You’ve erased the data, but is it really gone? In this video, you’ll learn best practices for physical drive destruction, the use of destruction certificates, some formatting techniques, and how to securely erase individual files.
<< Previous: Securing Mobile DevicesNext: Securing a SOHO Network >>
When we upgrade to a new storage device, some of our data may still be contained on that old storage device. That’s why it’s important to know how to destroy or dispose of this data properly. If you’d like to make sure a storage device can never be used again, then you may want to physically destroy the device thereby making all of the data inaccessible. One way to do this is with an industrial shredder. You can put a hard drive into one of these devices, and it will completely destroy everything that’s on that hard drive.
If you don’t have a shredder, you can do this yourself with simply using a drill or a hammer. By drilling all the way through the platters of a drive, you’ll be assured that nobody can use that drive again. A degausser emits a very strong magnetic field that not only is going to remove all of the data on the platters of the drive, but it will also render the drive electronics unusable. And for the ultimate in physical destruction, you can incinerate the drive, rendering everything on the drive impossible to recover.
In very large organizations, you may have a need to physically destroy drives, but you don’t have the time or the people to be able to do this yourself. In those cases, you could bring in a third party, and this third party will be responsible for destroying all the drives that you have available. Once these drives are made available to the third party and they destroy them, they then provide you with a certificate that proves that these drives were destroyed. This gives you a paper trail so that you can always go back to know exactly when and where a particular drive was destroyed.
If you’d like to keep the drive usable but simply destroy all of the data that’s on the drive, you could perform a format. There’s an initial format that’s done when the drive is manufactured. This is called a low level format and is a format that you generally don’t do from the user side.
From the user’s perspective, you’re generally running one of two different kinds of formats. One of these is called a quick format. This sets up the file system. It installs a boot sector, and it clears out any file table that might be in the system. But it doesn’t physically remove any of the old data from the drive. If you have the right kind of undelete or unerase software, you would still be able to access the data that’s on that drive.
The type of format that would clear everything on the drive and make the data unrecoverable is called a regular format. This is not only going to set up the file system, but it’s also going to override every sector on the drive with zeros. This is something that’s done automatically during a regular format in Windows Vista and later. Once you perform a regular format, you can’t use any type of program to go back and recover that data.
Of course, you should always be mindful of where your data is. And if you’re relying on a third party to take care of this data destruction, you need to always audit and make sure the data was really destroyed. For example, in July 2013, in the UK National Health Service Surrey, they found that they were providing these hard drives to be destroyed by a third party, but they really weren’t destroying them. These drives contained patient records, and although the health service was provided a certificate saying that the drive was really destroyed, in fact, the drives were sold on eBay. Someone bought the drives, found the patient records, and contacted the authorities. And unfortunately, the health service was fined over 200,000 pounds.
If you’re concerned about this kind of sensitive data getting in the hands of someone else, you can perform secure deletes and secure erases of this data that will overwrite the information on the drive and give you a verification that the data’s no longer there. One way to do this in Windows is with a utility called “Sdelete” that you can get from Windows Sysinternals. There’s also an entire full drive erase and data removal program called “DBAN.” This is Derek’s Boot And Nuke. It’s a very common way to boot your system and completely overwrite everything that’s on that drive. And of course, if you really want to be sure all of this data is gone, follow some of those processes for physical drive destruction, and you could be assured that drive will never show up on eBay.