Formatting a drive remains one of the most common ways organisations try to erase data from drives, even though it doesn’t work.
As someone who has worked in the data recovery field for some years, I think it would be great if we could find a way to engrave the following statement on the casing of every computing device sold: “Just because you hit the delete key, send a document to the trash, or reformat a disk doesn’t mean the data has gone and can’t be recovered.”
When you delete a file or reformat a drive, you’re only removing the entries in the index or table of contents that point to the data. The data itself remains intact. To permanently remove data, you need a wiping utility that overwrites all locations on the drive.
There are many wiping utilities on the market, including several free programs. They all claim to be able to permanently delete computer data and can be downloaded straight from the Internet. But before you jump in and purchase the first utility you see, it’s worth considering what your needs are likely to be.
To return to my recent blog, the desire for a wiping utility might be prompted by something simple such as a technology upgrade and the need to dispose of a number of devices, but that’s a simple and very short term view. As you start to look at the available utilities, think about the broader assistance they can provide by helping to solve your organisation’s end-of-lifecycle, data privacy and compliance issues.
The essential questions to ask are:
- Does the utility actually wipe data? The only way to ensure data is gone is to overwrite it. Taking away the pointers means the average user can’t find the drives or files, but the data still exists. A professional information hunter would have no trouble retrieving data from a drive that has only been deleted and/or reformatted.
- Does it wipe all data? Some products allow the consumer to wipe selected files, folders or drives. This kind of “partial” wipe can leave a company exposed, as most computers contain many copies of files in other locations.
- Is it certified? Have authorities tested it and certified that the standards the product says it adheres to are met? Most wiping utilities on the market today are not certified, which means there’s no way of knowing if they do what they claim they can.
- Will it fit within your IT infrastructure? Look for a product that can fit into any kind of system and does not require system configurations.
- Does it offer erasing reports? Reports that verify or confirm erasure should be able to provide the serial number and make/model information of the wiped hard drive, the date and time that the information was wiped, and a listing of how much information was wiped. A good reporting mechanism will give you an exact overview of what has been done, so an operator can cross reference the report with its active management system.
- Does it enforce security? Select a tool that has a licensed authorization to ensure that only those who are supposed to be using the erasing tool are.
At a minimum, select a tool that provides traceable destruction documentation to support compliance and reduce risk. Then relax in the knowledge that even as old hardware leaves your premises, your company data remains safe.
About the Author
Adrian Briscoe is the General Manager APAC, Kroll Ontrack