Saturday, June 28, 2014

Does Formatting The Hard Drive Erase My Data?

Someone was asking this on an Internet forum I frequent and I was re-reading it, I realized that my reply actually made sense, so I decided to share it to a wider audience in case anyone else finds it useful.

Formatting the drive doesn’t necessarily mean that the data is gone. And a quick format most definitely does not erase the data. Also, deleting the partition does not remove any data.

If you want to know for sure it’s gone, use a third party utility that actually erases the drive byte-by-byte, sector-by-sector. Some apps will even overwrite each byte several times with a different “pattern” value, because in some cases it might be possible to recover data even after it’s properly erased.

A good clue on how effective your erasure is by how long it takes. To erase a drive, a software application has to write every sector on the drive, and to do that takes a long time on large capacity drives because there’s just so many dang sectors. It should take about as long to erase a drive as it does to fill it with data. Anything where you press a button and it says “done” a minute later is only overwriting a few sectors—the data could still be recovered.

Think of the partition and directory information as maps to your data. If you delete the maps, the drive appears to the operating system to be empty, and that’s good enough most of the time. The drive functions the same. As you put data on the drive, the “maps” are rebuilt for your new data, and the old data is overwritten one file at a time.

Which also means 10 years after you format it, some data from the old format could still be there. The recovery tools and procedures are very sophisticated. It may not be what you want to hear, but if you even have a little sensitive or private data on there, I wouldn’t part with it other than to toss it or destroy it.

In the old days (80’s and early 90’s), formatting the drive erased it completely. It pretty much had to because hard drives weren’t as reliable and the format had to check for bad sectors and take them out of the pool. But as time went by, drives became larger and more robust, and nobody wanted to wait 2 hours for the drive to format. And now it’s probably the least of your privacy concerns. Your private data is more likely to be scraped off your Internet connection than your physical drive.

The best way to keep your data private is to encrypt the whole damn drive with something open source like TrueCrypt. Once the power goes of and the drive un-mounts, the thing is a brick without the password. Make sure to use older versions of the software as it’s probably been compromised as of a few weeks ago by some TLA (three letter agency) but the older versions should be fine.

It’s a hassle typing your password for every drive every time your system reboots, but once the power goes off, you know it’s secure. Of course there’s lots of ways to compel people to cough up the password

2 comments:

  1. Finally a web site I believe. I actually have read some real rubbish nowadays, thus it’s a treat to read somethinghelpful. Then I found Remo Recover software, which is well-designed data recovery software that helps me in retrieving my important data back.

    ReplyDelete