How to really remove data from your hard drive

[sp9]

Thought this was an interesting article since many of us have had info on our computers that we do not want used against us. Please add to this if you have additional suggestions:

http://www.bankrate.com/brm/news/advice/20030711a1.asp

Removing financial data from your computer -- for good
By Laura Bruce • Bankrate.com

At Computers 4 Rent in North Palm Beach, Fla., it's not unusual for customers to leave personal financial information on the hard drive of a computer they rented or one they want to sell to the store.

The store has a policy of reformatting the hard drive every time a computer is returned, or whenever someone sells a used computer to the store. Reformatting is supposed to "wipe off" any personal information left on the hard drive.

"An elderly gentleman came in today to sell us his computer," says store manager Rick Zinser. "He said he wanted the hard drive. I said, 'I can wipe it,' but he said, 'no,' he wanted it. It was because he had financial information on it."

The elderly gentleman was savvier than a lot of people when it comes to personal financial information on computer hard drives. Too often, people sell or give away their old computers never realizing that the next user may be able to access that information. Even if the information is "wiped."

Continued below


Deleted, but not gone
"When we get a computer back we restore it. The hard drive is repartitioned and reformatted every time it comes back," Zinser says. "If an expert wanted to restore it, and it wasn't overwritten, (the information) could be found, but it's very expensive to retrieve data."

Zinser is right. It might take an expert to retrieve information from a hard drive after Zinser wipes it clean, but it can be done. If the data wasn't overwritten it could be retrieved by anyone.

Would you really want someone to be able to see your financial data? Maybe you have bank, brokerage or credit card information on your hard drive. The kind of information an identity thief would welcome.

Two MIT graduate students, Simson Garfinkel and Abhi Shelat, recently bought 158 used hard drives from computer stores, small businesses and eBay, the online auction site. Many of the hard drives were physically damaged and/or had unreadable sections.

Nevertheless, the pair managed to retrieve a lot of information from directories and files that had been deleted. Forty-two of the drives had what appeared to be credit card numbers. Garfinkel says they don't know for sure if they're working credit card numbers because that would have required trying to make a transaction.

One drive appeared to have been used in an Illinois ATM. Garfinkel says it had nearly 3,000 numbers that he suspects were ATM card numbers. It also contained account numbers and balances. He says no effort had been made to remove the drive's financial information.

Another drive had a credit card number and expiration information that Garfinkel says he believes was used for Internet purchases.

"People are not generally aware that even after the computer says the information has been deleted, it can be recovered," says Garfinkel.

Covering your digital tracks
To really get rid of something on your hard drive you have to go way beyond pressing the delete key.

Joan Feldman, president of Seattle-based Computer Forensics, Inc., explains that when you delete a file, the computer's operating system marks the file with a symbol and, essentially, removes it from view. If you did a search for the file, it wouldn't show up, but it's still on the hard drive until it's been written over -- several times -- by other files.

"When the hard drive is completely filled and you can't save any more files, the operating system looks for a place where it can save a new file and goes to the location of that deleted file. It releases that space back to you," says Feldman.

"But it's like a pencil mark on a wall that you cover with a coat of paint. You can still see the mark, so you cover it with another layer of paint and it's obscured some more. That process is called wiping, shredding or file wiping. In fact, it's adding layers of data on top of other data."

Keep in mind, if you don't use a lot of graphics, video or music files, you may not run out of space, so your system may never need to write over data you deleted.

So, is taking a sledgehammer to the hard drive the best way to make sure no one else eyeballs your financial information?

"It's safer to do that, but I don't believe it's a socially responsible thing to do," says Garfinkel. "There are a lot of people who can't afford new computers and you're destroying something they could use.

"Some people say it's impossible to clean off the hard drive. It's not impossible. There is free software and commercial software that do an excellent job of cleaning off data. It also does a good job of cleaning off the operating system, but that can be reinstalled."

Garfinkel recommends a free software called AutoClave. It claims to overwrite to U.S. Department of Defense specifications, which is a seven-layer overwrite.

That's an important feature. In fact, many experts like to use DOD specs as the minimum standard when erasing hard drives. Some software uses a higher standard, called the Gutman, utilizing 35 overwrites.

Feldman, whose company specializes in recovering information deleted from hard drives, says it's unlikely that anything with a three-layer overwrite is recoverable.

But if you really want to be sure, opt for the heavy-duty programs.

"Our programs offer many different layers of overwriting," says Bill Adler, president of Atlanta-based CyberScrub. "It depends on the level of security you feel is required. Do you want one lock on the door or four?"

CyberScrub has two erasure programs. One, cyberCide, is designed to erase everything on the hard drive, including the operating system. The other program, CyberScrub, is designed for daily use.

"It can erase your files on demand, plus it can take all your previously deleted material, stuff you think is gone but is recoverable. This will make sure it's not recoverable," Adler says.

You can access the CyberScrub programs at Cyberscrub.com.

An Internet search will turn up hundreds of software programs that erase hard drives. Be aware that all scrubbing software can fail.

"No one will guarantee anything in the software business," says Adler. "All software is sold without warranty. You have no idea of the configuration of all the computers people have, and people use products the wrong way."

Joan Feldman agrees.

"The file-shredding technology is there, and I think it's pretty safe using technology to get rid of technology. What's not in the equation is the human error factor. The person says they erased it, but it wasn't done. Or it could be an equipment problem."

That leaves you with one option.

Bring the hammer down?
"We do recommend destroying the hard drive. Our preferred method is using a drill with a good, strong drill bit. Drill through the metal casing of the hard drive five or six times in different locations," Feldman says.

Simson Garfinkel agrees that physically destroying the hard drive is the best way to make sure no one retrieves your data. But, as mentioned, Garfinkel thinks that's socially irresponsible.

CyberScrub's Adler, who also isn't in favor of destroying hard drives, says drilling makes the hard drive inoperable, but someone with forensics ability would be able to recover the data where it wasn't drilled.

Perhaps the sledgehammer would be best.

In case you've never looked inside your computer, the hard drive is in a flat metal box that's about the size of a paperback novel. You'll have to unplug it before drilling or hammering.

"Computers retain about three times more information than the average user would suspect," according to Feldman. "It's like a piece of black velvet in a lint factory. When you're on the Internet, stuff is being dumped to your hard drive like you wouldn't believe.

"When you use Word or Excel, they very often create multiple copies of the files you're working on. The end result is that little thing that's smaller than a paperback can contain much of your personal history for as long as you've owned that computer."

A caveat. If you're under investigation, or if your computer files are about to be subpoenaed, it's not a good idea to start wiping your hard drive. It's illegal and you can get caught. Feldman says you may be able to delete files, but your intentional destruction could easily be detected.


-- Posted: July 11, 2003
Looking for more stories like this? We'll send them directly to you!

[clockworks]

wanna wipe out your harddrive? its easy.
1) make linux boot disk
2) boot your puter using boot disk
3) execute command: "dd if=/dev/null of=/dev/hda"

that will read "zeros" from virtual device null and write them to device hda (which should be your harddrive).

as for permantly deleting a file without trashing your harddrive. again in linux, you can find the start/end block of the file. then again use the dd command to write zeros to the those blocks on your harddrive. that is assuming the file is contiguous on your harddrive.

if the file is fragmented on your harddrive. i'm sure it wouldn't be hard to find all the blocks that they file uses, and then just use dd to write zeros over those blocks.

its funny how windows users pay lots of money for silly programs that do what linux people can do for free with a few basic commands (with a little computer know how of course)...=)

-- cb

[saboudian]

I think i understand what you're saying clockworks. The one thing that i'm not sure if you understand is that even if you go to the file location and actually delete it, it still leaves a magnetic "ghost". So you can actually still recover that file even if you've deleted that exact file, I beleive you have to actually overwrite that specific location at least 5 times to be safe, in that article it mentioned programs that went to 35 overwrites which would do the job too.

[realityarts]

I use a Linux boot disk with a script that performs MANY writes over the disk to the point the NSA would puke. They I take the disk out into the woods and shoot it all to hell with my .45 caliber. This is partly for fun...and also for extra piece of mind.

[clockworks]

I use a Linux boot disk with a script that performs MANY writes over the disk to the point the NSA would puke. They I take the disk out into the woods and shoot it all to hell with my .45 caliber. This is partly for fun...and also for extra piece of mind.

what in >hell< are you trying to hide?

-- clocky baby

p.s. woo, i'm a die hard linux user/fan also...=)

[Red Ketchup]

Years ago, I made a "dead mans kill" for a friends hard drive...

It contained some rather questionable data which he did not want to fall in big brothers hands (nothing immoral, just well cooked books).

I made his HD killer quite easily... Sheet of flat iron bent in a U wrapped the HD, then cal 14 enameled electrical motor winding wire around it many many times, a relay, 110V and a little mod to the computers front panel keyswitch.

Now anyone who remembers basic high school physics knows I built a really nice electro-magnet. Remember, Hard Drives are sensitive to magnetic fields and the very strong magnetic field from AC current is especially good at scrambling everything in a magnetic media.

We tested it on an old HD... woah... even a low level format couldn't bring it back. It was wiped and zapped.

The way it worked was simple... it was installed around his HD permanently, if "raided" all he had to do was to turn the keyswitch on the front of the computer and voila... 5 seconds later there was no hard drive.

Crude, but effective Of course not as fun as using the HD for target practice!

Red

[Ambulance]

Red Ketchup has the best fxcking signature on the entire internet.

[Red Ketchup]

THIS is how you definetly remove data from a hard drive!!!!!

http://plissken.fatalunity.com/gallery/misc/kfa/gun.wmv

Take 1 Jesse James, add an RX7 and a General Electric M-134 Minigun... Ohhhh yeah!

Geeeee Eeee! We bring good things to life!!!

Red

[ENraged]

THIS is how you definetly remove data from a hard drive!!!!!

http://plissken.fatalunity.com/gallery/misc/kfa/gun.wmv

Take 1 Jesse James, add an RX7 and a General Electric M-134 Minigun... Ohhhh yeah!

Geeeee Eeee! We bring good things to life!!!

Red

But red i used to work for a company that our mission was to salavage burnt data from hdd's and floppys anything almost. Even if you use a magnet the platters can be removed and ran though a machine to grab the data. Then only sure fire way i have seem to truely make data crap was to crack the hdd and scratch the shit out of it. Or use a wiper program which i m also not sure of

[ENraged]

that gun is insane