In light of the news over the past few days regarding data theft on old PCs I thought I might start a thread that we can use to dispell a few myths regarding how hard disks handle data and what we can do to manage it. Most of us are aware that when you delete a file the file isn't actually taken off the disk and it is only 'gone' when it has been overwritten by another file. Does the story end there? How does Windows actually handle its data? Well lets find out by pooling our knowledge.
I have a couple of pieces of data destruction software to test, a data recovery suite and I have tried a number of physical methods that have been used to some success. I'll start with the physical methods as they are most brutal but defintely the most effective and work onto the software afterwards.
PART 1, MANUAL AND PHYSICAL METHODS:
Complete physical destruction:
This might sound obvious but the only way you can be certain there is nothing left on the disk for someone to steal is to smash the hard disk to pieces with a hammer. Start with the top, break through the cover and make sure the disk platter inside is broken.
Semi destruction:
Not quite so obvious but by removing the cover that protects the disk platter renders the disk inoperable. However, the data is still in place and with the right equipment it is probable that the data can be recovered.
Overwriting, manual:
You need a big file for this to not take too long. Ideally the file is the complete size of the disk, but this is not normally possible so grab a giant file like a DVD image or something equally anonymous, and copy it onto the disk. Cope it on again with a different name, again and again until the disk is full and you have overwritten everything.
The only traces of your old data should be reduced to residual magnetism on the disk surface and maybe on a backup copy of the file table, but generally it should be unreadable.
PART 2, SOFTWARE:
Here I'm going to test a couple of data destruction suites and see what's left behind using a data recovery program that scours the disk for old files.
Windows:
DO NOT trust Windows to completely wipe your data. When you delete a file "permanently" it is taken out of the list in the file table but the data itself is left in place on the hard disk and labelled as free space. Recovery software scours the hard disk for data of this sort and copies it to another disk or partition. Later on this data may get semi-overwritten by temporary internet files but generally it is left in place until the space is needed.
Paragon Disk Wiper 7:
Full version was given away with PCW magazine in August but it claims to be a fairly comprehensive data wiping program. It can clear whole disks, whole partitions or just clear the free space on a working partition. It overwrites the unused space with either a preset algorithm or with an algorithm of your own choice. You have two options, you can either run the program through Windows or boot with a CD and run it through DOS of sort.
A selection of files were deleted, the recycle bin emptied and the program was run through Windows using the preset algorithm. Once the computer had rebooted recovery software was used to see what was left.
Basically it found everything, so not good news. Some images were complete, some were just headers but it looked like all the file names from the deleted files were complete. On running the program from the bootable CD the same results occurred. So this program gets a thumbs down.
To be continued...
Later in the week I'll be testing EastTec Eraser, another magazine full program giveaway. Please add to this thread how data is actually managed on the hard disk, what you know about NTFS file tables and what software you've tried in the past and to what success. It'll be very enlightening to see if freeware tools are better or worse than their pay per view counterparts. I'd be pretty irritated if I'd paid for software like Paragon only to find my data was still in place.
I have a couple of pieces of data destruction software to test, a data recovery suite and I have tried a number of physical methods that have been used to some success. I'll start with the physical methods as they are most brutal but defintely the most effective and work onto the software afterwards.
PART 1, MANUAL AND PHYSICAL METHODS:
Complete physical destruction:
This might sound obvious but the only way you can be certain there is nothing left on the disk for someone to steal is to smash the hard disk to pieces with a hammer. Start with the top, break through the cover and make sure the disk platter inside is broken.
Semi destruction:
Not quite so obvious but by removing the cover that protects the disk platter renders the disk inoperable. However, the data is still in place and with the right equipment it is probable that the data can be recovered.
Overwriting, manual:
You need a big file for this to not take too long. Ideally the file is the complete size of the disk, but this is not normally possible so grab a giant file like a DVD image or something equally anonymous, and copy it onto the disk. Cope it on again with a different name, again and again until the disk is full and you have overwritten everything.
The only traces of your old data should be reduced to residual magnetism on the disk surface and maybe on a backup copy of the file table, but generally it should be unreadable.
PART 2, SOFTWARE:
Here I'm going to test a couple of data destruction suites and see what's left behind using a data recovery program that scours the disk for old files.
Windows:
DO NOT trust Windows to completely wipe your data. When you delete a file "permanently" it is taken out of the list in the file table but the data itself is left in place on the hard disk and labelled as free space. Recovery software scours the hard disk for data of this sort and copies it to another disk or partition. Later on this data may get semi-overwritten by temporary internet files but generally it is left in place until the space is needed.
Paragon Disk Wiper 7:
Full version was given away with PCW magazine in August but it claims to be a fairly comprehensive data wiping program. It can clear whole disks, whole partitions or just clear the free space on a working partition. It overwrites the unused space with either a preset algorithm or with an algorithm of your own choice. You have two options, you can either run the program through Windows or boot with a CD and run it through DOS of sort.
A selection of files were deleted, the recycle bin emptied and the program was run through Windows using the preset algorithm. Once the computer had rebooted recovery software was used to see what was left.
Basically it found everything, so not good news. Some images were complete, some were just headers but it looked like all the file names from the deleted files were complete. On running the program from the bootable CD the same results occurred. So this program gets a thumbs down.
To be continued...
Later in the week I'll be testing EastTec Eraser, another magazine full program giveaway. Please add to this thread how data is actually managed on the hard disk, what you know about NTFS file tables and what software you've tried in the past and to what success. It'll be very enlightening to see if freeware tools are better or worse than their pay per view counterparts. I'd be pretty irritated if I'd paid for software like Paragon only to find my data was still in place.
