Data thieves don’t have to be programming wizards to get their hands on your personal information. They often find hard drives that contain financial and other sensitive data at flea markets, charity shops, the city dump, and even on eBay. These tips will help you render an old drive’s files unreadable.
Reformatting a drive, or deleting its partition, doesn’t truly erase its files. Putting files into Windows’ Recycle Bin makes them unreadable by the operating system, but they’re still viewable for anyone using data-recovery software (or Windows itself if you don’t empty the bin). That’s why a dedicated drive-erasing tool is a must.
I destroy my old data using what storage experts call a “block-erasure utility” such as DBAN (available for free). DBAN overwrites each block on a computer’s hard drive several times–up to standard levels specified for the Royal Canadian Mounted Police and the U.S. Department of Defense.
DBAN can create either a bootable floppy disk or an ISO file that you burn to a CD. Once you boot from the startup disk (you may have to tweak settings in your system’s startup program to boot from the floppy or CD), just a few keystrokes will begin blowing away your data.
The Secure Erase utility uses the Disk Drive Secure Erase command that’s built into every modern hard drive’s firmware. The wipe is incredibly fast: Secure Erase can do the whole job in about half the time that a block-erasure utility would take.
Bring out the sledge
Some government agencies use huge grinders like wood chippers for metal to shred their discarded drives into tiny bits. Some folks chop their old drives in half with an ax, or drive nails through them. You may not have to go to such extremes, however. A few whacks with a sledgehammer can do wonders for your peace of mind, and maybe even reduce a little stress in the bargain. (Obligatory disclaimer: Make sure you know how to safely use any such tools, and don safety glasses before going to work.)
Encrypt to delete
Encrypting files on your hard drive prevents unauthorized access to your information, but you can also use encryption to help ensure that the files you delete aren’t recoverable. If you encrypt a file before you delete it, a file-recovery utility may be able to restore the encrypted version of the file, but the utility won’t be able to decrypt it. The chances are good that no one else will be able to decrypt them either, especially if you lock the files and throw away the key–the encryption key, that is.
To use Windows XP Pro’s built-in encryption, right-click the files or folders you want to encrypt, choose Properties, Advanced, check Encrypt contents to secure data, and click OK (see FIGURE 1). You can encrypt any files except system files. You could select all the folders on the C: drive (except the Windows folder) and encrypt everything inside–not only are the files already in the folders encrypted, but any files you place inside the folders afterward would also be encrypted on the fly as you save them into the folders.
Windows XP creates a unique encryption key automatically if you use this feature. If you wipe out your installation of Windows without backing up the encryption keys, however, and barring some future break in the encryption algorithm, neither you nor anyone else will be able to decrypt those files. So if you choose to encrypt your files this way, you won’t need to run a secure erase tool to ensure your privacy: Just blow away the partition, format the drive, and you’re done.
Remember to destroy your optical discs, too
In addition to erasing hard drives, you need to securely dispose of CDs and DVDs containing sensitive data. Devices such as Aleratec’s US$50 DVD/CD Shredder and Primera’s $130 DS360 Disc Shredder turn your optical media into crumbs. Flash media cards and USB memory keys, fortunately, don’t need to be physically destroyed to be wiped clean. If you’re worried that someone might attempt to recover files stored on flash memory, fire up the free Eraser block-erasure tool to run a few passes of random data over the drive or card.
