Archive for October 31st, 2013

How to ensure your data cannot be stolen

October 31, 2013

One of the things we do pretty regularly for clients is data recovery.     Mostly data recovery is pretty simple.    In  nearly every case when the drive can be made to spin (and sometimes when it cant) we can recover at least some data.  Usually we recover  too much.   But sometimes the last thing that people want is data recovered.

What about those old computers your  staff take home for the kids.. or you sell of,  or give to charity?

Let me explain a bit about how data is stored.   In nearly every computer the files that you delete are not physically touched.   Essentially the space that the file occupies is marked as able to be written over.   In most systems even before that step it’s moved (the label pointing to the file is changed)   to a recycle bin.        In both cases it’s usually trivial to recover that data at least until its written over.    And modern hard drives are so big  that that’s not a big chance.  So just deleting items  does not work.

A further complication is when the ‘partition table for the drive (which tells how the drive is divided up) or its filesystem  (which tells how the partition is divided)  up is trashed or deleted.    This is rather more difficult but mostly recovery just takes  a bit of time   We have a variety of tools that allow recovery in such circumstances.     So formatting the drive  works only to a point.   People with our expertise usually have no issue recovering data from say accidentally formatted drive.

And then there is physical damage.

How we recover data depends a lot from case to case.  But typically we would  image  every single bit of data on the drive (thus  doing minimal further damage to a dying drive)  and then pull the file fragments off from our image.   We would then type these fragments… throw away all the bits too small to be useful data and sift through the rest.  Mostly in this sort of recovery we would lose filenames..although a couple of tools can guess filenames for some files.  Mostly we can sort by type fairly easily.

If the drive is  reformatted…  we will still get most  of your data back.  If its formatted several times,  yep you guessed it.

There is an accepted standard for deleting.  And there are a bunch of secure tools  that meet it.  Essentially this standard achieves secure deletes by wiping and filling the filespace with random data a minimum of 6 times.   Doing this to old drives takes a lot of time

Encryption systems are also worth using.  If your machines are fast enough to cope with the performance loss.     And if you need the data secure at more points than just disposing of  old machines.
There is one quick and secure and non recoverable method for getting rid of the data on old drives.  Demonstration preformed on old client drives that were to be securely disposed off.

Some pictures of the process – after we’d ensured there was nothing that we needed on the hard drives. Turns out that it’s pretty difficult, with a cheap digital camera, to catch the moment of impact!

David demonstrating secure data disposal.