What are the chances of an attacker recovering my data on a “quick formatted” hard drive?

digiman2372

New Member
Long story short, a while ago, I bought and returned a hard drive that still had sensitive information on it including social security number, passwords to online accounts, etc. At the time, I thought that I removed all the information on the hard drive because I quick formatted it a few times in a row just to be sure. However I just became aware that quick formatting is not the same as true formatting, wiping, degaussing, or sanitizing. My information is on there and its been messing up my entire life. I've been constantly stressing about it, and even losing sleep. I tried to go back to the store and see if they still had it but they said it was already sent back to the manufacturer to be refurbished and resold. I told them why I needed it and they said not to worry because they “remove all the data” before reselling it. I’m not sure what that means exactly, but I’m afraid they would only do a quick format just as I did. Now as far as I’m concerned I only have 3 hopes left of my information being safely destroyed, and they are as follows:

1.The manufacturer actually does perform a full sanitization of the hard drive before reselling it.

2. the next person who gets it sanitizes it themselves

3. the person who gets it next puts so much information on there, that it overwrites the data I have on there (I had a complete disk image on there).

That being said, are there any possibilities that I am missing? Is there any more hope for this dire situation? Please tell me something to comfort me!!!!
 

patcooke

Microsoft MVP
Staff member
Microsoft MVP
A quick format does not actually remove or overwrite any data. A full format doesn't do much better. Only a forensic wipe will completely remove data. That's the bad news in a nutshell. The good news is (as you have referred to already):

1. The retailer has told you that they "removed" data - they probably did, albeit just using a "full" format.

2. The manufacturer is is much more likely to have wiped data if only as part of a process to resent it as "clean" for resale.

3. In any case the world is not filled with people buying second hand hard drives for the sole purpose of recovering sensitive data. Whoever ultimately bought it to use as a new hard drive will most likely reformat it themselves to ensure that it is clean of any malware and then just get on with using it to install an op sys, installer user apps and store data all of which will gradually wipe all traces of your previous data.

So I really would not worry - you may also find some comfort in the words of Julian of Norwich who famously said, "All will be well, and all will be well, and every kind of thing will be well." If that doesn't help relieve the worries of your hard drive it might at least help get you through the Covid pandemic!
 

Jean Parrot

Well-Known Member
Hello, Pat. How are you ?
I follow this note for the education possible. In my case, I use Gpart to flush the drive. What can you tell me in this regard. I do a "Delete" of any partition on the HD, followed by a "New" action then a format to NFTS. It shows me a blank medium. In your opinion, please, let me know what you think. Google for ( Gpart ) Have a great liberation day. J
 
Last edited:

patcooke

Microsoft MVP
Staff member
Microsoft MVP
Hi Jean. All well here as with Julian of Norwich! Gpart is a useful tool but the process you describe will do little more to secure data on the drive than reformatting under Windows, it is simply recreating drive partitions and wiping the directories - all your data will still be stored on the drive and be quite easily recoverable. To make it safe you need a program to overwrite the entire disk with a random sequence of a noughts and ones. Not only that, you need to set the program to repeat the process many times. This takes many hours and is called "forensic wiping."
 

Jean Parrot

Well-Known Member
Patrick, greetings.
What a nice reply, it really clears up my mind. I needed to know if Gparted would do this or not. I guess that now, when I garbage a HD, I will again, as I used to do, drill a 1/8" hole in it. Or beat the light out of it with a sledge. Would this be forensic enough ?
Light my candle, what is the reference to Julian of Norwich. Have a great day. J.
 

Neemobeer

Windows Forum Team
Staff member
I'll just reiterate some points.

Windows stores data on the hard drive like any other operating system. Windows uses a system known as the MFT or (master file table) that contains records that simply point to the location on the hard drive for accessing specific files or if the files are small enough they can be contained entirely in the MFT entry (these are 1k or less). When you delete a file Windows simply removes the MFT entry. The data is still fully intact and there are plenty of tools that can accurately locate and recovery that data. That data is only overridden when that space which Windows believes to be useable is written to.

A quick format just clears out the MFT for that drive, so again the data is left behind.
A full format will zero out data, but still doesn't get fully clear data on spinning disks and still can typically be recovered. I believe zeroing out or full format on a SSD is adequate though since it doesn't use magnet properties to record data.

A few options exist if you want to prevent data recovery

BEST
Destroy the drive. It doesn't really matter with what (drill, gun... claw hammer, shredding) as long as the storage component isn't usable the data is for sure not recoverable)

Good
Encrypt the drive, and then run a data wipe program such as DBAN

Still Good
Run a data wipe program like DBAN with multiple passes 3+
 

Jean Parrot

Well-Known Member
Patrick, greets.
Just one small detail here. First, let me thank you for the Anchor text. Not very W-10 important but fine to read. Now to set matter straight, let me say that it might have been prompted by "Jean" as my name. Jean here is John where you are. Hit me at my email and we will be more on the subject without antagonizing any authority here.
We were talking about HDD to scrap, I had 8 of them and nowadays, they were not wanted, all were PATA and small sizes, 20 - 40 gigs, nobody wants them. So, I drilled them right through.
There is further information on here about better ways to nix these HDDs and ensure that their left-overs are not recoverable. To each his own.
Somebody also mentioned Acronis (?) as a protection. I use it most every week to protect my 6 machines. What amazes me is that I can clone from an Intel to an AMD machine and be none for the worst. I have been IT support for a few friends too and one got hit, I had him protected with a clone but that ransomware devil flushed the USB clone before I could use it. Nowadays, I use Gpart and will flush the sick HDD before I attempt a recovery, Way to go, get rid of the devil first then connect the USB clone
It has taken me a long time to get a fine site to access after Windows Insiders closed, ths is it. thanks to all. JP.
 

Jean Parrot

Well-Known Member
Neemobeer, good morning. Again, I got a duplicate post. How can I delete one ?
Hey, I think that I found out how.
 
Top