I Erased That Hard Drive. Didn't I? Part 4 of 8

We recently purchased 20 used hard disk drives from eBay and used basic file recovery software to examine the drive contents.

Data that people would consider extremely valuable – tax records, privileged attorney/client information, scans of completed federal forms, and more – often creates digital footprints we'd rather not leave behind.

This post is a part of a eight-part series from the white paper "Hard Drive Security Study". Can't wait to read the whole paper? You don't have to! Read it right here

THE FAMILY LAPTOP

Another interesting drive came from a laptop shared by members of a wealthy family, who clearly enjoyed cars and travel; this family would thus be an excellent target for an identity thief. This was one of two drives in the study to mount with data intact. At first glance it appeared that there was no attempt (not even a failure of an attempt) to erase personal data. The contents were completely unencrypted, and so it was easy to go into Windows users’ directories and look at how they used the computer. Within moments we could find a home address, maps to their house, and credit information. There were four Windows user accounts: One for each parent, and one for each of the two college-aged sons. The sons used the hard drive more than the parents, and in their directories we found many files. No attempt was made by the drive user or the drive seller to erase the following files:

• Homework (architecture and computer science) and resumes

• A single document titled “DADS CREDIT CARD INFORMATION.doc.” which contained a MasterCard number with CSV, and date of expiration.

• 1,243 commercial MP3s (5.46 GB)

• 3,484 JPGs—photos of their cars, house, family members, friends, vacations, etc (1.79 GB)

• At least one feature-length pirated movie and several TV shows (AVIs)

We looked into the “RECYCLER” directory for each account. Most were empty, but one had data—including scans of a user’s driver license along with personal self portraits that most people would have intended to stay private and would be justifiably mortified to learn that anyone else saw them. Next we ran a recovery application to look for “deleted” files—files no longer used by an application or were “deleted” by way of the Window’s Recycle Bin. We found many more files:

• Hundreds of additional college work papers, syllabi, and university information (including addresses to dorm rooms)

• 13,849 JPGs—social media image thumbnails, personal pictures taken at dorm parties (with accompanying videos), and trails of surfing the internet for pornography.

This post is an excerpt from the white paper "Hard Drive Security Study".