Thank you again, but forgive me - you still haven't understood what I'm getting at. I'm not looking at a specific hard disk but the general case in order to enable me to write a reasoned policy and procedures document. Note that DBAN is not acceptable in UK Government use bcause it only cleans LBA-addressable sectors.
I understand what you're getting at. And I gave you a policy. I understand it only cleans LBA addressable sectors and those are all you need to worry about if no sectors were reallocated. It's you who doesn't understand the concept of sector reallocation.
If sectors were reallocated, which you can check using raw SMART data for attributes I gave, whether it was just ONE sector or 1000 sectors, then you can not guarantee all data was wiped so you need to destroy the disk.
You're stuck in some kind of scenario where you think it is useful to know the capacity of the spare pool. It isn't, not for this anyway. What IS relevant is amount of reallocated sectors as you can not wipe those. Spares that were never put to use do not contain user data by definition so you don't need to worry about wiping them.
I am not talking about one specific hard drive. I am giving you a strategy / policy you can apply to ANY hard drive.
TLDR. If donor is paranoid about this data he should instead destroy the drive or hang on to it. You can guarantee you'll erase all user data as long as drive has no reallocated sectors. If you can not wipe all sectors you can guarantee to destroy the drive.
Even in event there are some remapped sectors you'll be needing specialized equipment to attempt to read those sectors.
You have to use Blancco or some other accredited utility, which also wipes spare sectors and ex-LBA sectors that have gone bad and been spared out (grown defects).
You can not wipe reallocated sectors using DBAN. So therefor my recommendation to NOT pass on drives with ANY reallocated sectors. Drives with NO reallocated sectors are safe to donate.
One thing I'd like to add, check if DBAN detects and can disable HPA and DCO if you need to wipe those too. In general these will not contain user data though. These are also outside of LBA space but can be modified using ATA commands.
Blancco as per their documentation can only erase remapped sectors if the drive supports it (enhanced secure erase). Actual wiping is not done by the software but by the drive firmware itself. So IF remapped sectors can be erased is not some advanced feature of the software but of the drive itself.
It's also why Steve has Beyond Recall as a slated future project - his knowledge of the ATA command set would allow him to do a much more thorough job than DBAN.
Doesn't matter, ATA commands are publicly available. If a drive has no reallocated sectors, you do not need to worry about pool of spares containing user data. ATA command set does not offer anything to access reallocated sectors though some drives reset G-List using vendor specific format unit command. As a consequence these sectors will then end up in P-List. And although G-List is now cleared you simply moved the problem. In addition a drive may support enhanced secure erase ATA command which will wipe remapped sectors. This command affects entire drive, you can not secure erase only specific sectors.
Donor: I've got this laptop I'd give you but I'm worried about my personal data.
Me: Don't worry, we'll wipe it with DBAN. But I have to tell you there is a very small risk of residual data remaining.
No. Again IF you discard, dispose of drives, destroy them, with reallocated sectors there's no risk. Only drives WITH sectors reallocated you can not guarantee all data is wiped as those reallocated sectors are out of LBA space.
Donor: <Sharp intake of breath> Hmmm... Can you quantify it? I'm a bit paranoid and need to know just what the risk is before I agree to let you touch it.
Me: Well, if a sector mis-reads, even if it's only a transitory problem due to static, the disk may mark the sector (containing your data) as bad and reallocate it. Forensic programs might still be able to read it.
Yes, and AGAIN, this is why you guarantee your donors you will destroy drives with reallocated sectors. That's your policy. Drives without sector reallocations you can guarantee you will wipe every sector that has ever been used.
Donor: Err, well, we get quite a lot of static. My disk is fairly full but I reckon just a proportion n of my data might be sensitive. So if the spare sectors are a proportion m of the advertised size of the disk, in the worst case where it's used nearly all its spare sectors, the chance is no greater than n * m that some of my sensitive data might survive. I reckon a one in a million chance might be within my risk appetite. So what exactly is the the value of "m"?
Just dispose of ANY drives with ANY reallocated sectors, reallocation events and sectors pending reallocation. If raw values for those attributes are zero after DBAN wipe, you can guarantee all data was wiped.
Me: Not actually quite sure about that. I might have to ask
@Steve.
...snip...
- unless of course Spinrite has determined that the spared sector is ok after all and un-spared it!
No, Spinrite can not 'unspare' a reallocated sector, that's just a ridiculous statement and illustrating total misunderstanding of sector reallocation and what Spinrite can and can't do. Spared sector isn't even a thing. It can not even reach it as it is outside LBA addressable space. Spinrite does not reallocate sectors, nor can it undo this. It can also not address the spare area.
It's the drive firmware that does the reallocations, not Spinrite. It can trigger reallocation as most drives reallocate pending sector upon write. But DBAN wipe will have same effect on the pending sectors as wiping implies writing to the sector.
A spare sector isn't anything special, It's an ordinary sector that is kept in reserve, outside of LBA space. Once a sector is reallocated the only thing that happens is that it's address is added to a table in the SA, and in addition a pointer to the spare is added to this table. The bad sector goes nowhere and nor does the spare. It is simply a table in the SA being updated mapping the previously spare that was outside LBA space to LBA space while at the same time removing the 'bad' sector.
To edit this table or to read content from reallocated sectors you need sophisticated equipment like PC3000 complex or DFL. This equipment only works with supported drive models and families as each of these have the firmware to be reverse engineered. So it's impossible to write some generic software only tool that will be able to do this.