That computer your company is getting rid of might not be as clean as you think it is. In fact, it might still be holding critical financial, legal and personnel information — even as it goes out the door into someone else’s hands.
A recent study by two MIT graduate students found massive amounts of sensitive data on old corporate systems donated to charity or stock piled at salvage companies.
And 74 percent of the drives contained old data that could be recovered and read. Even 60 percent of users had reformatted the drives before getting rid of them, the systems still contained old data that could be recovered. Credit card information, patient data, financial records, love letters, pornography… you name it, it was found.
Reformatting, it turns out, does not properly sanitize a disk because the Windows ”format” command doesn’t overwrite every block.
”The format command just reads every block to make sure that they still work,” says Simson Garfinkel, a graduate student at MIT’s Laboratory for Computer Science, which conducted the study. ”To properly sanitize the hard drive, you need to overwrite every block.”
Here, we’ll look at the various tools that address this problem. They come in two broad categories — file wiping tools that wipe specific files or data, and drive scrubbers that completely remove all data from a hard drive.
At the corporate end of the market, products focus on scrubbing drives before the company gets rid of the machines or hands it over to a business partner. Lawyers, for example, might have to give a laptop over to a rival attorney. The last thing they want is for old files to be dug up, particularly anything related to the current case. So in this situation, the drive is completely scrubbed of all data, then the relevant files can be loaded onto the computer.
Many companies also have a policy mandating the scrubbing of machines before they go out the door. Some IT managers retire computers every three years, and recycling them has become a corporate mandate in some industries. Scrubbing tools, therefore, are now in greater demand than ever, in order to remove all vestiges of data before the computer is handed over to charitable organizations or otherwise disposed of.
One of the leading companies in the area of drive scrubbing is New Technologies Inc. (NTI) (http://www.forensics-intl.com). NTI does not serve the consumer or individual market, and caters only to the largest corporations, law enforcement and government agencies. Its Data Elimination Suite is used by many Fortune 500 companies, large government agencies and law enforcement agencies. NTI also has a version of its scrubber that leaves the operating system on the drive but removes all data files.
One enterprise alternative is Infraworks Sanitizer (http://www.infraworks.com/it_sanitizer.htm). This product has established a presence in the government market and has some big name corporate clients, such as Ford. Other scrubbers that appear to be geared to the corporate marketplace include PowerQuests DataGone (http://www.powerquest.com/datagone/) and Ontracks DataEraser (http://www.ontrack.com/dataeraser/).
The consumer side of the market is dominated by a long list of products dealing mainly with wiping individual files, though a few also address complete drive scrubbing. Consumers, after all, are most typically interested in removing specific files from a computer.
A thief, for example, was found guilt of robbery after getting away with the cash. His mistake? He typed up a note on a computer that he showed to the bank teller to order her to hand over the cash. Although he was smart enough not to save the file — he simply typed it up, printed it and then didn’t save it — a copy of the print file was recovered by investigators. He went to prison.
There are way too many wipers on the market to list them all, so here we’ll only mention a few.
East-Tec Eraser (http://www.east-tec.com/) appears to be more thorough than most, clearing swap files and other hidden files. It includes an ‘Erase beyond recovery’ feature.
Mares and Cos RMD (http://www.dmares.com/maresware/html/rm.htm), Jeticos BCWipe (www.jetico.com) and Briggs Softwares Directory Snoop (http://www.briggsoft.com) also appear to have merit.
”Out damn spot,” said Lady McBeth. But no matter how hard she scrubbed, the blood on her hands would never go away. Unfortunately, it can be the same for file wipers and disk scrubbers. As forensics techniques continue to improve, much data can still be recovered even from files that were deleted or overwritten.
A deletion, for example, goes to the recycle bin. But even if you ”erase” it there, the file can sit on the disk for some time before being overwritten by a new file. If you become more thorough and employ a file wiper, some traces of data may still remain even after it has been overwritten several times.
”It is effectively impossible to sanitize storage locations by simply overwriting them, no matter how many overwrite passes are made or what data patterns are written,” says security expert Peter Gutman of the Department of Computer Science at the University of Auckland.
For some enterprises multi-pass file wipers and disk scrubbers may not be enough. The best advice is to find a vendor already delivering file wiping/disk scrubbing servicing to reputable firms and have your needs assessed. In some cases, a good enterprise-class file wiper may be enough, or you may need a heavier duty disk scrubber. But in other cases, it may be advisable to destroy all disks prior to disposal to eliminate even the tiniest possibility of data getting into the wrong hands.