How can I securely erase my computer's hard drive before disposing of it?

[FishmanGeertz]

Does your computer contain a log of literally every single keystroke that has ever been performed in the entire history of that machine's use? If you bought something off amazon.com and used your credit card three years ago, is your credit card number permanently logged somewhere on your computer? Would a malware key-logger be able to read that number typed into your machine three years ago?

 

[Pengwuino]

No. Keyloggers only log keystrokes made after it is activated. The computer does not log information like that on it's own. Too much info with no need to use.

However, you can tell your web browser to log information like credit cards so that they can be quickly auto-filled into sites where you purchase things. However, you can turn that off and erase the data, but if it's not on it's not keeping that data.

 

[FishmanGeertz]

No. Keyloggers only log keystrokes made after it is activated. The computer does not log information like that on it's own. Too much info with no need to use.

However, you can tell your web browser to log information like credit cards so that they can be quickly auto-filled into sites where you purchase things. However, you can turn that off and erase the data, but if it's not on it's not keeping that data.

Would running a registry cleaner like "CCleaner" once every day clear this data from your system?

I don't have any personal information stored anywhere on my PC for these reasons. I was just asking if your computer kept a log of literally every single keystroke which has ever been performed.

 

[Pengwuino]

Would running a registry cleaner like "CCleaner" once every day clear this data from your system?

I don't have any personal information stored anywhere on my PC for these reasons. I was just asking if your computer kept a log of literally every single keystroke which has ever been performed.

No, the registry does not store information like that. As far as I know, it just tells programs where everything is at and certain settings.

And no, it does not store your keystrokes.

 

[jhae2.718]

If you're paranoid, you can encrypt your system, or even reload a fresh image nightly.

When you're done with it, use thermite to melt the hard drive to slag.

 

[KrisOhn]

When you're done with it, use thermite to melt the hard drive to slag.

I've actually been told (by a 4th year computer science major specializing in security) that the only way to properly dispose of a hard drive so no information can be collected off it is to format, then drill holes into it. Definitely surprised me, especially because I was under the assumption that if you format your drive enough times the data is gone forever.

 

[Pengwuino]

I've actually been told (by a 4th year computer science major specializing in security) that the only way to properly dispose of a hard drive so no information can be collected off it is to format, then drill holes into it. Definitely surprised me, especially because I was under the assumption that if you format your drive enough times the data is gone forever.

Why drill holes into it? I mean, if you want to start talking power tools, then sure, drill a hole, go at it with a hammer, grab a saw, whatever.

If you get a high powered magnet you can pretty easily ruin everything on the hard drive as far as I know.

 

[KrisOhn]

Why drill holes into it? I mean, if you want to start talking power tools, then sure, drill a hole, go at it with a hammer, grab a saw, whatever.

If you get a high powered magnet you can pretty easily ruin everything on the hard drive as far as I know.

I think the drill holes bit was just an example to do anything you just mentioned there. Essentially you must destroy it.

 

[FishmanGeertz]

Why drill holes into it? I mean, if you want to start talking power tools, then sure, drill a hole, go at it with a hammer, grab a saw, whatever.

If you get a high powered magnet you can pretty easily ruin everything on the hard drive as far as I know.

Running a powerful magnet over the hard drive should do the trick!

 

[jtbell]

I've actually been told (by a 4th year computer science major specializing in security) that the only way to properly dispose of a hard drive so no information can be collected off it is to format, then drill holes into it. Definitely surprised me, especially because I was under the assumption that if you format your drive enough times the data is gone forever.

Under Mac OS, you can erase either the entire disk, or only the free space on it, using a "7-Pass Erase" option which writes different things on the disk on each pass. It meets a U.S. Department of Defense specification (5220.22-M) for securely erasing magnetic media. Actually it goes beyond that spec, which calls for only three passes.

You can also do a 35-pass erase.

For details on what gets written to the disk in each pass for both methods, see

http://support.apple.com/kb/HT3680

 

[jhae2.718]

It's pretty amazing how data can be recovered from hard drives that would appear to have been destroyed.

I've heard stories that the NSA et. al. run old hard drives through shredders and then incinerate them.

 

[KrisOhn]

Under Mac OS, you can erase either the entire disk, or only the free space on it, using a "7-Pass Erase" option which writes different things on the disk on each pass. It meets a U.S. Department of Defense specification (5220.22-M) for securely erasing magnetic media. Actually it goes beyond that spec, which calls for only three passes.

You can also do a 35-pass erase.

For details on what gets written to the disk in each pass for both methods, see

http://support.apple.com/kb/HT3680

I actually asked her about the 7-Pass Erase system and she said that there were ways to recover the lost data yet. I didn't get anymore information since it was the end of a meeting and we went our separate ways. After reading what Apple said about that X-Pass system, I am a little skeptical that data recovery after that is possible.

 

[jhae2.718]

It's pretty amazing how much data can be recovered if you spend time and money on it.

But it's pretty hard to recover data from a hard drive that's been melted.

In the end, it comes down to a question of whom you're trying to keep data from. For most people, the 7-pass erase algorithm or an equivalent is sufficient, but if you want to prevent a government agency or someone with a lot of resources from recovering data, thermite's the way to go. (It's also more fun. )

 

[KrisOhn]

It's pretty amazing how much data can be recovered if you spend time and money on it.

But it's pretty hard to recover data from a hard drive that's been melted.

In the end, it comes down to a question of whom you're trying to keep data from. For most people, the 7-pass erase algorithm or an equivalent is sufficient, but if you want to prevent a government agency or someone with a lot of resources from recovering data, thermite's the way to go. (It's also more fun. )

Pfft, thermite is the only way to go.

 

[DaveC426913]

Why drill holes into it? I mean, if you want to start talking power tools, then sure, drill a hole, go at it with a hammer, grab a saw, whatever.

How I keep my farm animal porn from falling into the wrong hands.

 

[DaleSwanson]

I use Darik's Boot and Nuke on my hard drive whenever I format. It's a boot CD that will wipe the data from any drive it sees. If you use it, be very careful that you physically disconnect any drive that you don't want wiped.

As far as recovery of deleted data goes, simply deleted files are trivial to recover. However, data that has even been overwritten once is destroyed. No organization has ever publicly recovered overwritten data on a modern (newer than 2000) drive. Could the NSA recover some overwritten data from a HDD using a scanning electron microscope and millions of dollars? Maybe, but your data isn't that important.

I recommend you use full disk encryption, like Truecrypt. That will keep your data save even if someone steals your laptop or HDD. Then when you format use Darik's Boot and Nuke. A single pass is fine, but feel free to use the DOD standard 7 pass if you are paranoid. Physical destruction is unnecessary and a waste of good hardware.

The whole multiple pass thing comes from a paper published by Guttman in the 90s when data density was much lower and thus it was more likely that an overwrite wouldn't completely eliminate the original data. His paper, along with several epilogues is here:
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

If you are concerned with this I recommend reading it.