«
»

Used Hard Drives

I’ve been watching a debate over the last week, or more, on one of the email lists relevant to my current professional field, Litigation Support. It all started with a comment by a computer forensic vendor in which he mentioned that they routinely buy used hard drive on eBay and use them to practice and test their forensic tools, trying to recover whatever data they can. There has been quite a controversy over whether that’s professionally ethical or not, but that’s not really the reason for this post. My feeling on whether that’s  ethical or not is irrelevant.

My concern is much more basic than that. I just thought maybe you all would want to think about where your old drives are going when you decide to get rid of a computer! Even if you reformat the drive, much of that data can be recovered with the right tools, and that’s assuming the recycling place you dropped it off at actually takes the time to do the reformat. We’ve all seen too many stories of drives not being wiped at all when they’ve been resold. Surely we all take steps to prevent that, right? On the other hand, how many people do you know who do a quick format and assume it’s clean? It’s not. Do some research, ask around,  find a secure way to wipe that drive, or, as one of my listmates suggested take the ultimate secure HD tool to it, a 12-gauge shotgun. :)

What other tools do you recommend to your users?  Hammers, screwdrivers to the plates, metal shredders? Let us know!

DeliciousLinkedInPinterestShare

This entry was posted on Wednesday, August 27th, 2008 at 6:20 pm and is filed under Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

  • http://www.georgestarcher.com georgestarcher

    I like Darik Boot and Nuke. http://www.dban.org/

    As long as the drive is functional even a one pass wipe is more than sufficient to stop 99% of forensic recovery.

  • http://www.georgestarcher.com George Starcher

    I like Darik Boot and Nuke. http://www.dban.org/

    As long as the drive is functional even a one pass wipe is more than sufficient to stop 99% of forensic recovery.

  • http://lcchoppers.com Micah

    Drill Press!! :-)

    Oh, and a ball peen hammer.

  • http://lcchoppers.com Micah

    Drill Press!! :-)

    Oh, and a ball peen hammer.

  • http://packetu.com Paul Stewart

    Most of my old hard drives end up on a shelf in the basement. With my customers, I am very concerned about warranty/exchange process with drives that I cannot bring up to do a secure wipe. In which case, I would definitely bring these concerns to my customer. When drives are operational, I recommend Darik’s Boot and Nuke (DBAN) which can be downloaded from http://www.dban.org.

    I am torn on my position regarding the ethical nature of someone buying hard drives from eBay to practice recovery. On one hand this is a very good method to learn and they are buying the drive. I’m sure they know how to wipe it and can securely do so prior to releasing it back into the market. This is a win for the original seller. However, what do they do if the find something concerning, like child pornography. I guess they have placed themselves in that position and they would have to make the decision how to handle that. I hope they would make the right decision and I hope it wouldn’t backfire on them.

  • http://packetu.com Paul Stewart

    Most of my old hard drives end up on a shelf in the basement. With my customers, I am very concerned about warranty/exchange process with drives that I cannot bring up to do a secure wipe. In which case, I would definitely bring these concerns to my customer. When drives are operational, I recommend Darik’s Boot and Nuke (DBAN) which can be downloaded from http://www.dban.org.

    I am torn on my position regarding the ethical nature of someone buying hard drives from eBay to practice recovery. On one hand this is a very good method to learn and they are buying the drive. I’m sure they know how to wipe it and can securely do so prior to releasing it back into the market. This is a win for the original seller. However, what do they do if the find something concerning, like child pornography. I guess they have placed themselves in that position and they would have to make the decision how to handle that. I hope they would make the right decision and I hope it wouldn’t backfire on them.

  • http://absoblogginlutely.net absoblogginlutely

    We tend to disassemble the drives to use the magnets as paperweights and then destory the platters (or I’ve seen them made into clocks. If we don’t disassemble we’ll either dban the drives (if they’re going to be used elsewhere (under our control) or drive a railroad spike through the disk.

  • http://absoblogginlutely.net Andy

    We tend to disassemble the drives to use the magnets as paperweights and then destory the platters (or I’ve seen them made into clocks. If we don’t disassemble we’ll either dban the drives (if they’re going to be used elsewhere (under our control) or drive a railroad spike through the disk.

  • http://www.forensicpsychologydegree.org David at Forensic Psychology

    That is a scary thought – that someone, somewhere has taken the time to revive deleted content that once belonged to you! If you need to destroy a HDD, I think one of the fastest ways to get the job done is to drill through the platters. I know a government contractor that did just that. They would upgrade workstations, hundreds at a time (many of them with near empty drives that didn't need upgrading!), and give a drill to some summer job high school kid to finish the work. And yea, the unsupervised kid was definitely the weak link in all of this…

  • http://www.georgestarcher.com georgestarcher

    Yeah I can see the risk of giving some kid a drill like that. Really as long as the drive is functional doing a one pass overwrite is more than sufficient. We have chatter on the Certified Computer Examiner mail list all the time about that. 3 or 7 pass overwrite is really just overkill. THEN you can drill the much fewer quantity of non functioning drives.

  • http://www.hotel-ring.com shinderpal jandu

    It can be said to be a challenge to recover data as a test
    It can be said if you don't do it – then someone else will if that is a valid and logical excuse for the fun and games
    Who you have to blame is the lazy people who do not take full action
    I agree in many cases its beyond their skill set
    Its amazing though i have received computers where the parent or grandfather who had forced their relative to buy a proprietary dell computer against their computer long term repair needs told the relative that the old windows 98 computer was “wiped clean' when they were just too lazy to even fdisk the drive
    Who is the villain there ?
    The person who turns on the computer with full hard drive and accounts or the lazy person
    At least the tech person who was buying the drives on ebay had a purpose and a challenge and was trying to improve his skills

  • http://www.georgestarcher.com georgestarcher

    If someone commits to wipe a drive for a less skilled person then does not do it. I would fault them for not doing what they said to protect the person they were helping.

  • http://www.georgestarcher.com georgestarcher

    If someone commits to wipe a drive for a less skilled person then does not do it. I would fault them for not doing what they said to protect the person they were helping.