7 pass secure erase, but files are left?

Discussion in 'MacBook Pro' started by Jezabelle, Mar 21, 2012.

  1. Jezabelle macrumors newbie

    Joined:
    Mar 18, 2012
    #1
    After the 7 pass erase shouldn't there be zero files? It shows 3 folders, 2 files, 630mb used. Is that normal? Did it not work right?
     
  2. simsaladimbamba

    Joined:
    Nov 28, 2010
    Location:
    located
    #2
    What are those files and folders?
    Can you make a screenshot and attach it to your next post?

    DiskWiping – One Pass is Enough


    They are probably just system files, for the OS, nothing personal, as they are created upon every new partition/formatted HDD you make.
     
  3. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #3
    What are you erasing? Free space or your entire drive?
     
  4. Jezabelle thread starter macrumors newbie

    Joined:
    Mar 18, 2012
    #4
    I did it to the free space and the whole drive.

    I have a pic but can't figure out how to attach it to the thread from my iPhone
    It doesn't say which files are left
     
  5. Dangerous Theory macrumors 68000

    Joined:
    Jul 28, 2011
    Location:
    UK
    #5
    Isn't there an option for a 21 pass or something crazy like that? Must be there for a reason.
     
  6. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #6
    21 passes is useless. There's nothing that remains after 7 passes. In most cases, 1 pass is more than sufficient to prevent any data recovery.
     
  7. Ishmumrhmn macrumors regular

    Joined:
    Feb 3, 2012
  8. Jezabelle thread starter macrumors newbie

    Joined:
    Mar 18, 2012
    #8
    I suppose in the end it really doesn't matter because it's such a small amount of space, I just wanted to know what that space was being used for. It was only 600mb or so
     
  9. alstrike macrumors regular

    alstrike

    Joined:
    Nov 13, 2011
    Location:
    Germany
    #9
    Are we talking SSD or regular HDD?

    If it´s a SSD I do one secure erase with parted magic live cd, it´s more than enough and it works really well.
     
  10. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #10
    Is this usage being reported by Disk Utility? It's showing that the Spotlight and other system files are on the drive. These files are created on every HFS+ formatted drive.
     
  11. Jezabelle thread starter macrumors newbie

    Joined:
    Mar 18, 2012
    #11
    HDD, and yes, that is what disk utility reported after the 7 pass erase. 3 folders, 2 files, and 600mb used
     
  12. Intell macrumors P6

    Intell

    Joined:
    Jan 24, 2010
    Location:
    Inside
    #12
    The file/folder amount sounds right for a freshly formatted drive, as does the size used.
     
  13. dusk007 macrumors 68040

    dusk007

    Joined:
    Dec 5, 2009
    #13
    It is there because in the beginnings they found that it is possible to guess previous states of bits on a magnetic disk. And because it is theoretically possible some people came up with those multi pass wipes. Yet there is to this day no technology that actually enables you to read out previous bit states reliably. The only one I ever heard of is so difficult and expensive you'd need seriously important information to go to that length and it demonstrated only an accuracy of some 60% I think i was. Per bit that is. Was done by a research team on some university. To guess a whole Byte (8bit) right you have like a 1% chance. You need two bytes for a single UTF-8 letter. Now imagine how lucky you need to be to read out a whole email.
    Even if those 60% could be significantly increased 99% would still be way too low to make any real use. The increasing density of modern drives make it more and more difficult every generation. Those 60% were achieved some years ago on pre PRM drives.

    In conclusion it is pretty much impossible without some Alien technology to undo a single wipe on modern harddrives. Not everything exists for a sensible reason. 21, 35 passes are just plain stupid.
     
  14. Dangerous Theory macrumors 68000

    Joined:
    Jul 28, 2011
    Location:
    UK
    #14
    There we go then, thanks for the insight :)
     
  15. arkmannj macrumors 65816

    arkmannj

    Joined:
    Oct 1, 2003
    Location:
    UT
    #15
    1 pass vs 3 pass vs 7 pass, returning product

    Hello,

    sorry, I'm nto trying to hijack the thread, but have a question along similar lines, so I thought one of you could answer my question.

    I recently purchased a Mac Mini Server (mid 2011) and it has been very unreliable, flaky, problems, strange behavior, etc... So I am planning on returning it (exchanging it). however during this time I had transferred over all my personal files (via Time Machine).

    I'm assuming that after Apple looks at the machine that they will fix it and sell it as refurbished. So, I would like to wipe out the hard drives before taking it back in to them.

    Is a 3 pass wipe sufficient security before sending the machine back in?
    Does Apple do any kind of secure wipe before they send the machine back out as refurbished?

    Thanks!
    ~Ark
     
  16. Bear macrumors G3

    Joined:
    Jul 23, 2002
    Location:
    Sol III - Terra
    #16
    A 3 pass erase is more than enough and don't know what Apple does with the disks they get back. One pass should be more than enough.

    Also, if you have FileVault 2 enabled, 1 pass is all that's needed.

    If you're worried about data security, I would recommend using FileVault 2 and encrypting your TM drive.
     
  17. DVD9 macrumors 6502a

    Joined:
    Feb 18, 2010
    #17
    There is something seriously wrong here. If you did a wipe and there was so much as one file of one KB in size there is a serious problem.

    A wipe is a wipe. You are left with absolutely nothing, or no wipe took place.
     
  18. Pentad macrumors 6502a

    Pentad

    Joined:
    Nov 26, 2003
    Location:
    Indiana
    #18
    I'm not trying to pick on GGJstudios but I see these kinds of posts all the time and I'm not sure people really understand how hard drives work. I'm talking the pole-alligning low-level data reading and writing.


    This reply (along with others) doesn't ask the first question: Who are you trying to keep the data from?

    The second question is: What kind of data is it?

    These two questions should define the type of data destruction you will use.

    Some examples:

    A college kid that is giving his notebook to a friend or relative can use a fairly light DOD format.

    You are going to use a multi-pass DOD format on the following, if not the total destruction of the drive:

    A medical firm that is donating notebooks/computer to the Good Will that contained thousands of medial records of patients

    An attorney that stored large amount of confidential information.

    Without getting really technical, the magnetic poles on the HD are aligned in directions to indicate data or null. A single pass format will try to align all of the poles in one direction. However, some poles may not be aligned and remain in their previous position.

    Somebody who wants that data will go through and try to examine these mis-allinged poles to recover data. The reason for multi-pass is to get as many poles as possible to align correctly (null).

    Is the 14 year old down the street going to do this to get your data? Probably not, but the more sensitive the data (how much is it worth to the thief) the more they are going to apply extreme measures.

    Personally, I would never sell a computer with my personal information on it using a single pass format. That is just me, I understand how this works.

    If I was an attorney that had stored incredibly sensitive client data on my computer's HD, I would probably destroy the HD and put a new one in it (if I was selling it or something).

    Given the price of HDs and the price of loosing this information, I would probably destroy the HD if I was a doctor with medical records on it.

    It is more of a sliding scale than a clear-cut answer.

    Again, I'm not trying to rag on anyone, but this question (and drive fragmentation) always draws responses from folks who I'm not sure really understand how data is read/written, and stored on the media.


    Cheers!
    -P
     
  19. simsaladimbamba

    Joined:
    Nov 28, 2010
    Location:
    located
    #19
    But what about the standard folders, that Mac OS X creates to save the Trash in (.trashes) and the Spotlight index (.spotlight) and all the other files and folders it needs, that are normally hidden?
     
  20. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #20
    While I don't claim to be an authority on all hard drive technology, I do understand how hard drives work. I also understand that not everyone stays abreast of advancements in technology, relying instead on "old wives tales" and outdated information.
    Data remanence
     
  21. DVD9 macrumors 6502a

    Joined:
    Feb 18, 2010
    #21
    If this is what OS X does when you use the wipe command in Disk Utility then it is defective. Find something else.

    Is this the sort of "security" that Filevault2 offers?
     
  22. simsaladimbamba, Apr 27, 2012
    Last edited: Apr 27, 2012

    simsaladimbamba

    Joined:
    Nov 28, 2010
    Location:
    located
    #22
    It happens after the wipe command, as it is not part of that command, but part of the formatting process. I don't know about the 600 MB though.
     
  23. theSeb macrumors 604

    theSeb

    Joined:
    Aug 10, 2010
    Location:
    Poole, England
    #23
    Thanks for the laugh. Seriously. :D :D :D :D
     
  24. Confuzzzed macrumors 68000

    Confuzzzed

    Joined:
    Aug 7, 2011
    Location:
    Liverpool, UK
    #24
    I have to say, I agree. In fact after a wipe you have to do a re-install of the operating system via internet recovery (or rescue disc if you have one). I have done this with 2 machines in the past 4-5 months and you are left with nothing.
     
  25. Confuzzzed macrumors 68000

    Confuzzzed

    Joined:
    Aug 7, 2011
    Location:
    Liverpool, UK
    #25
    I did a 7 pass wipe before selling my Mac Mini Server (mid 2011). It took a while but in the end, I am confident it was enough. Hell, that is what the US Department of Defense recommended in the now obsolete 5220-22M standard for securely erasing magnetic media by erasing the drive index files and writing over the data seven times. This hasn't been the standard since 2007 but if it was good enough for the Pentagon, then it's good enough for me!! Note though you probably have to wipe both HDDs on your mac mini server. And then have to re-install the OS via internet recovery. Hope this helps
     

Share This Page