What if your old hard drive ends up in the wrong hands? Your tax
return, financial records, intimate photos, and more could be used
against you.
During the 2007 NBA Playoffs, an interesting
article appeared. It seems the San Antonio Spurs guard, Bruce Bowen,
and his wife had filed a lawsuit against a local computer firm when
their hard drive and data ended up on another person's computer. The
recipient of the hard drive contacted Mr. Bowen and informed him of the
breach of privacy. As a computer consultant myself, I see a huge
breach of computer privacy with this case and I could see Mr. Bowen
winning the lawsuit easily.
Now what can you do to avoid a
similar situation as Mr. Bowen's? First you have to decide if you want
to permanently erase the data or destroy the drive. If you decide to
permanently erase the data, you have several options. However let's go
over what you DON'T want to do.
What Not To Do
- Don't just delete your data and empty the recycle bin
- Don't just format the hard drive
- Don't just format and reinstall Windows or another operating system
Why don't you want to do the above? It seems this would be enough to make sure your data isn't compromised.
Let's
take a step back and understand how data is stored on a hard drive.
When information is written to a drive, the location of the information
is stored in a file that resembles a table of contents for a book, On
computers running DOS and Windows operating systems, the File
Allocation Table (FAT) or the Master File Table (MFT) holds this
information. When a file is deleted, the FAT or MFT table is updated to
tell the computer the space on the hard drive is available, however the
actual data is not deleted until it is overwritten with new data. This
is why you read about computer forensic teams, the FBI, and other law
enforcement being able to recover data to solve crimes or incriminate
individuals. Using software
undelete tools, you can restore files that were accidentally or otherwise deleted. In more severe case, services such as
Drive Savers are used to recover data that has been physically or electronically destroyed.
You
can use the procedures below to erase or destroy your data so the
average individual won't be able to recover anything from your computer
hard drive.
Using Wipe Utilities
In order to prevent
data from being recovered, you should use data wiping software to
completely erase the information. Disk wiping overwrites each
individual sector on a hard drive multiple times to erase the data from
the entire hard drive. How many times to overwrite the data is always
an interesting topic of discussion, recommendations will range from 1
pass, 3 pass, 7 pass, up to 30 or more passes. The exact number of
times to overwrite the data has changed throughout the years. My advice
is to just use the default setting for any of the programs below and
fully erase the data. I recommend the following free tools to sanitize
or wipe a hard drive of information:
If
you plan on giving your computer away, selling it, or otherwise
disposing of it, please destroy the data on it by using one of the
above wiping utilities. For all practical purposes, wiping the drive with
one of the utilities above will be sufficient in making sure your data
does not fall into the wrong hands.
Degaussing a Hard Drive
An
extra step is to degauss the hard drive. Degaussing is a process
whereby the magnetic media is erased using a reverse magnetic field to
scramble the electronic data and make it unreadable. Unfortunately
degaussing machines are rather expensive ($2000.00 or more) and are not
realistic purchases for the average consumer. However, you can send
your hard drive to a degaussing company like
Garner Products or
SEM
and for a few dollars can have your hard drive completely degaussed
and/or destroyed. If your data security is important enough, this is a
wise step. A hard drive that is degaussed is rendered useless.
Physically Destroying a Hard Drive
Physically
destroying a hard drive is by far the most effective method to ensure
the safety of their data. If you choose this method, please wear
protective glasses and other gear to keep yourself safe. It can be a dangerous activity that I don't recommend
to everyone. Also, as a precaution, wrap the hard drive in a towel so
the parts don't fly off and do more damage.
There is actually a Do-it-Yourself kit for physically destroying a hard drive called the
Diskstroyer, it comes with all the tools and things needed to magenetically and physically destroy the hard drive.
Whether
its smashing the hard drive with a sledgehammer, drilling holes into
the drive, tearing the drive apart and destroying the platters,
shredding the drive, or other methods your sensitive data will be safe.
For the most security, I recommend doing as many of the above
procedures (wiping the drive, degaussing it, and destroying it) as you
can. If a drive is wiped, degaussed, and destroyed the chances of
recovering the data is almost nil.
Conclusion
If a
computer store, consultant, or other qualified computer tech tells you
your hard drive is crashed and the data is unrecoverable, ask for them
to return the original drive to you. This way you can wipe it clean,
degauss it, or physically destroy it and dispose of the drive to your
satisfaction and avoid situations like Mr. Bowen's where your data
suddenly appears on someone else's computer screen.