Computer owners are still disposing of storage and mobile devices full of recoverable data, according to a recent trawl of mobile devices, hard disk drives and solid state drives bought second hand from Amazon, eBay and Gazelle.com by deletion and recovery specialists Blancco Technology and Kroll OnTrack.
Altogether, out of the 122 products acquired for the analysis in the UK, US and Germany, half of the storage devices and a third of mobiles contained residual data, including 2,153 emails and 10,838 text/SMS messages on the latter. Interestingly, of the storage drives found to hold data, for three quarters of them an ineffectual attempt had been made to delete data, with 61 percent being quick formatted, 14 percent reformatted, 11 simple file delete, 11 percent a random but incomplete overwrite and 3 percent by reinstalling software.
Clearly, then, the problem wasn’t that owners weren’t aware of the need to wipe storage before disposal and sale, more that they lacked the know-how or tools to do this. This is understandable. Wiping storage turns out to be more complex than it first appears and the tools chosen depend on what is being wiped and to what degree of certainty.
The process of permanently removing every trace of data from storage is termed ‘sanitisation’ and for business use is served by a small elite of expensive tools that will do the job to meet compliance and auditing standards. But what if the home or small business user wants something more occasional? Head on to the Internet and the user will encounter two dozen or more mostly freeware tools with varying capabilities and development histories.
Before using one of these it is important to understand some of the issues surrounding the task of sanitising a disk for re-use, re-sale, or disposal.
Best disk wiping tools - forget default commands
The first rule is not to rely on file deletion, quick formatting or re-formatting through an operating system such as Windows – all of these methods either don’t delete the file on the drive (simply the reference to it in the file allocation table) or can be reversed later with the right tool. Low-level formatting can securely wipe data but the effectiveness could still depend on the operating system used to carry out the action so it’s best not rely on it.
Best disk wiping tools - the tool depends on the task
Disk wiping is a non-destructive way of permanently removing data very different from data destruction, either physical or using a degaussing system that does the same job at the expense of destroying the drive itself.
There are a surprising number of high-quality tools (see end for selected suggestions), most offered as freeware or as limited versions of paid products.
Simple file or directory shredding can be done from within the OS as can the wiping of a partition. However, deleting an entire drive running an OS requires using a tool that can create boot media to do that from outside the environment, either on media or a USB stick.
Thinking laterally, it is also possible to fully encrypt data on a drive before deleting the key. The three issues with this – first deleted data on the surface of the drive won’t be encrypted unless full-disk encryption is being used and there is always the very remote chance that the encryption scheme will be cracked in the future. Third, it will potentially take a lot longer to use encryption than satisfactory data wiping.
Next - sanitisation standards