Editing Data remanence (section)

===Overwriting===

A common method used to counter data remanence is to overwrite the storage media with new data. This is often called '''wiping''' or '''shredding''' a disk or file, by [[analogy]] to common methods of [[paper shredding|destroying print media]], although the mechanism bears no similarity to these. Because such a method can often be implemented in [[software]] alone, and may be able to selectively target only part of the media, it is a popular, low-cost option for some applications. Overwriting is generally an acceptable method of clearing, as long as the media is writable and not damaged.

The simplest overwrite technique writes the same data everywhere—often just a pattern of all zeros. At a minimum, this will prevent the data from being retrieved simply by reading from the media again using standard system functions. The [[UEFI]] in modern machines may offer a ATA class disk erase function as well. The [[ATA-6]] standard governs secure erases specifications.

[[Bitlocker]] is whole disk encryption and illegible without the key. Writing a fresh GPT allows a new file system to be established. Blocks will set empty but LBA read is illegible. New data will be unaffected and work  fine.

In an attempt to counter more advanced data recovery techniques, specific overwrite patterns and multiple passes have often been prescribed. These may be generic patterns intended to eradicate any trace signatures; an example is the seven-pass pattern {{em|0xF6}}, {{em|0x00}}, {{em|0xFF}}, {{em|<random byte>}}, {{em|0x00}}, {{em|0xFF}}, {{em|<random byte>}}, sometimes erroneously attributed to US standard [[DOD 5220.22-M]].

One challenge with overwriting is that some areas of the disk may be [[#Inaccessible media areas|inaccessible]], due to media degradation or other errors. Software overwrite may also be problematic in high-security environments, which require stronger controls on data commingling than can be provided by the software in use. The use of [[#Advanced storage systems|advanced storage technologies]] may also make file-based overwrite ineffective (see the related discussion below under {{xref|{{slink||Complications}}}}).

There are specialized machines and software that are capable of doing overwriting. The software can sometimes be a standalone operating system specifically designed for data destruction. There are also machines specifically designed to wipe hard drives to the department of defense specifications DOD 5220.22-M.<ref>{{Cite book|title=Manual reissues DoD 5220.22-M, "National Industrial Security Program Operating|date=2006|citeseerx=10.1.1.180.8813}}</ref>

Writing zero to each block on hard disks and SSDs has the advantage of affording the firmware to deploy spare blocks when bad blocks are identified. Bitlocker has the advantage that data is illegible without the key. Seatools and other tools can erase disks with zero which is typical to revive old consumer class disks but they can wipe server disks albeit slowly. Modern 28TB and larger disks have an enormous number of LBA48 blocks. 40TB and 60TB disks will take proportionately longer times to wipe. 

====Feasibility of recovering overwritten data====

[[Peter Gutmann (computer scientist)|Peter Gutmann]] investigated data recovery from nominally overwritten media in the mid-1990s. He suggested [[magnetic force microscopy]] may be able to recover such data, and developed specific patterns, for specific drive technologies, designed to counter such.<ref name="Gutmann">{{cite journal|title=Secure Deletion of Data from Magnetic and Solid-State Memory|author=Peter Gutmann|date=July 1996|url=http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html|access-date=2007-12-10}}</ref> These patterns have come to be known as the [[Gutmann method]]. Gutmann's belief in the possibility of data recovery is based on many questionable assumptions and factual errors that indicate a low level of understanding of how hard drives work.<ref>{{Cite web|url=https://kaleron.edu.pl/throwing-Gutmanns-algorithm-into-the-trash.php|title=Throwing Gutmann's algorithm into the trash - about effectiveness of data overwriting.|website=kaleron.edu.pl}}</ref>

Daniel Feenberg, an economist at the private [[National Bureau of Economic Research]], claims that the chances of overwritten data being recovered from a modern hard drive amount to "urban legend".<ref>{{cite journal|title=Can Intelligence Agencies Recover Overwritten Data?|author=Daniel Feenberg|url=http://www.nber.org/sys-admin/overwritten-data-gutmann.html|access-date=2007-12-10}}</ref> He also points to the "[[18½ minute gap|{{frac|18|1|2}}-minute gap]]" [[Rose Mary Woods]] created on a tape of [[Richard Nixon]] discussing the [[Watergate break-in]]. Erased information in the gap has not been recovered, and Feenberg claims doing so would be an easy task compared to recovery of a modern high density digital signal.

As of November 2007, the [[United States Department of Defense]] considers overwriting acceptable for clearing magnetic media within the same security area/zone, but not as a sanitization method. Only [[#Degaussing|degaussing]] or [[#Physical destruction|physical destruction]] is acceptable for the latter.<ref name=DSSmatrix>{{cite web|url=http://www.oregon.gov/DAS/OP/docs/policy/state/107-009-005_Exhibit_B.pdf?ga=t| title=DSS Clearing & Sanitization Matrix|publisher=[[Defense Security Service|DSS]]| format=PDF|date=2007-06-28|access-date=2010-11-04}}</ref>

On the other hand, according to the 2014 [[NIST]] Special Publication 800-88 Rev. 1 (p.&nbsp;7): "For storage devices containing ''magnetic'' media, a single overwrite pass with a fixed pattern such as binary zeros typically hinders recovery of data even if state of the art laboratory techniques are applied to attempt to retrieve the data."<ref>{{cite journal
 | url = https://csrc.nist.gov/publications/detail/sp/800-88/rev-1/final
 | title = Special Publication 800-88 Rev. 1: Guidelines for Media Sanitization
 | publisher = [[National Institute of Standards and Technology|NIST]]
 | date = December 2014 | doi = 10.6028/NIST.SP.800-88r1
 | access-date = 2018-06-26
| last1 = Kissel
 | first1 = Richard
 | last2 = Regenscheid
 | first2 = Andrew
 | last3 = Scholl
 | first3 = Matthew
 | last4 = Stine
 | first4 = Kevin
 | doi-access = free
 }}</ref> An analysis by Wright et al. of recovery techniques, including magnetic force microscopy, also concludes that a single wipe is all that is required for modern drives. They point out that the long time required for multiple wipes "has created a situation where many organizations ignore the issue [altogether] – resulting in data leaks and loss."<ref>{{cite book
 | first = Craig | last = Wright
 |author2=Kleiman, Dave
 |author2-link=Dave Kleiman
 |author3=Shyaam, Sundhar R.S.
 | title = Information Systems Security | chapter = Overwriting Hard Drive Data: The Great Wiping Controversy | series = Lecture Notes in Computer Science | publisher = Springer Berlin / Heidelberg | isbn = 978-3-540-89861-0 | doi = 10.1007/978-3-540-89862-7_21
 | pages = 243–257 |date=December 2008
| volume = 5352 }}</ref>