On destroying data

The Known Plaintext blog has a pretty interesting high-level article called Ten Commandments of Data Destruction, which gives some advice on how to handle destruction of data on hard drives or USB thumb drives (e.g. if you want to sell them on eBay)...

While most of the stuff is good advice, there's one thing in there which is certainly not a good idea: "format your hard drive before giving it to the recycler"! That will usually not help at all! Don't ever think that formatting will really erase your data! Using simple, and widely-available tools everybody could restore data from such a formatted drive, even without requiring any costly equipment.

If you absolutely must sell or give away an old hard drive (physical destruction is always better!), wipe it with a Gutmann-style tool, such as wipe(1), or shred(1). Oh, and apply the tools to the raw partitions (e.g. /dev/hda) after booting from a live CD. Wiping single files on a mounted file system might not yield the expected results on some (journalled) file systems, because they are caching stuff etc...

The follow-up article presents some further ideas, e.g. an acid bath for your hard drive. It also mentions that simply breaking the read/write head or the motor of the disk might not suffice, forensics labs could replace those parts successfully...

David Bianco makes a very good point about data on company laptops (especially so if you consider the alarmingly high rate of "laptop theft, xxx million data records lost"-type news stories): "don't put the freakin' data on the laptop in the first place!".

(via Jesse Kornblum)


Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

Well, quote it in context, please.

The point of formatting a drive is not to destroy information. The point of formatting a drive is just to raise the threshold of effort required by a fractional amount. Most data compromise, believe it or not, isn't done by data thieves--it's done by people who accidentally and through no fault of their own blunder into stuff that's none of their business. When you compare the number of professional data thieves against the number of nosy but nontechnical snoops in the world, the latter is clearly the threat to worry about first.

Encryption is, believe it or not, not a defense against these people. If Joe Sixpack finds a hard drive filled with cryptographic tools and a bunch of files he can't read, he's more likely than not going to think you're a child pornographer in cahoots with Al-Qaeda and will turn the drive over to the FBI. Given the current political climate, I'd like to keep the government very far away from my personal business.

Formatting a hard drive to remove the obvious presence of data makes perfectly good sense, as part of a larger security scheme. I did not endorse just simply formatting the drive, and I thought my text made that clear with its reference to making use of your OS's support for encrypted filesystems.


Well, yes, I agree mostly. However, I'd rather Gutmann-wipe the whole drive first and then do a simple formatting to create an empty file system... Or something along those lines...

Quote: I did not endorse just simply formatting the drive, and I thought my text made that clear with its reference to making use of your OS's support for encrypted filesystems.

Yes, that's what I was assuming. However, the exact wording you used (the one I quoted), might very easily be misunderstood (IHMO) as "formatting the drive will safely remove the data" by non-technical people. That's why I wanted to clarify it.

I fully agree with all the rest you wrote :)