Antifroth

Formatting the card will not remove pictures in most cases, and is not reliable for removing all of them. Deleting the images from the camera or the card doesn’t conceal them either. (Canon offer an option described as “deep formatting” or low level formatting, which quite slowly initialises each memory location on the card. The standard “formatting” operation simply erases the file attributes table, the pointers to files on the card. (edit))

Recovery from erase or a simple “format” is very easy, anyone finding a card will have no difficulty at all getting software to read the card byte by byte, and reassemble image files.

Someone who stole a card with the intention of embarrassing a doctor or looking for gain from images – not a large threat, actually – could be relied up on to be certain to recover any images.

I tried recoverjpeg on a 4GByte card which has been used and “erased” – IE files unlinked from the directory entry pointing to them – many many times, and new files recorded – and it retrieved 496 files. A sample of them were complete, I suspect that all of them, and certainly all recent ones, are undamaged.

Memory cards arrange that files are written to new areas of card rather than to previously used ones, so as to even out wear on the memory locations, to increase the life of the card. This opposes secure deletion.

To securely remove pictures from a 4 GByte card, the only approach which certainly succeeds is to actually write a value to each memory location on the card. This will hide previous information to a degree which would require at least research lab or national security facilities to recover.

It isn’t difficult, technically, and essentially involves writing a stream of say 4GBytes of zeroes or arbitrary patterns to the device, rather than to files on the device. In Linux dd will do it.

Copying files across would be more tedious, but if the card is filled with data and then reformatted it will reasonably secured.

Not losing the thing is a key point, however cameras, particularly shared ones in open buildings, are prone to being stolen, as are loose cards. Securing the cards used for patient photographs in the building, and substituting a different card when the camera goes outside is worth considering.

An alternative would be to not use a card, and operate the camera “tethered” to a computer.

recoverjpeg is licenced under the GNU GPL, you can use it freely.

Item 17 of the advice given at the RD&EH Trust Dermatology department website is wrong. I’ve told the author and it has remained wrong.

Recursive Google search on this: http://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=exeter+clinical+photography

If you search Google for the specifically wrong phrase “Format instead of deleting is recommended as it will increase the life of the camera card and ensure the image is completely deleted” then the next item on the first page carries on with the rest of the necessary advice “and then shoot random images until the card is filled”.

Nearby on the same page Lexar’s tips for card use mention using their secure erase option, and warn users that “Remember that when you’re deleting an image, you’re only deleting the file name and other related information pertaining to the image-not the actual image itself. This is why you can still recover the image once it is deleted, since the data area where the image is stored remains intact.”

Everyone makes mistakes, often in print, and not uncommonly in advice being given as from authority. What is alarming is when the mistake is defended instead of being corrected, and when the management culture of the organisation does not discourage this. If small easy faults are deliberately preserved, it is plausible that large difficult faults are nevertheless tackled with speed and vigour, but if an organisation and its people show that it will not leave small errors persisting then its claims to tackle important problems gain an increment in reliability. NASA and their contractors’ zero defect program[1] (they spell it that way) and the Kaisen approach favoured by Toyota and many others are good illustrations of the line of thinking involved.