Author Topic: Is "Quick Format" safe? (Read 19529 times)

mouser · « **on:** November 15, 2010, 01:45 PM »

When you format a drive in windows, there is an option to do a "Quick Format" -- is this safe to do?

My old understanding was that formatting finds and marks bad sectors.. Does the "Quick Format" option bypass this and so can be dangerous? Is it important not to do a Quick Format on a brand new drive but ok otherwise?

What's the real scoop?

mouser · « **Reply #1 on:** November 15, 2010, 01:47 PM »

Ok I see i should have done a search myself before posting.

Here's what the MS page says:

When you choose to run a regular format on a volume, files are removed from the volume that you are formatting and the hard disk is scanned for bad sectors. The scan for bad sectors is responsible for the majority of the time that it takes to format a volume.

If you choose the Quick format option, format removes files from the partition, but does *NOT* scan the disk for bad sectors.

Only use this option if your hard disk has been previously formatted and you are sure that your hard disk is not damaged.

Bottom line for me then is: Never use Quick Format.

40hz · « **Reply #2 on:** November 15, 2010, 02:12 PM »

It works well with flash memory drives since it saves a little read/write wear on the device.

Renegade · « **Reply #3 on:** November 15, 2010, 02:15 PM »

If you format a disk, then need to reformat it again at the same time more or less, then quick formatting is fine.

Neither is acceptable for data deletion though. While you can use secure deletion software that is often touted as "military secure", US security policies for data deletion require incinerating the drive.

cranioscopical · « **Reply #4 on:** November 15, 2010, 02:23 PM »

While you can use secure deletion software that is often touted as "military secure", US security policies for data deletion require incinerating the drive.
-Renegade (November 15, 2010, 02:15 PM)

So, if I turn off all of the fans in my machine…

f0dder · « **Reply #5 on:** November 15, 2010, 02:42 PM »

I normally do a full format when I purchase a new drive, exactly to check for any bad sectors - besides, the last 4 drives I've purchased have been for external storage, and processed with TrueCrypt... for security reasons, TC volumes shouldn't be quickformatted unless you're going to fill them to the brink right away.

As for data security, a normal non-quick format (~~which just means zero-filling all sectors~~ - there's really no such thing as a "low-level format" anymore, after a drive leaves the factory) ~~is just fine~~. People that still cling on to "military grade security multi-level formatting as prescribed by Gutmann" should check out what Gutmann himself writes - things have changed since the old MFM drives the article was originally written for

Bottom line: a single zero-fill pass (or random-data if you insist) is good enough. If you suspect the NSA is after you, it's probably still good enough, but you might want to incinerate the drive just in case.

EDIT 2010-11-16: whoop, apparently a non-quick format doesn't zero-fill sectors, so you do need a disk wiper - I still stand by a single-pass wipe being perfectly good enough, though.

EDIT 2012-11-19: whoop, you live, you learn. Quoting from Change in the behavior of the format command in Windows Vista:

The format command behavior has changed in Windows Vista. By default in Windows Vista, the format command writes zeros to the whole disk when a full format is performed. In Windows XP and in earlier versions of the Windows operating system, the format command does not write zeros to the whole disk when a full format is performed.

Stoic Joker · « **Reply #6 on:** November 15, 2010, 02:47 PM »

On a new drive I don't see a problem with doing a QF. Reinstalling on an old drive, while I prefer a full format, the default format used by Windows Vista/7 during install appears to be a Quick Format ... Because it usually done in seconds.

KynloStephen66515 · « **Reply #7 on:** November 15, 2010, 03:48 PM »

While you can use secure deletion software that is often touted as "military secure", US security policies for data deletion require incinerating the drive.
-Renegade (November 15, 2010, 02:15 PM)
So, if I turn off all of the fans in my machine…
-cranioscopical (November 15, 2010, 02:23 PM)

and place it next to an external heater, turned on full on a 35c day?

wraith808 · « **Reply #8 on:** November 15, 2010, 04:05 PM »

I use quick format anytime that I'm formatting a drive for myself that I have been using previously and having no problems with. And I've never had a problem with it, personally. /me shrugs

MilesAhead · « **Reply #9 on:** November 15, 2010, 05:02 PM »

If you change the partition type I highly recommend the full format. I've had experience with USB keys changing from FAT32 to NTFS or vice/versa where copying data on gave no error. But reading it back "ran out of file" at some point. When formatting the file system type for the first time I'd say always do the full format. The quick format amounts to a quick erase.

Stoic Joker · « **Reply #10 on:** November 15, 2010, 05:37 PM »

As for data security, a normal non-quick format (which just means zero-filling all sectors - there's really no such thing as a "low-level format" anymore, after a drive leaves the factory) is just fine.
-f0dder (November 15, 2010, 02:42 PM)

You sure about that one? For the average end user sure okay, but a business? I've recovered data from a (fully) formatted drive, Even got a good bit (20%) of info off a drive that had been (factory restore) reimaged. Gutmann did mentioned (recommend actually) DBAN in his epilogue.

Shades · « **Reply #11 on:** November 15, 2010, 05:50 PM »

things have changed since the old MFM drives
-f0dder (November 15, 2010, 02:42 PM)

My MFM drive (on an Amiga 500) would already lose its data when I (lightly) bumped the table it was resting on. The difference between those highly unreliable drives and the rock solidness of the current generations still baffles me.

4wd · « **Reply #12 on:** November 15, 2010, 06:11 PM »

My MFM drive (on an Amiga 500) would already lose its data when I (lightly) bumped the table it was resting on. The difference between those highly unreliable drives and the rock solidness of the current generations still baffles me.
-Shades (November 15, 2010, 05:50 PM)

The RLLs in my A3000 are still reliable, (well after the drive has spun long enough to desolidify the lubricant they are - they sure run hot until that happens

).

f0dder · « **Reply #13 on:** November 16, 2010, 01:50 AM »

As for data security, a normal non-quick format (which just means zero-filling all sectors - there's really no such thing as a "low-level format" anymore, after a drive leaves the factory) is just fine.
-f0dder (November 15, 2010, 02:42 PM)
You sure about that one? For the average end user sure okay, but a business? I've recovered data from a (fully) formatted drive, Even got a good bit (20%) of info off a drive that had been (factory restore) reimaged. Gutmann did mentioned (recommend actually) DBAN in his epilogue.
-Stoic Joker (November 15, 2010, 05:37 PM)

I don't see how you could restore data from a fully formatted drive - but reimaged is easy, since that only overwrites the partition with what's in the image file, and leaves the rest of the partition untouched.

Stoic Joker · « **Reply #14 on:** November 16, 2010, 06:41 AM »

That's what I thought when I used a WinXP install disk to do a full format on a client machine that was to be wiped. When it finished, I rebooted it expecting to see the typical OS not found message, but it booted back into XP.

Now I'll gladly admit it could have been a fluke, because a statistical sampling of one doesn't prove shit to anyone. But it was an awful spooky fluke...that I've never repeated.

For recovery stuff I've always used Runtimes Get Data Back - That's the best I can remember for details.

f0dder · « **Reply #15 on:** November 16, 2010, 06:59 AM »

Hm, I stand corrected - just did a test in vmware. For whatever reason it seems that doing a (non-quick) format actually doesn't zero-fill the sectors - apparently it's equivalent to a quick-format followed by a bad-sector scan.

This is somewhat of a shock to me - first, because this means a format doesn't wipe your data. Second, because new bad sectors might not be discovered merely from a read, and sector reallocation only kicks in on a write. Eek.

Thanks for making me look into this, Joker - I'll be sure to do an explicit single-pass wipe instead of format from now on.

40hz · « **Reply #16 on:** November 16, 2010, 08:35 AM »

Would have been really cool if Microsoft included a zero-fill switch ( /z ) for their format command.

But I suppose that would have been too easy. $:-\$

Stoic Joker · « **Reply #17 on:** November 16, 2010, 11:18 AM »

Would have been really cool if Microsoft included a zero-fill switch ( /z ) for their format command.
-40hz (November 16, 2010, 08:35 AM)

They used to have the ( /U ) unconditional format option in the 9x days. But in retrospect I'm not entirely sure what it did (data destruction wise).

f0dder · « **Reply #18 on:** November 16, 2010, 11:33 AM »

Would have been really cool if Microsoft included a zero-fill switch ( /z ) for their format command.
-40hz (November 16, 2010, 08:35 AM)
They used to have the ( /U ) unconditional format option in the 9x days. But in retrospect I'm not entirely sure what it did (data destruction wise).
-Stoic Joker (November 16, 2010, 11:18 AM)

/u is accepted by WinXP format, but doesn't seem to do anything - definitely no zero-filling

40hz · « **Reply #19 on:** November 16, 2010, 11:49 AM »

If I recall correctly, /u told format to skip saving some recovery information that made it easy to un-format a partition provided you did it immediately after you formatted.

It was intended to be an override for the safety feature that helped fix that mistake everybody seems to have made at one time or another. That's the one where you said "yes format" (followed by your choice of expletive) when you really meant to say "no."

f0dder · « **Reply #20 on:** November 16, 2010, 12:12 PM »

40hz: I definitely remember using /u back in the old DOS and w9x days - and iirc it was super slow. So I think (

) it's more a case of /u actually zero-filling the partition rather than "not saving recovery information". Iirc the regular format didn't even completely nuke the FAT filesystem structures, but rather set every file&folders as deleted (done on FAT by setting the first char of it's name to some special character).

40hz · « **Reply #21 on:** November 16, 2010, 12:24 PM »

You could be right. I just remember if you didn't do a /u on a floppy format, you wound up with less available disk space than if you did. Supposedly some hidden file(s) got saved that the unformat command could use to undo the format. When MSoft dropped the unformat command back around WinME (or thereabouts? Maybe it was still back in the late DOS days?) the /u became sort of meaningless.

I suppose you could try it on a floppy to see if it still does anything. I'm guessing these days it's just a "zombie switch" (i.e. doesn't violate command syntax, but also doesn't do anything).

That's assuming anybody still has a working floppy drive and usable media to test it!

f0dder · « **Reply #22 on:** November 16, 2010, 12:29 PM »

Hm, could be you're right - if "unformat" was able to restore file/folder names without mangled first-char, then probably a copy of the FAT was saved, or just the file names. I wonder if this was only for floppies, or disk partitions as well?

40hz · « **Reply #23 on:** November 16, 2010, 12:39 PM »

OK, I stopped being lazy and ran over to TechNet.

Here's what they had to say:

Safe formatting

If you do not specify the /u switch or a switch that reformats the disk to a different size, format performs a "safe" format. It clears the file allocation table and root directory of the disk but does not delete any data. You can then use the unformat command to recover the disk if you did not intend to format the disk. Format also checks each sector on the disk to ensure that the sector can properly store data. If it locates a sector that cannot store data, format marks that sector to prevent MS-DOS from using it.

If you specify the /u switch or any switch that changes the size of the disk, format performs an unconditional format by deleting all data on the disk.

Quick formatting

You can speed up the formatting process by using the /q switch. Use this switch only if you have not received read or write errors on your disk. You can speed up the process even more by using both the /q and /u switches. If you use the /u switch, format does not save the information necessary to later unformat the disk.

So I guess the "hidden recovery file" stuff I was told (or imagined being told

) is incorrect. Looks like regular format (at that point) simply tossed the FAT and root directory. Kinda like "keeping all the library books and just throwing out the cardfile" as the saying used to go.

Still doesn't explain why a floppy always came up a few kilobytes short if you didn't do the /u (maybe it did keep a copy of the FAT/root after all?) but there you have it.

4wd · « **Reply #24 on:** November 16, 2010, 06:33 PM »

This is somewhat of a shock to me - first, because this means a format doesn't wipe your data. Second, because new bad sectors might not be discovered merely from a read, and sector reallocation only kicks in on a write. Eek.

Thanks for making me look into this, Joker - I'll be sure to do an explicit single-pass wipe instead of format from now on.
-f0dder (November 16, 2010, 06:59 AM)

You could always try a Low Level Format, it worked on my 1TB Samsung - took a very long time, probably the same amount as doing a single-pass wipe.