What Not To Do With Your Data

Tiny Tim writes "Stupidity strikes! A data recovery company has revealed the dumbest data disasters it's confronted this year — including rotting bananas, smelly socks and a university professor's foolhardy application of WD-40."

Unbelievable but True Tales of Data Disaster...

[vivekg]

Original ontrack article - Top 10 List of Data Loss Disasters of 2006 [ontrack.com]

The real list

[Anonymous Coward]

The article is a summary of an advert. The original can be found here: http://ontrack.co.uk/special/data-disasters-2006.a spx?hp=Top10_2006 [ontrack.co.uk]

TDWTF has some good stories.

[The MAZZTer]

Here's a good hard drive one. [nyud.net]

Just an advertisment

[z_gringo]

That "article" is nothing more than a commercial for using their data recovery service.

What is "False" about it?

[krell]

"Can we at least *try* to avoid posting false news items that are really nothing more than thinly-disguised press releases?"

Can you please cite the false parts of this news item? If you can't, why call it false?

Re:Privacy aspect

[OmnipotentEntity]

Problem is, if the drive has any bad sectors, that fails and leaves the rest of the drive unerased.

I use badblocks read-write test. It's designed to do stuff like that.

Backup?

[PhoenixK7]

Yet more reasons to buy a cheap external hard-disk and at LEAST back up to that :-)

Or, you can be like me and back up to an external hard disk at home, and a filesystem on a RAID array with a hot spare, and another backup system for that array in a different location!

Backup solutions are way cheaper than paying some person to extract data from a dead drive... even for the bare minimum external USB/FireWire drive that you backup to daily, would save probably like 90% of all accidental damage losses of data, or losses due to random drive failure. Go out and set up your backup solution NOW, not tomorrow :-)

Freeze your bad hard drives

[jgercken]

I concur that this is a lousy promotional post. Therefore I'd like to make sure everyone knows the trick of putting failed/failing hard drives in the freezer for a few minutes. For reasons unknown to me, it normally gets them running long enough to pull the important data off them. If you're tempted to send a failed drive to a recovery company, try this first.

Re:Privacy aspect

[archen]

dban should be find then. If time is a constraint then you just need 4 random passes over the drive. Personally I like the Gutman wipe with the 27 voodoo passes. Of course it doesn't work on any spare sectors, but assuming there isn't anything that fits on a sector that is critical that should be fine.

Re:Privacy aspect

[atta1]

No, it doesn't. All a full format does is relabel all the sectors and erase the FAT or MFT.

Re:Advert for a company NOT to go to..

[stereoroid]

If you're talking about Dom Joly, did you even read TFA? He wrote about his mishap in a column in a UK national newspaper (The Independent on Sunday), after which OnTrack contacted him. So, what are you referring to?

Re:Privacy aspect

[eam]

http://www.semshred.com/contentmgr/showdetails.php /id/680/tp/VE1HUj0xLHRpZD02NzIs [semshred.com]

"priceless" data until they hear what the price is

[dmccarty]

Having worked in IT for a while, I've found that everyone's data is "invaluable" until they find out what the cost of recovery is.

I remember one person's drive that failed badly. Naturally, he hadn't saved his files to the server. All his data was "priceless," of course, until we got a quote from the recovery service that was about $1,000. On second thought, he said, maybe we could just keep the old hard drive around in case we need something off of it, and then we could send it in.

As it turned out, there was never anything important enough to warrant sending it in.

Fixing "Dead" HDs

[G4from128k]

A friend gave me an old iMac G4 because the HD (Quantum Fireball 13 GB) was fried. The HD's motor driver chip had a nice burn mark where the chip had spewed it's magic smoke. I yanked the circuit board of a similar HD (Quantum Fireball 10 GB) -- the circuit boards "look" identical -- and the Frankenstein HD worked. My friend got her data back and I got to keep the iMac.

The point is that electronics problems with HDs (but not mechanical problems) can be fixed by swapping circuit boards.

DoD spec.? Seven times... stop repeating the myth!

[Ayanami Rei]

The NSA (and by extension the DoD) does not allow, under any circumstances, the use of wiping software to declassify hard disks. No matter how many passes. They might have at one point but nowadays there are no guarantees with the way storage technology changes so quickly so that they decided it would no longer be a good policy.

Disks can be wiped using a single 0-pass to be re-used for a different project at the same or higher classification level (but different need-to-know).

But disks can never go lower. Than can only be destroyed by melting or shredding. You remove the platters from the drive, send them to Ft. Meade, and they run it through the shedder, and send you a receipt of destruction.

This also applies to flash media (compact flash, USB memory sticks). Same rules.

Re:10

[ajs318]

Yes! As long as the drive's already been formatted once, all you need to do is write out an empty sector map (or FAT, or inode table, or whatever name your OS calls it) showing that every sector on the disk is "free space" and not part of a file. You don't need to change the data. The awkward bit is finding out which sector on the disk belongs to which file.

Data that has actually been overwritten, even just once, can never, no matter what anyone tells you, be recovered by any kind of analysis of the drive. But data isn't often overwritten. When you "delete" a file, it just gets marked as free space -- what's worse, it actually gets marked as "free space, after a fashion, but only use as a last resort" so as to give you a longer window of opportunity to recover it. New stuff will only get saved over the top of old stuff if there's really nowhere else to stick it. You can make sure data gets overwritten by first filling up the drive with junk files till there's no room to save anything else, then deleting the stuff you want rid of (which just marks it as free space), then creating more junk files -- knowing that the only place they can possibly be saved now, is over the top of the stuff you just deleted. Delete all the junk files and the drive is ready for re-use.

No. DoD grade is not 7 overwrites.

[Ayanami Rei]

DoD grade is complete destruction by an NSA-approved procedure. They remove and shred the platters.

Please don't perpetuate that myth. DoD would rather not deal with issues like unpredictable sector reallocation, varying densities of magnetic domains... it's much simpler (and much faster) to destroy the drive.

Also, many vendors who supply hard drives with equipment on GSA schedule have policies that allow users to keep harddrives from leased machines for destruction, or for sending empty drive shells back for RMA replacement of failed drives.

Re:No. DoD grade is not 7 overwrites.

[LurkerXXX]

DoD grade is complete destruction by an NSA-approved procedure. They remove and shred the platters.

Please don't perpetuate that myth.

Actually there are several different levels of DOD grade in handling of hard drives depending on the grade of the information on them (unclassified, secret, top secret, etc).

I refer you to the Clearing and Sanitization Matrix [dss.mil].

Approved ways to 'Sanatize' (as opposed to 'Clear') hard drives include:

"d. Overwrite all addressable locations with a character, its complement, then a random character and verify. THIS METHOD IS NOT APPROVED FOR SANITIZING MEDIA THAT CONTAINS TOP SECRET INFORMATION."

So overwriting is indeed DOD approved, just not for "top Secret" information.

Top Secret data may be 'Sanatized' by:

"a. Degauss with a Type I degausser"
"b. Degauss with a Type II degausser."

As well as

"m. Destroy - Disintegrate, incinerate, pulverize, shred, or melt."

-- which seems to be the only one you are familiar with.

Please do your research before accusing someone of perpetuating myths.

Back in the days of ST506...

[CustomDesigned]

I repaired many a hard drive (10, 20, 30 Megabytes with an M) by squirting WD-40 on the bearing. In those days, the bearings were exposed, and did not require opening the case.

Re:10

[fuzz6y]

Data that has actually been overwritten, even just once, can never, no matter what anyone tells you, be recovered by any kind of analysis of the drive.

That's just not true. It certainly isn't going to be recoverable without taking the drive apart, but there's a reason FIPS standards require multiple overwrites with 1s, 0s, and random bit patterns.

When you "delete" a file, it just gets marked as free space -- what's worse, it actually gets marked as "free space, after a fashion, but only use as a last resort" so as to give you a longer window of opportunity to recover it.

There are filesystems that do this, but not FAT, or NTFS, or EXT2. A file may not get overwritten because it's not the right size (a deleted 1MB file won't make room for a 2MB new file, so the OS might choose a bigger free chunk to drop it in, rather than having to fragment it), but there's no preference given to "clean" bits.

You can make sure data gets overwritten by first filling up the drive with junk files till there's no room to save anything else, then deleting the stuff you want rid of (which just marks it as free space), then creating more junk files -- knowing that the only place they can possibly be saved now, is over the top of the stuff you just deleted. Delete all the junk files and the drive is ready for re-use.

Neither necessary nor sufficient. US Government offices use a secure deletion program like shred(1) (or rather, a variant that they've certified) for sensitive data, and a belt sander for top secret data.

Waterproof

[waterford0069]

As any scuba diver knows, waterproof is rarely truly waterPROOF. Notice it says Water "Resistant".

Typically your waterproof watch is good to 50ft - which means, you can probably shower with it on. It can handle NO dynamic forces.

Your waterproof watch that's good to 100ft - you can have a bath.

Your waterproof watch that's good to 100m (changing scale) - you can go swimming with. I've even used one for recreational diving (so long as you don't press any buttons you are probably OK).

Your waterproof watch that is good to 300m - that's pretty close to waterproof for all practical means.

If the camera really was billed as a waterproof/resistant camera (suitable for scuba diving and snorkelling), and it was appropriately cared for (it was sealed properly, and the o-rings were greased to the manufacturer's directions) - I'd be tearing the manufacturer a new one.

Re:Worse...

[Dr. Zowie]

No, the problem is the ".*" -- it matches "..", which is the containing directory, so it blows away every user's files just like "rm -r *" would in /usr/users.

Re:Write-only disk drive?

[BrynM]

I have a physical version of this somewhere, but it was easy enough to google a PDF. I give you Write Only Memory [vmi.edu] (WOM). It's a joke so old, it has a Wikipedia page [wikipedia.org].