Comments on: Skeletons on your hard drive

It's a tough task to clean every scrap of information--including sensitive data--off discarded PC drives, experts say.

[BFeely]

Boot & Nuke

Ever heard of Darek's Boot And Nuke? It's a little program that you put on a floppy or CD-R and then boot off it. It can do very customizable wiping options. It can be found at dban.sf.net

[Sam Papelbon]

Best Idea

any sensitive information could easily be saved to a floppy... cd-rw... compact flash... dvd-rw... a separate hard drive that you aren't going to sell...

or better yet, stop saving your credit card numbers on your computer. it's not that hard to open your wallet is it?

which brings me to another point, why would someone spend the money and effort to get your credit card info from a hard drive, when they can just punch you and take your wallet?

Writing Zeros to the drive doesn't work??

Are you (or "they") trying to say that booting to the drive manufacturer's utility diskette and writing all zeros to the drive, will still leave information behind? How can this be, if the drive has been covered with zeros from start to finish?

Secondly, if this does completely erase the drive (as a Western Digital and Maxtor techs have both told me), then why isn't it mentioned in this article? Am I missing something?

If "writing zeros" works, then what's the need for all the programs & software & HDD destruction machines mentions?

I would like someone to show me how to recover any files from a drive that's been "zeroed".

Depends on your paranoia level

"Are you (or "they") trying to say that booting to the drive manufacturer's utility diskette and writing all zeros to the drive, will still leave information behind? How can this be, if the drive has been covered with zeros from start to finish?"

If you do this only once, faint magnetic traces of the original data may still exist, and boys with some expensive toys might be able to recover the data. Still, the risk does seem low; it seems like any full wipe of the drive will keep 99% of the bad guys from getting at the information.

Randomly writing 0s and 1s is a better idea, however.

But, if you're not working for the NSA or something like that, I doubt that multiple wipes or DOD standards are necessary. Just don't rely simply on standard formatting or file deletion and you make it beyond the abilities of most criminals, or at least you make it more trouble than it's worth, which is what most security really does anyway.

[wiles01]

This is exactly how the suspected serial killer "BTK" was caught...

He used a formatted 3.5" floppy disk from his church and put some information on it about one of the murders. Turns out that some of the information that had not been erased when he formatted the drive gave police the ability to find out where the disk came from. There were records from the church stored on that disk. That is the only way they were able to track him down.

[mpmacal]

Fear Factor

The facts in the article are technically true but practically false.
1. To do the type of recovery they are talking about on a mechanically damaged drive requires expensive hardware. Not something the casual hacker has lying around.
2. Most wiping software will leave traces on a single pass, but keep in mind, that unless you are keeping structured lists, such as databases, whatever fragments are found will not reassemble in a congnitive way. The statement that 3 or 4 passes is insufficient, is just not true for the average home user. OK... they got three characters of your first name and one of your last name - the "EXPERTS" will claim to have found data on your hard drive! True, but false, as the fragments are unusable.
3. The article discusses "consumers". And who is going to be rummaging through the garbage of the average consumer, searching for hard drives? Which church that you donated the old computer to, is going to spend hours and hours trying to recover fragments of data?

The average consumer is far more at risk from "phishing" schemes, spyware, and other forms of commonly occurring identity theft, than they will ever be from hard drive scavengers. Several stories have been reported in the past couple of weeks where MILLIONS of sensitive consumer records were stolen from sizable corporations.

Hard drive scavenging? It is like comparing the odds of breaking your pencil to the odds of getting run over by a chariot... relax.

So why all of the "Expert" testimony?
To scare the "average consumer" and make money.

Tell you what... you go to a service and pay $20 to $30 to have your drive cleaned up? I'll do it for $18. You'll have enough left over to buy yourself an ice cream.

[mixedsoup]

Some of this seems extreme for most users

Some of this seems extreme for most users. I know that in my home, computers that are ready to move on to the garbage or sold are all wiped with a software hard drive wiping application. For me this is StompSoft's DriveWasher (http://www.stompsoft.com/drivewasher.html) which allows customization of the overwrite process and provides cleaning that meets and exceeds DOD specs. I can't imagine needing more than that to protect my data. Though more info about degaussing would be interesting. Especially if the costs could be driven down to make such services economical for general consumers.