Privacy: Erase Your Hard Drive
by James Hicks - Tuesday, 27 November 2007.
You may not be aware of this, but merely erasing your data the regular way does not make it disappear for good. Some of it can still be retrieved with the use of recovery tools. This means that your personal information is not at risk only if your computer is stolen or broken into, but also if you simply sell it before getting a new one. If your hard drive was not wiped clean you've potentially given another person access to a variety of personal information.

To illustrate the magnitude of this threat, in 2003 Simson Garfinkel and Abhi Shelat published an article in "IEEE Security & Privacy Magazine" reporting on an experiment in which he purchased 158 used hard drives on the secondary market (most of them from different sellers on eBay) and checked to see whether they still contained readable data. To their astonishment, around one third of the drives appeared to have information that was highly confidential and should have definitely been erased prior to the drive's resale.

They acquired a total of 75 Gbytes of data, consisting of 71 Gbytes of uncompressed disk images and 3.7 Gbytes of compressed tar files. One of these drives was most likely used in an ATM machine in Illinois, and that no effort was made to remove any of the drive’s financial information. The log contained account numbers, dates of access, and account balances. In addition, the hard drive had all of the ATM machine software. Another drive contained 3,722 credit card numbers (some of them repeated) in a different type of log format.

In order to make sure that your data is erased properly I'd recommend using one of the programs listed below, each is for a different operating system: Windows, Linux or Mac OS X.

Eraser (Windows) - Free

Eraser is an advanced security tool for Windows, which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.

ShredIt X (Mac OS X) - Shareware

ShredIt is the file shredder / hard drive cleaner that offers all the features you need to clean a hard drive, wipe a file and more - as well as the ease of use and safety features you really want from data file shredder software.

dcfldd (Linux) - Free

dcfldd is an enhanced version of GNU dd with features useful for forensics and security. Based on the dd program found in the GNU Coreutils package, dcfldd has the following additional features:
  • Hashing on-the-fly - dcfldd can hash the input data as it is being transferred, helping to ensure data integrity.
  • Status output - dcfldd can update the user of its progress in terms of the amount of data transferred and how much longer operation will take.
  • Flexible disk wipes - dcfldd can be used to wipe disks quickly and with a known pattern if desired.
  • Image/wipe Verify - dcfldd can verify that a target drive is a bit-for-bit match of the specified input file or pattern.
  • Multiple outputs - dcfldd can output to multiple files or disks at the same time.
  • Split output - dcfldd can split output to multiple files with more configurability than the split command.
  • Piped output and logs - dcfldd can send all its log data and output to commands as well as files natively.

Spotlight

Operation Pawn Storm: Varied targets and attack vectors, next-level spear-phishing tactics

Posted on 23 October 2014.  |  Targets of the spear phishing emails included staff at the Ministry of Defense in France, in the Vatican Embassy in Iraq, military officials from a number of countries, and more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Fri, Oct 24th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //