• Beach Tweets

  • Archives

  • RSS PEER 1 Blog

    • An error has occurred; the feed is probably down. Try again later.

Is Your Data Safe? Deleting Files Isn’t Enough

We all know how important security is (OK, the majority of us). When it comes time to purchase a new computer, what do most people do with the old? Sell it, throw it away, give it to our children or a family member to use, or just let it sit and collect dust. Many don’t think about the data stored on the hard drive of these computers. When selling it or giving it away, most just re-install the Operating System and send it on it’s way. Some of the more effective means of protecting your data would be to take the extra steps and melt down the platters or take a drill and punch holes through it. Now how many of us actually take the time or just have the time in general to do this, let alone think about it?

For those of us who leave the hard drives in tact, we must ensure some reasonable security of our data. How many of us are familiar with the filesystem? “Huh? Filesystem?” Your storage device has a table stored at the beginning of it that lists partitions that have been created there. For each partition, there is a table of contents that catalogs the locations of all files on the system.

Any time you delete a file from a filesystem, all you’re doing is deleting the file’s entry in the table of contents. The actual file stored on the disk. When future writes to the hard drive are made, those files may be overwritten by new files or by additions to old files, but unless and until that happens the data that makes up the file, itself, remains untouched. This means that someone with the right forensic software can often recover “deleted” files very easily.

So deleting the entire partition is better, right? Wrong. In fact, it could be worse. When you delete the partition, you not only leave the file data in place, but you also leave the table of contents that catalogs all the locations of files and file fragments in that filesystem. All that is deleted is the partition’s entry in the partition table.
For some good pointers on how to make sure your data is safe, take a peek at this article written by Chad Perrin.

4 Responses

  1. Having re-installed the operating system after reformatting will help somewhat, in that it’s likely to overwrite a fair amount of existing data. For reasonable security though, you’ll want to wipe the drive by repeatedly overwriting all of it with random data. There’s a multitude of utilities out there which can do this, including two on the "Ultimate boot CD" – boot from the disc, run the utility to overwrite the drive, and you *should* be safe.

    However, if the drive contained critical information, physically destroying it is the only way to be 100% certain. (Take off and nuke it from orbit, it’s the only way to be sure 😉 )

  2. I completely agree David. I was surprised recently hearing just how many people really don’t think about the security of their data. I do a lot of online business and when I’m ready to “scrap” an old computer, the data on my drive is the first thing that I think of.

    Thanks for the comment!

  3. Even if you overwrite the data many times, it’s still possible to retrieve the original data at different time periods with a sensitive enough magnetic head and some math.

  4. I have had to tell family about this very subject several times – and given them a bootable CD that wiped the drive.

    One of my colleagues specialises in security, and was relating the same point that “mindrape” has made in another comment – that if you are determined enough, it’s possible to get almost any data back – and of course, the reverse is true – if you are determined enough, you really can wipe the drive…

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: