How to remove personal files before you ditch your old PC

Throwing out an old computer is complicated. First, there are heavy metals used in most PCs, and you don't want that ending up in the local landfill. Second, there's the data on the hard drive. If you're not careful, it could end up in the hands of data thieves.

Whether you're donating that used PC to a local school or selling it on an online auction site, you'll want to remove your personal files first. Here's a quick lesson in how data is stored and what you can do to keep others from reading your e-mail and seeing your financial data from five years ago.

A quick lesson in deleting files
In Windows, whenever a file is deleted, the entry header within a file allocation table is removed, allowing the disk space allotted to become available once again. It's important to note that at this point, no data has been erased or overwritten. In fact, Windows safeguards deleted files; they're sent to the Recycle Bin until the bin is emptied. This second chance can be helpful when you delete an important file by mistake. However, even if the file is "emptied" or erased from the Recycle Bin, it is still possible to "undelete" that file. Software such as Norton SystemWorks can reconstruct the allocation table entry, allowing access to the file once again.

If you consider how many files, saved backups, and temporary files you may have, there's a lot of old data hanging around.

Some applications within Windows litter the hard drive with temporary or intermediate backup files. Thus, when you delete a saved file, you've deleted only the last, final copy -- all of the backups and the temp files remain. And when Windows files are first saved, they fill in preset clusters -- unless there's a gap (known as slack space) between the end of the file and the preset end of that final cluster. If the end of a new file happens to occur over a previously "erased" cluster, it's possible to read some of the old data within the slack space. Additionally, saved files may also contain random pieces of RAM data, called RAM slack. If you consider how many files, saved backups, and temporary files you may have, there's a lot of slack space on, say, a typical 80GB drive, and therefore there's a lot of old data hanging around.

I know what you did on your PC last summer
It is truly foolish to think that data on your discarded hard drive can't be read by someone else. A few years ago, M.I.T. graduate students Simson Garfinkel and Abhi Shelat made headlines when they discovered just how vulnerable old hard drives could be. The pair purchased 158 secondhand drives on eBay. Of the 129 drives that were still working, they found thousands of active credit card numbers, along with pharmaceutical records, legal correspondence, corporate memoranda, and, of course, pornography. In addition, 66 of the drives had more than 5 e-mail messages; one had more than 9,500. Only 12 had been properly and thoroughly cleansed of recoverable data.

If you defragment your drive and delete all of the files at a command prompt, then reformat your drive, in theory someone could still come along and recover your data.
While few thieves are likely to carry out a recovery effort as extensive as Garfinkel and Shelat's, the point remains: data on your discarded hard drive can be read by someone else. In fact, reading old data isn't always illegal. The U.S. Supreme Court ruled in California vs. Greenwood that discarded materials confer no right to privacy, more or less giving individuals the right to peruse secondhand drives.

Reformatting your drive is not enough
If you think reformatting or defragging the drive will erase the old data, you're wrong. Even if you defragment your drive and delete all of the files at a command prompt, then reformat your drive, in theory someone could still come along and recover your data. And changes made to the Windows XP file system tend to store and lock data in a variety of new ways. In Windows XP, you'll need to sign in as Administrator to obtain permission to delete some files.

To be completely safe, you could physically destroy the drive by smashing it to pieces or drilling holes through it. If that's too extreme, you can demagnetise the drive with a Type I or Type II degauss tool. Or -- and this seems the most practical -- you could overwrite all of the data with a utility called a disk sanitizer or a data shredder, such as Eraser 5.7, available for free from CNET.com.au Downloads.

Apps such as Eraser work by overwriting existing data with random 1s and 0s. You'll want to select the highest number of rewrites possible. The U.S. Department of Defense requires only 7 rounds of rewriting from shredding apps, but Eraser allows you to make up to 100 passes. Of course, the more overwrites, the longer it'll take to sanitise a given drive.

Proactive strategies
But why wait until the last minute to safeguard your files and directories. You can use hard drive encryption while the disk is still operational; that way when you discard the drive, the data won't be easy for a common thief to read. Microsoft currently offers Encrypting File System (EFS) within Windows 2000 and Windows XP, while Apple bundles 128-bit AES symmetric encryption within a feature called FileVault within its OS X operating system. Microsoft EFS only encrypts files and folders while Apple's FileVault protects entire directories and even creates a master key in case you forget how to unlock your hard drive. Microsoft will offer entire drive protection with a program called BitLocker, available within the two enterprise business versions of Windows Vista due early next year. Some laptop manufacturers, such as Lenovo, feature built-in drive encryption.

Personally, I recommend physically removing the hard drive and recycling the PC box, the monitor, and the keyboard. Of the five old drives I have kicking around the house, two are paperweights (they're nonoperational). I've installed the three that still work on my new machines as second and third drives, and I use that extra space for storage and backups. When I do decide to remove them, I'll definitely use Erase to sanitise them, but I might also stick a drill bit into them for good measure. You never know who's snooping through your garbage.

What precautions do you take before recycling your old PCs? Share your tips with us below.



Add Your Comment 2


Post comment as
 

cathy posted a comment   

There is no more free CD from CNEt as recommended.

 

Craig Ball posted a comment   

When was this article written, ten years ago? RAM slack hasn't been an issue for Windows PCs for years. Windows no longer pads sectors with RAM dump. You may mean file slack (remnant data from the end of file to the end of cluster), but that's a different issue.

Also, unless you're wiping a drive that very, very old (e.g., something like a 540MB-era, drive, you're quite safe using a single pass overwrite. I've literally questioned more than one hundred computer forensic examiners in both government and the private sector and not one could offer any firsthand knowledge of anyone succeeding in obtaining intelligible data from a drive after a properly-conducted single pass write. The Gutmann multipass studies from 1996 were based on long-gone areal data densities and mechanisms. Even Gutmann has retreated from his recommendations! When you consider how long it takes to overwrite a modern high capacity drive, advising readers to overwrite seven times is advice that only serves to waste their time.




Sponsored Links

Recently Viewed Products