7 pass secure erase, but files are left?

Jezabelle

macrumors newbie
Original poster
Mar 18, 2012
6
0
After the 7 pass erase shouldn't there be zero files? It shows 3 folders, 2 files, 630mb used. Is that normal? Did it not work right?
 

Jezabelle

macrumors newbie
Original poster
Mar 18, 2012
6
0
I did it to the free space and the whole drive.

I have a pic but can't figure out how to attach it to the thread from my iPhone
It doesn't say which files are left
 

GGJstudios

macrumors Westmere
May 16, 2008
44,365
703
Isn't there an option for a 21 pass or something crazy like that? Must be there for a reason.
21 passes is useless. There's nothing that remains after 7 passes. In most cases, 1 pass is more than sufficient to prevent any data recovery.
 

Jezabelle

macrumors newbie
Original poster
Mar 18, 2012
6
0
I suppose in the end it really doesn't matter because it's such a small amount of space, I just wanted to know what that space was being used for. It was only 600mb or so
 

alstrike

macrumors regular
Nov 13, 2011
104
30
Spain
Are we talking SSD or regular HDD?

If it´s a SSD I do one secure erase with parted magic live cd, it´s more than enough and it works really well.
 

Intell

macrumors P6
Jan 24, 2010
18,872
368
Inside
Is this usage being reported by Disk Utility? It's showing that the Spotlight and other system files are on the drive. These files are created on every HFS+ formatted drive.
 

Jezabelle

macrumors newbie
Original poster
Mar 18, 2012
6
0
HDD, and yes, that is what disk utility reported after the 7 pass erase. 3 folders, 2 files, and 600mb used
 

dusk007

macrumors 68040
Dec 5, 2009
3,383
61
Isn't there an option for a 21 pass or something crazy like that? Must be there for a reason.
It is there because in the beginnings they found that it is possible to guess previous states of bits on a magnetic disk. And because it is theoretically possible some people came up with those multi pass wipes. Yet there is to this day no technology that actually enables you to read out previous bit states reliably. The only one I ever heard of is so difficult and expensive you'd need seriously important information to go to that length and it demonstrated only an accuracy of some 60% I think i was. Per bit that is. Was done by a research team on some university. To guess a whole Byte (8bit) right you have like a 1% chance. You need two bytes for a single UTF-8 letter. Now imagine how lucky you need to be to read out a whole email.
Even if those 60% could be significantly increased 99% would still be way too low to make any real use. The increasing density of modern drives make it more and more difficult every generation. Those 60% were achieved some years ago on pre PRM drives.

In conclusion it is pretty much impossible without some Alien technology to undo a single wipe on modern harddrives. Not everything exists for a sensible reason. 21, 35 passes are just plain stupid.
 

Dangerous Theory

macrumors 68000
Jul 28, 2011
1,980
28
UK
It is there because in the beginnings they found that it is possible to guess previous states of bits on a magnetic disk. And because it is theoretically possible some people came up with those multi pass wipes. Yet there is to this day no technology that actually enables you to read out previous bit states reliably. The only one I ever heard of is so difficult and expensive you'd need seriously important information to go to that length and it demonstrated only an accuracy of some 60% I think i was. Per bit that is. Was done by a research team on some university. To guess a whole Byte (8bit) right you have like a 1% chance. You need two bytes for a single UTF-8 letter. Now imagine how lucky you need to be to read out a whole email.
Even if those 60% could be significantly increased 99% would still be way too low to make any real use. The increasing density of modern drives make it more and more difficult every generation. Those 60% were achieved some years ago on pre PRM drives.

In conclusion it is pretty much impossible without some Alien technology to undo a single wipe on modern harddrives. Not everything exists for a sensible reason. 21, 35 passes are just plain stupid.
There we go then, thanks for the insight :)
 

arkmannj

macrumors 68000
Oct 1, 2003
1,553
302
UT
1 pass vs 3 pass vs 7 pass, returning product

Hello,

sorry, I'm nto trying to hijack the thread, but have a question along similar lines, so I thought one of you could answer my question.

I recently purchased a Mac Mini Server (mid 2011) and it has been very unreliable, flaky, problems, strange behavior, etc... So I am planning on returning it (exchanging it). however during this time I had transferred over all my personal files (via Time Machine).

I'm assuming that after Apple looks at the machine that they will fix it and sell it as refurbished. So, I would like to wipe out the hard drives before taking it back in to them.

Is a 3 pass wipe sufficient security before sending the machine back in?
Does Apple do any kind of secure wipe before they send the machine back out as refurbished?

Thanks!
~Ark
 

Bear

macrumors G3
Jul 23, 2002
8,089
4
Sol III - Terra
...
Is a 3 pass wipe sufficient security before sending the machine back in?
Does Apple do any kind of secure wipe before they send the machine back out as refurbished?
...
A 3 pass erase is more than enough and don't know what Apple does with the disks they get back. One pass should be more than enough.

Also, if you have FileVault 2 enabled, 1 pass is all that's needed.

If you're worried about data security, I would recommend using FileVault 2 and encrypting your TM drive.
 

DVD9

macrumors 6502a
Feb 18, 2010
729
419
HDD, and yes, that is what disk utility reported after the 7 pass erase. 3 folders, 2 files, and 600mb used
There is something seriously wrong here. If you did a wipe and there was so much as one file of one KB in size there is a serious problem.

A wipe is a wipe. You are left with absolutely nothing, or no wipe took place.
 

Pentad

macrumors 6502a
Nov 26, 2003
985
94
Indiana
21 passes is useless. There's nothing that remains after 7 passes. In most cases, 1 pass is more than sufficient to prevent any data recovery.
I'm not trying to pick on GGJstudios but I see these kinds of posts all the time and I'm not sure people really understand how hard drives work. I'm talking the pole-alligning low-level data reading and writing.


This reply (along with others) doesn't ask the first question: Who are you trying to keep the data from?

The second question is: What kind of data is it?

These two questions should define the type of data destruction you will use.

Some examples:

A college kid that is giving his notebook to a friend or relative can use a fairly light DOD format.

You are going to use a multi-pass DOD format on the following, if not the total destruction of the drive:

A medical firm that is donating notebooks/computer to the Good Will that contained thousands of medial records of patients

An attorney that stored large amount of confidential information.

Without getting really technical, the magnetic poles on the HD are aligned in directions to indicate data or null. A single pass format will try to align all of the poles in one direction. However, some poles may not be aligned and remain in their previous position.

Somebody who wants that data will go through and try to examine these mis-allinged poles to recover data. The reason for multi-pass is to get as many poles as possible to align correctly (null).

Is the 14 year old down the street going to do this to get your data? Probably not, but the more sensitive the data (how much is it worth to the thief) the more they are going to apply extreme measures.

Personally, I would never sell a computer with my personal information on it using a single pass format. That is just me, I understand how this works.

If I was an attorney that had stored incredibly sensitive client data on my computer's HD, I would probably destroy the HD and put a new one in it (if I was selling it or something).

Given the price of HDs and the price of loosing this information, I would probably destroy the HD if I was a doctor with medical records on it.

It is more of a sliding scale than a clear-cut answer.

Again, I'm not trying to rag on anyone, but this question (and drive fragmentation) always draws responses from folks who I'm not sure really understand how data is read/written, and stored on the media.


Cheers!
-P
 
Nov 28, 2010
22,668
27
located
There is something seriously wrong here. If you did a wipe and there was so much as one file of one KB in size there is a serious problem.

A wipe is a wipe. You are left with absolutely nothing, or no wipe took place.
But what about the standard folders, that Mac OS X creates to save the Trash in (.trashes) and the Spotlight index (.spotlight) and all the other files and folders it needs, that are normally hidden?
 

GGJstudios

macrumors Westmere
May 16, 2008
44,365
703
I'm not trying to pick on GGJstudios but I see these kinds of posts all the time and I'm not sure people really understand how hard drives work.
While I don't claim to be an authority on all hard drive technology, I do understand how hard drives work. I also understand that not everyone stays abreast of advancements in technology, relying instead on "old wives tales" and outdated information.
Daniel Feenberg, an economist at the private National Bureau of Economic Research, claims that the chances of overwritten data being recovered from a modern hard drive amount to "urban legend".[3] He also points to the "18½ minute gap" Rose Mary Woods created on a tape of Richard Nixon discussing the Watergate break-in. Erased information in the gap has not been recovered, and Feenberg claims doing so would be an easy task compared to recovery of a modern high density digital signal.

As of November 2007, the United States Department of Defense considers overwriting acceptable for clearing magnetic media within the same security area/zone, but not as a sanitization method. Only degaussing or physical destruction is acceptable for the latter.[4]

On the other hand, according to the 2006 NIST Special Publication 800-88 (p. 7): "Studies have shown that most of today’s media can be effectively cleared by one overwrite" and "for ATA disk drives manufactured after 2001 (over 15 GB) the terms clearing and purging have converged."[1] An analysis by Wright et al. of recovery techniques, including magnetic force microscopy, also concludes that a single wipe is all that is required for modern drives.
Data remanence
 

DVD9

macrumors 6502a
Feb 18, 2010
729
419
But what about the standard folders, that Mac OS X creates to save the Trash in (.trashes) and the Spotlight index (.spotlight) and all the other files and folders it needs, that are normally hidden?
If this is what OS X does when you use the wipe command in Disk Utility then it is defective. Find something else.

Is this the sort of "security" that Filevault2 offers?
 
Nov 28, 2010
22,668
27
located
If this is what OS X does when you use the wipe command in Disk Utility then it is defective. Find something else.

Is this the sort of "security" that Filevault2 offers?
It happens after the wipe command, as it is not part of that command, but part of the formatting process. I don't know about the 600 MB though.
 
Last edited:

Confuzzzed

macrumors 68000
Aug 7, 2011
1,629
0
Liverpool, UK
A wipe is a wipe. You are left with absolutely nothing, or no wipe took place.
I have to say, I agree. In fact after a wipe you have to do a re-install of the operating system via internet recovery (or rescue disc if you have one). I have done this with 2 machines in the past 4-5 months and you are left with nothing.
 

Confuzzzed

macrumors 68000
Aug 7, 2011
1,629
0
Liverpool, UK
...Mac Mini Server (mid 2011) ...3 pass wipe sufficient security before sending the machine back in?
I did a 7 pass wipe before selling my Mac Mini Server (mid 2011). It took a while but in the end, I am confident it was enough. Hell, that is what the US Department of Defense recommended in the now obsolete 5220-22M standard for securely erasing magnetic media by erasing the drive index files and writing over the data seven times. This hasn't been the standard since 2007 but if it was good enough for the Pentagon, then it's good enough for me!! Note though you probably have to wipe both HDDs on your mac mini server. And then have to re-install the OS via internet recovery. Hope this helps