Erase your hard drive before passing on a PC

By Ben Archibald from NICVA

Published on 31 Aug 2006

Thinking of passing your computer on for sale? Consider erasing your data.

Very often, charities and individuals pass on their computers for disposal or dispersal to needy groups; these machines often end up in far-flung locations around the globe, and perform a positive and very worthwhile service, helping to breach the digital divide which pervades around the world.

Unfortunately, however, the occasional machine falls into the wrong hands; and in the wrong hands, personal or financially important information can spell serious difficulties for individuals or groups, either through unauthorised processing or release of data, or deliberate fraud. For this reason, it makes sense to obliterate personal information from computers entirely, to ensure a machine lives out the remainder of its useful days in a positive manner.

In both MS Windows and Mac OS, simply ‘hitting delete’ or depositing something in the recycle bin, does not delete the file. Only some minor parts of the file are removed, leaving the core of data encoded within the file, entirely intact until it’s over-written. Using some readily available tools, a user can reconstruct a file and access the data.

When the part of the disk which once held the file is finally over-written, the data itself is considered destroyed, but not necessarily so; there are forensic methods to reconstruct data in the original file, in favourable conditions.

Currently, there are two accepted methods for the deletion of data on a hard disk which stop short of physically

destroying the drive block: Multiple overwriting and Degaussing. Degaussing is a destructive technology, based on passing a massive magnetic field across the device, entirely clearing the drive of any data; in most circumstances, the drive itself becomes non-functional as a result of degaussing, making it an unattractive doorstop. It is, however, entirely empty of data.

Multiple overwriting is achieved with software, and leaves the hard drive usable after processing. A typical scenario sees the drive being entirely overwritten with 1111’s, then overwritten with 0000’s, then with random digits like 1101. The result is a live disk with random characters, and no normal way of recovering the data without an electron microscope. The most stringent method of deletion runs 35 passes of this form of overwriting, and can take days, depending on the size of the disk. Unless you've been developing atomic weapons, this is probably going a bit over the top.

Data theft is an issue for our readers; at least one has been personally affected by it, and some instances of fraud against charities in Northern Ireland could have been achieved through this insidious form of data mining.

The bottom line is this: If you’re thinking of passing on a computer, don’t pass on all your information with it.