Salon On Computer Forensics

splorf writes "Salon has a good new article on computer forensics, focusing on Lee Tydalska, a guy in Southern California who started collecting old computers and peripherals as a hobby, and now has a nice business doing data recovery from weird and obsolete media for investigators (or normal users who just need media conversion). "It hardly needs saying why this craft has grown in importance", the article says, "but if one word sums it up, it's 'Enron-itis'". Oh yes, the #1 outfit in the field is apparently a UK firm called Vogon International. You've got to love this stuff."

Re:I guess the question to ask is....

[bourne]

how do you as a person who is responible for dumping old equipment ensure that your company erases sensitive data so that it cannot be recovered by anyone.

I'll give you the 5-second summary:

• You can't erase it so that it can never be recovered.
• But you can make it expensive/impractical to recover.

Previous /. threads have gone on at length on the various creative ways people who care (gov't, military) destroy the hardware utterly. If you overwrite each bit on the disk several times, though, it'll require expensive hardware analysis to recover anything - which is beyond most criminals.

It's the same old issue - risk equals value times danger. The danger that someone will send your disk to hardware analysis isn't that great for most people, so wiping it a few times is probably good enough.

One good way to wipe - stick a bootable Linux CD in (I like Bootable Business Card myself) and 'dd if=/dev/random of=/dev/hda'. Lather, rinse, repeat - or better yet, put it in a bash 'for' or tcsh 'foreach' loop. It takes a while.

Want to verify you're wiping everything? Use /dev/zero instead of /dev/random for one pass, then do 'hexdump /dev/hda' which should run for a while and then report that it found nothing but 0's on the disk.