Should hard drives be destroyed or wiped?

Filed Under: Data loss

Hammer time

BBC News Online, one of the most popular websites in the UK, is running a story today advising people not to wipe old hard disks, but to take a hammer to them instead.

The story claims that secure data erasure isn't as safe as it makes out, and the only real security when disposing of an old drive is to smash it to smithereens.

Sorry, but I just don't buy this advice.

I started out my career in the computer security business some 17-odd years ago working for a firm called S&S International. Aside from producing Dr Solomon's Anti-Virus Toolkit, which I was a fresh-faced Windows programmer for, they also had a nice line in data recovery.

Regularly I would see the teams working on hard disks that had been accidentally covered in tea (sugary tea is the worst - hot and sticky), accidentally fallen out of the window even lost over the side of a cross-channel ferry!

The wizards in the data recovery couldn't perform miracles - but it was sometimes close. And, yes, it is extraordinary what data can be resuscitated even when a drive has been lurking at the bottom of the garden pond for weeks or seemingly wiped of its data.

Taking a sledgehammer to a hard drive isn't the answer. For one thing, how is the average consumer supposed to know that they have physically damaged the hard drive enough to prevent data from being recovered from it?

Furthermore, it's harder work (and undoubtedly more dangerous to your physical welfare - imagine the pieces of glass and metal flying about) than running a proper secure erasure tool.

I'm not denying the importance of handling the disposal of computer equipment properly. In the past we've discussed, for instance, how sensitive information has been found on computer hardware auctioned on eBay that hadn't been properly wiped.

What firms and individuals should do is run military-grade secure erasure tools if they're dumping their hard drives or planning to sell computer equipment on eBay. Such software can overwrite not just the files on your hard drive, but every single area - including the slack space where old "deleted" files might lurk. And they can do it multiple times, with random characters, ensuring that there is no residual magnetic echo of the data that was once on the drive still discernible.

Of course, there are some data erasure tools that may be better than others - and not all may do the job sufficiently. But choosing a data wiping solution carefully is better than trying to crack a nut with a sledgehammer.

* Image source: Alexmuse's Flickr photostream (Creative Commons 2.0)

You might like

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.