A computer forensics specialist has a message for security-minded computer users: A single wipe will make drives impossible to read.

In research published on Thursday, auditor Craig Wright tested the ability of a special type of electron microscope, known as a magnetic force microscope, to read data that has been erased. While overwriting the data multiple times with a random series of 0s and 1s makes it harder to recover, Wright found that it is nearly impossible to recover any meaningful amount of data after a only single pass. Recovering a single byte of data, for example, on a used drive is successful less than one percent of the time, he found. Accurately recovering four bytes, or 32 bits, of data only works nine times out of each million tries.

"Although there is a good chance of recovery for any individual bit from a drive, the chances of recovery of any amount of data froma drive using an electron microscope are negligible," Wright stated. "The fallacy that data can be forensically recovered using an electron microscope or related means needs to be put to rest."

Many software products designed to wipe hard drive allow for multiple passes to erase the data. Common wisdom holds that the more sensitive the data, the more times you should overwrite the drive. However, Wright's research suggests that a single pass is all that's necessary to protect the data on a hard drive.

Wright did find that multiple passes do make it harder to recover data and that data written to a pristine drive is much easier to recover. Yet, in the most common case, where the drive has been used and written to multiple times, a user can be assured of their privacy by a single pass.

"In many instances, using a MFM (magnetic force microscope) to determine the prior value written to the hard drive was less successful than a simple coin toss."

If you have tips or insights on this topic, please contact SecurityFocus.