Network News

X My Profile
View More Activity

Before You Get Rid of that Hard Drive...

One of the greatest paradoxes to come out of the laws of physics is the notion that information -- like energy -- can never be truly created or destroyed. That idea predates the modern computer age, but anyone who's ever tried to completely erase data from a computer hard drive has experienced this theory in action (I'm practically begging to get e-mail flames from physicists and other scientists here, I'm sure).

I make the physics reference to illustrate a security issue that should concern anyone who owns a PC or laptop. Case in point: A friend of a friend recently needed someone to retrieve the data off of a hopelessly busted laptop computer that was destined for the electronic auction block. Since I was beginning to research a blog entry on securely deleting data from a hard drive, I said I'd be happy to help this person.

I had no idea what I was getting myself into.

Getting the data off of the laptop proved the easy part. Then it was time to format the computer's hard drive to wipe it clean of any data. A full format with a Microsoft Windows DOS-based floppy disk appeared to erase all of the data. But then I scanned the newly-formatted hard drive with Helix, a free forensics tool often used by law enforcement folks to recover incriminating data from computers seized from suspected criminals. Within 20 minutes, Helix had retrieved more than 30 percent of the data that was supposedly erased from the drive, including personal digital photos, records of which Web sites the laptop's owner had visited online, as well as Microsoft Word documents and other personal files.

Formatting a hard drive is akin to ripping out its table of contents. The files on the drive aren't really destroyed, it's just that the computer's operating system no longer has any meaningful directions on where to find a particular file on the drive. Using free data-recovery tools such as Helix, however, much of that data can easily be retrieved. So, if you're at all concerned that there is remotely sensitive information on an old computer you're planning to sell on eBay or donate to the local school district, it might be worth spending a little time securely erasing the hard drive using software that writes 1s and 0s over each bit of storage space on the drive.

With a little Web searching, I found a powerful and free tool called "Dban." If you're just trying to delete certain files or folders (but not the entire hard drive), skip ahead a few paragraphs because you definitely do not want to mess with this tool -- it will erase everything on your computer, at least well beyond the recovery skills of most of our readers here. Following the directions and the FAQ on Dban's site, I was able to burn the program to a CD-Rom. I put the disc in the laptop and rebooted it, which launched the program.

The Dban tool does a good job, but it writes over each sector of the hard disk seven times, so it can take quite a while to wipe a hard drive. I was cleaning a 20 gigabyte hard drive, and it took almost three hours for the program to do its job. According to the Dban FAQ, securely wiping a 120 gigabyte drive (a size that is common in many desktop computers sold these days) could take upwards of 18 hours -- depending on your computer's hardware.

I ran the Helix disc again on the laptop and it found virtually nothing on the drive -- at least not much that was readable or usable.

If you're in the market for a program that can securely delete specific files or folders on your PC (as opposed to wiping an entire drive), there are plenty of free options. One is WipeDisk. Another is Secure Delete. The one I prefer is Eraser.

Regardless of which tool you use, most will allow you to specify the number of "passes" -- or the number of times to overwrite the file(s). Some will default to 7 passes -- one standard used by the Department of Defense to wipe sensitive information from a computer -- while others, like Eraser, default to wiping the targeted area 35 times. Thirty-five passes is probably overkill, but hey, sometimes it pays to be paranoid when it comes to computer security.

Just how many passes you need to blot out the data on your hard drive is really up to you. For the average computer user who just wants to resell or donate an old PC, even running a single pass with a program like Dban is better than just formatting the drive or reinstalling the operating system.

Mac users looking to securely erase data on their drives can use free programs, like "Burn", or fancier (not free) software such as "Superscrubber" or "Drive-Genius."

One of the best (and free) tools available to Linux users is "Wipe". Linux secure-delete programs that allow users to try the software before buying include BC Wipe and Killdisk.

And in case you were wondering, it is also possible to erase a hard drive using a giant magnet or an electrically-charged magnetic coil (a technique known as "degaussing"). For anyone adventurous enough to try this out, a word of warning: Degaussing will usually work, but a powerful magnet in the hands of a novice can completely ruin a computer hard drive (not to mention mess up a computer monitor), so I wouldn't recommend that method unless you know what you are doing and can afford to trash the drive anyway.

Finally, I want to reiterate that it's impossible to wipe all of the data off of a hard drive. Still, using one of several software tools available today, it is relatively easy to ensure that nobody will dedicate the time and resources needed to recover sensitive information from your hard drive.

By Brian Krebs  |  June 6, 2005; 1:25 PM ET
Categories:  Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: New York City Most Bot-Infested In the Nation
Next: CitiGroup Data Loss & More State Disclosure Laws

Comments

Fire works too...

Posted by: An Observer | June 6, 2005 3:35 PM | Report abuse

I read once that the NSA standard for erasing old hard drives called for fairly stern hardware measures.

One of the steps involved sand-blasting the magnetic medium off of the surface.

Posted by: Karl Lembke | June 6, 2005 3:58 PM | Report abuse

Issac Newton, not Einstein. Newton's First Law of Thermodynamics (AKA the law of conservation of energy) states that energy can neither be created nor destroyed, but only converted from one form to another

Posted by: Joe Sixpack | June 6, 2005 4:09 PM | Report abuse

I read somewhere that a person had standardized on a certain powered rifle to shoot the hard disk and ensure that data is not retrieved later on.

I think that would be a cheap, quick and certain process to ensure data privacy.

Posted by: A Reader | June 6, 2005 5:09 PM | Report abuse

Very annoying that your column does not have a printer-friendly button for formatting the article.
Also I could not find this column when I searched The Washington Post web site for "erase hard drive". You had to have the exact ulr from your mention in the mornings paper.

Posted by: Mallory Walker | June 7, 2005 8:20 AM | Report abuse

My husband scoured our hard drive with his his belt sander before discarding it. Hooray for power tools.

Posted by: Secure Housewife | June 7, 2005 9:10 AM | Report abuse

Way back we used to melt the hard drive aluminum platters into a brick - it made for a very nice, if bulky, paperweight.

There are several issues with permanently deleting files off of a hard drive:

As you pointed out the file system delete function merely "un-links" the directory entry from the file contents which continue to exist on the drive as "unused" sectors until a new file is written over them. That's why investigators can find so-called deleted files quite easily.

Un-erase programs (such as PGP-Wipe) overwrite the sectors with alternating patterns of 1's and 0's to "premanently" erase the remains. This is generally acceptable if you want to protect the file contents from easily obtainable discovery with standard forensic tools (you left out Guidance Software's EnCase - the premier forensic tool - not free).

However, the underlying magnetic particles are not all entirely re-aligned even with a good un-erase product. Think of the magnetic media as having millions of compass needles for each bit - for a digital 1, for example, they are all lined up with the North Pole of the magnet pointing up and for a digital 0 with the North Pole pointing down. When you overwrite the bits not all of the needles follow - enough change so the sector can be successfully read but enough remain in the former position that with very sensitive instruments one can obtain the old file data. There is even some traces of the old data in the aluminum substrate itself. Hence the need to melt the media into a block. Or strongly encrypt in the first place.

Posted by: Roger Nebel | June 7, 2005 9:23 AM | Report abuse

BTW - degaussing is not entirely effective for the same reason as un-erase - not all of the particles will move from their former position even in the presence of a very strong magnetic field. degaussing can also permanently render the drive unusuable if it disturbs the clocking bits that are stored in the inter-sector regions and are not re-written with standard formatting programs. melting, or strong encryption are the only effective solutions for extremely sensitive data.

Posted by: Roger Nebel | June 7, 2005 9:29 AM | Report abuse

To your statement that you can't securely erase a hard drive I have only two words - Baby Shoes.

Yes, I know about the Linux tools, and I don't use them. Instead I repartition the drive into Linux ext2 file system. If the drive exceeds the maximum size an ext2 file system can have, then I make multiple partitions. I do NOT leave the pre-existing partition table in place! I then mount the partitions to mount points and fill every one of them up with files with all zeros in them. I let the machine set there and do that while I go do lunch or something else. I then come back, remove all of the files, unmount the partitions, and as a final step blow one megabyte of zeros onto the start of the drive itself with the dd utility. The boot sector and partition table are ALL GONE.

Some Physicist can come along and claim they can get data off of the drive until they are blue in the face. Poppycock. You aren't going to get it with most Forensic Analysis tools. Further, the process of trying to reconstruct it will be extremely laborious and unproductive. This is especially true if the drive never had a Linux ext2 or ext3 partition on it in the first place. If it was originally NTFS YOUR DATA IS GONE. How do I know? I have dd'd that first megabyte that I wrote zeros to back off the disk into the file. Guess what? All 1,048,576 bytes were.....drum roll please - ZERO.

I defy somebody to give me a drive that originally had NTFS on it to use my method and try to completely reconstruct one file - any file. I think the DoD model of writing and rewriting multiple passes to be absurd EXCEPT when you are erasing FILES, but leaving the file system intact.

Posted by: hhhobbit | June 7, 2005 10:25 AM | Report abuse

Concur w/complaint above about inability to print out this article. I could only get the first page to print and finally gave up after 1/2 an hour. Is this always the case w/your articles?

Posted by: John | June 7, 2005 5:40 PM | Report abuse

A few years ago I saw a story about this on CNN, and the expert they interviewed took a drill and put a couple of holes into the hard drive. That probably did the trick.

Posted by: Zed | June 7, 2005 7:26 PM | Report abuse

And so does "shredding" a little hard drive into little pieces, Observer...

Posted by: Ishan | June 7, 2005 7:32 PM | Report abuse

I like the idea of melting it. Is there a recipie like for how hot the oven should be and for how long?

Posted by: CJ | June 7, 2005 11:43 PM | Report abuse

How to erase a hard drive? Take one hard drive and place it on a brick in the garage. Take one oxy acetylene torch and one cigarette lighter. Light and make nice blue oxidating flame. Aim at hard drive till you observe small pool of metal and smell a funny smell. Job done. With software tools you're just playing. I never had anything on the hard drive worth erasing like this, but it's more fun this way.....

Posted by: dave white | June 8, 2005 11:28 AM | Report abuse

I posted a link to this article to an Macintosh List and here was one very harsh response:

As far as Mac OS X is concerned, the author (Brian Krebs) is clueless,
out to lunch, and gone fishing. He recommends a pre-Mac OS X utility.
He has no inkling that Disk Utility can be used to erase safely a disk,
nor any notion about secure erase in Tiger or secure empty trash in
Panther, or such software as Permanent Eraser for Jaguar (and I'm sure
it's not the only utility of this kind out there).

Posted by: Bob Gerard | June 8, 2005 2:14 PM | Report abuse

These comments leave me wondering -- do you have to have a spinnable drive to recover data? If you drill holes through the platter, can someone still read the bits, given the right equipment?

Posted by: Jeff Carver | June 8, 2005 2:36 PM | Report abuse

Regarding no "printer friendly" button: Just select, copy, and paste the text into your wordprocessor. It won't be beautiful, but you'll have all the text and can easily print it.

Posted by: Reader | June 10, 2005 12:14 PM | Report abuse

There is another tool called autoclave, CLAVE for short that does a good job of clearing data from a hard drive.

Posted by: wwb | June 10, 2005 8:07 PM | Report abuse

If you want the magnet trick to be effective you must move it over the HDD many time and for quite a good time because just putting a magnet on the hard disk will only modify the magnetic field and the HDD can be access by recalibrating the reading head.

Posted by: HyperBlade | November 8, 2005 8:24 PM | Report abuse

Also embedded in Norton's Ghost product is a feature called G-Disk. It does a whole bunch of things including everything F-Disk does and it even has a nifty disk wipe utility. You can do the standard 1 or 7 passes. You can even set it to do a custom number of DOD passes. Unfortunately, it's not any faster than the DBAN tool. You guys can e-mail me if you have any questions about it or if you need to borrow my copy. It runs on a 3.5" floppy disk.

Posted by: David Disk Destroyer | January 7, 2006 9:30 PM | Report abuse

Yeah but if you format the drive yourself repeatedly and run scandisk a couple of times in between and then say fill up all the space on the hardrive with random, useless information. Then format the drive again before installing the O/S... I think that would work pretty good and there would be no traces of anything important on the drive don't you think, or am I mistaken?

Maybe I'm just paranoid I'd rather be in control of the process and do it myself. East Tec eraser is good but it takes a really long time. Me formatting everything myself would take a few hours, yes, but I might feel better about it. Some of these programs take too much control over your operating system that I find intrusive.

Thanks for your information though I find it very useful.

Posted by: SC | March 7, 2006 9:21 PM | Report abuse

If you are trying to protect personal information, do not put it on your computer.
The only totally successful way to erase personal or incriminating data is to physically destroy the drive.
Your PC remembers everything you do, everywhere you go and your passwords are likely to be weak leaving you open to hackers. Do not be fooled by advertising gimmicks stating 'Total Protection', it doesn't exist in the IT world.
Most people who want to erase their hard drive don't want their wife to see their collection of pornography, or worse, and for the most part it has nothing to do with protecting personal information, that's why these companies are getting rich from millions of men worldwide.

Posted by: Colin | June 28, 2006 7:06 PM | Report abuse

I use a hammer...a big heavy one!

Posted by: Shaker | August 17, 2006 10:42 AM | Report abuse

I have used several "hands on" methods to destroy my hard drives as well. From sledge hammers to magnets and a few things in between. Though, I have to admit there are times that you may wish for everything to be intact. i.e. when you plan on selling the computer. In this case I take a two step process. First I encrypt everything that I can get my hands on. Then I make use of a good hard drive cleaning program. For me this is StompSoft's DriveWasher since it offers Department of Defense levels of disk sanitation. After that I feel very confident about the security of information that the drive may have held.

Posted by: Josphe | August 23, 2006 7:24 PM | Report abuse

Does anyone know what intensity a Degaussing Coil has to be to wipe a hard drive in its case from say 3-feet?

Posted by: Zibeon | September 5, 2006 12:08 AM | Report abuse

Dban is by far the best tool to use for wiping disks, be careful what you use for tools because many advertise that they wipe when they miss significant portions of the disk, as for Dban be sure to get the latest version as earlier versions had an issue with odd sector sized disks (linux issue not dban problem).

Finally, if you're really paranoid you can do what US Government does when it wants to destroy a disk, shred it so that no part left is larger then 1/100th of an inch.

Things like drilling a hole in it won't work as expected and if you're important enough your data will be recovered. The organization I work for I know can recover up to 5 passes, but stuff like that isn't used in 99.9999% of cases.

Posted by: jnf | September 5, 2006 2:45 AM | Report abuse

Best way to secure a computer hard drive is to not use a hard drive.

Instead load xp onto onto a little I-Ram card made by gigabyte.
Each card holds up to 6 gig of ddr.
The device uses DDR to store your data,beware !!
Don't disconnect the battery on the card and shut off your computer,all data will be gone in about 1 second or as long as it takes for the DDR voltage to reach 0 volts.

If your not into spending $$$$ for expensive exotic solid state drive cards then maybe a LIVE knoppix disk for 50 cents is for you.

You can load up a fully operational OS that requires NO HARD DRIVE at all.

Simply go to your browser and look for such operating systems such as
Knoppix
Slax
D@m small linux
Puppy linux

There are many many OS's out there that run live without a hard drive even being connected to a IDE cable inside the computer howeverr to save stuff you will need to buy a little USB thumbdrive.

Privacy can be acomplished without having to worry about mechanical hard drives and figuring out how to destroy them.

Posted by: Tim | September 16, 2006 1:45 AM | Report abuse

With regards to "jnf"'s posting above. That, for those of you who aren't aware, is how a linux fanboy goes trolling. What he writes has nothing much to do with the topic, and for someone looking for useful thoughts on securely erasing data, his post is just plain useless.

Thank you.

Posted by: Finger | September 30, 2006 3:52 AM | Report abuse

A soldering gun(the gun type with a trigger) makes an excellent degousting tool for bringing the color back in your TV or PC. I don't know about erasing a hard drive but it does create a magnetic field that is pretty strong.

Posted by: Jeff | September 30, 2006 5:39 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company