I’m not a big fan of the flea market, but last weekend you would have found me scouring tables looking for a used computer or external hard drive. After about twenty minutes of walking from aisle to aisle I saw a Maxtor external drive mixed in with a lot of other household knickknacks. Before spending my $7.00 I asked the vendor if it worked and she assured me she had personally formatted the drive.
A few days prior I had been asked to speak to a group of IT professionals about the importance of data destruction. My thought was to use the external drive as an example of an improperly wiped storage device. I took my newly acquired hard drive and an old USB thumb drive for my two examples.
As I was setting up my equipment I started telling the story of the examples I brought and how I acquired the equipment. I figured, this being a convention of my peers, they would appreciate the simplicity of the equipment at my disposal. My goal was to demonstrate how easy it is to resurrect deleted data.
Using a free and low-technology piece of software I initiated the retrieval process on the flea market find. Within minutes my laptop populated with the original user’s pictures. Minutes later the free utility scavenged documents and PDF files loaded with personally identifying information.
In order to illustrate the need for proper data destruction I fired up a piece of more sophisticated software which allowed me to recreate the original file structure. Sorting the files by date showed the hard drive had not been used since 2002 and had been sitting idle for eleven years.
During a break an older gentleman approached me and explained his company had allowed employees to use exchanged hard drives to maintain their personal equipment. I was aghast knowing he worked for a local bank I had used in the past. After the break I explained how data is stored and needs to be properly destroyed.
The woman who sold me the drive formatted it using a Windows utility which merely wipes the drive’s header information. In other words, it deletes the file structure leaving the files behind. If she were to wipe the drive for her personal use it wouldn’t matter because the process creates free space that can be overwritten. However, rather than sell the drive to a stranger, she should have physically destroyed the drive.
Deleting a file or performing a format leaves lots of data in what forensics experts call the slack space. Slack, for all intents, is the space Windows reports as free space. Scanning that space using a specialized utility will reveal bits and pieces of straggling files. These files may not have names associated with them; but, most of the file remnants can be viewed as the original.
Properly destroying data is essential when retiring a storage device or swapping a hard drive. It’s essential to understand that all devices including phones, tablets and computers may retain data. My banking friend should be sending the drives to be shredded. In lieu of shredding, punching or drilling a hole through the platters is more than adequate. If drives are to be repurposed it’s a good idea to use a Department of Defense format which randomly overwrites data several times.
I talk a lot about data redundancy and proper methods of insuring data is intact. Rarely do I write about data destruction. It’s imperative that storage devices be destroyed if they leave your hands. I’m sure had I told the woman I planned to get her data back, she would have passed on the $7.00.
(Jeromy Patriquin is the President of Laptop & Computer Repair, Inc. located at 509 Main St. in Gardner. You can text him directly at (978) 413-2840 or visit www.LocalComputerWiz.com.)