Cyber Security Expo
 
Forensically Unrecoverable Hard Drive Data Destruction by Daniel James on 22/12/06

Hard disk drives are called by that name because they are not floppy (as in floppy disk drives). They are organized as a concentric stack of disks or 'platters'. Each platter has two surfaces (although in practice the outer surfaces on the top and bottom of the stack are often unused because of physical space considerations), and each has its own read/write head (which reads and writes data magnetically on the surface). The data is stored on concentric circles on the surfaces known as tracks. Corresponding tracks on all surfaces on a drive, when taken together, make up a cylinder. Since an individual data block is one sector of a track blocks can be addressed by specifying the cylinder, head and sector numbers of the block ('CHS'). A sector is the smallest addressable unit of storage space on a hard drive which holds 512 bytes of data (Koehler, 2002).

Since a sector is the smallest addressable unit on a hard drive the goal of permanently deleting data will logically start here. The sectors on a drive are each numbered 0 – n. The drive wiping software will start with the first sector on the drive and overwrite the data contained there with a random pattern of data. This is continued for every sector on the hard drive until the overwriting process has completely written over all data in every sector. Once this operation has completed it is referred to as a “single pass”. For government security usage, the US DoD 5220.22 specification dictates a drive (or file) must be over written with all binary ones, all binary zeros, and then random characters. This is repeated a minimum of three times. When repeated a certain number of times, the data is effectively removed from deepest recesses of the drive (Munro, 2004). With some drive wiping programs you can then go back over the drive and “spot check” or search every sector of data to insure that the process worked effectively.

This document is in PDF format. To view it click here.

Rate this article

All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , Infosecwriters.com. All rights reserved. Comments are property of the respective posters.