Jump to first occurrence of: [FILE] [SHREDDING] [SOFTWARE]
 You did it right, or so you thought. Before you sold your computer, you deleted all of your email, all of your business files, all of your banking information. Two months later, suspicious charges appear on your credit card and other signs materialize that someone has stolen your identity.
If you think "deleted" information can't be retrieved from an old hard drive, think again. Last year, MIT graduate students Simson Garfinkel and Abhi Shelat revealed findings of a two-year project in which they collected and analyzed 158 hard drives bought from computer stores, businesses, and eBay. The researchers discovered that most computer users don't bother to properly wipe their hard drives before selling them. In fact, on the 129 drives that actually worked, they found thousands of credit card numbers, emails, medical information, love letters, pornography, and other information.
Today, our hard drives contain information pertaining to almost every aspect of our lives, which makes them valuable tools for thieves looking for a quick buck. Even if you can't see any remaining data on a hard drive, chances are there's something still there, so it's essential to learn how to erase it for good before you dump that drive.
 Gone Today, Still Here Today
Deleting files in Windows carries a certain sense of finality, which in turn leads many users to believe deleted files are gone forever. After all, when you empty the Recycle Bin, it seems you can never recover those files because Windows offers no option to get them back. However, the delete process does not actually erase files from your hard drive. The OS (operating system) simply rewrites the data that points to the file, modifies a small amount of the file's data to mark it for deletion, and then moves the rest of the file data to the hard drive's free cluster list. Why does Windows simply move deleted files instead of erasing them for good? |
If you think that emptying files from your Recycle Bin gets rid
of those files for good, think again because they'll still lurk somewhere on your hard drive. | "Performance issues," Shelat says. "It's easier [for the OS] to move those clusters to your free list than to actually write zeros over them. So in order to make those deletes fast, that's the standard way to do it."
Another popular misconception is that formatting a hard drive will permanently rid the hard drive of all stored data. But like deleting files, formatting won't do the trick.
"All the format command does is reconfigure your FAT [file allocation tables] tables at the beginning of the disk and check through the disk to see whether the blocks are still readable," Shelat explained. "But it doesn't do anything to remove or overwrite any of the data. Again, this is for performance reasons."
The file system's efficient behavior means that potentially all of the deleted data on your hard drive is vulnerable to recovery techniques, including the use of easily obtained software that can search a hard drive's sectors for deleted data and recover it. There are also several premium recovery services, such as DriveSavers Data Recovery (http://www.drivesavers.com) and Hard Drive Recovery Group (http://www.harddriverecovery.org), that claim high success rates when it comes to extracting hard drive data. Depending on who you are and what's on your hard drive, snoops can use even more aggressive and expensive techniques to scour your drive, including the use of an MFM (magnetic force microscope), which can even extract overwritten data.
Destroy That Data
Fortunately, securing your hard drive before you sell it or throw it away is surprisingly easy. There are several methods you can use to ensure that all of the data on your drive—whether you previously deleted it or not—won't be recovered by thieves, authorities, or anyone else looking to take advantage of your information.
The U.S. DoD (Department of Defense) outlines standards for hard drive erasing (or "sanitizing") in its National Industry Security Program Operating Manual, which provides guidelines for preventing unauthorized disclosure of classified information. As part of a "clearing and sanitization matrix," the DoD recommends erasing a hard drive by either degaussing with a Type I or Type II degausser; overwriting the drive with random characters; or destroying the drive by disintegrating, incinerating, pulverizing, shredding, or melting. While some of these methods will indeed prevent hard drive data recovery, not all of them are either practical or particularly effective.
A degausser is a machine that removes all of the magnetism from a hard drive, which in turn removes all of the current data and eliminates its ability to hold data. When you degauss a hard drive, it's dead for good. A hard drive degausser can cost thousands of dollars, so degaussing is feasible only for companies, schools, or other organizations that need to wipe many drives on a regular basis. Even for some of those organizations, degaussing isn't the best wiping method because the dead hard drives can't be sold, donated, or otherwise reused after the degaussing process.
Physically destroying your hard drive can be effective if you have the resources to do it, but successful destruction is much tougher than you might imagine. Hard drives are built like tiny fortresses and designed to repel damage, so you can't simply pulverize a drive by, say, throwing it against a brick wall. And sure, melting the drive into a molten blob would obliterate your data, but the same home oven that does a splendid job of baking apple pies can't generate temperatures high enough to melt a drive. Some people believe that drilling holes through a hard drive's platters—the magnetic disks that store the data—can prevent data recovery. Indeed, holes and similar damage to a hard drive can make efforts to retrieve data more difficult, but someone with the right resources can still retrieve data even from a severely damaged hard drive. |
Degaussers such as this Ibas DG.01 can erase hard drives and render them unusable, but their high cost is prohibitive for individual users. | For most users, overwriting data is the most efficient method for wiping hard drives. When all of the addressable blocks on a hard drive are filled with new data, typical recovery programs cannot retrieve the data that previously resided in the blocks. One way to overwrite is to fill your hard drive with large files and delete them, but a more efficient method is using any one of several software utilities specifically designed to overwrite hard drive data. These utilities offer a variety of wiping methods that deliver varying amounts of protection, and the method you choose should depend on the level of your data's sensitivity and the time you're willing to spend waiting for the wipe process to complete.
The quickest method included with most utilities is a one-pass wipe that overwrites all drive data with zeros. You might also see methods that blend this simple, zero-character wipe with another pass that adds random characters, or even multiple-pass methods that overwrite with all random characters. Most utilities include the DoD 5220.22-M method, a seven-pass wipe using random characters, complements of characters, and random data streams. Other methods include the seven-pass Schneier method, which uses two passes of specific patterns followed by five passes using a cryptographically secure pseudo-random sequence, and the Gutmann method, which uses a whopping 35 passes, with 27 random-order passes using specific data combined with eight passes using random data.
According to Garfinkel and Shelat, the simplest wiping method included with most wiping utilities provides sufficient sanitization. "If you just overwrite with zeros, even ones, that's sufficient to dissuade all but the most well-heeled people from recovering any of your data," Shelat says.
However, if you're already making an effort to wipe your drive, it's best to use one of the more-advanced wiping methods provided with whichever utility you choose. Although data can theoretically be retrieved with hardware tools from drives either overwritten with zeros or wiped using more advanced techniques, the chances are much slimmer if you use advanced techniques.
If you plan to sell or give away your hard drive, we recommend using a multiple-pass method, such as the Schneier or Gutmann method, to wipe its data. These methods take significantly more time to run than a simple, one-pass zero overwrite, but the peace of mind that comes with these secure methods is worth it. If you need to wipe your current primary hard drive and the utility you're using doesn't offer the option to boot your computer with a floppy disk or CD-ROM, you'll need to install another drive as the primary drive and install the drive you want to wipe as the secondary drive (or just install the drive in another PC). If you plan on throwing the drive away, you can add the extra step of smashing or mangling the drive's connectors, but make sure to wear protective gloves and eyewear before you try this. If you're still paranoid, you can disassemble the drive and sand down the platters, but again, wear protective equipment to avoid injury.
Be Safe, Not Sorry
Even if you don't think your data is valuable, it's still worth the effort to wipe your drive before it leaves your hands. Shelat said that pilfering of hard drive data is probably a common occurrence, especially considering that the process to extract the data is "fairly straightforward and fairly easy." Even if you trust the person buying your PC or hard drive, you don't know where it will end up in the future, when it could hold your old data. You wouldn't sell your wallet with your license and credit cards still intact, so follow the same precautions with your hard drive. 
by Christian Perry
Third-Party Utilities: Hire A Wiping Commando
When it comes to erasing hard drives, you won't find any wiping utilities included with Windows. But that's no problem because the choices available on the Web are vast and varied, and it's easy to find a program that suits your particular needs. Let's take a look at several drive-wiping utilities that can help to secure your drive before you ditch it.
WipeDrive
$39.95 (WhiteCanyon Software; http://www.whitecanyon.com)
WipeDrive serves one purpose: the complete elimination of hard drive data. This means you won't get any fancy single-file or free space wiping options with this software, but you will get an effective drive eraser. Simply reboot your PC to a floppy diskette or CD-ROM containing the Wipe-Drive software, select the drive you want to wipe (you can even wipe all of your drives), and then choose the number of overwrites you want the software to perform. Wipe-Drive supports any size IDE (Integrated Drive Electronics) or SCSI (Small Computer System Interface) hard drive using any drive format, including FAT16 (file allocation table, 16-bit), FAT32 (32-bit), NTFS, and Linux. The software also lets you verify that the drive is erased using either a quick verify option, which spot checks the drive for uncleaned sectors, or a complete verify, which checks every sector on the drive.
Acronis DriveCleanser 6.0
$49.99 (Acronis; http://www.acronis.com)
Using a Windows XP-like interface, Acronis DriveCleanser simplifies the secure deletion of all data on a hard drive or partition. Along with wiping options, DriveCleanser also lets users format the hard drive, partition it, and delete partitions, any of which can occur directly after the wiping process. A wide selection of overwrite algorithms is included, including DoD 5220.22-M, Gutmann, Schneier, VSITR (a German data-destruction standard), and GOST (a Russian data-destruction standard), and there's even an easy-to-use option to create custom algorithms that you can save for future use. The software's DiskViewer utility lets you examine hard drive sectors to confirm wiping.
Darik's Boot And Nuke (DBAN)
Free (Darik; http://dban.sourceforge.net)
If you want a free, no-nonsense tool that destroys all hard drive data, check out Darik's Boot And Nuke (also called DBAN). This nifty open-source utility lets you boot your computer with a floppy and wipe your drive using any of several methods including Gutmann and PRNG (Pseudo-Random Number Generator) stream wipe.
CyberScrub 3.0
$49.95 (CyberScrub; http://www.cyberscrub.com)
CyberScrub integrates with the Windows shell to deliver quick file- and folder-wiping options and also offers an easily navigable interface to perform more complex actions, such as erasing entire drives. Wiping options range from simple, one-pass wipes to 13-pass wipes that use three random wipes, the seven-pass DoD 5220.22-M method, and another three random wipes. CyberScrub also includes the Gutmann algorithm and an option to create custom wiping algorithms. Other wipe options let you erase free disk space, erase file slack, and even scramble file and folder properties. The company also sells the $29.95 CyberCide, which only wipes entire hard drives.
Eraser 5.7
Free, $15 donation suggested (Heidi Computers; http://www.heidi.ie/eraser)
If you're not keen on paying for a drive-wiping utility, consider downloading the free Eraser, a powerful, dependable utility that delivers a wealth of erasing functions. Like other programs in this roundup, Eraser uses the Gutmann and DoD 5220.22-M methods, along with a custom algorithm option. Although Eraser's interface isn't quite as refined as interfaces on other products, it's nonetheless an affordable way to erase anything on any IDE-, SCSI-, or RAID (redundant array of independent disks)-configured drive.
|
|
Email This
Print This
You did it right, or so you thought. Before you sold your computer, you deleted all of your email, all of your business files, all of your banking information. Two months later, suspicious charges appear on your credit card and other signs materialize that someone has stolen your identity. 
