this.
Here's how to address that problem:
1. Mount the file system
2. Create one big file that uses up all of the space on the file system. Don't write all 0s since sometimes writing 0s in SSDs is 'optimized' and they're not actually written. Writing random data from /dev/urandom takes ages and uses 100% CPU, so that's also a bad idea. However, writing all 1s should be ok:

Code: Select all

cat /dev/zero | tr '\0' '\377' > /path/to/mount/point/big-file ; sync
3. Delete the file

This wipes all of the space (assuming that there are no bad sectors) because all of the data has to exist simultaneously. However, this can't be trusted 100% if the original file system (in which the sensitive files were stored) has been removed/replaced.

Flemur's suggestion of "duplicating (non-sensitive) files until the disk is full, then deleting the duplicate files" will also work, given that it involves the same principle; but it's much less efficient.

Re: Erasing/overwriting previous hard disk

Posted: Thu Dec 31, 2015 3:49 am
by xenopeek
This also doesn't work Buzzsaw. Most SSDs have a spare area, that the operating system doesn't see. Generally somewhere around 7% but there are SSDs where it is up to 30%. The spare area is used to improve both performance and endurance. Whenever there is a high need for blocks to be written to, like when you write to fill the entire disk, the firmware wear levelling algorithm would hurt performance if it needed to hunt for a "least written to block" for each block. To better guarantee a sustained level of performance it can instead swap a block from the spare area every so often, for which it doesn't need to do any complex algorithm. Thus data blocks with your files' data get swapped out to the spare area. (The spare area is also used for endurance, to replace bad blocks.)

I maintain that there are only two ways to guarantee your files can't be accessed. Disk encryption is the best option. If you didn't use disk encryption, the hammer is the only other guaranteed way.

Re: Erasing/overwriting previous hard disk

Posted: Thu Dec 31, 2015 9:15 pm
by Buzzsaw
xenopeek wrote:This also doesn't work Buzzsaw. Most SSDs have a spare area, that the operating system doesn't see. Generally somewhere around 7% but there are SSDs where it is up to 30%. The spare area is used to improve both performance and endurance. Whenever there is a high need for blocks to be written to, like when you write to fill the entire disk, the firmware wear levelling algorithm would hurt performance if it needed to hunt for a "least written to block" for each block. To better guarantee a sustained level of performance it can instead swap a block from the spare area every so often, for which it doesn't need to do any complex algorithm. Thus data blocks with your files' data get swapped out to the spare area. (The spare area is also used for endurance, to replace bad blocks.)

I maintain that there are only two ways to guarantee your files can't be accessed. Disk encryption is the best option. If you didn't use disk encryption, the hammer is the only other guaranteed way.
Drat.

Re: Erasing/overwriting previous hard disk

Posted: Thu Dec 31, 2015 10:51 pm
by Pierre
in the real world, by simply installing a Linux System, you have reduced the chances of any data being recovered.
as most people still can't work with it.

it would take someone with higher than average skill level to reverse a linux installation,
in order to recover some previously available data.

Re: Erasing/overwriting previous hard disk

Posted: Tue Feb 07, 2017 7:12 am
by MintBean
Are you really concerned that someone is going to break into your house and run low level data recovery tools on your disc? I would put it to you that nobody will bother unless they know the drive contains something of sufficient value to warrant the effort - so this means somebody that knows your business.