Welcome to WebmasterWorld Guest from 34.238.189.171

Forum Moderators: open

Message Too Old, No Replies

Personal Info Lurking on Used Hard Drives

     
3:30 pm on Jan 23, 2003 (gmt 0)

Administrator from US 

WebmasterWorld Administrator brett_tabke is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Sept 21, 1999
posts:38254
votes: 113


A rather surprising story on SF Gate [sfgate.com] about used hard drives containing lots of personal info:

Over two years, Simson Garfinkel and Abhi Shelat bought 158 used hard drives at secondhand computer stores and on eBay. Of the 129 drives that functioned, 69 still had recoverable files on them and 49 contained "significant personal information" -- medical correspondence, love letters, pornography and 5,000 credit card numbers. One even had a year's worth of transactions with account numbers from a cash machine in Illinois.
3:34 pm on Jan 23, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 16, 2001
posts:2059
votes: 0


hehe, maybe i should change business :)

I think very very very few people use tools which removes all information on the hard drive, so even recovery firms wll not be able to get the information (Or they will have a very tuff time).

I wonder how many that even uses the good old "Format C:"

3:37 pm on Jan 23, 2003 (gmt 0)

Full Member

10+ Year Member

joined:Nov 28, 2002
posts:317
votes: 0


I got two old ones out of a skip once, quite a lot of interesting content on em, i can tell you. I think the only way to be sure that your not leaving a trail is to burn em.
3:38 pm on Jan 23, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Oct 5, 2001
posts:2466
votes: 0


I always use my favorite tool when disposing of hard drives....

The Lump Hammer.

It never fails the hard drives are never recoverable.

DaveN

3:42 pm on Jan 23, 2003 (gmt 0)

Full Member

10+ Year Member

joined:Nov 28, 2002
posts:317
votes: 0


Ahh the old lump hammer :) , i prefer fire tho, im not a pyro or anything, but its easier on the arms. :)
4:05 pm on Jan 23, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member sem4u is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Dec 18, 2002
posts:3082
votes: 2


You either need to physically destroy the hard drive or 'fry' it using a professional degausser in order to erase ALL of the data held on a hard drive.
5:42 pm on Jan 23, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:July 18, 2002
posts:2312
votes: 42


They did a piece on NPR about them, too. They said that a rather large portion of the drives had not even been reformatted.

I don't think that people understand how easy it is for people to find what's on a computer. I use Kaaza to download stuff and have found the handy little feature that allows you to look at what downloaded things are on another users computer. (It's nice for when you find someone who has simaler taste in music and you are looking for something new.) I honestly don't think that about half the people's computers I peek at know that someone can look. They would probably blush if they knew. I know I do, sometimes, when I look.

9:52 pm on Jan 23, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:June 29, 2001
posts:2145
votes: 0


There is something that I never thought about before.

Does the Format command actually erase or destroy the data? Or can a recovery firm still get to it?

Anyone know for sure?

9:55 pm on Jan 23, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Oct 5, 2001
posts:2466
votes: 0


format just removes the fat table,

you can get EVERYTHING back after a format.

what you need is a program that writes a 1 then a 0 to every bit on the disk. it takes hours

DaveN

11:57 pm on Jan 23, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Sept 12, 2002
posts:885
votes: 0


Even that isn't really enough. With the right equipment, it's possible to determine what happened several writes ago. As a result, anything that does such a predictable overwrite is still accessible to a sufficently determined person. That doesn't necessarily mean that everyone needs to do more than that, of course, but it might be good to know if industrial espionage is a real and highly funded threat in your business.
12:02 am on Jan 24, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member mivox is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Dec 6, 2000
posts:3928
votes: 0


I think a sledgehammer would be the only way to go if hard core industrial espionage was an issue. Really... with the price of hard drives these days, why take any chances?

Now, if I were just going to sell my computer to some random person, I would feel pretty safe just running a few low level reformats in a row...

Kinda funny though, when I bought my used laptop, I never even thought of running any kind of data recovery on it to see what was there. hehehe. I'm getting another used computer soon, so maybe I'll take a peek and see what unerase can find.

Not that I'm inclined to commit fraud, but it could be entertaining.

12:14 am on Jan 24, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member digitalghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 23, 2002
posts:3687
votes: 0


A commercial, industrial strength all-media Degauss box runs around 1700 bucks USD. You can build your own for around 400 smackers.

A forensic data recovery specialist would rather run into a disk that has had a sledge taken to it than a disk that has been put through a Degauss box. They might be able to recover something off of the damaged disk. They aren't getting anything off of a disk that has been Degaussed.

12:17 am on Jan 24, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member 10+ Year Member

joined:Apr 27, 2002
posts:1685
votes: 0


Burn it.

Smash it.

Melt scraps with humongous blow torch.

Reform remnants into fishing lures (caring not if it gets snagged on a rock waaaaay out in the middle of the steam I'm fishing and caring even less when I carelessly yank hard and the line breaks).

Pendanticist.

12:22 am on Jan 24, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member digitalghost is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Feb 23, 2002
posts:3687
votes: 0


>>Burn it.

Burning it is good.

I saw a program on Discovery where the bad guy cut a diskette up with pinking shears and the forensic specialist were able to recover the data from the mangled diskette.

12:30 am on Jan 24, 2003 (gmt 0)

Senior Member from US 

WebmasterWorld Senior Member fathom is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:May 5, 2002
posts:4110
votes: 109


Burning it is good.

but don't nuc it... "we are the Borg, you will be assimulated, resistance is futile".

12:40 am on Jan 24, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member mivox is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Dec 6, 2000
posts:3928
votes: 0


OK, No sledge... I'm thinking hard disks here, so how about opening the case, and taking my Dremel tool's grinding stone attachment to all relevant disk surfaces? That's cheaper than a home-made degauss thingie.

The guy who took pinking shears to the floppy was an idiot to throw the pieces away all in one place. If he wanted to take shortcuts with disposal, he should have realized anything you can cut with pinking shears you can also mangle with a bic lighter just as easily.

 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members