Shredding & Forensics
Submitted by Karen N. Johnson on Sat, 23/06/2007 - 00:28.
I have an old computer that I’ve contemplating donating but the thought of my data being unearthed by someone is unsettling so I’ve been looking into data shredding. If computer forensic tools can recover data, how do I wipe a hard drive clean?
Researching data shredding and forensic tools, makes a good pairing of topics because the more I learned about forensic tools and how they can recover bits of data, the more interested I became in shredding tools and the techniques and terms around both.
I’ve been reminded that deleting files doesn’t delete the information straight away but instead deletes the reference or pointer to the file. I’m not talking about failing to empty the Recycle Bin. I’m referring to how drive space isn’t overwritten until its needed which means that fragments of data can be sprinkled around for a whole lot longer than you might expect. This is one of those facts that I’ve known but haven’t given this much thought to. The book Steal This Computer Book 4.0 offers a tip to defrag often to improve the likelihood that space is overwritten. I like this idea since running defrag is free and easy to do.
The book also references the Department of Defense and I dug in for more reading on the standard on data shredding referred to as DoD Standard 5220.22-M that’s surprisingly quite readable. No, really it is - just a one page very readable page, take a look. The standard explains the difference between overwriting, Degaussing, and destruction.
Overwriting is the process of overwriting the media to replace data. Basic file shredders wipe data once. The more times data is overwritten the more difficult it is to recover. There are different patterns of overwriting so the number of times and the variety of the overwriting patterns make for a stronger tool.
The Gutmann algorithm writes a series of 35 patterns to fully shred a region. 35 times sounds much better than one or even 10 wipes through the data. A free tool called Eraser uses the Gutmann method. I can’t comment on the tool because I don’t have personal hands-on experience with the tool (yet.)
Degaussing refers to magnetically wiping data clean. I hadn’t realized that deleting and wiping files could leave magnetic traces. I've never been that paranoid, but I also didn't realize the extent to which forensic tools can be used to find data.
I’ve decided to keep my old computer to test out data shredders and forensic tools. It will give me a safe place to play and keep my old data from being recovered by someone into dumpster diving.
Researching data shredding and forensic tools, makes a good pairing of topics because the more I learned about forensic tools and how they can recover bits of data, the more interested I became in shredding tools and the techniques and terms around both.
I’ve been reminded that deleting files doesn’t delete the information straight away but instead deletes the reference or pointer to the file. I’m not talking about failing to empty the Recycle Bin. I’m referring to how drive space isn’t overwritten until its needed which means that fragments of data can be sprinkled around for a whole lot longer than you might expect. This is one of those facts that I’ve known but haven’t given this much thought to. The book Steal This Computer Book 4.0 offers a tip to defrag often to improve the likelihood that space is overwritten. I like this idea since running defrag is free and easy to do.
The book also references the Department of Defense and I dug in for more reading on the standard on data shredding referred to as DoD Standard 5220.22-M that’s surprisingly quite readable. No, really it is - just a one page very readable page, take a look. The standard explains the difference between overwriting, Degaussing, and destruction.
Overwriting is the process of overwriting the media to replace data. Basic file shredders wipe data once. The more times data is overwritten the more difficult it is to recover. There are different patterns of overwriting so the number of times and the variety of the overwriting patterns make for a stronger tool.
The Gutmann algorithm writes a series of 35 patterns to fully shred a region. 35 times sounds much better than one or even 10 wipes through the data. A free tool called Eraser uses the Gutmann method. I can’t comment on the tool because I don’t have personal hands-on experience with the tool (yet.)
Degaussing refers to magnetically wiping data clean. I hadn’t realized that deleting and wiping files could leave magnetic traces. I've never been that paranoid, but I also didn't realize the extent to which forensic tools can be used to find data.
I’ve decided to keep my old computer to test out data shredders and forensic tools. It will give me a safe place to play and keep my old data from being recovered by someone into dumpster diving.