[Tfug] Destroying a hard drive
Rich
r-lists at studiosprocket.com
Sat Sep 8 12:16:52 MST 2007
On Sep 8, 2007, at 9:03 am, erich wrote:
> There is little incentive to "unscramble the eggs in a
> omlette" :-). Unless you have secrets on there on how to destroy
> the universe.
There's quite a big incentive actually: the potential of trade
secrets and hr records, which would include ssns, financial records,
etc. Heck, even a list of email addresses is worth money!
Forensic data recovery techniques are getting better all the time.
But you have a point: people are so complacent about their data that
they'll just sell old drives without erasing them, consequently
there's little incentive to go to great lengths to physically put
data beyond the reach of petty criminals.
On Sep 8, 2007, at 11:14 am, Bexley Hall wrote:
> When I dispose of a drive that has had sensitive
> information on it (e.g., projects for clients),
> I overwrite the disk's contents many times.
> Then, use a large bulk eraser on the platters.
> Then, drop it forcefully :> several times.
1. Overwriting the data doesn't guard against forensic data recovery
2. Bulk erasing only makes the signals fainter
3. dropping it only puts the heads out of alignment
Your data could be reconstructed with no special equipment: just
software. Just so you're aware.
> And, dispose of it in a generic location
> (i.e. where it is highly unlikely that
> anyone who *knows* that I was working for
> a particular client is likely to come across
> it "casually").
Good idea: take a leaf out of the criminals' book. But don't draw
suspicion on yourself (that you might be a criminal!) by disposing of
your old equipment in someone else's trash without their permission.
> Remember, there are other "easier" ways to get
> most things that you might consider "sensitive".
Diminishing returns and all that, but sysadmins should be aware of
the best techniques, even if we don't use them.
R.
More information about the tfug
mailing list