Slashdot Mirror
Data Still Left on Storage Devices for Sale
cluedweasel writes "According to a BBC story many people are still putting up their old PC's and storage devices for sale without taking basic precautions to ensure that confidential data is erased. The suggestion at the end of the story is to get a professional forensics firm to wipe your data or just destroy the item in question. With the low price of storage devices, the latter is probably preferable."
Darik's Boot and Nuke. Cheap, efficient, portable. Worst thing that happened using it was cleaning a PC so old its CD-ROM drivers weren't in firmware, so I had to download a boot disk off the net to reinstall them.
"Made up/misattributed quote that makes me look smart. I am on
On the other hand, I always thought it was a good bonus for the custom when I sell a hard drive on eBay with my mp3 and pr0n collection still intact.
Then again... they probaby would see the reiserfs partition as "Unknown" in the Windows installer.
I once received about 30 10GB hard disks from the US Army that were tossed in a collection bin (and someone called me to say they were there) which were not wiped and had a fair bit of info on them. Not talking National Secrets, but info that could have been used to cause problems, none the less.
By far the worst, however, was a batch of 15 PIII computers I recovered from the INS. Not only had they not been wiped, but all programs and files were fuctional. Talking about Social Security numbers, Green Card information, and on and on. It was terrible.
Of course, I do the right thing and both wipe and low-level format these before donating on to charity - but it still amazes me what info is given away.
Both of these cases were 1 year+ after 9/11 too. People don't change.
DAMN YOU OCTODOG! DAMN YOU TO HELL!
professional forensics firm to erase your hard drives? really?
how do I market myself as this and sell that service to people? sounds like a great article to whip up some Fear frenzy that we geeks can make good money on.
"Yup, I can safely eradicate your data and wipe that drive, no it's not easy, but that is why it costs $100.00.
thank you, no we dont accept personal checks."
adding that to my spyware cleaning racket and I can quit my job as a web programmer/IS manager.
This rocks, any way to get CNN to stir it up as well to help the fear factor in the general public?
Do not look at laser with remaining good eye.
5) Ship via US Postal Service
The world's burning. Moped Jesus spotted on I50. Details at 11.
Now, get real: Want to know the BIGGEST, best-kept secret in data forensics? The most effective way to forever put your data beyond the reach of cops and courts is:
dd if=/dev/zero of=/dev/hda
/dev/urandom is a better source... With zero, analog analysis can be used to determine the drive's prior contents. Of course, if somebody is willing to do that to recover data, they already have your house bugged...
or just destroy the item in question
Nooo!!!
I worked as the technology re-use manager at a nonprofit organization whose mission was to get donated goodies, including computers (my responsibility), to small local charitable organizations. Our warehouse had pallet upon pallet of donated computers whose hard drives were removed as part of corporate donors' policies regarding data safety. Did we get those computers to community centers, adult education programs, inner city kids, etc? Heck no, we had to send them to the metal recycler for 2 cents per pound. Sure, per-storage unit hard drives are cheap but to get enough for a couple of hundred computers is a major expense. And yes, we applied to Maxtor, Seagate, IBM, HP and a couple of others to try to get them to donate hard drives but no dice.
The late-middle aged lady who wants to type and print the church newsletter has ABSOLUTELY no use for a computer without a hard drive and even less of an idea how to install one even if she did have budget to get one. Get a commercially available eraser program; there are plenty of titles and methods. Said church lady has NO IDEA how to extract prior data from a drive that was just plain formatted and a fresh Windows installation put on.
Strong magnets (as strong as you're likely to have at home anyways) will erase (ruin) floppy media just fine. And cassette tape media. And probably 8 tracks. I don't know what they'll do to QIC-150, 4 mm or 8 mm media. But they won't erase DLT media, and won't erase modern hard drives, probably not even if you put it right next to the platter itself.
(Now, opening the drive up and scraping the magnet over the drum, physically damaging it, that may be effective. But a non-magnetic wire brush would work as well.)
Personally, I erase my media with some variation of this --
and let that go until it's done. Repeat if you're extra paranoid. Sure, there may be some data left in sectors that have been re-allocated by the firmware. Sure, the NSA might be able to recontruct my data bit by bit with microscopes. But if I'm really worried about that, I'm not going to sell my disk -- I'm going to physically destroy it.As for warranty repair, that's a tough call. If the dd can't be done, the odds are good that the company can recover almost everything on the disk. You'll have to consider the pros (you get a new disk! free!) vs. the cons (they might be able to recover all of your data.)
You're either:
1) Talking about recovery from an old drive, pre-1997, OR;
2) You're full of shit. Yes, a liar.
So explain yourself, please, because I will apologize immediately if the case is (1) or you can prove me wrong. Cite me some evidence--press releases from the company you worked for, or a paper written by the research team you worked with. Anything, hell--even your blog is something.
I've spent my last four years working as an examiner at a computer forensics firm. I have exhaustively researched this topic several times, hoping against hope that something is out there. There is nothing.
I have encountered a number of documented cases where a party to ligitation claimed that incriminating or exculpatory evidence had been overwritten on a hard drive. In at least two of those cases, the defendants spent more than $500K funding people who said "Oh yeah, I can do that--I just need cash for a lab and a magnetic-force microscope." Nobody EVER recovered over-written data, in any of these cases.
So prove me wrong.
I tried using 2000+ passes using /dev/urandom, but somehow I ended up with a full installation of Windows 95.
Then a friend of mine told me something about monkeys hitting typewriters and Shakespeare's complete works...