You have no doubt heard the stories about personal or confidential business data being found on computer hard disks. There are comments by various world renowned experts in data recovery and computer forensics who state that you cannot remove all of the data on a hard disk.
How can you know for sure whether it is true or not that others can access a so called erased hard drive and obtain information from it. Is it true that the deleted information is able to be retrieved through a hard disk data recovery expert? Can these hard drive data recovery experts find your personal or confidential information after you think you have exposed of it all?
First there are a few things to cover in the details of hard drive erasure and how you should go about it:
What does Hard Drive Erasure Entail?
The true data erasure is when a dedicated degaussing mechanism is used to "flip" all of the parts on a magnetic material so that no hint of the actual data remains so no data recovery is possible. It is worthwhile knowing that data erasure software does not actually erase the data, what it does is in fact replace the data with other data effectively over writing the information that you no longer wish to store.
Deleting a file from your hard disk drive actually doesn't, in most cases, do anything to the information itself. What it does is remove the instruction information that tells the system where the data is. In some cases a data erasure can actually leave all of the information on the hard disk and in fact just add a further entry in the hard disk advising that the file is deleted. To the untrained eye the information appears as if it is gone. Meanwhile the actual data is still there until a future point in time where the space that it is taking up is re-used by new data.
Sometimes data from files can also be stored in transient memory. A large portion of operating systems use caches, these are areas where the data that is being accessed is temporarily stored. The Windows swap-file is a good example of this type of system.
The difference with data erasure software is that it is designed to complete an ordered and thorough replacement of the information that was stored and therefore the original data no longer exists as it has been effectively written over with new data.
What is the Best Approach?
• Disk Erasure Software
Hard disks store data in sections named sectors. Usually each of these sectors is 512 bytes long. These sectors are all accessible for reading and writing via the hard drive interface (IDE, SATA, SCSI). What this means is that it is possible to replace the data in every sector and therefore remove the data.
However, not all of the data gets removed. There can be problems caused by sectors that become unusable during normal operation and a hard disk will maintain a set of spare sectors. That means that the 160GB hard disk drive is actually 160GB plus a few additional spare ones that you are unable to access. This means that if your drive has problems attempting to write to the disk the hard drive itself can reallocate to one of these spare sectors. When this reallocation occurs this information is recorded in a separate table that is known as the G-List, or Grown Defect List.
What this in effect means is that it is possible for a sector that you wrote data too could not be written to but could actually still be read. Of course to the normal operator this is not something that would be noticed but it would be found easily by a hard disk data recovery expert. Data recovery experts know where to look for this kind of information and if these sectors do contain personal or confidential information they would be found. The chances that these spare sectors hold this information are of course low but there is still a possibility.
A more common problem is that the actual data erasure process is not monitored. An employee who is erasing disks who does not complete the data erasure process to specific high standards may in fact skip some of the disks in a batch to reduce their workload or for various other reasons. There have been occasions where this has happened and the only way to know for sure if the disk has been erased correctly with the software is to conduct validation tests on the erased disks themselves.
This means that when you are protecting and erasing sensitive and confidential information you should use a reputable software program and business to carry out the requirements of the process. If the processes of the disk erasure are monitored and logged correctly then there should not be any problems. Therefore you should not rely on technology alone at the expense of sound practices.
• Degaussing
Degaussing is often considered the best approach and involves the placing of the actual hard drive into a moving magnetic field that is strong enough to realign the molecules and eradicate any data within the hard disk drive. It is believed that this method offers the best confirmation that the data has actually been removed.
However there are some factors that require consideration:
How then do you Protect Your Sensitive Information?
The first step is to ensure that you have a process that is easy to follow and that the process is monitored correctly.
Second step ensure that you use reputable software for disk erasure to complete the process.
Third step, and this is where it is imperative that the information is erased 100%, you should use the services of a third party to test that the process has in fact worked.
With this information you now have a greater understanding of how you can erase your information, and the steps or processes to follow to ensure that the information is in fact erased. Professionals can assist you in the process and in the validation that your hard drive data recovery will not be possible.
How can you know for sure whether it is true or not that others can access a so called erased hard drive and obtain information from it. Is it true that the deleted information is able to be retrieved through a hard disk data recovery expert? Can these hard drive data recovery experts find your personal or confidential information after you think you have exposed of it all?
First there are a few things to cover in the details of hard drive erasure and how you should go about it:
What does Hard Drive Erasure Entail?
The true data erasure is when a dedicated degaussing mechanism is used to "flip" all of the parts on a magnetic material so that no hint of the actual data remains so no data recovery is possible. It is worthwhile knowing that data erasure software does not actually erase the data, what it does is in fact replace the data with other data effectively over writing the information that you no longer wish to store.
Deleting a file from your hard disk drive actually doesn't, in most cases, do anything to the information itself. What it does is remove the instruction information that tells the system where the data is. In some cases a data erasure can actually leave all of the information on the hard disk and in fact just add a further entry in the hard disk advising that the file is deleted. To the untrained eye the information appears as if it is gone. Meanwhile the actual data is still there until a future point in time where the space that it is taking up is re-used by new data.
Sometimes data from files can also be stored in transient memory. A large portion of operating systems use caches, these are areas where the data that is being accessed is temporarily stored. The Windows swap-file is a good example of this type of system.
The difference with data erasure software is that it is designed to complete an ordered and thorough replacement of the information that was stored and therefore the original data no longer exists as it has been effectively written over with new data.
What is the Best Approach?
• Disk Erasure Software
Hard disks store data in sections named sectors. Usually each of these sectors is 512 bytes long. These sectors are all accessible for reading and writing via the hard drive interface (IDE, SATA, SCSI). What this means is that it is possible to replace the data in every sector and therefore remove the data.
However, not all of the data gets removed. There can be problems caused by sectors that become unusable during normal operation and a hard disk will maintain a set of spare sectors. That means that the 160GB hard disk drive is actually 160GB plus a few additional spare ones that you are unable to access. This means that if your drive has problems attempting to write to the disk the hard drive itself can reallocate to one of these spare sectors. When this reallocation occurs this information is recorded in a separate table that is known as the G-List, or Grown Defect List.
What this in effect means is that it is possible for a sector that you wrote data too could not be written to but could actually still be read. Of course to the normal operator this is not something that would be noticed but it would be found easily by a hard disk data recovery expert. Data recovery experts know where to look for this kind of information and if these sectors do contain personal or confidential information they would be found. The chances that these spare sectors hold this information are of course low but there is still a possibility.
A more common problem is that the actual data erasure process is not monitored. An employee who is erasing disks who does not complete the data erasure process to specific high standards may in fact skip some of the disks in a batch to reduce their workload or for various other reasons. There have been occasions where this has happened and the only way to know for sure if the disk has been erased correctly with the software is to conduct validation tests on the erased disks themselves.
This means that when you are protecting and erasing sensitive and confidential information you should use a reputable software program and business to carry out the requirements of the process. If the processes of the disk erasure are monitored and logged correctly then there should not be any problems. Therefore you should not rely on technology alone at the expense of sound practices.
• Degaussing
Degaussing is often considered the best approach and involves the placing of the actual hard drive into a moving magnetic field that is strong enough to realign the molecules and eradicate any data within the hard disk drive. It is believed that this method offers the best confirmation that the data has actually been removed.
However there are some factors that require consideration:
- Degaussing does more than just remove your data. It also removes all of the information within the disk that is there from manufacture and when the drive was formatted. Therefore you can not recreate this particular information and the disk it self will no longer be operational and therefore can not be reused.
- When you consider that the disk can no longer be used this also means that you can not confirm whether the data has in fact been completely erased. If there was a problem with the degaussing device or the correct procedures were not followed during the degaussing process then there is a possibility that the information was not completely erased. Worse case scenario is that the degaussing process did not work at and the disk was actually damaged prior to the degaussing process or during it.
How then do you Protect Your Sensitive Information?
The first step is to ensure that you have a process that is easy to follow and that the process is monitored correctly.
Second step ensure that you use reputable software for disk erasure to complete the process.
Third step, and this is where it is imperative that the information is erased 100%, you should use the services of a third party to test that the process has in fact worked.
With this information you now have a greater understanding of how you can erase your information, and the steps or processes to follow to ensure that the information is in fact erased. Professionals can assist you in the process and in the validation that your hard drive data recovery will not be possible.
0 comments:
Post a Comment