The NIST (National Institute of Standards and Technology) has since revised the DoD 5220.22M guidelines with NIST 800-88. The new standard basically states that a single pass overwrite is just as effective as 3 passes. We at Irwin Electronics agree with this to a point, but still prefer a 4 pass overwrite. We want to expand upon some myths, and truths, you should be aware of when selecting a company to ensure your data is safe when discarding, selling, or donating your used equipment. For all practical purposes, yes, a single pass overwrite does ensure that your data cannot be recovered via software alone. In our previous issue, we gave the scenario of the skier going down the slope as it applies to the head floating above the platters of the hard drive. The process of recovering extraneous data requires physically dismantling the drive an examining the platters with highly specialized equipment. This is a very expensive, time consuming, and inaccurate technology. To date, this process has never been used, or proven successful, in the private sector. For that reason alone the single pass method holds true. Our belief is that it’s worth a little extra time to perform the additional passes for the additional security offered since it requires only computer time. A technician does not need to monitor each pass, or restart the process following each pass. The software does that automatically. The NIST guidelines also suggest that the overwrites be human verified on a minimum sample of at least 20%. The tool we use verifies the data on each sector as it’s written, and includes the results on the report generated. We have tested our tool, and confirmed it does exactly as it states. We also verify this on every drive we wipe. The NIST guidelines state that the technician must be qualified in the field of data recovery. Our founder, Mr. Irwin, is considered by many to be a pioneer in the field of data forensics. He was personally trained by Michael Anderson, who is the true founder of this technology. Mr. Irwin was also personally trained by Shawn McCreight, the author of the now standard EnCase software. He personally had a hand in making EnCase what it is today. He has years of experience as a Data Forensics expert, and is even trained as an Expert Witness in a court of law. There is no doubt that our founder is fully trained, qualified, and certified to perform these tests.
We’ve all heard the news reports of sensitive data being recovered from discarded computers. It is important to note that in each of these cases there is no evidence that the drives in question had undergone any attempt to remove the data. No recovery tools were used in the process of recovering this data. In each case, the drives were simply connected and powered. All data, including the operating system, was intact. You can rest assured that this will not happen to you if we are responsible for destroying your data. We go above and beyond for all our customers. It’s almost unheard of to find a company with this level of expertise that caters to residential users and small businesses.
Did you know that deleting your files does not remove the data? When you delete a file, Windows clears a flag to show that space on the hard drive is available for new data, but it does not delete any of the data. There are many tools freely available to recover deleted files. Even if you delete your files and reformat your drive, it only clears the directory structure. The data areas of the drive are not affected. If you throw away an old computer without using a special program to wipe, or overwrite, the data, anyone can easily recover all your files. Think about it… Your financial data, private photos, business documents, everything could end up in the hands of a thief looking to steal your identity! There are many tools available to overwrite the data areas, known as sectors, of your hard drive. The US Government Department of Defense has two standards for wiping data, depending on the security level of the data contained on the drive. These standards overwrite the data three or four times. Other countries and various security experts recommend overwriting as many as 35 times! You may be asking, why so many? After all, if you replace “financial” with “000000000”, wouldn’t that mean your data is gone? Not necessarily. As far as the average thief is concerned, yes, the data has been removed. However, if you use special tools to review the data on the platters of the drive itself, you would find much of your old data remaining in the areas to the side of each sector? Why does that happen? The platters of your drive are spinning at 5,200 or more revolutions per minute. The read/write heads are floating over the surface of the platters on a cushion of air. The heads tend to wobble a little as they float. To give you an illustration, imagine this: A group of people are ready to ski down a mountain. Just before they hit the slope, they each had a few drinks. Now the object is for each successive person the ski directly in the tracks of the person before them! As you can imagine, there would be many sets of tracks all over that run. Well, the data stored in the sectors of your hard drive would look just like those tracks on the slope. The most recent track the most visible and this is what your hard drive would display, but to the sides of each sector are all the other tracks the heads have taken, which all include pieces of your data. Therefore, the object of multiple passes is to ensure all visible tracks contain only garbage data. No matter how many passes you choose, and what data to write, it is important to overwrite every sector at least once to keep your data safe from prying eyes. What if your computer is broken? That does not necessarily mean the hard drive is dead. Even if it is, the platters could be removed and inserted into a new drive motor/head assembly. Again, this is something far beyond the resources of your average thief, but if the data is NOT overwritten AT LEAST once, anyone can easily recover the data. You can do this yourself by downloading a copy of Darik’s Boot and Nuke from www.dban.org. Keep in mind however, depending on the speed of your computer, the size of your hard drive, and the wipe option you select, this process could take days or weeks! At Irwin Electronics, we have professional grade tools that cut this time down to hours, and we can give you a certificate of data destruction. We can also recycle your drive. We charge only $40 for the first drive, and $10 for each additional drive. This includes wiping to the US Government Department of Defense DoD5220.22M standard. This is a four pass standard. For the truly cautious, we offer additional standards up to Peter Gutmann’s Method (35 passes) for an additional $20. Before you throw out that old computer, be sure to call us at 480-382-4761 to make sure your data does not fall into the wrong hands!