Wiping your old hard drive clean

Ken Doyle

Advertisement
A recent study by Trust Digital concluded that the only safe ways to destroy data on old cell phones were to run over them with a truck or give them an acid bath. Such a study from a mobile device security company should be viewed with some skepticism; nonetheless, the very limited sample of 10 cell phones purchased on eBay showed that most of them contained recoverable data.

Our increasing dependence on electronic devices, together with their rapid upgrade cycles, has led to serious concerns about identity theft as older models are recycled or sold. The main targets for hackers are computer disks, cell phones and personal digital assistants (PDAs).


Computer Disks

The simple act of deleting a file from a PC does not actually remove it from the disk. Instead, the file is tagged for deletion by the operating system, and it may or may not eventually get overwritten. In other words, deleting sensitive files (even after you've emptied the trash or recycle bin) before selling your old PC is not a good way to prevent the information from falling into the wrong hands. Macintosh OS X computers do provide a method for securely emptying the trash, but the only way to guarantee that all information is removed from a disk is to "sanitize" the entire disk.

A simple but effective sanitization procedure overwrites the entire disk with a random string of binary digits (ones and zeroes). Theoretically, this process can be repeated any number of times -- Department of Defense standards recommend seven passes -- but most of us can get by with fewer, given that each pass may take considerable time with a large hard disk.

Mac OS X's Disk Utility program can perform from one to 48 sanitization passes and can be run directly from the installer CD. Windows PCs require third-party software, and many utilities can be found at software repositories such as Tucows (www.tucows.com) or CNET Downloads (www.download.com). A popular open-source program, DBAN (dban.sourceforge.net), is free and can be run from a floppy disk or a CD -- essential if you're sanitizing your primary hard disk.


Cell Phones and PDAs

Today's cell phones are far more than devices to make calls; they can store addresses, phone numbers, text messages, and other potentially sensitive data. Many cell phones use removable storage cards that can be destroyed before disposing of the phone. However, some data may not be easily accessible, so it's a good idea to completely reset the phone. An excellent resource is the Data Eraser (www.wirelessrecycling.com), which contains instructions for more than 300 cell phone models.

Similarly, PDAs and smartphones can be reset by following the manufacturer's instructions. Most also have expansion slots that accept flash memory cards; these cards can be removed and sanitized like computer disk drives by using a memory card reader.

While it's a good idea to secure sensitive information at any time (using techniques such as data encryption), it's even more critical to wipe the breadcrumb trail clean before disposing of equipment. If you absolutely have to destroy all information, there's always the acid bath method.


Ken Doyle is a principal consultant for Loquent LLC, a Madison-based company that offers technology training and consulting services.

Resources

Printable format

E-mail this story

Index of advertisers

Directory