Data security

Finding Data on Improperly Wiped Hard Drives

Wipe-your-own-hard-driveA hard disk drive stores data on metal discs that have been coated with a magnetic material. This material can hold a magnetic charge, which the HDD’s actuator arm can read as a zero or one. An HDD retains data even when it’s powered off, allowing it to store data permanently. It’s possible to recover data from an HDD after the user has deleted it, which can result in severe consequences for the user. The actions needed to prevent the recovery of deleted data depend primarily on the resources and motivation of the person attempting to retrieve the data.

Overview

A user typically deletes a file by simply marking that file for deletion rather than actually removing the data from the HDD. Methods such as highlighting the file and pressing the Delete key just remove the pointers to that file, which allows the operating system to reuse the disc sectors that currently contain the file. This characteristic of HDDs allows disk recovery software to easily retrieve the data if those disk sectors haven’t been overwritten yet.

The methods of properly wiping data from an HDD consist of three general techniques, including overwriting, degaussing and physical destruction. Overwriting involves writing meaningless data onto all areas of the HDD, which requires specialized software. Many applications that perform data-wiping functions overwrite the HDD multiple times to further increase the difficulty of recovering the original data. Degaussing involves exposing the HDD to a strong magnetic field that permanently changes the magnetic charge on the discs of the HDD, permanently corrupting all of its data. The physical destruction of an HDD typically involves crushing or melting. Governments and businesses often have standards that specify the methods they will use to wipe a HDD.

Consequences

The recovery of data from hard drives by unauthorized personnel can result in the loss of money and privacy. The most valuable pieces of personal information include credit card numbers, social security numbers and bank account numbers. This information can allow a data thief to pose as their victims and steal their money. The increased use of HDDs to store personal information and the short lifespan of these devices means that discarded hard drives are a common source of information for data thieves. It’s therefore essential to wipe a hard drive before disposing of it.

Many events in recent history illustrate the possible consequences of data theft. CNET News reported that computer systems at CardSystems Solutions were breached in 2005, resulting in the exposure of 40 million accounts. Memphis Commercial Appeal announced the loss of a laptop in 2008 that contained the Social Security numbers and dates of birth for 321,000 people. Another breach in 2008 resulted in the exposure of 4.2 million credit cards from Hannaford, according to MSNBC. Computer World reported that a hard drive stolen from Compass Bank contained the records of 1,000,000 customers.

Identity Theft

It’s relatively easy to recover overwritten data from floppy discs but this isn’t the case with modern HDDs, according to the University of Auckland. Overwriting a hard drive one time is generally sufficient to protect personal data from data thieves. They will typically look for HDDs with intact data rather than attempting to recover the overwritten data. The National Institute of Standards and Technology reports that wiping data and clearing data is generally the same action on HDDs with a capacity greater than 15 Gb. This means that it’s generally impractical for an individual to attempt the recovery of overwritten data on an HDD that was manufactured after 2000.

National Security

The need to wipe data from an HDD is much greater when the data involves national security rather than personal information. Governments are willing and able to devote considerable resources to recovering data on an HDD that has been overwritten. For example, Wired reported in 2011 that investigators from the U.S. Army were able to recover data from a hard drive even though it had been overwritten. This case involved the disclosure of classified information to the media by Pfc. Bradley Manning. Manning is currently being tried by a court martial for his offenses as of June 13, 2013 and is facing a life sentence.

The U.S. Department of Defense currently requires hard drives containing unclassified information to be overwritten at least three times before they may be discarded. The three overwrites must consist of a bit, its complement and some other bit. DOD hard drives containing classified information typically must be degaussed and destroyed before discarding them.

Do you have any questions? Please ask.