On Thu, Sep 30, 2010 at 12:34 AM, Jason Hsu, embedded engineer, Linux user <jhsu802701 at jasonhsu.com> wrote: > I've heard that some hard drives contain hidden partitions that Darik's Boot And Nuke cannot erase. Supposedly, law enforcement requires manufacturers to include the hidden partition so that the criminals cannot erase their tracks. Only law enforcement has the special software needed to access the hidden partition. I found this article on HPA: http://www.utica.edu/academic/institutes/ecii/publications/articles/EFE36584-D13F-2962-67BEB146864A2671.pdf I used to work with a computer forensics tech who was fully trained in the use of Encase (one of the most common forensics toolkits). I now work with drive geeks, who have told me this stuff before. In general conversation with them, I gather the following: There is area on the disk that cannot be read or written by the BIOS or OS, that drive manufacturers reserve. One of the tricks used by drive manufacturers is that they will build a drive (let's say 120GB) and use this area to lower the presented space to 40, 60, 80, 100, or 120GB of useable space. They also do the same with write cache etc. One drive, 6 different markets, six different prices. If you KNEW WHAT YOU WERE DOING, you could read/write data to this area of the disk. You won't accidentally get there, as the manufacturers have done everything they can to keep you out. Because this is a manufacturer region reserved for their stuff, they don't seem thrilled that ANYONE (including law enforcement) wants to hack into that region. Encase couldn't do it a few years back, maybe now it can. It is unlikely that law enforcement would have the tools to read data stuffed into the HPA. Boot and Nuke is going to excercise the regions that the drive manufacturers want you to read/write. As long as you haven't used your 1337 assembly skillz to write data into the HPA, you have little (nothing?) to worry about. Boot and Nuke is going to wipe the same sectors that the BIOS/OS will store your data. Your secrets won't "accidentally" drift into an area of disk that DBAN can't get to. Now, there are some areas that you can't wipe with DBAN. For instance, Symantec Ghost writes a unique signature into a region not included in the partiton table. Run DBAN all you want to, the Symantec Ghost signature remains. Now, this doesn't threaten data, but I would guess that Norton did this back in the day to catch Ghost piracy in action. Once a drive has been imaged with Ghost, someone owes Sir Peter Norton some $$. At least they used to. Several years ago I was reading the LILO man page and quickly got in over my head. A good read if you want to know where things really go on a disk, and how hard it is to get rid of some of them. If you're really concerned about data security, I recommend the mobile industrial shredder at Randy's Sanitation in Delano. 2 hard drives went in, a box of unidentifiable dust came out. One of these days I'll post the video to YouTube. Brian