Sunday, June 29, 2008

Is Low-level format sufficient to protect your sensitive (private) data?

Unfortunately, NO!! If you have private data that you don't want others to see, and you think that you can get away with a low-level formatting before somebody gets their hands on your hard drive, THINK AGAIN.

Well, a hard drive is just an electrical device. It records data (0 or 1) in a form of electric current. Unfortunately, low-level format simply puts 0 on all the sectors of your hard drive. This pattern of formatting make it easier for a guesser to recover your sensitive data.

How? Think of a tape recording. Suppose you have a conversation that you don't want people to know about. So you re-record with noise (i.e., press recording buttons and say nothing). When you play the tape, you will hear nothing and you think your data is now safe. Unfortunately, somebody may still recover your private conversation.

Here is how forensic recovery works. Well, tape now contain noise over your conversation. The capability of regular human ears would probably not be able to differentiate between the noise and the background conversation. With the current technology, your conversation can be recover without the ears of Clark Kent :) This is as simple as amplifying the sound in the tape and filtering out the noise. This simple signal processing technique can recover your private conversation.

What about the hard drive. Well, when you replace every sector with zero (low-level format). The electric voltage in the sector is not exactly 0 Volts. There is a little electric trace that can tell what was there before the low-level format. Knowing that all the sectors in a hard drive was replace with zero values, it is easy for a forensic team to recover your information. It is hard, but not impossible.

So how do you prevent your private information. Well, the easiest way is to replace data in all the sectors with pseudo-random binary data. Not knowing what was in the hard drive, the forensic team will have a hard time recovering your data. Typically, two runs of pseudo-random overwrite would be sufficient to protect your information.

Source: Security Now: EPS 150

No comments: