Before You Get Rid of that Hard Drive...
One of the greatest paradoxes to come out of the laws of physics is the notion that information -- like energy -- can never be truly created or destroyed. That idea predates the modern computer age, but anyone who's ever tried to completely erase data from a computer hard drive has experienced this theory in action (I'm practically begging to get e-mail flames from physicists and other scientists here, I'm sure).
I make the physics reference to illustrate a security issue that should concern anyone who owns a PC or laptop. Case in point: A friend of a friend recently needed someone to retrieve the data off of a hopelessly busted laptop computer that was destined for the electronic auction block. Since I was beginning to research a blog entry on securely deleting data from a hard drive, I said I'd be happy to help this person.
I had no idea what I was getting myself into.
Getting the data off of the laptop proved the easy part. Then it was time to format the computer's hard drive to wipe it clean of any data. A full format with a Microsoft Windows DOS-based floppy disk appeared to erase all of the data. But then I scanned the newly-formatted hard drive with Helix, a free forensics tool often used by law enforcement folks to recover incriminating data from computers seized from suspected criminals. Within 20 minutes, Helix had retrieved more than 30 percent of the data that was supposedly erased from the drive, including personal digital photos, records of which Web sites the laptop's owner had visited online, as well as Microsoft Word documents and other personal files.
Formatting a hard drive is akin to ripping out its table of contents. The files on the drive aren't really destroyed, it's just that the computer's operating system no longer has any meaningful directions on where to find a particular file on the drive. Using free data-recovery tools such as Helix, however, much of that data can easily be retrieved. So, if you're at all concerned that there is remotely sensitive information on an old computer you're planning to sell on eBay or donate to the local school district, it might be worth spending a little time securely erasing the hard drive using software that writes 1s and 0s over each bit of storage space on the drive.
With a little Web searching, I found a powerful and free tool called "Dban." If you're just trying to delete certain files or folders (but not the entire hard drive), skip ahead a few paragraphs because you definitely do not want to mess with this tool -- it will erase everything on your computer, at least well beyond the recovery skills of most of our readers here. Following the directions and the FAQ on Dban's site, I was able to burn the program to a CD-Rom. I put the disc in the laptop and rebooted it, which launched the program.
The Dban tool does a good job, but it writes over each sector of the hard disk seven times, so it can take quite a while to wipe a hard drive. I was cleaning a 20 gigabyte hard drive, and it took almost three hours for the program to do its job. According to the Dban FAQ, securely wiping a 120 gigabyte drive (a size that is common in many desktop computers sold these days) could take upwards of 18 hours -- depending on your computer's hardware.
I ran the Helix disc again on the laptop and it found virtually nothing on the drive -- at least not much that was readable or usable.
If you're in the market for a program that can securely delete specific files or folders on your PC (as opposed to wiping an entire drive), there are plenty of free options. One is WipeDisk. Another is Secure Delete. The one I prefer is Eraser.
Regardless of which tool you use, most will allow you to specify the number of "passes" -- or the number of times to overwrite the file(s). Some will default to 7 passes -- one standard used by the Department of Defense to wipe sensitive information from a computer -- while others, like Eraser, default to wiping the targeted area 35 times. Thirty-five passes is probably overkill, but hey, sometimes it pays to be paranoid when it comes to computer security.
Just how many passes you need to blot out the data on your hard drive is really up to you. For the average computer user who just wants to resell or donate an old PC, even running a single pass with a program like Dban is better than just formatting the drive or reinstalling the operating system.
And in case you were wondering, it is also possible to erase a hard drive using a giant magnet or an electrically-charged magnetic coil (a technique known as "degaussing"). For anyone adventurous enough to try this out, a word of warning: Degaussing will usually work, but a powerful magnet in the hands of a novice can completely ruin a computer hard drive (not to mention mess up a computer monitor), so I wouldn't recommend that method unless you know what you are doing and can afford to trash the drive anyway.
Finally, I want to reiterate that it's impossible to wipe all of the data off of a hard drive. Still, using one of several software tools available today, it is relatively easy to ensure that nobody will dedicate the time and resources needed to recover sensitive information from your hard drive.
Posted by: An Observer | June 6, 2005 3:35 PM | Report abuse
Posted by: Karl Lembke | June 6, 2005 3:58 PM | Report abuse
Posted by: Joe Sixpack | June 6, 2005 4:09 PM | Report abuse
Posted by: A Reader | June 6, 2005 5:09 PM | Report abuse
Posted by: Mallory Walker | June 7, 2005 8:20 AM | Report abuse
Posted by: Secure Housewife | June 7, 2005 9:10 AM | Report abuse
Posted by: Roger Nebel | June 7, 2005 9:23 AM | Report abuse
Posted by: Roger Nebel | June 7, 2005 9:29 AM | Report abuse
Posted by: hhhobbit | June 7, 2005 10:25 AM | Report abuse
Posted by: John | June 7, 2005 5:40 PM | Report abuse
Posted by: Zed | June 7, 2005 7:26 PM | Report abuse
Posted by: Ishan | June 7, 2005 7:32 PM | Report abuse
Posted by: CJ | June 7, 2005 11:43 PM | Report abuse
Posted by: dave white | June 8, 2005 11:28 AM | Report abuse
Posted by: Bob Gerard | June 8, 2005 2:14 PM | Report abuse
Posted by: Jeff Carver | June 8, 2005 2:36 PM | Report abuse
Posted by: Reader | June 10, 2005 12:14 PM | Report abuse
Posted by: wwb | June 10, 2005 8:07 PM | Report abuse
Posted by: HyperBlade | November 8, 2005 8:24 PM | Report abuse
Posted by: David Disk Destroyer | January 7, 2006 9:30 PM | Report abuse
Posted by: SC | March 7, 2006 9:21 PM | Report abuse
Posted by: Colin | June 28, 2006 7:06 PM | Report abuse
Posted by: Shaker | August 17, 2006 10:42 AM | Report abuse
Posted by: Josphe | August 23, 2006 7:24 PM | Report abuse
Posted by: Zibeon | September 5, 2006 12:08 AM | Report abuse
Posted by: jnf | September 5, 2006 2:45 AM | Report abuse
Posted by: Tim | September 16, 2006 1:45 AM | Report abuse
Posted by: Finger | September 30, 2006 3:52 AM | Report abuse
Posted by: Jeff | September 30, 2006 5:39 PM | Report abuse
The comments to this entry are closed.