C1ay Posted September 20, 2006 Report Posted September 20, 2006 Before ditching or donating that used computer, CD or other data-storage media, sensitive or personal information should be properly “sanitized,” according to a new guide from the National Institute of Standards and Technology (NIST). Information systems store information using a wide variety of media, including “hard” copy, such as paper printouts and facsimile ribbons, and electronic media, including cell phones, CDs or DVDs, and hard drives. Even if stored data supposedly has been deleted, in many cases residual data can be retrieved and reconstructed. The NIST guide, Guidelines for Media Sanitization (NIST Special Publication 800-88), provides information on techniques to remove data from a wide variety of media types and a decision matrix to determine which technique is best. The guide recommends that organizations first determine the confidentiality of the information and then decide how to dispose of the media. The guide describes the three most common methods of sanitizing media: Clearing using software or hardware products to overwrite storage space on the media with non-sensitive data. Purging magnetic media through degaussing, exposure to a strong magnetic field to disrupt the magnetically encoded information. Destroying the media through a variety of methods ranging from shredding to melting and incineration. The guide also recommends that organizations establish an information security governance structure, and describes the security responsibilities of everyone in the organization—from program managers and agency heads to users. Guidelines for Media Sanitization is available at http://csrc.nist.gov/publications/nistpubs/index.html. Source: NIST Quote
Pangolin Posted May 14, 2007 Report Posted May 14, 2007 Or you could just drop the hard drive from head height onto a concrete floor. I have a friend that works for a computers-to-schools recycling program and that's his preferred method. He says it works with everything but the very best laptop drives. BTW a degausing rig is easy to breadboard from an old speaker and some parts from Radio Shack but you have to be absolutely paranoid about getting your other gear near it. They work when turned off too. Quote
CraigD Posted May 15, 2007 Report Posted May 15, 2007 Or you could just drop the hard drive from head height onto a concrete floor.A variation of this technique was popular in my shop in the late 1980s, when the last of “washing machine” style removable disks (whopping 277 MB, multi-platter deals, taking one hand and a bit of arm strength to carry) were retired in favor of disk arrays resembling the PCs of their day – roughly 5” (120 cm) drives, about a dozen of which is a rack the size of compact refrigerator constituted a 1 GB “gigabox”. (After overwriting them with nulls) a few folk with more rural homes took the old disk packs out and shot them with a variety of guns and ammunition. :Guns: The holed, disassembled, about 18” (500 cm) platters were popular wall decorations for the next decade – I believe there’s still one hanging under some stairs in a data center near me. :shrug: Fun as they are, from what I’ve read and been told, physically damaging magnetic media isn’t a very good way to erase sensitive data. Data recovery shops claim to be able to swap the platters out of an inert, dropped hard drive and in most cases read 100% of the data. Apparently most of the damage is to the read/write heads, or sometimes the spindle bearings or motor. :naughty: Another obvious drawback to physically breaking old disks is that they can’t be reused. There are a lot of admirable charities in the business of giving “repurposed” or slightly rebuilt old machines to the poor and/or elderly. Where better to hide the magnetic whispers of your enterprise’s deepest secrets than scattered with poor record-keeping through retirement communities, small public libraries, impoverished schools, etc.? :) Quote
C1ay Posted May 15, 2007 Author Report Posted May 15, 2007 Or you could just drop the hard drive from head height onto a concrete floor. I have successfully transplanted platters from a failed drive to a new one to recover data. Data recovery shops have even successfully recovered data from drives disfigured in fires. A military grade disk erase should be sufficient but if you really want a physical destruction of data I recommend a Hard Drive Shredder... Quote
CraigD Posted May 15, 2007 Report Posted May 15, 2007 … if you really want a physical destruction of data I recommend a Hard Drive Shredder...A gadget that can completely confetti-fy a hard drive strikes me as a pretty hefty and likely expensive piece of equipment, beyond the means of the average data paranoic. The drive platters I’ve seen appear to be mostly aluminum (melting point about 665° C), so I suspect they could be melted (with care!) in an steel or copper pot on an ordinary electric stove. I doubt that even the most sophisticated technologist could recover data from the resulting dirty ingot. Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.