Overwrite instead of format - erasing hard drives correctly
Kiel, Germany - Faced with the task of erasing everything on their hard drive, most users simply opt to reformat the drive. If the drive or PC is to be sold or given to someone, that's not enough as data subjected to a formatting is not really permanently gone. In the wrong hands, a bit of time and skill are all that's needed to recreate data the user thought had been erased forever.
There are even reported cases of cyber crooks buying older PCs without any interest in the hardware at all, explains Guenther Ennen from the German Federal Agency for Security in Information Technology (BSI) in Bonn.
"They're solely out to look for sensitive information remaining on the drives." This could be tax calculations, personal data or sensitive medical data that could be used to blackmail the seller.
Formatting a hard drive only deletes the indexes for the data, explains Andreas Kroschel from the Munich-based PC-Welt magazine. This is the equivalent of tearing the table of contents out of a book.
"If you want to find the information in that book anyway, you just browse through until you find it."
With a bit of time and knowledge and the right tools, a third party could then recreate the data at their leisure, Kroschel says.
"Programs to get to the personal data are freely available and relatively easy to apply," explains Sven Thomsen from the Independent State Centre for Data Protection of Schleswig-Holstein in Kiel. The proper way to delete a hard drive involves special programs that overwrite the data using various symbols and random strings, Kroschel says.
Several free programs can be downloaded from the web to perform this overwrite, Thomsen says. The BSI links up to two such tools on its website: Eraser and Secure Eraser. Advanced users can also use the wipe program cipher. exe, which is integrated into Windows. The program can either be run from another hard drive or from a CD, Kroschel notes.
For PCs without an OS, the best option is to download the desired program onto another computer, burn it on a CD and then overwrite the hard drive on the original computer using the CD, Thomsen says. A second hard drive on the computer can also be used to overwrite using a wipe program on the running system.
The freeware programs overwrite the hard drives with varying degrees of thoroughness.
"Tests have shown that a single overwrite pass is enough to protect data against third party access," Thomsen indicates.
Double or triple overwrites using shifting random values are the choice for private users demanding extraordinary security.
"The owner of the hard drive has to decide whether it's really necessary." (dpa)