Multi-Pass Hard Disk Formats – Myth Busted?

According to a recent Infosec Island article titled “The Urban Legend of Multipass Hard Disk Overwrite” something that most of us have taken for fact is in fact, not fact.

As IT professionals, we’re often told that data that was previously stored on magnetic media can be extracted even if it’s been overwritten. Methods like magnetic force microscopy and scanning tunneling microscopy may be cited. However, modern hard drives no longer use the same storage methods or hardware that allowed those techniques to be successful.

Noticeably absent in many of the most modern government standards documents for information security is the requirement that drives have multi-pass formats performed on them. Most standards call for degaussing or outright pulverizing. The one standard that does mention formatting is NIST Special Publication 800-88 which says on page 27:

Writing patterns of data on top of the data stored on a magnetic medium. NSA has researched that one overwrite is good enough to sanitize most drives. See comments on clear/purge convergence.

Infosec Island reports that in a recent paper titled “Overwriting Hard Drive Data: The Great Wiping Controversy” single pass wiping is considered good enough to prevent data retrieval:

…a single overwrite using an arbitrary data value will render the original data irretrievable even if MFM and STM techniques are employed.

Of course, the question remains in my mind: Are there newer and more advanced techniques that are available to recover erased data? Apparently, even if they do exist, they are currently more advanced and expensive than many people are willing to worry about.

Ultimately, if you’re concerned about data security, your best bet will always be to physically grind the media to powder. Drilling and hammering isn’t enough. However, if you don’t have that option and you’re not hiding some of the world’s most valuable secrets, then a single pass wipe on modern drives is apparently good enough. I suppose that means that I’ll no longer need to let DBAN sit and wipe a retired mail server’s drives over a weekend.

What do you do for data security? Do you have a degausser? Do you contract with a physical destruction company? Or were you formerly only satisfied with a week-long DBAN session?


  1. jscott

    September 5, 2011 at 7:26 am

    It’s been closed for a long time but there was The Great Zero Challenge [linking a blog post as the main site is gone]. The challenge was open to any data recovery team and involved a single pass of ‘dd’ writing ‘0’ to overwriting the drive. The challenge closed uncontested.


    • Wesley David

      September 5, 2011 at 10:27 am

      I had always just accepted that there must be a way to recover from a single-pass recovery since you hear it talked about so much. I guess it was just SysAdmin lore based on a few partial-truths from years ago. Nice to know that I no longer have to DBAN old servers over a weekend. =)


  2. Matt Simmons

    September 5, 2011 at 7:35 am

    Cool article. I guess I shouldn’t be surprised, really, given the crazy things they have to do to even let the controllers read what is written on the drives now. Its going to get even crazier when they start regularly implementing things like shingling, too.

    At work, my standard “clear a drive” method was ‘dd -if /dev/zero


    • Wesley David

      September 5, 2011 at 10:29 am

      While I’ve been following the storage market for a little while now, I suppose it’s been only for higher level topics because I haven’t really looked into all the magic that makes the higher density drives work. It stands to reason though.

      I think I’ll still use DBAN just for old times’ sake though. =)


  3. Thom

    September 5, 2011 at 7:38 am

    Very interesting.
    I always thought single pass vs. multi pass was me obscurity than security.
    I always tell people if they want to be guaranteed that their data is irretrievable they need to smash up & burn the hard disk. If they are not that bothered then single pass is fine.
    The best advice is to not put security sensitive stuff on a hard drive!


    • Wesley David

      September 5, 2011 at 10:31 am

      I recall having to dispose of a box full of hard drives and trying to get quotes for degaussers and also from destruction companies to grind them up. If only I had known I could have taken a spare SATA controller and made short work of the lot.


  4. the_angry_angel

    September 5, 2011 at 10:26 am

    My preferred method has always a combination of a quick DBAN or simple dd wipe, left running whilst I did other things, followed up by at one particular customer’s site by handing the drives to the warehouse guys, and watching them go to work.

    They have a strong passion for utter destruction. It’s almost beautiful watching the sheer number of ways and pieces that a hard drive can be broken.


    • Wesley David

      September 5, 2011 at 10:32 am

      I remember using a drill press on a number of hard drives and listening to the shattering of the platters as the bit sunk through the case. I suppose that was rather stupid of me sense I didn’t format them first. Technically it would have been possible to recover some information.

      Oh the things we do as Jr Admins.


Leave a Reply

Follow TheNubbyAdmin!

follow us in feedly

Raw RSS Feed:

Contact Me!

Want to hire me as a consultant? Have a job you think I might be interested in? Drop me a line:

Contact Me!

Subscribe via Email

Your email address is handled by Google FeedBurner and never spammed!

The Nubby Archives

Circle Me on Google+!

Photos from Flickr

Me on StackExchange

The IT Crowd Strava Group

%d bloggers like this: