A. Field of the Invention
The present invention relates to computer memory devices and, more specifically, to mechanisms for removing data from memory devices.
B. Description of Related Art
Confidential information, such as credit card numbers, passwords, and personal account login information is often stored on computer hard drives. Confidential information stored on paper can be shredded when it is no longer required. Computer long-term memory devices, such as hard drives, however, are not as easy to destroy. Even if physically crushed with a hammer, the hard drive is likely to still have recoverable data left on its magnetic media.
Not only is it difficult to physically destroy long-term memory storage devices, these devices have intrinsic value and could be reused. For example, some users replace their long-term memory storage devices for larger and/or faster devices. A graphic artist may need a bigger/faster long-term memory storage device than say a writer. While a device may no longer have value to the graphic artist, the writer may find value in that device. Some users routinely replace their entire functioning computer, which includes one or more long-term memory storage devices. These replaced computers will often have value. However, in order to be able to securely reuse these long-term memory storage devices, it is desirable to first securely remove the stored data.
Simply deleting files on a drive does not normally remove the data from the drive media. Instead, pressing the delete key on most computers simply causes a change to be made to the FAT (File Allocation Table) that keeps track of where data is stored on the hard drive. The data itself remains on the hard drive. It is trivial to recover “deleted” data using off-the-shelf software.
One conventional software method of irretrievably deleting files is by “formatting” the media through a software format command. The format command typically rewrites a small area of the drive that contains its table of contents with a blank table of contents. It may also rewrite the file allocation table to indicate that all of the space on the disk is available. While a novice computer user would see a formatted drive as clean, one skilled in the art would have no problem recovering data or even complete files from a disk formatted in this manner.
Another method of implementing the format command consists of writing the value “0” to the entire hard drive. This is much stronger protection from a casual attempt to recover data from a drive treated in this fashion. However, even with this type of format command, data can still be recovered.
In order to assist the understanding of how data can be recovered from a hard drive that has been overwritten with zeroes, a basic description of hard drive operation will now be given. A hard drive includes three main components: (1) magnetic media, (2) media control electronics, and (3) a read/write head. A hard drive is commonly conceptualized as pockets of magnetic media surrounded by null media. In practice, however, it is often impractical to manufacture hard drives in this fashion. A hard drive may consist of contiguous magnetic media, any part of which may be magnetized. The read/write head is directed by the media control electronics to move to a specific location over the magnetic media and read and/or write at that location. For each bit of data, the media control electronics reserves a location on the magnetic media that is larger than the read/write head.
The hard drive uses changing patterns of magnetism to represent digital data. For example, if the magnetic field of an area is polarized in one direction, the data is declared to be a one. If the polarization is in the other direction, the data is a zero. In the real world, the strength of the polarization may be quite different from one data area to the next.
As mentioned, polarization is over an area. The size of the area is determined by a number of factors, but the principal ones are the size of the recording head, the type of recording media, and the speed of the magnetic platter. As the magnetic platter spins under the recording head, the head traces out one track. An actuator in the hard drive moves the head in discrete steps. Each one of these steps defines another track on the drive. FIG. 1 is a diagram illustrating multiple tracks 101–104 on a platter of a hard drive 100. The term “step time” describes the time the head takes to get from one track, such as track 101, to a next track, such as track 102. The term “seek time” describes the time that it takes for the head to get from any one track to any other track.
In the real world, there is no guarantee that the head will be aligned over a track in precisely the same location each time the head moves, although it will typically be close enough to the track to read and write data reliably. Reasons for this potential miss-alignment include thermal expansion and contraction of the disk platters. If the operating temperature of the drive changes, the platters may shrink or expand. The actuator that moves the head may also change its performance over time. On any given motion, there may be a slight overshoot, undershoot, or even a small oscillation in the head as it moves. Drive manufacturers may recommend reformatting drives regularly so that these changes do not cause any data loss.
Thus, a track of data on a disk drive is generally not a perfect circle with a fixed width. The track may be circular, but its width may vary greatly from the theoretically ideal. In normal operation, this is mostly irrelevant. However, when trying to irretrievably delete data by overwriting the data with “zeros,” there is likely to be remnants of the old data on the edges of the track. This data may potentially be recovered.
FIGS. 2A and 2B illustrate the above-discussed concept of erased data remaining on the edges of a track. FIG. 2A illustrates a number of tracks (labeled as tracks 1–6) on a magnetic platter in which darker areas 201 on each track represent magnetic changes that can be interpreted as data. FIG. 2B illustrates the same tracks after a conventional clean implemented by rewriting zeros over each bit. The central dark area is now a uniform white area 202 with a fuzzy area 203 to either side. Fuzzy area 203 includes residual magnetism that could be interpreted by someone with the correct equipment.
Simply deleting files on a hard disk or formatting the hard disk may fail to remove all of the data for another reason. The disk may be set up with more than one partition. When a hard disk is set up for use by a computer, the allocation of storage space must be specified. In many cases, the entire hard drive is assigned to be in a single partition. In other cases, there may be reason to create two or more partitions. Each partition can be used to hold data in different formats, such as one partition used for Microsoft Windows data, and another partition used for Linux data. Or, in the case of Windows, multiple partitions may be set up so that the drive appears to be a number of small drives, rather than one large drive.
This common scenario presents a couple of problems. In the case where different partitions hold different formats of data, it may not be possible to access one of the partitions for file deletion or formatting. Windows may not make the Linux partition visible, so there would be nothing to delete. Even with multiple partitions of the same data type, the data in the partitions may all be visible to the user, but it would be up to the user to know enough to delete all of the data in all of the partitions assigned to a single drive. For untrained personnel, this might be difficult to determine, so for them, the data may appear “hidden.”
Software solutions exist that attempt to overcome the above problems in permanently removing data from hard drives. These solutions involve running software on a single computer to eliminate data on that computer's hard drive. These solutions are not without disadvantages. First, these solutions tend to be operating system dependent, and the operating system must be running properly. Second, at least a moderately trained computer operator must select the proper software, install the software, run the software, and then verify the results. This can be technically difficult, as the operating system files are being eliminated along with all other files. Third, these software solutions can be time consuming. For example, assume a computer professional is given seven computer systems by her company and is tasked with removing data on the drives before recycling the computer systems. In order to use this system of data removal, the computer professional would have to hook up seven monitors, seven keyboards, and seven mice to seven computers. She would then have to turn on seven computers, identify the operating system of each computer, and choose the proper software to run on each one. If there were a power interruption during this process, she may have to format the drives, reinstall the operating system, and then continue with data removal. Thus, this can be a time intensive removal method.
Other conventional software approaches to permanently removing data involve using a first computer as a data removal station for a second computer or drive. The first computer is set up to run data removal software. The user connects the drive to be “cleaned” to this computer. There are a number of potential problems with this approach. First, an expensive PC must be taken from productive service, along with the desk space needed to support its keyboard, monitor and mouse. Second, a trained user must attach the target drive to the host machine. During this process, the host machine must be shut down, the target drive properly installed and configured with a valid address or master/slave status, and finally the host machine rebooted. This can be a time consuming process requiring a trained user. Finally, there is a potential system problem. Most PCs are not designed for hard drives being swapped in an out on a regular basis. A static charge, or cable failure while installing a target drive can damage not only the target drive but also the host machine.
Accordingly, there is a need in the art to more efficiently delete data from long-term memory devices such as hard drives.