Sunday, January 21, 2007

Best Methods Of Data Destruction On Computer Hard Disk Drives

We are constantly reminded of the importance of recycling. In the ICT industry, recycling of computer equipment can be useful for educational or charitable organisations. It can however be detrimental to the previous owner. Charitable establishments such as Computer Aid International will refurbish computers for reuse in various sectors including education, health and other non-profit organisations for the benefit of developing countries. It would appear Computer Aid International ‘wipe’ each hard disk drive, which is good news as it hopefully provides some certainty that data cannot be retrieved.

However, it is doubtful that the ‘average’ user realises the risks involved by selling their old computer on websites such as eBay. They may delete all their files, re-install the operating system (OS) and possibly format their drive, yet the data will probably reside on the disk, typically in unallocated space. Data fragments may be present that could be used maliciously in the hands of a criminal; indeed data from any source i.e. any electronic device could be used maliciously. Discarding computer equipment without due care could lead to irreparable, financial, political and personal damage to the owner or organisation.

A recent study conducted by Glamorgan University (source: Time Online website) revealed more than 50% of the 111 hard drives purchased contained personal and confidential information. Over 87% of those drives were bought from eBay. This, I feel, raises an international concern. The fundamental concept of eBay and other online auctioneer sites is bringing sellers and individuals together to trade online, creating a world wide market place. Whilst this is beneficial for the legitimate user, we do however risk handing over our personal data to terrorists, corrupt organisations and paedophiles, not to mention the risk of being blackmailed or threatened.

Therefore, the question is – what is the best method of wiping data from our hard drives and protecting ourselves against these threats? With due consideration to economic, data confidentiality and environmental factors I shall discuss the various options available to the public and private sectors.

What are the software options?

Generally, you could choose to either physically destroy the hardware or use either software or hardware to delete the data. There are many software products offering data destruction and typically software vendors ‘guarantee’ to destroy your data. Yet, is this enough? This approach relies on the user correctly installing the software and carrying out the correct procedure. In most instances a computer will only have one hard disk; yet to execute such a program (and to get the desired ‘100%’ destruction result) usually requires an operating system to be present. In other words, you need another hard drive to run the software so that data can be deleted off the unwanted drive. Alternatives may include bootable programs such as DBAN (Darik's Boot and Nuke) that claims to “delete the contents of any hard disk it detects”. Other software options include: AccessData – WipeDrive, Acronis - Drive Cleanser, CyberScrub - CyberCide and VCOM – SecureErase. These represent just a small handful of the applications available.

The software approach may incur costs; however some applications are probably free on the internet. The disadvantage I feel for a software based approach is the time consumption. Generally speaking ‘shredders’ will write data onto each of the drive’s sectors. The type of data depends on the application; however, this may include characters or numerals. The process, assuming numerals, is known as ‘binary flipping’. Basically a binary number, for example 11110000 is written to each sector then the ‘flip side’, or compliment as it is known, is written. In this instance this would be 00001111.

According to research, the United States Department of Defence considers this approach, with adequate executions and particular algorithms used, to be acceptable in destroying non critical data. However, they suggest executions up to 32 times to class a disk ‘sanitised’. We therefore must consider the complications and factors of such extremes. To sanitise a drive 32 times will take copious amounts of time, therefore wasting electricity, time and obviously human and computer resources. This process could take days if not weeks if there were hundreds of disks.

What are the hardware options?

The DiskMaster is an excellent example of how data can be destroyed using a hardware approach. It is fast, efficient and you can set a predefined pattern that should be written to the disk. The DiskMaster is able to wipe drives to Department of Defence standards.

However, again with this approach much time is required to wipe a drive. The concept of a hard disk drive has evolved since the 1950’s where data from 5MB (Mega Byte) could be stored. Now we are in an era where 750GB (Giga Bytes) can be stored on one single disk. This inevitably means to destroy a disk, using either software or hardware based approaches will increase in time, cost and subsequently your patience.

Are there any other options?

I believe that physical destruction is the quickest and simplest approach. By removing the top plate of a hard disk drive, you limit the chances of recovering the data due to dust and other contaminants affecting the drives platters (where your data is stored). Physically scoring lines or drilling holes into the platter will hopefully destroy the data beyond any reasonable doubt.

The concept of shredding paper to deter criminals using printed material such as bank statements or bills for identity theft and forgery has now been taken to the next level. Available now is an industrial tape and hard disk shredder. If you search within Google “GSA Industrial Tape and Hard Drive Destroyer 380/500” you will witness the future when it comes to data destruction.

This powerful machine, whilst not commercially viable for the home user, would suit any large company where data destruction was crucial to their intellectual electronic property. Using this machine would render data retrieval practically impossible. I cannot imagine a point in the future where we would be able to reconstruct the data from shredded material.

Obviously this method would mean a user couldn’t resell their hard drive. However as the cost of hard disk drives decrease year in year out, is the cost of another hard drive really an issue?

To summarise, the benefit using the software or hardware approach would be: reusability and the chance to recoup some money. The disadvantages would include the ‘risk’ involved by relying on software or hardware to completely destroy your data. Another disadvantage would be the time consumption and costs involved, including electricity and human resources.

The main advantage of using a hard disk shredder is that complete 100% destruction can be witnessed. The destruction can take as little as 30 seconds. The main disadvantage is that such machines are currently not widely available. As the disks cannot be reused it is not an environmentally friendly approach. The last disadvantage is that the costs involved outweigh those of a software approach.

My conclusion to this article would be if you are desperately worried about the data on magnetic media falling into the wrong hands, then look at the options to physically destroy that media.

0 comments:

Blog Archive

Categories