| With each incident of sensitive personal data being | | | | operation a hard disk maintains a set of spare |
| found on computer hard disks, whether it be | | | | sectors. Your 160GB disk is actually 160GB and |
| celebrity bank details or Government records, the | | | | some additional spare ones that you cannot |
| debate about hard disk erasure heats up. | | | | access. If, when attempting to write to the disk |
| The removal of data from computer systems is | | | | there is a failure the hard drive can reallocate by |
| an area where scare stories frequently emerge. | | | | using one of its spare sectors and retiring the |
| Statements such as "you cannot remove all of | | | | failed one from use. This re-allocation is recorded |
| the data from a hard disk" have been made | | | | in a table know as the G-List, or Grown Defect |
| about by renowned figures in the world of data | | | | List. |
| recovery and computer forensics. | | | | It is theoretically possible for a sector to which |
| Is it true that you cannot clean data from a hard | | | | data could not be written to actually still be read, |
| disk drive? Can forensic experts and Government | | | | albeit that an in depth knowledge of hard disk |
| spooks get the data back, regardless of what | | | | electronics and data recovery techniques would |
| data erasure technique has been used? | | | | be required. How likely it is that this could happen |
| What is Hard Drive Erasure? | | | | and, if it did, whether any recovered sectors |
| True data erasure is where a dedicated | | | | would actually contain anything of importance, is |
| degaussing mechanism is used to flip all of the bits | | | | hard to judge. I consider the likelihood to be very |
| on a magnetic material so that no trace of data | | | | small. |
| remains. Data erasure software does not actually | | | | A more prevalent problem, in my experience, is |
| erase, it replaces data with other data, so | | | | that the data erasure process is not monitored. |
| removing the information that you no longer want | | | | If you perform a cursory inspection of a disk |
| to be stored. | | | | where the first few thousand sectors have been |
| Why Erase Data? | | | | overwritten with random gibberish, and one |
| Deletion of a file from a hard disk drive does not, | | | | where every sector has been overwritten, you |
| in most instances, do anything to the data it | | | | will detect very little difference. Try to start the |
| simply removes an entry that tells the operating | | | | computer and you will get some kind of error |
| system where the data is, and in some instances | | | | message about the operating system not being |
| it leaves all of the information about the data | | | | found. |
| storage in place and just records that the file has | | | | An employee erasing disks who has either a lack |
| been deleted. | | | | of diligence, or other priorities, might determine |
| The data itself is still present until such time that | | | | that they can quickly erase the start of a few of |
| the space it occupied is re-used. | | | | the disks in the batch to save a bit of time and |
| In addition, data from files is often stored in | | | | no one will notice. I have seen plenty of examples |
| transient memory. Most operating systems use | | | | of this when conducting validation tests on erased |
| caches, areas where data being accessed is | | | | disks. |
| temporarily stored, the Windows swap-file being a | | | | You could have disks that appear to be erased |
| good example of this. | | | | but have not been. |
| Data erasure software is designed to perform an | | | | Is this a problem with using data erasure |
| orderly and thorough replacement of the | | | | software? Not really, it is a problem with process |
| information stored. | | | | and attention to detail. If the processes are |
| Is Degaussing the Best Approach? | | | | monitored and logged correctly then there should |
| Degaussing involves the placing of a hard drive | | | | not be a problem. Don't rely on technology at the |
| into a moving magnetic field that is strong enough | | | | expense of sound procedures. |
| to realign the molecules and eradicate any data. | | | | Can Data be Recovered from an Erased Hard |
| On the face of it this seems like the method that | | | | Disk Drive? |
| gives the greatest certainty that the data has | | | | Look on the forums and you will probably find |
| gone. | | | | some comments about the Government could |
| There are two issues to consider | | | | probably get that data back, but the reality is that |
| First, degaussing removes not only your data but | | | | there are no geeky boffins or evil genius types |
| also the information that is written to the disk | | | | who can defy the laws of physics. Stories about |
| during manufacture when the drive is formatted. | | | | the use of electron microscopes to work out |
| You cannot recreate this information and so the | | | | infinitesimal differences between bits of data and |
| disk will no longer operate and so cannot be | | | | so determine what was recorded before are just |
| re-used. | | | | fiction, not even science fiction. |
| Second, considering that the disk will no longer | | | | I was once asked how many layers of recording |
| operate, you have no means of checking that the | | | | we could work back through. There are no layers, |
| data has been completely erased. If the | | | | just a recording, and when it is change then it is |
| degaussing device was not up to the specification | | | | still just one recording. |
| for the job, of the operating procedures were not | | | | With older disks there was a method that could |
| correctly followed, then perhaps not everything | | | | be used to try an access older data, but this was |
| was erased. Even worse, perhaps the process did | | | | based upon the mechanisms being a bit imprecise |
| not work at all and the disk actually was damaged | | | | and so some data was not quite completely |
| during removal from the computer or at some | | | | overwritten. Even if anything could be detected |
| other time prior to the degaussing process. | | | | the chances of ever turning it back into |
| It is possible that all or some of the data remains | | | | something useful were about zero, and with |
| and that a data recovery process could retrieve | | | | modern high density devices the chances are |
| it. | | | | zero. |
| Is Disk Erasure Software the Answer? | | | | So How Should Data Erasure Be Performed? |
| A hard disk stored data in sections named | | | | First, by ensuring that you have a process that |
| sectors, usually each being 512 bytes long. These | | | | can be followed easily and monitored properly. |
| are all accessible for reading and writing via the | | | | Second, by using reputable software to perform |
| hard drive interface (IDE, SATA, SCSI). It is, | | | | the erasure. |
| therefore, possible to replace the data in every | | | | Third, if sensitivity is a major issue, by getting |
| sector and so remove all of the data. | | | | some third party testing of the process to |
| Well, not quite all. To avoid problems caused by | | | | validate it. |
| sectors that become unusable during normal | | | | Forget science fiction, put process first. |