I'm doing a report on my company's privacy practices for HIPAA. This covers secure transmission of data, data disposal, etc. One of the questions I have to answer is, "What about old PC's we sell or give away -- is sensitive data recoverable?" Right now, our hardware guy does a DOS fdisk and format on the drives before the PC leaves.

I know, there's no way to REALLY destroy the data without thermite. But I've heard of 14-year-olds with a basic knowledge of Linux being able to recover things from "wiped" hard drives. I'm not looking to defend against the NSA here, just against the casual hacker-wannabe.

So, is "format" good enough, or should I get some utility like Mutilate File Wiper? (BTW, the hardware guy is really hoping I don't make more work for him )

the best way i've heard of destroying sensitive data is getting the drive scrubbed and then rewritten with random trash a few times

I'm trying to think of a cogent paradigm to illustrate how little fdisk & format do to wipe data ... think of your HD as an exercise book, and there's a rigid taboo about only ever using the uppermost side of each page . Fdisk & a format are the equivalent or turning the book over & around, so all the uppermost pages are blank ... but none of the information has been removed.

Did that work? If not, perhaps FDisk? Secure? will?

edit - use BCWipe

What Johnny said. Though a 15 lb sledge and a bucket of salt watter work wonders too! Also great for stress relief.

Quote: Originally Posted by FeRaL What Johnny said. Though a 15 lb sledge and a bucket of salt watter work wonders too! Also great for stress relief.

I'm with you on this one FeRaL, noting beats a 15lb sledge and some good heavy metal to "rock out to".

I couldn't remember if format merely erased the record of the files, or wiped the data itself. Thanks for confirming what I suspected.

Doesn't HIPAA have very strict standards for data destruction as a mater of policy in the first place?

Running them through an electronic magnet should do the trick, too.

If you're looking for programs, try BCWipe. I've run a few tests myself on the effectiveness of the program and the most I've been able to recover is like 64K of total gibberish.

Rob

Quote: Originally Posted by Cyno01 Doesn't HIPAA have very strict standards for data destruction as a mater of policy in the first place?

Here's what HIPAA says about it:

Section 164.310, Physical Safeguards
(d) Standard: Device and Media Controls
(2) Implementation Specifics
(i) Disposal (Required).
Implement policies and procedures to address the final disposition of electronic protected health information, and/or the hardware or electronic media on which it is stored.

Strict, but not real specific. From everything I'm finding out, we're going to be using something more heavy-duty to wipe out any PHI data (like BCWipe -- thanks guys!).

Id say u just get the torx screwdriver set and take the thing apart and hang em on the wall..heh or just take the sliver platter out in the middle and put finger prints (or oil all over it).

Dremel works nicely to..well die grinder (the heavy duty dremel)

the dos format is as JE says, its a rubber that doesnt rub out properly, or when you press hard onto a pad of paper, you destroy the 1st copy, but the imprint remains on the pad..about 5 pages thick. There are 2 good ways of clearing data. One is as sugested, rewrite the entire hard drive so its packed with data, scrub it, then start again. The original data will be quite hard to recover in this state, as hard drives cant keep a history on whats been put on them, especially as its been writen ovr a few times.

Next ofcourse is our beloved rotary sander and angel grinder...that or a steel furnace, unless ofcourse you want to keep the hard drive.
Dos is useless for completly scrubbing a drive. Its good for any PCbuilders when they need a quick system reinstall on a pre XP machine, but apart form that...theres not many other advantages (execpt it doesnt crash like windows)

Quote: Originally Posted by nev_payne ... rubber ...

Hur-hur! Nev said "rubber"

Translation = eraser