Kessler International, a computer forensics company from New York, conducted a study of used hard drives available on eBay. Almost half of the hundred drives they sampled, purchased in random bulk lots, contained data that was easily recovered. A shocking amount of them required no more recovery effort than plugging them in and powering up. They found personal photos, financial records, emails, personal and corporate correspondence, corporate secrets, and more:
"The average person who knows anything about computers could plug in these disks and just go surfing," Kessler said. "I know they found a guy's foot fetish on one disk. He'd been downloading loads and loads of stuff on feet. With what we got on that disk — his name, address and all of his contacts — it would have been extremely embarrassing if we were somebody who wanted to blackmail him."
While you may not be particularly worried about the world finding out about your curious interest in Manolo Blahniks, nobody should run the risk of their personal and financial data leaking into the wild when it is so easily prevented. Photo by makani5.
Understanding File Deletion
The first step in securing your data is bolstering your understanding of how data is stored and what happens when you delete it. Many people operate under the impression that when they delete a file it's gone, as though they had torn a page from a book. But the way most operating systems handle such events is by simply removing the little marker that points to the file. That's more like having information written on a chalk board in columns, each column labeled with a header, and then simply erasing that header to signify that column is "deleted" and available for future writing over. Anyone who looks at the board can read everything written in the column, until someone starts writing over it.
What does this mean for your data privacy? It means a computer-savvy middle school student could recover a filed deleted in Windows, with little effort and widely available freeware tools. You need tools that will actually wipe the chalk board clean.
Secure Deletion and File Overwrite
Overwriting the data on a disk with other data is a strong defense against the original data being recovered. There is an enormous amount of misinformation about the process of secure file deletion and overwriting, however.
There's no sense in wasting your time and electricity performing elaborate file deletion rituals that won't yield you any additional benefit. An excellent example of the high effort/low yield relationship that can sometimes occur in secure deletion is the Gutmann Method. The Gutmann Method was deisgned by Peter Gutmann and Colin Plumb in the 1990s, and is held up by many as a gold standard for disk wiping. It's also intensely time consuming and could easily take weeks to wipe a single modern drive of moderately high capacity. The image, above right, shows a screen capture of the 35-pass Gutmann Method taking fourteen days. Turns out the majority of that time would be a complete waste, as pointed out by Gutmann:
In the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data. In fact performing the full 35-pass overwrite is pointless for any drive since it targets a blend of scenarios involving all types of (normally-used) encoding technology, which covers everything back to 30+-year-old MFM methods
In other words, a user who wastes a week of clock cycles and electricity furiously scrubbing a disk would have been just as well served to perform a simple overnight scrub with a series of random binary code. Photo by joebeone.
There are several methods for securely deleting files from your disks. Institutions like the Department of Defense, universities, and law enforcement agencies have created standards for what they would consider adequate scrambling of sensitive disk data. We've recommended some tools over the years that cut the same profile, or close to, their methods. Below is a list of tools, arranged by severity and operating system:
Total Disk Wipe - All Platforms
- Darik's Boot and Nuke - an open-source boot disk utility (read: works on nearly any computer) that supports a wide variety of disk wiping methods and operates from inside the computer's RAM, allowing it to scrub the disk thoroughly at a remove.
Selective File Wipe - Windows
- Wipe File - Portable application that overwrites the specific disk space occupied by the file you'd like erased and leaves the rest of the disk untouched.
- DeleteOnClick - Integrates with the Windows shell, adding a "Securely Delete" option to the right click menu which engages a Department of Defense 5220.22-M overwrite on the files.
- Eraser - In addition to securely deleting individual files, Eraser can be scheduled to perform regular overwrites of empty disc space ensuring you catch those orphan files hanging outside the reach of Windows.
Selective File Wipe - Mac OS X
- Permanent Eraser - Although Mac users have had the "secure empty trash" option, based on a multiple pass DoD method, since OS 10.3, Permanent Eraser offers peace of mind for those needing more assurance.
Selective File Wipe - Linux (Ubuntu)
- Wipe Package from Ubuntu Unleashed - Adds secure multi-pass file deletion to your right click menu, like the aforementioned DeleteOnClick does in Windows.
Symphony of destruction: The physical method
While using the above utilities will render your data unreadable to an almost guaranteed level of certainty—especially if you're pretty sure there's no black helicopters nearby—there is no surer way to dispose of your data than physical destruction. When a disk has run out its life cycle, it's time to bring out the tools.
While it's easy to throw a CD or DVD into shredder and be done with it, outside of commercial disk-disposal centers, there aren't many hard drive shredders. This is where—safety glasses donned—the fun begins.
There are a multitude of ways to physically damage a hard drive for data securing, ranging from careful dissection to shotgun jamboree. The ultimate goal is to render the disk inoperable and the platters—at minimum—severely fragmented. Serious forensic efforts can throw a lot of resources toward piecing your drive together, but in most situations, you'll be covered with a concentrated destruction effort. At this point in the data-protection game, the only limit to how inoperable your disk will become is the amount of time you want to invest in destroying it. A power drill sent through the platter takes but a few minutes, a 10-minute session with a hammer and some scissors can work wonders, and every effort you take above and beyond adds a bit more security. Photos by scragz.
You can never be too vigilant with your data. The amount of effort it takes to securely wipe a disk or decommission an old disc by physically destroying it pales in comparison to the time and headaches you'll burn through undoing the damage of identity theft—or worse. If you have a technique or handy piece of software not mentioned here, please share in the comments below to help your fellow readers keep their data secure.
Jason Fitzpatrick is the Weekend Editor for Lifehacker and all around paranoid about data security. On his watch, many a hard drive has been retired with a rifle crack.