As our computers get old, we tend to want to recycle them. Many give their computers to charities or schools. Many pass them on to friends and relatives whose computing requirements are not as demanding, and who can use the upgrade. Sometimes, we might even sell them to mom and pop computer shops that sell refurbished systems.
When doing so, people should and do often delete the data on their hard drives. They don't want to accidentally give away sensitive information like social security numbers, credit card numbers, and passwords for their bank accounts, after all. Businesses of course have to protect both their own data and that of their clients. Usually, however, people do not do a good enough job of deleting data from their hard drives before passing them on -- or even before disposing of them.
Security issues that get a lot of play in the press tend to involve threats that touch someone's network via the Internet and stolen laptops with sensitive data stored in unencrypted filesystems, but another source of danger for your data security is simply improper disposal. Whether giving them away, selling them, or simply tossing them in the trash, we should always be careful about how we dispose of our hard drives and other mass storage devices, including USB solid-state storage devices.
The most effective means of protecting your data when you dispose of a storage device would be to do something really drastic like melt down the platters in your hard drive. Using a drill press to put holes in the platters can be fairly effective as well. I once knew a man whose employer had the policy of wiping drives, extracting the platters, and having the techs go out on company picnic days to skip the platters across the surface of the duck pond next to the corporate headquarters, where they would sink to the bottom and quietly corrode -- not ideal, but less of a security risk than just giving the drive to your nephew or tossing it in a dumpster.
If we're leaving our drive platters intact, however, we need some way to ensure some reasonable security of our data. First, let's examine the structure of your filesystems.
- Your storage device has a table stored at the beginning of it that lists partitions that have been created there.
- For each partition, there is a table of contents that catalogs the locations of all files on the system.
Any time you delete a file from an extant filesystem, all you're doing is deleting the file's entry in the table of contents. The actual file stored on the disk is left untouched. When later writes to the hard drive are made, those files then might be overwritten by new files or by additions to old files, but unless and until that happens the data that makes up the file, itself, remains untouched. This means that someone with the right forensic software can often recover "deleted" files very easily.
Deleting the entire partition is no better. In fact, it may be worse. When you delete the partition, you not only leave the file data in place, but you also leave the table of contents that catalogs all the locations of files and file fragments in that filesystem. All that is deleted is the partition's entry in the partition table. At this point, you don't even need specialized forensic software to recover those files -- many basic filesystem management tools can actually reconstruct your partition quite easily. In fact, on one occasion when a filesystem was unintentionally "lost", I was able to recover it by using a FreeBSD installation CD: I installed FreeBSD in some free space on the hard drive, and it automatically recreated the partition table in the process of creating a boot menu to allow me to boot into whichever installed operating system I wanted to use.
There's still hope, however. There are tools out there that you can use to securely delete data from your hard drive, USB storage device, and even a floppy disk. One example is called
shred, and you can carry it around on a LiveCD operating system such as Knoppix. If you want to destroy all data on a hard drive, it's as easy as booting up your Knoppix CD and using the
# shred --verbose --zero /dev/hda
By default, the
shred utility will overwrite whatever you designate with random bytes 25 times. If you use it on a single file, you can then "delete" the file (removing it from the table of contents for that filesystem) and be reasonably sure it will never be recovered. The
--remove option can be used to automate file deletion after it has been shredded. The
--zero option tells it to overwrite the last random bytes iteration with zeros, to hide the fact the file or filesystem has been overwritten with random bytes.
- When shredding a full disk with a Knoppix CD, you should probably disconnect any drives you don't want shredded by accident. Mistakes *do* happen, and you don't want to end up deleting important data you intended to keep just because you fat-fingered the drive specification.
shredutility is not infallible. Each such tool has its own strengths and weaknesses, and you should read up on them before trusting them. You should also understand that in general shredding a specific file has no automatic effect on any backups that might exist, including Microsoft Windows restore points. The manpage for the
shredutility does a pretty good job of explaining its limitations -- some other tools are not as clear about their limitations, and may require more work to effectively sort out their capabilities.
shredutility is available along with the rest of the GNU core utilities for installation on most, if not all, Unix-like systems, and for installation in Unix emulation environments on some other OSes (such as Cygwin for MS Windows). Note that these tools may have different names than you expect. For instance, on FreeBSD, all tools in the coreutils port have the letter "g" tacked on, making
- All such tools, including
shredand all its contemporaries, have limits. You can pretty much bet that the NSA has the tools necessary to recover your data even after 25 random overwrites and a final overwrite with zeros, for instance. If you are that concerned about your privacy, get a furnace you can use for melting the drives down. I've heard rumors of a guy in Hawaii that guarantees secure disposal of storage devices in an active volcano for a "reasonable" price, if your tastes run that way.
When you are done with a hard drive, you don't always have to physically destroy it to protect your sensitive data -- but you do have to make sure you understand how to properly delete the data so that it cannot easily be recovered.