Disposing of Sensitive Data – CompTIA A+ 220-802: 2.4

| May 23, 2013

If you’re planning to throw away an old hard drive, you’ll want to be sure that your sensitive data doesn’t end up in the hands of someone else. In this video, you’ll learn about options that are available to protect your data when you dispose of storage devices.

<< Previous Video: Workstation Security Best PracticesNext: Securing a Wired and Wireless Network >>


We use our computers to keep financial information, confidential details, information of a personal nature. And if we’re getting rid of our computer, we’re selling it, we’re giving it away, we want to be sure that we are getting rid of all of that personal information. We need to find out the best way to dispose of all of these digital details.

In the early days of PCs, we would often buy our computer, our hard drive controller, and the hard drive itself from different manufacturers. And then we would install it all into our computer system. And then we would perform a low-level format.

Well, these days, the low-level format of the hard drive is done at the manufacturer. We don’t do any low-level formatting. In fact, we don’t have access to do a low-level format of these drives.

The type of format that we commonly do these days is a high-level format. When we’re installing Windows, it says, how would you like to partition this drive? And what would you like to format it with?

Would you like to format it with FAT? Would you like to format it with NTFS? What type of file system works for you? And then we perform the format. And that puts a boot sector on the drive.

And you even have the option to perform a Quick format. And the drive is formatted very, very, very quickly. You didn’t have to do very much because it’s a high-level format.

The high-level format moves so quickly because it’s not actually erasing anything. All it’s doing is marking that huge part of your drive as being available to be written again someday. You may not even overwrite certain parts of that drive until you finally start using it. So when you perform that format, it’s still available to be unformatted or recovered. And you can use third-party software to go into your computer and recover that information as long as you haven’t already overwritten it on the drive.

It’s so easy to gain information from these drives even after formatting them. In fact, in 2009, a university in the UK did a study where they bought some drives, 300 hard drives, from computer fairs. They bought them from eBay to see what type of information they could gather. And they found 34% of the drives had personal information, company confidential details, information you shouldn’t have access to. In fact, they found launch procedures for a military ground-to-air missile system on these drives that they were able to buy very, very easily.

If you want to really remove this information from the drive so that nobody could access it, you can use third-party utilities, like the one from Windows Sysinternals called SDelete, that will securely delete individual files on your drive. If you’re giving away the drive and the computer, and you just want to nuke everything that’s on the drive, there is an application for this, as well, called DBAN. That stands for Darik’s Boot and Nuke.

And this will overwrite all of the information on the drive. It doesn’t just mark it as available. It literally goes through every sector of the drive and writes information to it so that nothing can be recovered.

And if you really, really want to remove the information and make it so that nobody can access information on the drive, you can physically destroy the drive. That’s certainly a very secure way to do it. Here’s an example of a big piece of machinery that grinds up the drives and shreds them into tiny little pieces of metal. This is one that you can buy from China that you can throw anything in there, and it will grind it to a pulp.

You also have the option to do this very easily with a drill. You can get a hand drill or a drill press and simply drill through the drive itself, all the way through the outside, all the way through to the other side. Just make sure that you drill through where those platters are, and no one will be able to use this drive in the future.

And if you’re high-tech, and you just want to nuke everything on the drive, you can demagnetize the entire drive using a degaussing tool, like this one, that’s going to put a very powerful electromagnetic field right through the drive. And it will not only get rid of the data that’s on the platters, it more than often also gets rid of all of the information that was on the chips, which means the drive now is relatively useless.

So whether you want to simply remove the data that’s on the drive or render the drive completely unusable, you have a lot of different choices available.

Tags: , , , , , , , ,

Category: CompTIA A+ 220-802

Comments (1)

Trackback URL | Comments RSS Feed

  1. disqus_ZR64yuKZda says:

    I was unaware of sdelete and DBAN. Thank you!

X