Wednesday, April 1, 2009

Shredding files [3/4]: Please shred the hard drive

At this point, we don't shred files anymore and we shred the empty space when we have time and a motivation.

Now, the last important step is not to forget to destroy all of the data when the hard drive is disposed of. There is a lot of data that you must destroy, even if you destroyed your main "My documents": Internet downloaded files, drafts that you may have forgotten, saved passwords or connection parameters...

There are countless stories of companies being spied upon by use of their old hard drives. To get rid of this threat, you can use a hard drive shredder such as the one below.



OK. So, good practice is to establish a policy that forbids hard drives (including internal hard drives in the printers and xerox machines) going out before a shred. Don't donate, sell or dump an old hard drive before a shred.

4 comments:

  1. I do a "dd if=/dev/random of=/dev/hdd". It is good enough protection and I could not recover data with any of the commercial forensics products.

    ReplyDelete
  2. It's good enough for most tools, yes. However it is proved in lab that recovery is possible from a single random run. That's why the DoD has developed algorithms for this, such as U.S. DoD 5220.22-M. I discussed some of these questions with the team of the opensource tool Inferno, they know a lot about this.

    There is also a urban legend about NASA destroying its old hard drives with a Jackhammer, but I have never worked in a place where they give such importance to data leakage... so far! It might still come ^^

    ReplyDelete
  3. If you balance the cost of running/hiring a highly specialized lab and the potential gain from someone's personal drives, I would say that most of the people can do just fine with a random overwrite.

    On the other hand, if you are an important company, the situation is completely changed and you do need a certified tool.

    ReplyDelete

I can read French, English, German and Romanian, please feel free to write in whichever language you prefer.