Data remanence

Data remanence may make inadvertent disclosure of sensitive information possible should the storage media be released into an uncontrolled environment (e.g., thrown in the bin (trash) or lost).

Similarly, many software products automatically create backup copies of files that are being edited, to allow the user to restore the original version, or to recover from a possible crash (autosave feature).

This is often called wiping or shredding a disk or file, by analogy to common methods of destroying print media, although the mechanism bears no similarity to these.

In an attempt to counter more advanced data recovery techniques, specific overwrite patterns and multiple passes have often been prescribed.

Gutmann's belief in the possibility of data recovery is based on many questionable assumptions and factual errors that indicate a low level of understanding of how hard drives work.

[5] Daniel Feenberg, an economist at the private National Bureau of Economic Research, claims that the chances of overwritten data being recovered from a modern hard drive amount to "urban legend".

[6] He also points to the "18+1⁄2-minute gap" Rose Mary Woods created on a tape of Richard Nixon discussing the Watergate break-in.

Erased information in the gap has not been recovered, and Feenberg claims doing so would be an easy task compared to recovery of a modern high density digital signal.

As of November 2007, the United States Department of Defense considers overwriting acceptable for clearing magnetic media within the same security area/zone, but not as a sanitization method.

"[8] An analysis by Wright et al. of recovery techniques, including magnetic force microscopy, also concludes that a single wipe is all that is required for modern drives.

They point out that the long time required for multiple wipes "has created a situation where many organizations ignore the issue [altogether] – resulting in data leaks and loss.

Other side-channel attacks (such as keyloggers, acquisition of a written note containing the decryption key, or rubber-hose cryptanalysis) may offer a greater chance of success, but do not rely on weaknesses in the cryptographic method employed.

However, the process is generally time-consuming, cumbersome, and may require extremely thorough methods, as even a small fragment of the media may contain large amounts of data.

Modern hard disks often feature reallocation of marginal sectors or tracks, automated in a way that the operating system would not need to work with it.

The problem is especially significant in solid-state drives (SSDs) that rely on relatively large relocated bad block tables.

For this reason, some security protocols tailored to operating systems or other software featuring automatic wear leveling recommend conducting a free-space wipe of a given drive and then copying many small, easily identifiable "junk" files or files containing other nonsensitive data to fill as much of that drive as possible, leaving only the amount of free space necessary for satisfactory operation of system hardware and software.

Methods for successfully sanitizing optical discs include delaminating or abrading the metallic data layer, shredding, incinerating, destructive electrical arcing (as by exposure to microwave energy), and submersion in a polycarbonate solvent (e.g., acetone).

Researchers discovered three problems with file storage on SSDs:[11] First, built-in commands are effective, but manufacturers sometimes implement them incorrectly.

This layer of indirection hides idiosyncratic media interfaces and enhances SSD performance, reliability, and lifespan (see wear leveling), but it can also produce copies of the data that are invisible to the user and that a sophisticated attacker could recover.

[11]: section 5 The TRIM feature in many SSD devices, if properly implemented, will eventually erase data after it is deleted[12][citation needed], but the process can take some time, typically several minutes.

[13] Data remanence has been observed in static random-access memory (SRAM), which is typically considered volatile (i.e., the contents degrade with loss of external power).

"[15] The study authors were able to use a cold boot attack to recover cryptographic keys for several popular full disk encryption systems, including Microsoft BitLocker, Apple FileVault, dm-crypt for Linux, and TrueCrypt.

In some cases, such as certain modes of the software program BitLocker, the authors recommend that a boot password or a key on a removable USB device be used.

The pieces of a physically destroyed hard disk drive.
Hard drive mechanically broken by a data destroying device (after degaussing)