|Quoting hOMSAr (Reply 13):|
Question for yous out there in the know:
Why are multiple passes seen as necessary to wipe a hard drive completely clean? If the utility rewrites every bit/byte of the disk with new data, why does it have to do it again and again? Is it like erasing pencil marks on paper, where you still see traces of the old stuff even after you've written over it, or is it more a matter of "just in case it missed something this time"?
Hard disks store data by modifying the magnetic field of parts of the drive, essentially. All data is reduced down to a 0 or a 1 in computing, however when writing to an analog medium (i.e. a hard disk using magnetic fields as storage), there is not a pure 0 or 1 on the drive. In essence, one bit is "mostly 0" or "mostly 1", with potential for variations in there. The drive hardware controller then interprets these fields into digital form, and tells the computer it is either a 1 or a 0 - no "mostly" involved.
Well, if one were to simply take a drive with data and then write 0's to it in every sector, it is possible that the 0's that were 0's before would be more 0 than the 0's that were a 1 before. Do enough analysis, on a platter-level using some sophisticated machinery, and you can, potentially, re-create data that was removed. Now, you have some pretty big enemies in life if anybody will be doing this on your hard drive, but it still isn't a bad idea to do two passes: #1 do random data to the disk, then #2 to zeros to the disk. By that time, you'll have written over everything enough that you can rest easy. If you want to be paranoid, do the 5 or 6-pass DoD approved, or if you're off-your-rocker-insane, do the 35 passes, but that is pointless.
Now, all of that is much, much different than not using an eraser utility at all. Typically when an operating system deletes a file, it actually just deletes any reference of the file, while the file itself stays on disk. Effectively you are removing the entry in the table of contents of a book, but the page itself and all words on it still exists. This is why many criminals are caught after there computers are forensically analyzed and the criminal thinks he's ok because he cleared his internet history. Surprise surprise, the data is still on disk in many cases, as long as it has not been overwritten by new data. Simply browsing the disk, even within the operating system using some special tools (doesn't require fancy hardware), you can fully recover the file itself. This is why just reformatting and reinstalling Windows leaves data left on the computer. This data can be recovered outside the context of the operating system, however the OS
or programs cannot, typically, read the data. Further, this data is no longer going to be saved - it could be overwritten at any minute by the operating system, as it sees that physical spot on disk as available and may write to it next. This is why if you have a virus, reformatting takes care of the virus in most cases. There are some exceptions, such as ring-0 viruses that virtualize everything running on the computer and don't let the computer actually access the hardware itself. These are fairly rare, though.
In regards to the OP: If your mom is the owner of your soon-to-be-gifted computer, just reformat it and reinstall Windows. If its going to leave your family, however, or anybody you trust, do yourself a favor and do one or two passes over the entire disk just to be safe. You'd be surprised at what I've found on old computer hard drives. Just takes one dumpster diver...
The above post is my opinion. Don't like it? Don't read it.