Investigators pulled video from ‘residual data’ in Google’s systems — here’s how that was possible and what it means for your privacy.
Investigators pulled video from ‘residual data’ in Google’s systems — here’s how that was possible and what it means for your privacy.
Magnetic platter drives still have the highest storage density per dollar and so they are still heavily in use. Theoretically, overwritten data can be recovered from them by analyzing the magnetic fields directly from the platter. However, this is extremely time and money intensive and requires specialized equipment and expertise. Overwriting a partition multiple times severely complicates this process just by performing multiple overwrites.
Realistically, overwriting once with random data is enough, especially if the drive is to be physically destroyed. You can also use a powerful magnet (top end neodymium in direct contact) to scramble the delicate magnetic fields that encode the data on the platter, but at that point you may as well shred the drive anyways.
SSDs are a fundamentally different storage paradigm that make this kind of recovery essentially impossible. Due to the limitations of NAND memory, data can be written to blocks inaccessible except at the hardware level. To make SSDs secure, modern drives usually implement processes (TRIM) that erase blocks marked for deletion. Or, all data written to the drive is encrypted by onboard hardware (SED), and “erasing” the drive simply deletes the encryption keys.
One thing to keep in mind though, is even on ssds you need to encrypt your data to be absolutely sure it isn’t recoverable. Nothing more permanently unrecoverable than deleting your encryption key short of physically destroying the media.
One nifty fact about ssds is they usually have a good amount of extra space (over provisioning, with newer drives having less so than older ones) to allow the controller to swap out bad blocks without losing available space or use it as cache. Because of this, you may have normally inaccessible blocks that still contain data but have been taken out of the normal usage pool.