Jim's Random Notes

Musings on technology and life

Home
Jim's Random Notes
Old Random Notes
    Archive
    Title Index
TriTryst
Rants and other Writings
Marine Military Academy
Work
WinHelp
Publications
Tools and Utilities

Contact



.NET Reference Guide


Blogs I Like
Jeff Duntemann
Michael Covington
Ms. Mona

After two months with the laptops, it's certain that our old desktop machines won't be in daily use anymore.  I don't know yet who's going to get them, but three of the four old machines will be leaving the house soon.  They're not much by today's standards, but a 750 MHz Pentium III with 768 MB of RAM and an 80 GB hard drive would make a decent home file server or browser, email, and word processing machine.

Before I give the machines away, I want to make sure that all personal data is wiped from the drives.  That turns out to be a lot more difficult than you might think.

As you probably know, when you delete a file in Windows the data isn't actually erased.  What Windows does is "move" it to the Recycle Bin by just changing the location of an index entry.  All the data remains on the disk.  Even if you tell Windows to delete the file rather than move it to the recycle bin, the data isn't erased.  Only the index entry is deleted.  Windows will re-use the space taken by the file at some point, but there's no guarantee when.  Somebody with just a little knowledge of disk formats can easily pull the data from the disk.

One solution to this problem is to overwrite the file with random data before deleting it.  In theory that will deter the casual snoop who knows a little bit about reading individual disk sectors from reading your files.  But it only works for files that you explicitly delete.  It won't prevent the snoop from gathering data from backup files created by Word or other programs, or from reading the pieces of the Windows swap file that are scattered over your disk.  The swap file is especially insidious because it can contain information that you never actually saved to disk.  If Windows gets busy and needs to free up some RAM, it will write stuff from memory to disk.  That nasty letter you wrote to your boss but didn't actually save might very well be floating around on your hard drive.

Deleting individual files is not secure enough.  To ensure that people can't get data from you, you have to wipe the entire drive.  Some people say that formatting the drive is good enough.  But Windows maintains certain areas of the disk when it formats.  And even the areas that it overwrites aren't as secure as you would think.

I don't completely understand the physics of why, but when you write data to a location on disk, the previous data isn't fully destroyed.  It's almost child's play, using equipment and software that's fairly commonplace these days, to reconstruct the original data.  In fact, it's possible to reconstruct (with decreasing levels of accuracy) several generations of data in a particular location.  For example, if you wrote an "E", then over-wrote that with "B", and then wrote over the same location again with an "X", it's quite likely that a skilled operator with good equipment would be able to reconstruct what you did.  Frightening, isn't it?  Read Peter Gutmann's Secure Deletion of Data from Magnetic and Solid-State Memory for a little better explanation.

The only positively sure way to securely remove data from the drive would be to destroy the drive.  Either grind the disk surface into dust, or melt it down.  Acid is more effective than burning, but it's usually possible in either case to reconstruct some data.  But if you want to give away a computer with a working hard drive, how do you prevent people from getting at your old data?

The answer is found in a utility called Darik's Boot and Nuke (DBAN), which makes several passes over your entire hard drive, writing specific patterns that are constructed to obscure the previous data.  The method used is described in Peter Gutman's article linked above, and also in the National Industrial Security Program Operating Manual of the US Department of Defense (aka DOD directive 5220.22-M).  The basic idea is to make so many different generations of overwritten data that it's virtually impossible to to reconstruct the last generation that had actual good data.  If downloading and using DBAN by itself seems daunting, download the free Eraser tool, which has an option to create the DBAN boot disk for you.

I haven't actually used DBAN yet.  Give me a couple of days and I'll let you know how it works.

---