Home » Media Coverage

Destroy Your Data - Or Else!

Article: ITSecurity — January 17, 2007

Author: Tim Margeson
General Manager
CBL Data Recovery Technologies Inc.

Safeguarding critical data has become more top of mind for most organizations as digital information has become the lifeblood of most businesses and institutions. The ability to access data anytime, anyplace in real time, is essential. Paradoxically, there does come a time when you must destroy your data to keep it safe.

Computers and storage devices eventually outlive their usefulness. For a small business, it might be a single PC every once and a while, but for a large enterprise, it could be several hundred computers that are discarded when it’s time to migrate upwards or when the lease expires. IT staff will also find themselves replacing desk-side and enterprise servers as storage capacities and processing capabilities evolve. These systems could also simply be warehoused and placed in a storage room to gather dust. Old computers are also often donated to charity, or can be auctioned off or sold to the general public at large, potentially with sensitive data still residing on the hard drives.

Whether discarded individually or en masse, it’s entirely possible these computers and servers still hold business data, unbeknownst to their new owners. Much of that data could be software applications and trivial information, but frequently the information left on these machines is extremely sensitive. Unless stringent steps are taken by users or IT staff, these hard drives will contain data and other sensitive information, whether customer, financial, health or medical records, or even information related to national security or government policy.

Data on computers, despite apparent loss due to natural disaster, equipment failure, human error or security breaches, is rather resilient. Data often thought irrevocably lost can be and is frequently retrieved by data recovery specialists.

You may have thought the data was deleted by the user of the PC or the IT department, but if it was deleted without special software that data will still reside on the hard drive of the discarded computer – easy prey for hackers.

To be truly effective, data removal procedures must go beyond the simple deletion of a file from the computer user’s desktop.

What many users don’t realize is that when most computers delete a file, the contents of the file are not actually removed from the hard drive: the digital file, made up of bits and bytes is still there, but it’s no longer linked to the file system. In essence, the page is in the book, but not in the table of contents. The actual data remains on the disk until the operating system re-uses those sectors to write new data. Even if you format a drive, that data is usually not erased, but the table of contents is merely wiped clean.

To make sure a file is permanently erased, it’s imperative the area of the disk where that file was stored is completely re-written with new data. Until then, it can be recovered by programs that read directly from the disk instead of through the operating system such as forensic software, commercially available data retrieval software, or manual data recovery techniques.

There are a number of ways to ensure the destruction or inaccessibility of data on hard drives: degaussing, over-writing, encryption and physical media destruction are some of the methods that have been employed to safeguard against the disclosure of sensitive information.

The wiping of sensitive data from a computer’s hard drive or a removable storage device is the best way to guarantee data can’t be reconstructed through laboratory techniques. Wiping is essential when hardware containing sensitive data is moved from a secure facility to be re-used in a non-secure environment.

Data destruction software can be inexpensive, easy to use for the average computer user, and readily available from a number of vendors. Data destruction software will usually securely erase a single file or group of files from a working hard drive.

A more drastic approach to data erasure is degaussing. This method often leaves hard drives completely inoperable, thus it can prevent computers from being recycled for educational use, charitable donation or resale to the general public.

A less extreme means of data erasure is the removal of sensitive data from storage devices in a manner that guarantees it can’t be reconstructed using normal system capabilities. This is an acceptable approach when the computer is being re-used within the same organization or department. For example, if the computer is simply being cleaned up for a new staff member taking over from a departing staff member, it is remaining in the same controlled environment.

Another method, clearing, can be accomplished by over-writing the entire system storage space or all sectors on the disk. A single re-write pass of a drive is usually sufficient to make sure that previous information cannot be retrieved.

It is important to remember the simple deletion of a file by the operating system only removes the directory pointers to the file; the digital information still resides on the computer’s hard drive until it is overwritten. Even re-formatting or re-partitioning a hard drive is not enough to guarantee the files are completely gone, even if the end user can’t see them anymore.

In extreme cases where the destruction of data must be guaranteed and the chance of retrieval must be eliminated, physical destruction of the hardware is the best course of action. Media may generally be destroyed using a number of methods, including scraping by an abrasive substance directly on the magnetic disk or drum recording surface. Corrosive chemicals can have the same desired effect; however, the entire recording surface must be completely removed before disposal. Destruction of the drive (or the entire computer) can also be achieved by smelting, disintegration or incineration at a metal destruction facility. While making sure sensitive data does not fall into the wrong hands, it is equally important to make sure that data is no longer needed; if it is, make sure the data is safely backed up or archived elsewhere.

Destruction of data should be aligned with established, corporate departmental document-retention policy. If not, and you find yourself successful at cleansing your hard drive, you may also find yourself in need of a professional data recovery expert to undo your own handiwork.

Tim Margeson is General Manager of CBL Data Recovery Technologies Inc., a leading international provider of data recovery services to consumer, enterprise and public-sector clients who experience data loss disasters.