[Tfug] Destroying a hard drive

[Rich]

On Sep 8, 2007, at 9:03 am, erich wrote:
> There is little incentive to "unscramble the eggs in a  
> omlette" :-).  Unless you have secrets on there on how to destroy  
> the universe.
There's quite a big incentive actually: the potential of trade  
secrets and hr records, which would include ssns, financial records,  
etc. Heck, even a list of email addresses is worth money!

Forensic data recovery techniques are getting better all the time.  
But you have a point: people are so complacent about their data that  
they'll just sell old drives without erasing them, consequently  
there's little incentive to go to great lengths to physically put  
data beyond the reach of petty criminals.

On Sep 8, 2007, at 11:14 am, Bexley Hall wrote:

> When I dispose of a drive that has had sensitive
> information on it (e.g., projects for clients),
> I overwrite the disk's contents many times.
> Then, use a large bulk eraser on the platters.
> Then, drop it forcefully  :> several times.
1. Overwriting the data doesn't guard against forensic data recovery
2. Bulk erasing only makes the signals fainter
3. dropping it only puts the heads out of alignment

Your data could be reconstructed with no special equipment: just  
software. Just so you're aware.

> And, dispose of it in a generic location
> (i.e. where it is highly unlikely that
> anyone who *knows* that I was working for
> a particular client is likely to come across
> it "casually").
Good idea: take a leaf out of the criminals' book. But don't draw  
suspicion on yourself (that you might be a criminal!) by disposing of  
your old equipment in someone else's trash without their permission.

> Remember, there are other "easier" ways to get
> most things that you might consider "sensitive".
Diminishing returns and all that, but sysadmins should be aware of  
the best techniques, even if we don't use them.

R.