How to really remove data from your hard drive
Thought this was an interesting article since many of us have had info on our computers that we do not want used against us. Please add to this if you have additional suggestions:
http://www.bankrate.com/brm/news/advice/20030711a1.asp
Removing financial data from your computer -- for good
By Laura Bruce • Bankrate.com
At Computers 4 Rent in North Palm Beach, Fla., it's not unusual for customers to leave personal financial information on the hard drive of a computer they rented or one they want to sell to the store.
The store has a policy of reformatting the hard drive every time a computer is returned, or whenever someone sells a used computer to the store. Reformatting is supposed to "wipe off" any personal information left on the hard drive.
"An elderly gentleman came in today to sell us his computer," says store manager Rick Zinser. "He said he wanted the hard drive. I said, 'I can wipe it,' but he said, 'no,' he wanted it. It was because he had financial information on it."
The elderly gentleman was savvier than a lot of people when it comes to personal financial information on computer hard drives. Too often, people sell or give away their old computers never realizing that the next user may be able to access that information. Even if the information is "wiped."
Continued below
Deleted, but not gone
"When we get a computer back we restore it. The hard drive is repartitioned and reformatted every time it comes back," Zinser says. "If an expert wanted to restore it, and it wasn't overwritten, (the information) could be found, but it's very expensive to retrieve data."
Zinser is right. It might take an expert to retrieve information from a hard drive after Zinser wipes it clean, but it can be done. If the data wasn't overwritten it could be retrieved by anyone.
Would you really want someone to be able to see your financial data? Maybe you have bank, brokerage or credit card information on your hard drive. The kind of information an identity thief would welcome.
Two MIT graduate students, Simson Garfinkel and Abhi Shelat, recently bought 158 used hard drives from computer stores, small businesses and eBay, the online auction site. Many of the hard drives were physically damaged and/or had unreadable sections.
Nevertheless, the pair managed to retrieve a lot of information from directories and files that had been deleted. Forty-two of the drives had what appeared to be credit card numbers. Garfinkel says they don't know for sure if they're working credit card numbers because that would have required trying to make a transaction.
One drive appeared to have been used in an Illinois ATM. Garfinkel says it had nearly 3,000 numbers that he suspects were ATM card numbers. It also contained account numbers and balances. He says no effort had been made to remove the drive's financial information.
Another drive had a credit card number and expiration information that Garfinkel says he believes was used for Internet purchases.
"People are not generally aware that even after the computer says the information has been deleted, it can be recovered," says Garfinkel.
Covering your digital tracks
To really get rid of something on your hard drive you have to go way beyond pressing the delete key.
Joan Feldman, president of Seattle-based Computer Forensics, Inc., explains that when you delete a file, the computer's operating system marks the file with a symbol and, essentially, removes it from view. If you did a search for the file, it wouldn't show up, but it's still on the hard drive until it's been written over -- several times -- by other files.
"When the hard drive is completely filled and you can't save any more files, the operating system looks for a place where it can save a new file and goes to the location of that deleted file. It releases that space back to you," says Feldman.
"But it's like a pencil mark on a wall that you cover with a coat of paint. You can still see the mark, so you cover it with another layer of paint and it's obscured some more. That process is called wiping, shredding or file wiping. In fact, it's adding layers of data on top of other data."
Keep in mind, if you don't use a lot of graphics, video or music files, you may not run out of space, so your system may never need to write over data you deleted.
So, is taking a sledgehammer to the hard drive the best way to make sure no one else eyeballs your financial information?
"It's safer to do that, but I don't believe it's a socially responsible thing to do," says Garfinkel. "There are a lot of people who can't afford new computers and you're destroying something they could use.
"Some people say it's impossible to clean off the hard drive. It's not impossible. There is free software and commercial software that do an excellent job of cleaning off data. It also does a good job of cleaning off the operating system, but that can be reinstalled."
Garfinkel recommends a free software called AutoClave. It claims to overwrite to U.S. Department of Defense specifications, which is a seven-layer overwrite.
That's an important feature. In fact, many experts like to use DOD specs as the minimum standard when erasing hard drives. Some software uses a higher standard, called the Gutman, utilizing 35 overwrites.
Feldman, whose company specializes in recovering information deleted from hard drives, says it's unlikely that anything with a three-layer overwrite is recoverable.
But if you really want to be sure, opt for the heavy-duty programs.
"Our programs offer many different layers of overwriting," says Bill Adler, president of Atlanta-based CyberScrub. "It depends on the level of security you feel is required. Do you want one lock on the door or four?"
CyberScrub has two erasure programs. One, cyberCide, is designed to erase everything on the hard drive, including the operating system. The other program, CyberScrub, is designed for daily use.
"It can erase your files on demand, plus it can take all your previously deleted material, stuff you think is gone but is recoverable. This will make sure it's not recoverable," Adler says.
You can access the CyberScrub programs at Cyberscrub.com.
An Internet search will turn up hundreds of software programs that erase hard drives. Be aware that all scrubbing software can fail.
"No one will guarantee anything in the software business," says Adler. "All software is sold without warranty. You have no idea of the configuration of all the computers people have, and people use products the wrong way."
Joan Feldman agrees.
"The file-shredding technology is there, and I think it's pretty safe using technology to get rid of technology. What's not in the equation is the human error factor. The person says they erased it, but it wasn't done. Or it could be an equipment problem."
That leaves you with one option.
Bring the hammer down?
"We do recommend destroying the hard drive. Our preferred method is using a drill with a good, strong drill bit. Drill through the metal casing of the hard drive five or six times in different locations," Feldman says.
Simson Garfinkel agrees that physically destroying the hard drive is the best way to make sure no one retrieves your data. But, as mentioned, Garfinkel thinks that's socially irresponsible.
CyberScrub's Adler, who also isn't in favor of destroying hard drives, says drilling makes the hard drive inoperable, but someone with forensics ability would be able to recover the data where it wasn't drilled.
Perhaps the sledgehammer would be best.
In case you've never looked inside your computer, the hard drive is in a flat metal box that's about the size of a paperback novel. You'll have to unplug it before drilling or hammering.
"Computers retain about three times more information than the average user would suspect," according to Feldman. "It's like a piece of black velvet in a lint factory. When you're on the Internet, stuff is being dumped to your hard drive like you wouldn't believe.
"When you use Word or Excel, they very often create multiple copies of the files you're working on. The end result is that little thing that's smaller than a paperback can contain much of your personal history for as long as you've owned that computer."
A caveat. If you're under investigation, or if your computer files are about to be subpoenaed, it's not a good idea to start wiping your hard drive. It's illegal and you can get caught. Feldman says you may be able to delete files, but your intentional destruction could easily be detected.
-- Posted: July 11, 2003
Looking for more stories like this? We'll send them directly to you!
