Wiping your Hard Drive of personal data
Originally posted on WIBC.com on 05/11/2009:
Secret details about the U.S. missile defense system were found on a computer hard drive bought on eBay during an investigation into personal data stored on computers being carelessly discarded.
The computer, turned over to the FBI, contained documents from Lockheed Martin that included detailed test launch procedures, photos and personal data of employees, including their social security numbers and blueprints of facilities, the newspaper reported.
“If this is out there, then it does beg the question, what else is out there?” said Glenn Dardick, assistant professor of information systems at Longwood University in Virginia.
Simply erasing all the data on your hard drive and formatting it is not enough security. You can spend hours going through your hard drive and deleting all the files and documents you want, but using the delete key on your keyboard in Windows basically only removes the shortcuts to the files making them invisible to users. Deleted files still reside on the hard drive and a quick Google search will show many options for system recovery software will allow anyone to reinstate that data.
Formatting the hard drive is a bit more secure than simply erasing the files. Formatting a disk does not erase the data on the disk, only the address tables. It makes it much more difficult to recover the files. However a computer specialist would be able to recover most or all the data that was on the disk before the reformat. For those who accidentally reformat a hard disk, being able to recover most or all the data that was on the disk is a good thing. However, if you’re preparing a system for retirement to charity or any other organization, this obviously makes you more vulnerable to data theft.
For some businesses and individual users, a disk format may be something you consider secure enough, depending, of course, on the type of data and information you saved to your computer. As long as people understand that formatting is not a 100 percent secure way to completely remove all data from your computer, then they are able to make the choice between formatting and even more secure methods. If you have decided a disk format is a good choice, at the very least to do a full format rather than a quick format.
Even more secure than reformatting is a process called disk wiping. The term disk wiping is not only used in reference to hard drives but any storage device such as CDs, RAIDs, thumb drives and others. Disk wiping is a secure method of ensuring that data, including company and individually licensed software on your computer and storage devices is irrecoverably deleted before recycling or donating the equipment. Because previously stored data can be brought back with the right software and applications, the disk wiping process will actually overwrite your entire hard drive with data, several times. Once you format you’ll find it all but impossible to retrieve the data which was on the drive before the overwrite.
While disk wiping algorithms differ from product to product, they all will generally write the entire disk with a number (zero or one), then a reformat will be needed. The more times the disk is overwritten and formatted the more secure the disk wipe is, but the trade-off is the extra time to perform additional rewrites. Disk wipe applications will typically overwrite the master boot record, partition table, and every sector of the hard drive.
The government standard, considered a medium security level, specifies three iterations to completely overwrite a hard drive six times. Each iteration makes two write-passes over the entire drive; the first pass inscribes ones (1) over the drive surface and the second inscribes zeros (0) onto the surface. After the third iteration, a government designated code of 246 is written across the drive, then it is verified by a final pass that uses a read-verify process.
There are a variety of products available for different operating systems that you can purchase, or freely download online to perform more secure disk wipes. If time to perform the disk wipe is a consideration, there are also tech security companies who offer disk wipe services.
Did You Know…
In 2003 two MIT students purchased 158 used disk drives from various locations and found more than 5,000 credit card numbers, medical reports, detailed personal and corporate financial information, and several gigabytes worth of personal e-mail on those drives.