You would not place your credit card or personal photos in a rubbish bin so why do the same with your hard disk?
In annual research conducted by Edith Cowan University, British Telecom, Glamorgan University (UK) and Longwood University(USA) we buy hard disks at random from auction houses and disposal companies. We forensically examine these hard drives for remnant data and consistently across all studies for the last 5 years over 66% of drives contain private and sensitive information as a result of people not disposing of these drives properly. We have found top secret government documents, medical records, financial details, legal documents, credit card numbers, insurance policies, personal photos, emails and most data types we produce as humans.
People believe that once a hard disk or magnetic storage device has been formatted that the information has been destroyed - not true! The only way to destroy data is to erase a drive using a specialised erasure software tool. This has not always been the case formatting routines used early on in computing to format disks did erase the contents of the hard drive.
When a modern hard drive is formatted by a modern operating system it is done as high-level formatting. This wipes out the parts of the hard drive that contain the control structures that maps the data we see on the disk as files. These files are located at the designated parts of the drive and typically consume less than 100Mbytes in size. The now freshly formatted disk appears to the computer user as being erased and having no data contained onto it. The reality is that the data that was written to the hard disk is still actually contained on that hard disk as they are not overwritten in a modern format operation. This then allows a person with some knowledge easily obtainable from the Internet to recover data from the drive. The same concept applies across other secondary magnetically based memory storage devices such as USB memory sticks, digital media players, iPOD and flash memory cards.
What should I do before I dispose of my computer or hard disk or USB key?
As a private individual that owns the hard disk the best way to deal with this problem is to simply to remove and physically destroy the hard drive. This can be accomplished by using a power drill and drilling completely through the actual drive itself several times with a large drill bit. Best to secure in a vice and take appropriate safety precautions. Another is using a punch to knock the spindle down into the case or simply smash into pieces using a large hammer. Remember your hard drive is most probably worth $10-$20 at best do you really want to give away all your secrets away for this much?
Any person or organisation that needs to return a computer to a lease company for instance with hard drives intact then the use of erasure software is warranted. There are both commercial and freeware alternatives available. The freeware versions are as good as or better than some commercial offerings. In our research and experience, one of the easiest to use and most effective is Darik's Boot and Nuke ("DBAN") - it is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.
Please realise that using this tool will or others like it will render your hard drive data unrecoverable i.e there is no going back or undo button. Once you have used the DBAN boot disk its best to break it and place it in bin...for safe keeping.
Finally, you would not place your paper documents, credit cards, personal photos in box and sell them at auction or place them in a bin so why do the same with your data, so please erase that hard disk!
Craig Valli is currently the Head of School and a Associate Professor (Network and Computer Security) within the School of Computer and Information Science and he is a senior researcher in the secau - Security Research Centre at ECU. He has developed and teaches at postgraduate and undergraduate levels in computer security and digital forensics. He has over 20 years experience in the IT Industry and consults to industry on network security and digital forensics issues. He is the Chair and Founder of the Australian Digital Forensics Conference and Co-Chair of the Australian Information Security Management Conference. Craig is also a Co-Editor of the Journal of Information Warfare and Editor of the Journal of Network Forensics. He serves on numerous security related conference committees. He has over 50 publications to his name on security related topics.
Craig Valli is a guest blogger of our "e-Secuity & Small Business" forum which is part of the National e-Security Awareness Week, an annual initiative aiming to raise awareness about the importance of e-security among Australians.
To learn more, visit http://www.staysmartonline.gov.au/ today.
To find out about how to protect your business and your customers and stay safe when working from home, go to http://www.staysmartonline.gov.au/small-business-security, or sign up for the following free services: