Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Security Data Storage Hardware

Data Still Left on Storage Devices for Sale 403

cluedweasel writes "According to a BBC story many people are still putting up their old PC's and storage devices for sale without taking basic precautions to ensure that confidential data is erased. The suggestion at the end of the story is to get a professional forensics firm to wipe your data or just destroy the item in question. With the low price of storage devices, the latter is probably preferable."
This discussion has been archived. No new comments can be posted.

Data Still Left on Storage Devices for Sale

Comments Filter:
  • by slashnutt ( 807047 ) on Tuesday September 13, 2005 @03:22PM (#13550453) Journal
    I always hate having to send in my hard drive for warranty repair. Years ago, I watched a friend recover information from a newly arrived warranty repaired drive. If the drive is dead and has to be sent into for warranty service, make sure one of those super powerful magnets from another drives is put around all over the hard drive case. Don't, know if that will wipe anything but I don't expect the manufacturer to ensure my data is secure.

    That said I used eraser [sourceforge.net] every night.
    • by MoralHazard ( 447833 ) on Tuesday September 13, 2005 @03:31PM (#13550542)
      I seriously doubt that any magnet you can get your hands on would erase anything from a hard drive platter. Even bulk tape deguassers from five years ago won't do shit on a modern drive. It takes some seriously strong fields to erase a platter.

      However, sticking a decently strong household or lab magnet against the drive housing may tense parts of the delicate mechanism inside, causing the bearing to go south or the actuator arm to cease working. It's still probably possible to pull the platters and remount them in a new housing (if the platters weren't too damaged by whatever mechanical failure you induce), and there are a few outfits that can do it for ~$3000 per drive.

      Now, get real: Want to know the BIGGEST, best-kept secret in data forensics? The most effective way to forever put your data beyond the reach of cops and courts is:

          dd if=/dev/zero of=/dev/hda

      That's right, just a single-pass overwrite with zeros will do. Everything else you hear is either 8+ years out of date, or uninformed bullshit, or a scare story.
      • by pegr ( 46683 ) on Tuesday September 13, 2005 @03:44PM (#13550680) Homepage Journal
        Now, get real: Want to know the BIGGEST, best-kept secret in data forensics? The most effective way to forever put your data beyond the reach of cops and courts is:

                dd if=/dev/zero of=/dev/hda

         
        /dev/urandom is a better source... With zero, analog analysis can be used to determine the drive's prior contents. Of course, if somebody is willing to do that to recover data, they already have your house bugged...
      • by Fulcrum of Evil ( 560260 ) on Tuesday September 13, 2005 @03:44PM (#13550686)

        That's right, just a single-pass overwrite with zeros will do. Everything else you hear is either 8+ years out of date, or uninformed bullshit, or a scare story.

        May as well do a second pass with /dev/random, though it's not like the cops are going to send your drive in for forensic recovery unless you're a big fish.

        • May as well do a second pass with /dev/random, though it's not like the cops are going to send your drive in for forensic recovery unless you're a big fish.

          Exactly. If it's not undeleted, in the recycle bin or your internet history/cache, I find it highly unlikely that anyone will ever see it. CNET just recently ran an article [slashdot.org] that alternative browsers "impede" investigations, because detectives can't figure out where to find the files. LOL

          Granted, I'm sure the NSA, DoD, and CIA have much better me

          • by shotfeel ( 235240 ) on Tuesday September 13, 2005 @04:06PM (#13550937)
            There was an article about a year ago (can't find it now) saying essentially the same thing about Macs. Most places just have the tools to hack a Windows PC for files. First, the Mac won't run their tools, and then, even if they yank the drive and put it in another housing, its not formatted in a way their software can access.

            Now, as said above, if you were a really big fish, they have ways, but its not a typical forensics op.
      • People can still get your data after you zero your drive: they just won't because it costs too much and chances are you're not important enough anyway.
        • Um, no. No, they can't. I used to have to explain this repeatedly to clients:

          UNLESS YOU ARE DEALING WITH A VERY OLD HARD DRIVE (pre 1997, at least), YOU CANNOT RECOVER DATA THAT HAS BEEN OVERWRITTEN.

          Go read the Gutmann paper from Usenix '96, and note that he never actually performs any recovery tests, nor does he cite anything other than reports of data recovery in lab situations under ideal conditions.

          Also, note that he REVISED that paper in 2000 or 2001 (not quite sure) to take into account the fact th
      • by TripMaster Monkey ( 862126 ) * on Tuesday September 13, 2005 @03:46PM (#13550713)

        That's right, just a single-pass overwrite with zeros will do.

        Um...no. Not to be argumentative here, but I have personally been able to recover data from a hard drive after being zeroed. This is why the DoD standard [active-eraser.com] is a bit more stringent than simply zeroing.
        • by gweihir ( 88907 ) on Tuesday September 13, 2005 @04:04PM (#13550918)
          ... but I have personally been able to recover data from a hard drive after being zeroed.

          And what drive generation/size was that? If it was an older, lower capacity drive, I have no trouble beliving you. If it was a current >= 200GB drive, I think you need to elaborate a lot.
        • by MoralHazard ( 447833 ) on Tuesday September 13, 2005 @04:47PM (#13551345)
          You're either:

          1) Talking about recovery from an old drive, pre-1997, OR;

          2) You're full of shit. Yes, a liar.

          So explain yourself, please, because I will apologize immediately if the case is (1) or you can prove me wrong. Cite me some evidence--press releases from the company you worked for, or a paper written by the research team you worked with. Anything, hell--even your blog is something.

          I've spent my last four years working as an examiner at a computer forensics firm. I have exhaustively researched this topic several times, hoping against hope that something is out there. There is nothing.

          I have encountered a number of documented cases where a party to ligitation claimed that incriminating or exculpatory evidence had been overwritten on a hard drive. In at least two of those cases, the defendants spent more than $500K funding people who said "Oh yeah, I can do that--I just need cash for a lab and a magnetic-force microscope." Nobody EVER recovered over-written data, in any of these cases.

          So prove me wrong.
      • by Otter ( 3800 ) on Tuesday September 13, 2005 @03:46PM (#13550719) Journal
        That's right, just a single-pass overwrite with zeros will do. Everything else you hear is either 8+ years out of date, or uninformed bullshit, or a scare story.

        Have they made some change to zero in the last 8 years that makes it less constant?

        • by dougmc ( 70836 ) <dougmc+slashdot@frenzied.us> on Tuesday September 13, 2005 @04:28PM (#13551156) Homepage
          Have they made some change to zero in the last 8 years that makes it less constant?
          No, but at the lowest level, your hard drive is analog, not digital. It's not just 0s and 1s anymore.

          To give an example, suppose a part of your drive had this pattern written on it --

          1 0 1 0 1
          and you overwrote that with 0s. So you'd expect to see
          0 0 0 0 0
          and you would, if you read the drive in the normal way. However, underneath the covers, the data on the drive would really look more like this --
          0.11 0.02 0.11 0.02 0.09
          the exact values are just guesses, but there is a pattern here -- if a bit used to be 0, it's very close to 0 now. If the bit used to be 1, it's still close to 0 now, but a good deal further than if it was a 0.

          With some different firmware, one could read most of the data that was on a drive that had been erased like this.

          This is why people 1) write random or semi-random patterns to the disk to erase it, and 2) do it more than once.

          Still, writing 0's just once to the entire disk will stop 99% of people who might read your disk. Writing random patterns several times will probably stop even the NSA, but if they want you bad enough, they'll stick probes into your brain and extract it that way :)

        • Have they made some change to zero in the last 8 years that makes it less constant?

          No, nothing so drastic. Hard drive technology has fundamentally changed in the last few years, and there was a huge industry-wide turnaround in methods that happened around 1997. The bulk of the changes had to do with the encoding mechanisms used to write and read data from the platter.

          Even back then, these attacks were just theories, at least in public. It's possible that some spook-lab made them work, but there was never
      • What if the drive wont spin up?

        But you're right if they do.

        I've had to pull 4 GB of rm -rf *'d data off a drive before using some tools and vi. Worked well, took hours, and I got 90% of his files back.

        I also got several versions of each file, some of them dating back over a year. Scarry...

        But if you dd a drive... it's gone from all the tools I had at my fingers. And I had a *lot* of tools.

        I've also done the "platter swap" thing once successfully (in a shower clean room) (twice failed) and several controller
      • > The most effective way to forever put your data beyond the reach of cops and courts is: dd if=/dev/zero of=/dev/hda
        However, the most *fun* way to forever put your data beyond the reach of cops and courts can be found here. [magnumresearch.com]
      • Now, get real: Want to know the BIGGEST, best-kept secret in data forensics? The most effective way to forever put your data beyond the reach of cops and courts is:

        dd if=/dev/zero of=/dev/hda

        That's right, just a single-pass overwrite with zeros will do. Everything else you hear is either 8+ years out of date, or uninformed bullshit, or a scare story.


        I completely agree, except that

        dd_Rescue /dev/zero /dev/

        is better wince it gives you a nice progress i
        • It used to be different, but HDD technology is now right at the edge of what physics allows.

          Not saying you're wrong, but I think an important qualifier might be "the edge of what physics allows" at any significant rotational speed. I have to wonder if you're willing to spend 100s of hours scanning a single platter with specialized equipment if you couldn't still make out a bit more. I really don't know, just wondering.
    • The only hard drives that I have got rid of have had a nail driven thru all the platters after a full reformat.
    • Simply performing a BIOS-level format of your hard drive (assuming you have that capability - it's easy with SCSI drives) will suffice, unless your threat model includes forensics teams. Popping the drive in a different computer, erasing the parttitons, building a new partition, and filling the drive with random stuff works fine too. Sure, it's *possible* to recover data from a formatted drive, but by using methods that cost more than the value of the data on any of *my* hard drives to anyone else.

      The tri
  • Found data (Score:5, Interesting)

    by BWJones ( 18351 ) * on Tuesday September 13, 2005 @03:22PM (#13550454) Homepage Journal
    I've found some interesting stuff on hard drives purchased second hand including tax forms from apparently a CPA, medical records, patent applications, and most interestingly, a fair bit of data that I will not talk about on a NeXT cube off eBay that was originally purchased from a government auction. I was surprised as it was the only cube I had seen with it's hard drive intact. (All hard drives were erased or physically destroyed, because I am a nice guy).

    The interesting thing is that protocols for the destruction of data have existed for magnetic media since before the hard drive. With the advent of the hard drive and higher density media, other protocols have come into place, but the solution is not a technical one. It is the hardest of all solutions...... Behavioral change.

    • For normal sellers, a simple reformat should be fine. Even with somewhat sensitive data on there, commercial wiping software is adequate -- what do you think a "professional forensics firm" will do?

      Removing the hard drive might be OK for selling some uberovergamerclocker rig, but most normal buyers don't just have a spare drive around to stick into the computer they just bought for $75.

      • Re:Found data (Score:5, Interesting)

        by pilgrim23 ( 716938 ) on Tuesday September 13, 2005 @04:26PM (#13551135)
        My hobby is retro computing. This means I have spent a bit of time at yard sales, Salvation Army and Goodwill. I have purchased cheap boxes of every description form Next Cubes to old Apple IIGS with a Vulcan drive inside the power supply, to early PCs. I have seen countless files, personal and public on machines for many many years. Being a good net citizen I reformat the drives and use them (unless I find a really hot app I wanted. :) -I would use apps I found (especially on old System 7 or earlier Macs, old Ataris, Amigas, and ProDOS based Apple II apps. Sometimes these boses were the ONLY sources of lost and needed applications (try finding a copy of raster Blaster these days ;). I would though: delete all files that were none of my business.

          In the course of this scrounging I learned something SlashDotters may not consider: There is an entire subculture in America of people who use second hand machines. These are poor folks who cannot afford the latest Alien ware or G5 iMac. People who just don't have the money for even cheap Celeron box. I am talkin' poor folks here. They get by on Windows 98 and Office 97, or even Mac OS 7.1 and MS Word 5.0 for their computer needs.
        They use a old Performa Mac or a Mac Classic II, or a 486 or Pentium 166mhz PC to do what they need to do.
          Tech support is supplied by a whole bunch of self taught techs who tinker. I know many of this sort.

        The size of this population of users might surprise folks. There are a lot of them.
        The problem with all the current talk of: "OH! I left Aunt Tillie's phone number in Outlook Express and all 26 of my credit card numbers in Quicken!" is the effect it has had on this catagory of user. They are not able to "upgrade" to a newer junker because everyone is afraid to dump their box for fear of the data being stolen. This means the bottom of the food chain looses. It also means there will ALWAYS be compromised Win 3.1/95/98 boxes on the net.

        BTW....if anyone out there has any older Conner or Western Digital (pre-Caviar) 20-40-120-240mb hard drives I am looking for a few to reformat as Vulcan Gold Drives....
    • Re:Found data (Score:5, Interesting)

      by Stanistani ( 808333 ) on Tuesday September 13, 2005 @03:33PM (#13550564) Homepage Journal
      >a fair bit of data that I will not talk about on a NeXT cube...

      Hmmm. The biggest customer of NEXT was the CIA IIRC...

      All aboard for Gitmo!
    • Re:Found data (Score:5, Interesting)

      by saha ( 615847 ) on Tuesday September 13, 2005 @03:34PM (#13550577)
      Finding old hardware in my department to go to property disposition is a pain when getting rid of data on old hardware. First I don't even know if some of the hardware that is ten years older will even start. Then I have to find a floppy or CD that will run on the specific hardware. The easy solution is to open up that computer and rip out that harddrive, then hammer it so the platters are broken. Problem solved.

      I do like the fact the on Mac OS X on any System Restore CD or OSX CD comes with Disk Utility.app, that does either seven or thirty-five random wipes of the disk. Plus the user could use Secure Empty Trash from the very beginning. Waiting for a 20GB to randomly write bits in every sector seven to thirty-five times is general too much of my time. The hammer is a lot quicker.

      Signed: The impatient and destructive systems administrator

      • Re:Found data (Score:3, Interesting)

        by BWJones ( 18351 ) *
        I agree completely with your solution. Physical destruction of the media is best and a ballpeen hammer is usually pretty effective. Although when I was younger and had more time, we would take hard drives destined for destruction out to the range. That NeXT Cube hard drive suffered a fatal wound by a 7.62mm round at approximately 1000 meters.

    • Re:Found data (Score:5, Interesting)

      by bani ( 467531 ) on Tuesday September 13, 2005 @04:03PM (#13550906)
      I bought some used DLT tapes off ebay. Most of them were empty, but a few which were not empty had:

      o) accounting data
      o) sourcecode for web commerce backend for multibillion dollar corporation
      o) server backups, including email
    • Re:Found data (Score:3, Interesting)

      by shokk ( 187512 )
      Back at an old job 10 years ago, we were decommissioning some very very old hard drives in some Sun servers that took up an entire rack for just four drives, one shelf each. We decided to have some fun and break out the hammers, drills and chisels. It took us days to break through those with the measley tools we had on hand, but in the end we rendered all platters useless. Giant platters with multiple drill holes, awful scratches, fingerprint marks, bent and twisted. For a while we adorned our cubicles
    • I also found data (Score:5, Interesting)

      by spoco2 ( 322835 ) on Tuesday September 13, 2005 @06:40PM (#13552330)
      I also bought a second hand computer, from an auction from a company that had gone into receivership, I got it home, turned it on, it wouldn't boot... I fiddled with the internals a bit and low and behold it booted and came up into Windows XP... well, I don't know the passwords, so I then just boot of a Knoppix Live CD and have free reign to look over the entire hard drive, of what turned out to be a PA's computer, complete with photos of the vehicle parts machine plants they were building right up until they went under...

      The saddest part was looking through the 'Recent Documents' list.

      Letter x, letter y for boss, travel iteneries etc... then... typing tests... job guides, and finally the resume...

      So sad... I wiped it good and proper before I gave it to who it was intended.
  • by Orrin Bloquy ( 898571 ) on Tuesday September 13, 2005 @03:24PM (#13550468) Journal
    Darik's Boot and Nuke. Cheap, efficient, portable. Worst thing that happened using it was cleaning a PC so old its CD-ROM drivers weren't in firmware, so I had to download a boot disk off the net to reinstall them.
    • by chill ( 34294 ) on Tuesday September 13, 2005 @03:43PM (#13550670) Journal
      DBAN doesn't -- last I checked -- have SCSI or RAID drivers, so it is only viable if you're on a plain vanilla IDE system. I dont' know about SATA.

      dd if=/dev/random of=/dev/sda bs=512 count= (get this from fdisk) will do the trick in a pinch.

      On the other hand, has anyone here actually tried to "secure wipe" at 200+ Gb hard drive? It can take DAYS.

      Just drill a hole in the case; pour in some caustic drain cleaner or CLR (bathroom cleaner); plug the hole; shake vigorously then let sit for a couple days before throwing it out.

        -Charles
      • Drop the "count=". dd will continue on until the entire file (which happens to be from an unlimited source to the entire disk) is written. Also, the default block size is 512, so you don't need to worry about that either. Though you may actually get better performance by using "bs=4096".

      • DBAN doesn't -- last I checked -- have SCSI or RAID drivers, so it is only viable if you're on a plain vanilla IDE system. I dont' know about SATA.

        According to the website, "DBAN has all available SCSI disk drivers". As of Dec 2004 DBAN has SATA drivers. I'd think RAID wiping should be done on each individual drive rather than across the entire RAID array.
  • by dusik ( 239139 ) on Tuesday September 13, 2005 @03:24PM (#13550471) Homepage
    On the other hand, I always thought it was a good bonus for the custom when I sell a hard drive on eBay with my mp3 and pr0n collection still intact.

    Then again... they probaby would see the reiserfs partition as "Unknown" in the Windows installer.
  • Or just nuke it.. (Score:4, Informative)

    by squison ( 546401 ) on Tuesday September 13, 2005 @03:27PM (#13550496)
    ...with something like Darik's Boot & Nuke [sourceforge.net]
  • by Blue-Footed Boobie ( 799209 ) on Tuesday September 13, 2005 @03:28PM (#13550510)
    I have my business card out there with many people for the purpose of snagging equipment that would otherwise get thrown out.

    I once received about 30 10GB hard disks from the US Army that were tossed in a collection bin (and someone called me to say they were there) which were not wiped and had a fair bit of info on them. Not talking National Secrets, but info that could have been used to cause problems, none the less.

    By far the worst, however, was a batch of 15 PIII computers I recovered from the INS. Not only had they not been wiped, but all programs and files were fuctional. Talking about Social Security numbers, Green Card information, and on and on. It was terrible.

    Of course, I do the right thing and both wipe and low-level format these before donating on to charity - but it still amazes me what info is given away.

    Both of these cases were 1 year+ after 9/11 too. People don't change.

    • Hey I recently snagged a bunch of highend dell poweredge power supplies from state surplus ebay not going so well for getting rid of them. Email me.
    • by Gruneun ( 261463 )
      As far as the military, there is a very detailed plan for decommissioning computer equipment that contained classified data, whether that equipment will be destroyed, auctioned, or donated. Hard drives are opened and the platters are physically destroyed with sandpaper or other abrasive substances and even monitors are degaussed with a heavy magnet and shattered if burn-in is an issue.

      Other government agencies aren't held to the same standards, but the odds of national security secrets going out on a trash
  • by xTK-421x ( 531992 ) on Tuesday September 13, 2005 @03:29PM (#13550520) Homepage
    http://dban.sourceforge.net/ [sourceforge.net]

    Set that up for 27 wipes and you're set.
  • 1) Write all 1s then 0s to the drive, repeat 5x.
    2) Use acetylene torch and reduce drive to slag.
    3) Encase slag in concrete.
    4)Drop concrete in Marianas trench.
  • (for unmounted drives)
    dd if=/dev/zero of=/dev/hdb bs=16384

    Or, use /dev/random if you've got the time and paranoia.
    • On any drive manufactured within the last 6 years, there's no point in using /dev/random at all. Besides, unless you have a hardware rand generator driving /dev/random, it would take weeks to wipe a decent-sized drive. And that's if you sit there and move the mouse to generate entropy the whole time.

      As a side note, on Linux and the BSDs, /dev/urandom uses the Yarrow algorithm seeded from /dev/random, which has been shown to be functionally identical to a true random number generator. So if you do need ra
  • And many don't have the tools - or if they have them, are unaware that the tools are capable of doing this.

    I find a large sledgehammer used repeatedly does a fairly good job of handling data getting into the wrong hands, mind you ...
  • People around here upgrade there computers a lot (and by upgrade I mean throw out the old one and buy a new one) so I see a lot of old computers on the streets. I usually take them to see what I can salvage and almost 90% of the time there's data left on the drive.

    The interesting thing is, my aunt who is beyond computer illiterate, had me come over and wipe her hard drives clean before she got rid of her old computers. I guess if you're someone used to destroying paper bills and information before you
  • Dban (Score:2, Informative)

    by Pushnell ( 204514 )
    For any who wish to avoid such "Data Dangers", I've been using Boot & Nuke (http://dban.sourceforge.net/ [sourceforge.net]) for some time now. It's pretty easy to use and supposedly reaches DoD levels of secure delete. All used hard drives my shop sells get a dban scrubbing before they leave.
  • I don't know if there's a Windows equivalent, but whenever I sell an old Mac, I use the Disk Tool program, and select "Zero All Data", which supposedly flips all the bits on the HD to 0. After that, I'll do a clean install of the default OS version that came with the computer.
    • That doesn't even come close to securely deleting data on your drive. Multiple overwrites with random data, followed by a zeroing, comes closer, but not really. There's a website out there (that I've lost the URL for) which details the process. Basically, you need to overwrite with random data and zeros in a pattern which is carefully crafted to erase the magnetic information, but the order in which the steps are performed must also be randomized. Pretty wild. Unless you're a terrorist, or you have the true
  • I wipe all my drives with both Windex and Formula 409 before disposing of them yet my identity still gets stolen. Good thing I only I have a Visa Lead card.
  • by Lumpy ( 12016 ) on Tuesday September 13, 2005 @03:34PM (#13550581) Homepage
    professional forensics firm to erase your hard drives? really?

    how do I market myself as this and sell that service to people? sounds like a great article to whip up some Fear frenzy that we geeks can make good money on.

    "Yup, I can safely eradicate your data and wipe that drive, no it's not easy, but that is why it costs $100.00.

    thank you, no we dont accept personal checks."

    adding that to my spyware cleaning racket and I can quit my job as a web programmer/IS manager.

    This rocks, any way to get CNN to stir it up as well to help the fear factor in the general public?
  • format c: (Score:3, Funny)

    by beforewisdom ( 729725 ) on Tuesday September 13, 2005 @03:34PM (#13550584)

    format c:

    how hard is that?
    • Not very hard, but also not very secure. To my knowledge format just nils the filesystem tables, not the actual file content. Am I wrong?
    • About as easy as "unformat c:"*.

      A standard format is usually a "quick" format. Which means that recovering the info is easy. You need to do a low-level format in order to actually destroy the data. Even then, there are no guarantees. Your best bet is to insert a Linux boot CD or floppy and run:

      dd if=/dev/zero of=/dev/[drive name]

      * Unformat was removed in Windows 95, so it doesn't work on modern machines. However, the existance of the command demonstrated that it was quite easy to restore the original file t
  • by MobyDisk ( 75490 ) on Tuesday September 13, 2005 @03:36PM (#13550602) Homepage
    ...they should use a professional forensics firm to erase it. "Alternatively," he said "they could smash it to bits."
    Unfortunately, the author doesn't understand that the data is already in bits, so this won't help. I would recommend a multiple-pass approach: First split it into big sectors, then into large mega bytes, then again into smaller bytes, then finally tiny nibbles.
  • by mykepredko ( 40154 ) on Tuesday September 13, 2005 @03:39PM (#13550636) Homepage
    A couple of years ago, we had to buy a PC with Windows/95 on it because a speech therapist had a program for my daughter that only ran on Win/95.

    We were able to find a PC that had just turned in to a local "Cash Converters" and the OS had not yet been wiped/updated and got it for $50. We did try the PC before leaving the store but did not hook up a set of speakers.

    When we got home, we discovered that the previous owner of the PC was an affectionado of Jamacian S&M. The first time I turned it on, the PC started up with somebody screaming "Hurt me Mon!" and every mouse click produced a woman's scream.

    I was able to reset the default sounds on the PC and delete the thousands of jpegs of bondage pictures, but my daughter (who was 8 at the time) was pretty much traumatized and refused to work on the PC until I could demonstrate it wouldn't make the "scary screams" any more.

    We were able to run the speech therapy program, but my daughter never did trust that PC and made me sell it when the therapy was finished.

    myke

  •     A Romanian SAR-1 does a great job!

        A shot or two will penetrate all the platters and leave them a twisted mess.

    • With platter densities as high as they currently are, merely breaking the platter does not ensure that significant amounts data cannot be recovered.
  • For average people (Score:2, Informative)

    by L. VeGas ( 580015 )
    A lot of people, when disposing of a computer, want to keep the OS and the applications installed because they're giving it to a relative or friend or something like that If that's the case, something like Derek's Boot and Nuke obviously isn't appropriate. There are, however many tools out there that help you clean up a windows machine such as Eraser [nedwolf.com]to wipe data and CCleaner [nedwolf.com] to clear out temp junk.
  • USB keys (Score:5, Informative)

    by Gruneun ( 261463 ) on Tuesday September 13, 2005 @03:42PM (#13550657)
    I raised this issue with the manufacturer of my USB key, after it ceased to communicate. I was offered a brand-new one upon receipt of the old one, but had no way to clear the data (a CVS tree of our product). The tech said any obvious, physical damage (i.e smashing with a hammer) would void the replacement guarantee.

    Apparently, a few seconds in the microwave does not qualify as obvious, physical damage.
  • If you are using Windows, then you have to have Eraser [heidi.ie].
  • by Shadow Wrought ( 586631 ) <.moc.liamg. .ta. .thguorw.wodahs.> on Tuesday September 13, 2005 @03:43PM (#13550674) Homepage Journal
    Invariably in discussions regarding data found on used hard drives there are a litany of stories about what people have found on drives they have bought. In almost every single instance of this there's a disclaimer at the end lines of, "but I deleted it of course." I wonder how many of them actually did. And, of those, if they deleted only the data, or the data and the programs?

    I should also point out that I don't doubt any individual's account- I just don't know that I trust the whole population. Just a thought...

  • I specialize in computer demolition. I have always been a pyro and I have always had a fascination with blowing things up. With computer security becoming an issue, and some lessons learned from the arrests, I have turned my talents towards something more constructively destructive.

    For $200, I will use shaped charges and implode and obliterate your computer. I also sometimes opt to run computers over with one of my various broken-down cars.

    [Disclaimer: This is a joke (attempt). While like to watch expl
  • ... or just destroy the item in question. With the low price of storage devices, the latter is probably preferable.
    And do what with it? Throw it in the dumpster, where it will go into a landfill, and the heavy metals will leach out and poison your grandchildren? Computer hardware should be safely recycled -- which isn't free. Easier and cheaper just to wipe the drive. Especially if you're getting rid of the computer it's in.
  • 5000 Degrees and I can PROMISE no data will survive.

    Thermite can be purchased for 60$ US Per 10 Lb from most pyrotechnic suppliers in the US (Also see special Effects and Welding)

    Muratic acid left to sit a few days will do the trick too ($5 US at any HW store).
  • All drives should really be encrypted, whether they are transportable or not. If they are server drives, then the key can be physical (like a USB stick) that is left in place until the drive/machine needs repairs.

    Some recent motherboards have the right idea: they come with an encryption key (a physical object) that you plug into the motherboard for encrypting the disks completely without OS intervention as far as I can tell.

    Let's hope that kind of feature becomes standard on all motherboards.
  • Tell your friends that you will take care of their old boxes. Bring a Mepis or Damn Small Linux CD with you and blow away their hard drive. Show them how easy it is to give a new virus-free life to that old box. If they don't want that old box after it is Mepisized, put it up for give-away on Craigslist or DIYparts.org. People have a much easier time understanding how good open source software is when they see it in action.

    Taking a sledgehammer to the box might be more fun, but then that box is headed
  • HDDs are down to about 50cents for 1GB and USB drives are also getting cheaper. It's safer to keep the drive and sell the rest if you want to make up some of the cost of new hardware. If you sell a PC with hdd and software there are probably some legal/license/EULA violations you could be held liable for, probably won't but there's a chance. Even the older slower lower capacity drives can still be put in another PC or external case and used for backups, there's nothing wrong with using all your IDE slots, c
  • by magarity ( 164372 ) on Tuesday September 13, 2005 @04:10PM (#13550982)
    or just destroy the item in question
     
    Nooo!!!
     
    I worked as the technology re-use manager at a nonprofit organization whose mission was to get donated goodies, including computers (my responsibility), to small local charitable organizations. Our warehouse had pallet upon pallet of donated computers whose hard drives were removed as part of corporate donors' policies regarding data safety. Did we get those computers to community centers, adult education programs, inner city kids, etc? Heck no, we had to send them to the metal recycler for 2 cents per pound. Sure, per-storage unit hard drives are cheap but to get enough for a couple of hundred computers is a major expense. And yes, we applied to Maxtor, Seagate, IBM, HP and a couple of others to try to get them to donate hard drives but no dice.
     
    The late-middle aged lady who wants to type and print the church newsletter has ABSOLUTELY no use for a computer without a hard drive and even less of an idea how to install one even if she did have budget to get one. Get a commercially available eraser program; there are plenty of titles and methods. Said church lady has NO IDEA how to extract prior data from a drive that was just plain formatted and a fresh Windows installation put on.
  • by Bobartig ( 61456 ) on Tuesday September 13, 2005 @04:32PM (#13551194)
    If you go into security options from Disk Utility, there's a click box for "zero out all data", "7 times zero", and "35 times zero", depending on how sensitive your data is. It even warns you "this will take 35 times as long as a single erase.

"jackpot: you may have an unneccessary change record" -- message from "diff"

Working...