Going. Going. Gone! Not! Looking at secure data deletion

September 12th, 2005

This is a reprint of an article that I wrote on March 1st 2005 which originally appeared on Kingsley-Hughes.com.

Once again reports about how [tag]data[/tag] can be recovered from hard drives bought secondhand online hits the headlines:

"Organisations are failing to remove important information from computer hard drives when they dispose of them, researchers are warning."

This time a group from University of Glamorgan bought 105 hard drives from online auction site eBay and examined them. Of the 105 the group were able to access data on 92 of them and 57% of the drives contained information that allowed them to be traced back to the original owner, whether that be an individual or organization.

This is a growing problem, has hard drive capacities grow and people need more space, the pace at which people upgrade is growing. And close on the heels of these people that buy new hard drives are those that want to save some money and buy them second hand. Problem is, with so many drives containing what could be valuable data it is likely that many of these second hand [tag]hard drive[/tag] are falling in the hands of criminals, scammers and [tag]spam[/tag] merchants who want to use the data left on the hard drive for their own gain.

Let's be clear here, mot of these aren't examples of badly wiped drives - most of these are drives that were never wiped in the first place. It's staggering how many people will dispose of a hard drive that contains data by throwing it into the bin. More staggering is the number of people that will sell their hard drive complete with data. Some of these drives undoubtedly come from people who have upgraded drives for others and kept the old drive "for disposal", later disposing of it by selling it.

Hard drive facts

  • If you take a hard drive for one system and plug it into another, there is an excellent chance that it used and the data read and copied off of it.
  • Deleting the data offers no protection. Deleted data can be "undeleted" just as easily as it was deleted
  • Formatting a hard drive offers so little protection against the data being recovered that it's a joke to even suggest it - it usually takes longer to format a drive than it does to "unformat" it!
  • The only guaranteed way to ensure that the data is unrecoverable off a hard drive is to destroy the hard drive (this gets around users not using the wipe tools properly and other such events).

Secure deleting

There are a number of software utilities available that claim to be able to securely wipe hard drives of their contents. Some are commercial (in other words you need to pay for them), some are free. These utilities delete the data and then overwrite the entire hard drive with zeros, ones, random data or a combination of all. The greater the number of passes on the hard drive, the greater the security. Believe it or not, security continues to improve with each additional overwrite up to 28 overwrites of the drive (the reason for this is rather odd and a little complex and can wait for a later article perhaps). For the normal user though, consider 7 overwrite (or passes) as ample security.

However, just because something claims to do something doesn't mean that it does it. There is a lot of snakeoil in the security world (snakeoil is something that claims to do one thing but doesn't actually do it, or perhaps not as well as it claims). Most users couldn't tell the difference between a program that had deleted data or a program that had securely deleted it. For most people, paying $10, $25 or $50 adds to the perceived quality of the utility and the security that it offers. Don't be fooled. There are good utilities to be found for nothing.

The best is called Darik's Boot and Nuke and is available from http://dban.sourceforge.net/. Don't be fooled by the odd name of the fact that it's free, this tool is part of the National Nuclear Security Administration suite of security tools! If it's good enough for them, it should be good enough for us.

Darik's Boot and Nuke, or DBAN, is a robust and secure eraser (I know, I've looked at both the code and at drives cleaned by it and this utility really does what it says it will do) that allows you to carry out different types of wipe, ranging from quick erase (not very secure) to extra-secure Gutmann or PRNG (PseudoRandom Number Generator) Stream wipes.

To top that off:

  • DBAN supports all available IDE disk drivers.
  • DBAN supports all available SCSI disk drivers.
  • DBAN runs on all 32-bit x86-class computers (Pentium, Athlon, and others) with at least 8 Mb of RAM.

When to wipe drives

Remember to wipe drives before:

  • Selling a hard drive
  • Selling a PC (if you are selling one with an operating system, wipe the drive and reinstall the operating system)
  • Sending a hard drive back under warranty (this might not always be possible - consider what data you have stored and decide whether you want to carry on with a warranty exchange or would rather buy a new drive as new drives are relatively cheap)
  • Before storing an unneeded hard drive for an extended period (it's easy for old hard drives to be thrown out with data on them - wiping them before storage eliminates this risk)

Physical destruction

If you want to physically destroy a hard drive it can be done easily - all you need is a hammer and a between one and four six-inch nails. One nail if you want the lowest security, four is you want the maximum. Simple remove the drive from the PC, place the drive on a surface that you can work on (the ground is good, with some wood underneath you, floorboard and so on are bad, unless you want a hard drive nailed to the floor of your home or office) then hammer the nails through the case.

The diagram below shows the approximate positions for each of the four nails (it varies from drive to drive but since we are using hammer and nails here this isn't exactly rocket science!).

If you are totally, seriously, paranoidly concerned about data recover, then open your hard disk, grind down the platters and chuck all the bits into a furnace.

This entry was posted on Monday, September 12th, 2005 at 09:38 and is filed under Stay Secure. You can follow any responses to this entry through the RSS 2.0 feed. Both comments and pings are currently closed.

Comments are closed.