[Tfug] Destroying a hard drive

Bexley Hall bexley401 at yahoo.com
Mon Sep 10 12:28:46 MST 2007 

--- Rich <r-lists at studiosprocket.com> wrote:

> On Sep 8, 2007, at 11:14 am, Bexley Hall wrote:
> 
> > When I dispose of a drive that has had sensitive
> > information on it (e.g., projects for clients),
> > I overwrite the disk's contents many times.
> > Then, use a large bulk eraser on the platters.
> > Then, drop it forcefully  :> several times.
> 1. Overwriting the data doesn't guard against
> forensic data recovery
> 2. Bulk erasing only makes the signals fainter
> 3. dropping it only puts the heads out of alignment
> 
> Your data could be reconstructed with no special
> equipment: just software. Just so you're aware.

A person who does this would:
1. need to be aware of the product my client sells
2. be aware that *I* designed it for them (my
   contracts almost always prevent them from
   disclosing this information)
3. "watch" me to see when and where I have disposed
   of some media
4. *Hope* that media is the media that holds the
   design information for the product they are
   interested in
5. have the means/contacts to recover that data
6. have the insights necessary to *understand* the
   design (i.e., if I gave you 100,000 lines of
   source code, do you *really* think you can
   *build* the device that I designed?  :> )
7. hope that the documentation they have "acquired"
   reflects the product in a state that they desire
   (e.g., maybe this was a specialized version of
   the product marketed to a specific customer of
   the client's)
8. hope the market window for that product hasn't
   LONG SINCE CLOSED!

Like I said, I lose *zero* sleep over my disposal
procedures.  :>

> > And, dispose of it in a generic location
> > (i.e. where it is highly unlikely that
> > anyone who *knows* that I was working for
> > a particular client is likely to come across
> > it "casually").
> Good idea: take a leaf out of the criminals' book.
> But don't draw  
> suspicion on yourself (that you might be a
> criminal!) by disposing of  
> your old equipment in someone else's trash without
> their permission.

A disk drive in a 12" square "litter bag" that
you would typically have in your *car* (for those
folks who actually use litter bags instead of the
"floor of the passenger seat"  :> ) casually dumped
in the trash at a local grocery store after
purchasing a week's worth of groceries hardly
"draws suspicion/attention"  :>

> > Remember, there are other "easier" ways to get
> > most things that you might consider "sensitive".
> Diminishing returns and all that, but sysadmins
> should be aware of  
> the best techniques, even if we don't use them.

If you're trying to keep yourself OUT OF JAIL
then grind the platters.  I shred unwanted CD's
in a heavy duty (confetti style) paper shredder
routinely (because it is far easier for folks
to fish CD's out of the trash and pop them into
their own computer -- not nearly that easy to
do things with hard disks, etc.)


       
____________________________________________________________________________________
Choose the right car based on your needs.  Check out Yahoo! Autos new Car Finder tool.
http://autos.yahoo.com/carfinder/

More information about the tfug mailing list