Just how secure is a hard drive that I selected "Zero all Data" to erase?

Posted:
in General Discussion edited January 2014
Hello,

I could not find any real information on this, but, just how secure is a hard drive that I erased using "zero all data"? I understand that it has "zero's" written over over bit of data, but how might one still retreive the information that used to be on that drive? I mean, I am under the impression that someone could, because there are two other security options for erasing data.



I am a little concerned, because I took my PowerMac G5 into an Apple Store to be repaired, and when I picked it up afterwards, I believe it had a DIFFERENT hard drive in it. Now, I was getting a processor replaced, which in my book, tells me that there would be no need to swap out the hard drive for a different one. Now I am a cautious individual, and I cloned my OS hard drive onto another hard drive, and than "zero-ed out all data" on my stock Apple hard drive (I feel weird having my personal stuff, and not-yet-copywritten works in the possession of anyone else) before handing my computer over. I wouldn't be as concerned about any potential breach into my deleted data if I did not get, what I believe to be a different hard drive in my machine.



I have a Western Digital 250GB hard drive with the Apple sticker on the logo in my machine now, although I was pretty sure that Dual 2.7 G5 PowerMacs came with Seagate drives. Does anyone know where I might be able to confirm this information?



Anyway, thanks for reading and thanks for any explanation into what someone would have to do to uncover my zeroed-out data.

Comments

  • Reply 1 of 12
    dfilerdfiler Posts: 3,420member
    Simply zeroing data during a reformat is sufficient. That is, unless someone takes the drive to forensic laboratory, removes the spindles, and puts them in a mind-bogglingly expensive machine.



    Theft of the computer during a home burglary poses a much higher risk. Pretty much nobody takes a random drive to an expensive data recovery service on a mere fishing expedition.
  • Reply 2 of 12
    Quote:
    Originally Posted by dfiler View Post


    Simply zeroing data during a reformat is sufficient. That is, unless someone takes the drive to forensic laboratory, removes the spindles, and puts them in a mind-bogglingly expensive machine.



    Theft of the computer during a home burglary poses a much higher risk. Pretty much nobody takes a random drive to an expensive data recovery service on a mere fishing expedition.



    I see, well thank you for your reply. Wow, the task could not be done with mere software? That makes me feel a good bit better. Though, do not feel as though you should tell me what I want to hear in an attempt to make me feel better, haha.



    Weird. Why would they swap my hard drive?



    Well, as far as I can tell, the Western Digital they popped into my PowerMac seems to be just as fast. It is 7200rpm and it has an average seak time of 8.9 ms. Anyone know where I might be able to find the specs on the stock HDD that came with my mac?
  • Reply 3 of 12
    MarvinMarvin Posts: 14,228moderator
    Quote:
    Originally Posted by AppleComputer View Post


    I am a cautious individual, and I cloned my OS hard drive onto another hard drive, and than "zero-ed out all data" on my stock Apple hard drive (I feel weird having my personal stuff, and not-yet-copywritten works in the possession of anyone else) before handing my computer over.



    You are right to be cautious:



    http://www.engadget.com/2009/07/22/s...to-be-trusted/



    Apple themselves would hopefully be different but the employees are human just the same. I do an erase too or drive swap if I have to send a machine away for repair. Single pass Zero-erase is secure enough as mentioned above.



    Quote:
    Originally Posted by AppleComputer View Post


    I have a Western Digital 250GB hard drive with the Apple sticker on the logo in my machine now, although I was pretty sure that Dual 2.7 G5 PowerMacs came with Seagate drives. Does anyone know where I might be able to confirm this information?



    They don't all ship with the same drive models. Some batches of them will but some Mac Minis of the same generation had Seagates and others had Toshibas or Hitachis. I've seen quad G5s that came with 250GB Western Digital drives with Apple stickers.



    Quote:
    Originally Posted by AppleComputer


    Weird. Why would they swap my hard drive?



    They perhaps noted the age of the drive and decided to give you a replacement. Hard drives have a typical life of about 5 years so if they noticed an Apple branded, original drive in an old G5 they maybe decided to replace it.



    If you have a clone of your system before you sent it away, it will probably have a cache file somewhere with a record of the drive model. Check /private/var/log/system.log and the archived files.
  • Reply 4 of 12
    Quote:
    Originally Posted by Marvin View Post


    You are right to be cautious:



    http://www.engadget.com/2009/07/22/s...to-be-trusted/



    Apple themselves would hopefully be different but the employees are human just the same. I do an erase too or drive swap if I have to send a machine away for repair. Single pass Zero-erase is secure enough as mentioned above.







    They don't all ship with the same drive models. Some batches of them will but some Mac Minis of the same generation had Seagates and others had Toshibas or Hitachis. I've seen quad G5s that came with 250GB Western Digital drives with Apple stickers.







    They perhaps noted the age of the drive and decided to give you a replacement. Hard drives have a typical life of about 5 years so if they noticed an Apple branded, original drive in an old G5 they maybe decided to replace it.



    If you have a clone of your system before you sent it away, it will probably have a cache file somewhere with a record of the drive model. Check /private/var/log/system.log and the archived files.





    Thanks for the reply, Marvin. When you erase your drives before sending machines out for repair, do you trust the zero-out wipe? It's just, all of a sudden I am realizing how much original, uncopywritten work I have burried under those zeroes, and the shadow of a doubt is enough to make my heart sink.



    That is a great idea! I will see what I can dig up in my cloned HDD!



    I would imagine that my trying to retrieve the drive would be excessive, and only draw attention to the fact that something is very important to me on there.



    Gosh, had I ever even thought that they would be keeping the drive, I would have done a better security erase of it. =/





    thanks so much for the reply!
  • Reply 5 of 12
    splinemodelsplinemodel Posts: 7,311member
    If you are paranoid, zero it seven times. This is what HDs carrying state-secrets are supposed to go through before being discarded.
  • Reply 6 of 12
    Macs (and PCs) always crash/freeze up/go on the blink at the most in-opportune moment. And when they are 'kaputt' you can't 'zero' any harddrives, no matter how hard you try. It is simply too late.

    So if you have data on your harddisk that you don't want third parties to be able to access/retrieve then encrypt it well – TODAY! – before your machine fails, and keep it in that encrypted state!



    Additionaly I erase ALL trashed files 7 times with 'Secure Empty Trash'. Have done for years.



    Only supercomputers, with a couple weeks of processing time, at prohibiting expense!, can crack your secret files or retrieve your trashed files then. But 'they' would have to have a damn good reason to waste that much tax money on your harddisk...
  • Reply 7 of 12
    dfilerdfiler Posts: 3,420member
    Quote:
    Originally Posted by Splinemodel View Post


    If you are paranoid, zero it seven times. This is what HDs carrying state-secrets are supposed to go through before being discarded.



    Those HDs are probably physically destroyed. That's what we do at my company at least. It is cheaper and quicker to drill holes through the drives than to have them erased via software.



    Really though, only a delusionally paranoid or uniformed person would do more than a simple zeroing or physical destruction.



    Here's what wikipedia has to say on the subject:

    http://en.wikipedia.org/wiki/Data_re...erwritten_data
  • Reply 8 of 12
    Quote:
    Originally Posted by dfiler View Post


    It is cheaper and quicker to drill holes through the drives than to have them erased via software.



    Sounds quite cumbersome and time wasting to me, dfiler. When I discard a harddisk I open up it's enclosure and simply shatter the HD(s) in 10,000 almost microscopic pieces with a hammer blow. HDs are very thin (= very fragile) plate glass disks, after all.



    Let them crack that!
  • Reply 9 of 12
    dfilerdfiler Posts: 3,420member
    Quote:
    Originally Posted by Rokcet Scientist View Post


    Sounds quite cumbersome and time wasting to me, dfiler. I open up the harddisk enclosure and simply shatter the HD(s) in 10,000 almost microscopic pieces with a hammer blow. HDs are very thin (= very fragile) plate glass disks, after all.



    Let them crack that!



    Cumbersome and time wasting? It takes like 5 seconds per drive. I've spent more time typing replies to this thread than i've ever spent drilling holes through hard drives. Care to rethink that criticism?



    A hammer would certainly work as well though.
  • Reply 10 of 12
    Quote:
    Originally Posted by dfiler View Post


    A hammer would certainly work as well though.



    And 50 times quicker: 0,1 second...
  • Reply 11 of 12
    dfilerdfiler Posts: 3,420member
    You've spend more time criticizing the time wasted on drilling than the total amount of time I've ever spent on drilling.



    Edit:



    I suppose I could explain WHY I drill rather than hammer. I work for a medical device manufacturer and we have confidential healthcare records. The secrecy of these records is highly regulated and audited. Drilling is a less questionable data disposal method during audits. If hammering was used, the auditor might decide to question if all platters were indeed shattered. After all, the shattering isn't visually verified. While this is a rather spurious doubt on their part, it is simpler to just drill instead and avoid the entire line of questioning.
  • Reply 12 of 12
    MarvinMarvin Posts: 14,228moderator
    Quote:
    Originally Posted by AppleComputer View Post


    When you erase your drives before sending machines out for repair, do you trust the zero-out wipe? It's just, all of a sudden I am realizing how much original, uncopywritten work I have burried under those zeroes, and the shadow of a doubt is enough to make my heart sink.



    You don't need to worry at all, it's not like layers of data. Hard drives have magnetic material where the magnetization of the areas of the media represents a binary zero or one like a switch. In order to get the original state back again, you'd have to do some pretty intense low-level operations and probably drive-specific ones to be able to determine what the previous 'switch' states were. To be able to do this accurately enough for millions of bits to recover any meaningful information is pretty unlikely.



    I'm not really sure why Apple offer the multiple erase passes to be honest. Security professionals have said that a single-pass erase is near impossible to recover data from. There have been papers that say it's not enough but often scientific papers are disconnected from practical applications. I think anything above 1-pass will be intended for organizations where security is of the utmost concern and where people would spend an inordinate amount of resources trying to get the information but they'd be as well just breaking the drives to avoid this.



    Plus, those people would be using encryption anyway so that the best you could recover is part of scrambled data, which you can't do anything with.



    There are a number of concerns people have commented on like being able to cool a Ram chip to extract it from a machine without losing the active state to bypass drive encryption or extract data but in reality, how likely is it to happen? If someone wanted your information so badly that they'd go to these lengths to get it, I imagine protecting your data wouldn't be your primary concern but yourself.



    In short, a zero-pass erase is suitable protection for the absolute majority of cases. For extra protection, encrypt sensitive documents - this is a good idea anyway as you won't always be able to zero your drives in all circumstances e.g in the event of a drive head failure.



    You can create encrypted disk images using Disk Utility. File > new blank image and pick a size. Don't use sparse ones, AES 128 is fine and don't store the password in your keychain.



    You get other more automatic encryption techniques like FileVault and 3rd party drive encryption but the former as well as keychain are unlocked when you log in so they are only as secure as your OS X login, the latter can have performance and reliability issues.



    Be aware that encrypted disks create a single file so corruption will lose it all so it's good to back up regularly.
Sign In or Register to comment.