We recently purchased 20 used hard disk drives from eBay and used basic file recovery software to examine the drive contents.
Data that people would consider extremely valuable – tax records, privileged attorney/client information, scans of completed federal forms, and more – often creates digital footprints we'd rather not leave behind.
This post is a part of a eight-part series from the white paper "Hard Drive Security Study". Can't wait to read the whole paper? You don't have to! Read it right here
THE CORRECT WAY TO ERASE A HARD DRIVE
This has a very simple answer. With a dedicated software or hardware tool that is meant for the task, write over the entire hard drive. It doesn’t matter if you write over it with a “zero” in every bit (known as zeroing out the drive), a “one” in every bit, some other pattern, or completely random data. The hard drive has only one job: to store, for later retrieval, exactly what you last wrote to it. It’s our position that hardware, such as the CRU Drive eRazer Ultra is better suited for the task of performing bulk erasures. A stand-alone, hardware drive erasure product offers advantages:
• Operates without tying up a computer
• Erases as fast as the drive will allow (with no chance of interference from other apps)
• Proper handling of hidden areas of the drive—such as Host Protected Areas and Device Configuration Overlays (HPAs and DCOs)—a valuable feature not available on many software products
• Performs a quick verification that the erasure was successful
• No need to create and maintain external boot media.
Many organizations, especially governmental agencies, have their own policies that dictate their own methods of drive erasure and disposal that may go above and beyond the one-pass recommendation. We understand these policies extend beyond protecting from possible file recovery, but also protects from breaches in internal protocols as well. We also recognize that government agencies with potentially top secret data must take additional security steps—up to and including complete destruction of the hard drive.
SHOULD A USER WRITE OVER OR ERASE A DRIVE MULTIPLE TIMES?
Because some people are concerned that previous generations of data stored on a hard drive can be retrieved in a laboratory or other state-of-the art setting, they believe they must write over each bit on a drive multiple times. The reality is that hard drives are quite varied and complex in their designs and operation. For example, data writing patterns on drives are often striped between platters (which will change by manufacturer and model)—meaning the physical location of each bit is information itself, and bit sizes are physically small and shrink every year. An identity thief, even one with advanced skills, will not have the sophisticated technology or laboratory equipment that would be necessary to recover data that has been sequentially overwritten via available software or hardware products.
This post is an excerpt from the white paper "Hard Drive Security Study".