Blog Home I Erased That Hard Drive. Didn't I? Part 5 of 8

Posted by CRU

I Erased That Hard Drive. Didn't I? Part 5 of 8

We recently purchased 20 used hard disk drives from eBay and used basic file recovery software to examine the drive contents. 

Data that people would consider extremely valuable – tax records, privileged attorney/client information, scans of completed federal forms, and more – often creates digital footprints we'd rather not leave behind.

This post is a part of a eight-part series from the white paper "Hard Drive Security Study". Can't wait to read the whole paper? You don't have to! Read it right here

WHAT WE FOUND ON THE USED HARD DRIVES WE BOUGHT 

HDSSfig5

SOME STATISTICS ABOUT WHAT WE FOUND THIS YEAR 20 used hard drives were purchased on eBay in September 2014.

• 3 of the 20 (15%) were initially considered dead on arrival, but with effort we were able to perform full ranges of recovery on each

• 7 of the 20 (35%) were wiped with a repeating pattern

• 2 of the 20 (10%) were encrypted, wiped with a random/non-repeating pattern, or part of a RAID set

• 2 of the 20 (10%) were not erased properly but no interesting data was found after recovery—for example we found default OS files, but do not count them as interesting

• 9 of the 20 (45%) had discernable, interesting data We define interesting data as: personally identifiable information, or valuable data, in the form of tax returns, legal client info, MP3 collections, software license keys, personal photos, videos, email, or web history that reveals information about the user. Of the nine that had interesting data:

• Five contained enough information to personally identify the primary user (it’s possible that with additional effort, the remaining 4 could have as well)

• Four contained pornography (either of the hard drive users themselves or collections/web cache)

• Four had commercial MP3 collections

• Seven were reformatted or repartitioned in a way that didn’t wipe most of the hard drive

• Two mounted and immediately allowed access to interesting files before recovery was attempted; in both cases even more interesting data was found after recovery was used

Read Hard Drive Security Study NOW

This post is an excerpt from the white paper "Hard Drive Security Study"