Treasure from Used Hard Drives

MIT researchers uncover mountains of private data on discarded computers.

The article above points out that it is not enough to format your harddrive before discarding it. A format only removes directory information, it doesn’t actually remove the data. In 2003, some MIT students obtained 158 used hard drives from eBay and other sources. Most of these drives had recoverable data, and some weren’t even erased. One drive appeared to be from an automatic teller machine and contained records of thousands of transactions.

If you’ve ever recovered data from a hosed Windows system you know this is true. Professional data recovery applications such as Norton Ghost can recover entire filesystems, while any of a number of free utilities will search out and recover family photos.

The U.S. Department of Defense (DoD) assumes that it is possible to examine a hard drive with a very sensitive magnetic head to restore each magnetic bit to the last state it was in before an all-zeroes erase. For that reason, DoD Specification DoD 5220.22-M, “National Industrial Security Program Operating Manual”, 2/28/2006 requires seven write passes and a verification pass to ensure that the drive is sanitized.

Commercial products such as CCleaner (which is totally free, incidentally) support DoD specifications. The NSA, otherwise known as “No Such Agency,” has its own erasure specification.

I’ve always taken the stance that the best way to secure an old hard drive is to drill a few holes in the platter. I suppose a really motivated criminal could still recover partial information from it.

Maybe your best bet is to grind the platter to shavings before discarding a used hard drive.

Comments are closed.

Bad Behavior has blocked 460 access attempts in the last 7 days.