Every year you read about confidential data being recovered from recycled computers. See Confidential data found on old state computers sold as surplus, audit says and Computer hard drive sold on eBay ‘had details of top secret U.S. missile defence system’. A recent NAID (National Association for Information Destruction) report shows the amount of confidential data recovered from 52 sampled hard drives in Australia. With these types of apparently routine data breaches, how do you safeguard your company and your private information when it comes time to replace your computer?
The absolutely best way is to pull the hard drive out of the computer and shred or degauss it in a specialized machine, but this isn’t always practical and lowers the value of your old computer. If you want to keep the existing drive intact, but render the data unrecoverable, the only option is to wipe the drive. Reformatting a drive in Windows does not actually erase any data on the drive. It simply marks the data as not used, allowing it to be overwritten as you add files to the system. The data on the system can easily be recovered by undelete programs like Roadkil’s Undelete and consume grade data recovery software like Stellar Phoenix Windows Data Recovery. To prevent these simple utilities from being able to recover data from your old hard drive, more specific measures need to be taken.
There are various drive wiping programs that can be used to remove and overwrite data. The one we will be going over today is DBAN (Derik’s Boot and Nuke). It is a pretty straight forward program that supports a wide range of wiping options. DBAN only supports standard mechanical hard drives. SSD (Solid State Drive) and hybrid drives require specialized software for drive wiping.
To start with, download the DBAN ISO from the download link and burn the image to a CD. Next, insert the DBAN CD into the computer you want to boot, and tell the system to boot from the CD. Upon booting the CD, you will be presented with the following screen.
The autonuke option will boot and automatically wipe any and all drives it can find and is the easiest choice to wipe the drive(s). The autonuke option uses the DoD Short method. This method is discussed in more detail below.
If you want more control, instead press ENTER at the boot screen, it will boot DBAN in interactive mode. This will let you change various options as well as selecting which drives you want to wipe. DBAN should automatically recognize all drives attached to the system (including USB). You may occasionally find a machine where DBAN will not recognize the drive. The only option in this case is remove the hard drive from the current computer and connect it to a system that does work with DBAN. DBAN does not currently support external drives connected to a USB3 port (blue connectors), but will work with the same drives connected to regular USB ports.
After DBAN has finished booting, you will be presented with the following screen.
If your system has more than one hard drive they will be shown as well.
Now you can select the drives you wish to wipe by using the arrow keys (or J/K) along with space to select them. The options can be changed by pressing the appropriate key selection as listed at the bottom of the screen. If you press M, you can select the various drive wiping methods available. DBAN shows a brief synopsis of the differences in each of the choices. The ones I will be highlighting are Quick Erase, DoD Short and PRNG Stream.
Quick Erase simply writes zeros over the entirety of the drive. This is useful for returning a drive to an uninitialized state and for certain types advanced system setups. It is possible to recover data that has been over written by zeros, but is out of the scope of most consumer level software. Recovering overwritten data requires very specialized setups, and is unlikely outside of high-profile government uses or the research lab. One round of wiping with this method is sufficient. If you are wiping a machine for redployment inside of your organization, this is a good choice to use as it is a very fast wiping method.
DoD Short uses select wiping methods as defined by the Department of Defense specifications. Three passes using this method should be sufficient for just about all applications.
PRNG Stream writes data from a pseudorandom number generator to the drive. There are two different random number generators in DBAN—Mersenne Twister and ISAAC. For the purposes of drive wiping, either one will work fine. The specific PRNG Stream used can be selected from the main screen by typing P. Four rounds are recommended for a medium level of security, or seven for a high level of security.
After selecting the wipe method, you can also change the number of rounds and the verification. Every round increases the time it takes to securely wipe the drive. Verification reads the drive to make sure the writing was successful. You can verify the data after every round or only after the very last round (or even set to none). Last Pass is normally sufficient for drive wiping, and the number of rounds should be based on the drive wipe method and the type of data originally stored on the drive.
After setting the options and selecting the drives, press F10 to start the drive wiping. One of the highlights of using DBAN to wipe the drives is that it can write to every hard drive simulataneously. If you have multiple hard drives, this can really speed things up.
Once the drive wipe is completed, you can shut down the system. The computer is now ready for redployment or recycling with all of your confidential data safely removed.