A whopping 40% of the used hard drives on eBay contain easily recoverable personal data. Use the following guide to ensure your personal data never makes it out into the wild. Photo by AMagill.
Kessler International, a computer forensics company from New York, conducted a study of used hard drives available on eBay. Almost half of the hundred drives they sampled, purchased in random bulk lots, contained data that was easily recovered. A shocking amount of them required no more recovery effort than plugging them in and powering up. They found personal photos, financial records, emails, personal and corporate correspondence, corporate secrets, and more:
“The average person who knows anything about computers could plug in these disks and just go surfing,” Kessler said. “I know they found a guy’s foot fetish on one disk. He’d been downloading loads and loads of stuff on feet. With what we got on that disk — his name, address and all of his contacts — it would have been extremely embarrassing if we were somebody who wanted to blackmail him.”
While you may not be particularly worried about the world finding out about your curious interest in Manolo Blahniks, nobody should run the risk of their personal and financial data leaking into the wild when it is so easily prevented. Photo by makani5.
Understanding File Deletion
The first step in securing your data is bolstering your understanding of how data is stored and what happens when you delete it. Many people operate under the impression that when they delete a file it’s gone, as though they had torn a page from a book. But the way most operating systems handle such events is by simply removing the little marker that points to the file. That’s more like having information written on a chalk board in columns, each column labeled with a header, and then simply erasing that header to signify that column is “deleted” and available for future writing over. Anyone who looks at the board can read everything written in the column, until someone starts writing over it.
What does this mean for your data privacy? It means a computer-savvy middle school student could recover a filed deleted in Windows, with little effort and widely available freeware tools. You need tools that will actually wipe the chalk board clean.
Secure Deletion and File Overwrite
Overwriting the data on a disk with other data is a strong defense against the original data being recovered. There is an enormous amount of misinformation about the process of secure file deletion and overwriting, however.
There’s no sense in wasting your time and electricity performing elaborate file deletion rituals that won’t yield you any additional benefit. An excellent example of the high effort/low yield relationship that can sometimes occur in secure deletion is the Gutmann Method. The Gutmann Method was deisgned by Peter Gutmann and Colin Plumb in the 1990s, and is held up by many as a gold standard for disk wiping. It’s also intensely time consuming and could easily take weeks to wipe a single modern drive of moderately high capacity. The image, above right, shows a screen capture of the 35-pass Gutmann Method taking fourteen days. Turns out the majority of that time would be a complete waste, as pointed out by Gutmann:
In the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data. In fact performing the full 35-pass overwrite is pointless for any drive since it targets a blend of scenarios involving all types of (normally-used) encoding technology, which covers everything back to 30+-year-old MFM methods
In other words, a user who wastes a week of clock cycles and electricity furiously scrubbing a disk would have been just as well served to perform a simple overnight scrub with a series of random binary code. Photo by joebeone.
There are several methods for securely deleting files from your disks. Institutions like the Department of Defense, universities, and law enforcement agencies have created standards for what they would consider adequate scrambling of sensitive disk data. We’ve recommended some tools over the years that cut the same profile, or close to, their methods. Below is a list of tools, arranged by severity and operating system:
Total Disk Wipe – All Platforms
- Darik’s Boot and Nuke – an open-source boot disk utility (read: works on nearly any computer) that supports a wide variety of disk wiping methods and operates from inside the computer’s RAM, allowing it to scrub the disk thoroughly at a remove.
Selective File Wipe – Windows
- Wipe File – Portable application that overwrites the specific disk space occupied by the file you’d like erased and leaves the rest of the disk untouched.
- DeleteOnClick – Integrates with the Windows shell, adding a “Securely Delete” option to the right click menu which engages a Department of Defense 5220.22-M overwrite on the files.
- Eraser – In addition to securely deleting individual files, Eraser can be scheduled to perform regular overwrites of empty disc space ensuring you catch those orphan files hanging outside the reach of Windows.
Selective File Wipe – Mac OS X
- Permanent Eraser – Although Mac users have had the “secure empty trash” option, based on a multiple pass DoD method, since OS 10.3, Permanent Eraser offers peace of mind for those needing more assurance.
Selective File Wipe – Linux (Ubuntu)
- Wipe Package from Ubuntu Unleashed – Adds secure multi-pass file deletion to your right click menu, like the aforementioned DeleteOnClick does in Windows.
Symphony of destruction: The physical method
While using the above utilities will render your data unreadable to an almost guaranteed level of certainty—especially if you’re pretty sure there’s no black helicopters nearby—there is no surer way to dispose of your data than physical destruction. When a disk has run out its life cycle, it’s time to bring out the tools.
While it’s easy to throw a CD or DVD into shredder and be done with it, outside of commercial disk-disposal centers, there aren’t many hard drive shredders. This is where—safety glasses donned—the fun begins.
There are a multitude of ways to physically damage a hard drive for data securing, ranging from careful dissection to shotgun jamboree. The ultimate goal is to render the disk inoperable and the platters—at minimum—severely fragmented. Serious forensic efforts can throw a lot of resources toward piecing your drive together, but in most situations, you’ll be covered with a concentrated destruction effort. At this point in the data-protection game, the only limit to how inoperable your disk will become is the amount of time you want to invest in destroying it. A power drill sent through the platter takes but a few minutes, a 10-minute session with a hammer and some scissors can work wonders, and every effort you take above and beyond adds a bit more security. Photos by scragz.
You can never be too vigilant with your data. The amount of effort it takes to securely wipe a disk or decommission an old disc by physically destroying it pales in comparison to the time and headaches you’ll burn through undoing the damage of identity theft—or worse. If you have a technique or handy piece of software not mentioned here, please share in the comments below to help your fellow readers keep their data secure.
Jason Fitzpatrick is the Weekend Editor for Lifehacker and all around paranoid about data security. On his watch, many a hard drive has been retired with a rifle crack.
It’s easy to lose track of DVDs and downloaded videos in a big collection. To keep better tabs on your visual stuff, check out our top five finalists for best movie cataloging tools.
Delicious Library was a popular candidate for organizing movies, but this app can cover a lot more of your organizing needs. Users can gather and catalog anything they can assign tags and attributes to—books, movies, music, glass gnome figurines, exotic ale collections, you get the picture. On the movie side of things, it excels in the ease of use and visual appeal category. Movies are pleasingly arranged, face-out style, on a virtual bookshelf. The virtual shelf isn’t just eye candy however. Using the Smart Shelves system you can create a nearly infinite variety of displays based on search expression. Want a swank wall of cover art that displays all your Western movies from the 1960s and 1970s, or a tribute shelf to Neil Flynn? A simple boolean 
DVD Profiler is a commercial application, but with a generous trial. All the features of the program, save for high resolution cover art, are available for the the first 50 movies you enter into the program. Beyond 50, you need a $30 license. What features are packed into DVD Profiler? You can add movies by UPC or title, the app provides results as you type in titles, and usually offers multiple versions to fit the exact edition you have. You can search your movie collection by all manner of filters, like cast and crew or release date. Data geeks can generate serious charts highlighting the miscellanea of prices paid, genre type break-downs, years of release, and other data sets and combinations. DVD Profiler also lets you track movies you wish to own, have on order, or have lent out to friends. If you’re at a loss for what to watch, the interactive Movie Pick feature uses variables like your personal ratings, critical reviews, and time since you’ve watched a movie last to suggest a movie from your collection.
Movie Collector sports many of the features available among other cataloging applications here, such as support for bar code scanning, the ability to export the collection, and advanced searches for drilling down through your media. Movie Collector also has support for television series and boxed sets, including specifics on which episode is on which disc and in which part of the box. Like DVD Profiler, Movie Collector supports tagging you movies as owned, on order, and on your wish list. Unfortunately, several of the features that are included in the other applications on this list are only available in the Pro version of Movie Collector, which will run you an additional $20.
If you’re a Windows user, and seeing apps like Delicious Library leave you muttering words like “Apple-only,” “pretty,” and “stupid,” calm your nerves and peek at Libra. The Windows app shares more than a few similarities with Delicious Library, and can manage more than just your movie collection. You can import your collection from other cataloging apps, enter items by scanning the bar codes on a web cam or actual scanner, or enter your titles manually. Libra has built in loan tracking, list creating tools for web posting, and an old-fashioned paper catalog print-out of your titles. Oh, and Libra also has the distinction of being among the free-as-in-beer applications in this list.
Eric’s Movie Database is the smallest in scale, by far, of the applications in this week’s