IT Security Support
Removing Sensitive Data
On this page:
Overview
Removing Data from Mobile Devices
Removing Data From Computers
Software Options
Windows
Macintosh
Unix
Additional Resources
Overview
There are risks associated with recycling or selling used computerized electronics such as PDAs, cell phones and computers. Sometimes sensitive and private information can remain and be accessed on your devices even after it has been "erased" making these sources a gold mine for criminals. While this may seem like an overly paranoid assertion, recent crime rates have shown that identity theft is the fastest growing crime in the United States and criminals will use any possible method to get hold of that information. If you are a victim of identity or private information theft, you could spend countless hours and thousands or more dollars in clearing your name.
The sections below outline the steps you can take to ensure your data doesn't inadvertently leak out when you sell or recycle your old equipment. The media sanitizing information on this page is offered as a suggested guideline only and is not currently supported or offered as a service by IS&T.
Removing Data from Mobile Devices
Mobile devices, such as a Treo or regular cell phone, are often only a few years old when you replace them. This means there are frequently others who would happily purchase or offer to recycle your old one. It's a good way to keep them out of landfills, but you may not want your data to move with them to the new owner.
A recent study by the security firm Trust Digital shows that data from previous owners can be easily retrieved from used phones sold on sites such as eBay. Resetting a phone, a popular practice among sellers, appears to erase data. Unfortunately, this data can be resurrected using inexpensive software found on the Internet.
According to an article in InformationWeek on the Trust Digital study, "Because phone and PDA data is stored in flash memory, it's retained even if the device's battery is drained or removed. To delete flash memory data, users have to do a 'hard reset' which returns the hardware to original factory condition. Each phone and PDA has a different hard reset procedure; some can only be done by a technician or after contacting the phone service's help desk."
In other words, using the "clear" option in the interface is not a secure method for permanently erasing the data on your mobile device. Instead, try any of these steps (for laptops, see the next section on computers below):
- Follow the instructions for permanently erasing data (hard resetting the phone) in the user's manual or on the manufacturer's web site. If you can't find your manual, the Wireless Recycling site provides instructions for most models of cell phones and PDAs.
- If applicable, remove the Subscriber Identity Module (SIM) card and store it in a safe place. This portable memory chip, used in some models, holds your personal identity information and may contain phone book data and text messages. You can use the same card in your new phone if it supports SIM card technology.
- Portable devices such as USB flash drives and iPods can also contain private information. Before selling or recycling, these items should be erased using the manufacturer's recommendations.
- When in doubt about whether sensitive information is retained on your device, you may want to consider physically destroying it.
Removing Data From Computers
Whether you plan to recycle or sell an old computer, be sure to remove its data as your first step in decommissioning it. If you wait too long to do this, you may not be able to find the plug or get the computer to start up. However, even if the computer is "broken," somebody else may have the skills to access the data stored on it.
Deleted data can often be retrieved. Tossing files into the computer's trash bin and then emptying the trash deletes the record of the file, but not the data the file points to. Think of it as removing the labels from folders in a file cabinet: the folders and information in them still exist, even if retrieving the data now takes more time and effort. The same is true if you reformat a hard drive: it is still possible for someone with the right tools to retrieve data on the drive.
If you plan to sell or recycle a computer, try any of the following steps:
- Make sure the hard drive is completely erased ("wiped"). You can either do this yourself or pay someone to do it for you. The potential liability if sensitive data gets out could easily justify the cost. Services such as GreenDisk's Computer and Component Recycling charge a small fee to securely dispose of old computers.
- If wiping the drive yourself, use a utility tool that overwrites every sector of the hard drive with binary 1s and 0s. Tools that meet government security standards overwrite each sector multiple times for added protection. There are many tools that meet this standard. For more information, see: Software Options.
Software Options
The software tools listed below are just a sampling of those available for wiping hard drives. They are provided for informational purposes only and are not currently supported or recommended by IS&T. If you have used any of these tools, or even other ones not listed, please send us your feedback. We would be happy to hear about your experience, whether good or bad, so that we can forward on the information and keep this page updated.
The Computing Helpdesk is not trained and does not offer support for the following software options. Customers should contact the vendor directly with usage questions.
 |
|
Warning: These products are designed to irretrievably erase data on your hard drive. You will not be able to recover data after running these tools on a disk. Make sure you have copied or backed up any data you need to retain. |
|
Windows
|
Product
|
Platforms
|
Options
|
Procedure
|
|---|---|---|---|
|
DOS, Windows Vista, XP, 2000, |
Free or purchase |
Overwrites data using zeros. The professional version conforms to U.S. Dept of Defense (DOD) standards. |
|
|
95, 98, ME, NT, XP, 2000, 2003 |
Free trial or purchase |
Repeatedly overwrites a special pattern to the hard drive to destroy its files. |
|
|
95, 98, ME, NT, XP and 2000 |
Free |
Completely and permanently erases all content of any hard disk it detects by overwriting it with random numbers. |
|
|
All IBM compatible PCs on all operating systems |
Purchase |
Permanently deletes information by overwriting all data on the hard drive or on selected partitions of a drive. |
|
|
Windows 95, 98, ME, NT, 2000, XP, Vista, Windows 2003 Server and DOS |
Free |
Securely deletes specific files. Can delete files manually via right click on the file (or Recycle Bin), or set up a scheduler. Can also overwrite all 'free space.' |
|
|
Any Intel-compatible platform running Windows 98, ME, |
Free trial or purchase |
Shreds specific files or folders using either fast or secure erase algorithms. |
|
|
95, 98, ME, NT, XP, 2000, 2003 |
Free |
Overwrites data from one to 35 passes and has DOD-compliant wiping. |
|
|
Any Windows platform |
Free trial or purchase |
The program's overwrite methods include user-defined options with up to 35 passes. |
|
|
DOS, Windows ME, NT, 2000, |
Purchase |
Overwrites data as many times as you need and runs a verification test |
Macintosh
|
Product
|
Platforms
|
Options
|
Procedure
|
|---|---|---|---|
|
Mac OS X 10.3 or later |
Free |
Permanently deletes files on hard drives and iPods or similar devices. |
|
|
OS 8.5 and the new Mac OS HFS+ file system |
Free |
Overwrites data one or more times. |
|
|
Apple Power Mac and Intel |
Free |
Completely and permanently erases all content of any hard disk it detects by overwriting it with random numbers. |
|
|
Mac OS X 10.4 or later |
Built into the OS |
Overwrites data as many times as you need from select hard drives using several options. |
|
|
Mac OS X 10.1 or later |
Free |
Erases files your browser and email program leave behind. |
|
|
Mac OS X 10.2 or later |
Free |
Uses Gutmann Method: overwrites 35 times, scrambles original file names, truncates file size to nothing. |
|
|
Secure Empty Trash |
Mac OS X 10.3 or later |
Built into the OS |
Shreds specific files. Move the file to the Trash, and then the "Secure Empty Trash" is accessed from the Finder menu. Overwrites data 7 times. |
|
Minimum OS 7 |
Purchase |
The program's overwrite methods include user-defined options with up to 35 passes. Can also overwrite rewritable CDs (Mac version only). |
Unix
|
Product
|
Platforms
|
Options
|
Procedure
|
|---|---|---|---|
|
Various |
Free or purchase |
Overwrites data using zeros. The professional version conforms to U.S. Dept of Defense standards. |
|
|
Various |
Free trial or purchase |
Repeatedly overwrites a special pattern to the hard drive to destroy its files. |
|
|
Various |
Free |
Completely and permanently erases all content of any hard disk it detects by overwriting it with random numbers. |
|
|
Various |
Purchase |
Overwrites data using methods that meet DOD regulatory requirements and produces a Disk Overwrite Report to verify and document the procedure and results. |
|
|
Various |
Purchase |
Overwrites data as many times as you need and runs a verification test. |
Thanks to the University of Minnesota for this software listing. Used with permission.
Additional Resources
For more information on data destruction:
- Articles from SANS Institute (SysAdmin, Audit, Network, Security):
- Opinion: Data Destruction -- RIP
- The Fine Art of Data Destruction
- Paper Shredding
