At a recent press conference, U.S. Presidential candidate Hillary Clinton was asked if she wiped the drive that came out of her now infamous personal e-mail server. She responded: “What, like, with a cloth?” Please note that I will never make a public political comment. That is not my area of interest. I would like to take a moment, however, to explain exactly what happens when hard drives stop working and how data recovery and destruction can be achieved. Have you ever had a hard drive indicate that it cannot find its “boot sector”? Or have you ever had a drive make strange noises only to display a message similar to “operating system not found”? While both of these messages are cause for concern, and equal cause to remind you that you were supposed to back up your data, in most cases, the files, photos and all of your other important information is still safely stored on the drive. There are tools, such as Steve Gibson’s Spinrite, that can recalibrate the drive to read the data correctly. If you accidentally delete a file on a USB stick or a hard drive, Piriform’s Recuva is a simple tool that can get the file back for you. How is all this possible? When files are deleted, the way the deletion is presented to us is by simply removing the marker in the drive index. Think of it the same way the clerks in the supermarket know where all those items reside on the shelves. The clerks know the layout of the store just as your hard drive “knows” where it stored all the files.
What if you intentionally want to destroy the data on your drive? You should always do this before discarding or donating a computer. One method that is incorrectly used to destroy data is the “format” command. Issuing a “format” command on a drive does not remove the data. It just removes all the indexing. Formatting is similar to all the store clerks taking a vacation at the same time. The shelves are still fully stocked, but no one knows where to find anything. A drive wipe utility can truly overwrite data. It does this by writing either a random order of ones and zeroes (or other random characters) to all areas of the drive. A “Department of Defense” wipe will perform this overwrite operation at least seven times to truly obliterate the data on the drive, making it unrecoverable. WipeDrive is one such product that can perform various types and intensities of drive wiping operations. Imagine all the food shelves on the supermarket replaced with electronics, then linens, then automobile parts. You get the idea. The tools that the forensic scientists will use to examine Mrs. Clinton’s drive are heavy duty, but they may not be able to recover information that has been overwritten many times. Are there other methods for destroying data on a hard drive? Of course there are, and given enough time and imagination, I am sure you can come up with a few methods. Just remember that if that drive is the subject of a legal matter, evidence destruction can land you in a big heap of trouble that will require the expertise of someone who knows where the handcuff key is stored. Stay safe, friends.
About the Author: Bob Covello (@BobCovello) is a 20-year technology veteran and InfoSec analyst with a passion for security topics. He is also a volunteer for various organizations focused on advocating for and advising others about staying safe and secure online. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc. Title image courtesy of ShutterStock
Meet Fortra™ Your Cybersecurity Ally™
Fortra is creating a simpler, stronger, and more straightforward future for cybersecurity by offering a portfolio of integrated and scalable solutions. Learn more about how Fortra’s portfolio of solutions can benefit your business.
