Hi, I'm looking to get rid of an old desktop PC but the hard disk has been used online and had data related to banks etc.
Is there a simple process to completely erase data from a hard disk so I can sell it with the PC, or am I better off destroying it?
I believe just reformatting or deleting is not sufficient?
Use cCleaner (free software); it its many tools it has a hdd wiper... can do anything from a single pass to a Gutmann 35 pass overwrite. Though for your case I think a 7 pass wipe would be more than enough.
A few years ago I experimented with an old hard drive that I thought I had wiped clean to see what I could recover. I was able to find stuff that was years old that had previously been deleted before I wiped the drive clean.
You can wipe your drive clean and hope that the drive does not fall into the hands of one very dedicated individual who wants to snoop for sh1ts and giggles.
The best way to wipe your drive clean is with one of these
No need to destroy it, just overwrite (dban) Recovery of data once overwritten was possible decades ago but probably not at current disk densities.
If somebody really wanted your data they would have hacked or stolen your pc by now rather than try to recover data after disposal.
In reply to JamButty: Just format it. It's nonsense that meaningful data can be retrieved from a single swipe, much less 'data related to banks' (which I assume means something like banking cookies??) since no bank stores useful data on client machines, I'd be shocked if any online shopping sites did either.
You need to be careful with formatting - in the vast majority of cases this does not remove data, only the index that allows your operating system to find it again. You can regenerate index information and recover the files.
You need to overwrite the data using one of the tools mentioned, however one pass will be fine - the multiple overwrites is overkill for domestic use on modern hardware.
In reply to JamButty:
Going by the recent TV programme relating to companies who bought second hand phones, and had a privicy policy that promised 'everything ' was professionally wiped, I I would bin it.
Pros were able to take almost all the second hand phones, identify the owners then even sat down with them and gave them a file of personal and financial information, scary , these were big companies apparently using professional wiping software that you would not be cost effective to obtain.
Cheaper and safer to smash it and put a new one in for sale. Other more savvy posters may disagree, but I would not chance it, as it looks like the software us not 100% , and if not used properly it does not do what it is intended to do.
I was chatting to the guys down at the local council dump, and they have to lock up old broken pc's as they have been approached by people to sell them , and when they refused, they then tried to break in to steal them. Not hard to guess what they are after when you are aware of these issues.
And if he was destroying DATA i'd agree with you, but it sounds like he's doing nothing more than removing internet history. If that's the case, there's nothing that could be done with THOSE files anyway, so he doesn't need to go to the trouble of nuking the drive.
A lot of that is about minimum wage thick plonkers who cannot be bothered. Pay peanuts, get monkeys.
If you use one of the recognised multi-pass and multi-format protocols then the cost of useful data recover quickly becomes prohibitive and soon becomes impossible.
Eraser's method choices range from 1 to 35 passes and most are 3 or 7 passes. Local authorities and government departments have been happy for me to use certain 3-pass methods for property and engineering data.
For specific files, it is possible to go in with a hex editor and make a mess manually but there is no point when you can press a button and pour another coffee. You can also use a hex editor to check an address before and after erasing to examine the effect. That's not something I have done for some time since you soon realise you are pointlessly looking at nothing.
Thanks all for comments, just tried the eraser, but it wanted a newer version of windows (I'm on 98), so I've taken out the harddrive to connect to my other PC and try and erase it from there.
Perhaps I am paranoid, I don't understand it enough. All I know is I regularly used this PC to access bank accounts and other websites. I even had a doc file with all my passwords on it (yes I know.....!)
So I think to wipe it is probably my safest bet.
Take the HDD out and destroy it, then you are sure. You are upgrading so your old pc is probably worth close to nothing. The HDD can be replaced with a new, probably better one for little money by the buyer. So can the operating system. You may have difficulties selling the old PC. I upgraded to this PC three years ago. The old one was a decent machine but none of the local computer traders were interested. They only wanted lap tops. So I gave it to charity after removing the HDD.
In reply to mgco3: Unless you had the user/passwd written down in a notepad doc on the desktop you could give the disk to pretty much anyone in the country and none of them could access your bank account.
In reply to ex0: I would be happy to take your disc from your PC / Laptop and enlighten you.
I have been in IT for 40 years(and 4 days) and can recall the times we used to use a fluid that was a suspension of very fine iron particles in a hydrocarbon to physically reveal the magetic code in mag stripes on cards etc.
I have , personally, recovered data from disc drives that were maliciously "wiped" by people to hide their tracks. In the early days of UNIX we used to debug and correct corrupt i-nodes on disc drives which is the equivalent of changing individual bytes within a disc sector.
Believe me. There is no such thing as paranoia when it comes to security of data.
In reply to Ridge: It seems such a waste to destroy the hard disk, just wipe it. The risk is negligible after wiping (overwrite) and recycling compared a laptop getting nicked or lost prior to disposal.
In reply to JamButty: If you just delete all files, or do a format, then recovering the files would take me an hour or two (depending on disk size). Comercial recovery £10-£30.
If you break up the chippery on the drive, but not the platters, recovery is in the £400 region. I could maybe do it myself, but it would take days of careful work and buying some special parts/tools.
If you break the platters into coin-sized bits, recovery needs a high-spec research quality microscope. Cost will be many thousands. Only a few government labs are thought to have done this successfully.
If you break the platters into a fine powder (0.01mm grains), melt them down etc. the data is unrecoverable.
If you overwrite the data once, with random data (by using one of the above mentioned tools in single pass mode), it may or may not be possible to recover some of the data. It would need a research quality microscope even better than the one mentioned above, and the success rate would depend on the age and type of drive. As far as I know this has never been done, and the cost would likely be 5 or 6 figures.
If you overwrite the data with several passes of random data (using one of the mentioned tools in multi-pass mode) the data is unrecoverable. There may be a few scraps of data left in areas of the drive that are damaged and therefore automatically left unused, but they won't amount to much.
If your drive is new enought to support ATA Secure Erase, that is very effective. If your drive is from a win98 machine, it's probably too old.
In your case, just formatting the drive is probably adequate. But if you want peace of mind use one of the tools mentioned above. DBAN is my tool of choice. Despite the disclaimers on its homepage (put there to try and sell blancco's commercial offering) it is simple and effective.
Take the platters out of the enclosure and you can get a magnet very close to them, and you remove the shielding too. Dragging a strong magnet over the surface of a platter will trash data very fast (by causing saturation), you might need a few passes to get all of it.
If you use particular patterns of AC magnetic field, you can overcome the shielding and randomize the data on the drive even with the platters still inside, this process is called degaussing. The kit to do it is a bit specialist, and usually needs to be in contact with the drive to work. A range of a few tens of cm might be achievable, but it's never going to work through the wall.
Using a DC field is harder. Whist within the enclosure, the platters are well protected. You won't get anywhere with a regular magnet (not even the shiny expensive Nd ones). A junkyard magnet probably wouldn't be strong enough even if the drive were pressed up against it. A very powerful electromagnet, such as found more or less only in physics labs, might be able to overcome the shielding and wipe the drive. But only from a meter away at most.
In reply to mgco3: Enlighten me as to what? You're telling me if I formatted my drive and gave it to you you'd be able to access my bank account?
Edit: Just so we're clear, I'm all for data security, but what this guy needs and the solutions he's being offered here do not marry up. By his posts it's fair to guess he doesn't quite understand the way that data is transferred when it comes to internet banking, my point is that there's no data related to his banking/online shopping that needs to be completely nuked before he sells the drive.
> I have been in IT for 40 years(and 4 days) and can recall the times we used to use a fluid that was a suspension of very fine iron particles in a hydrocarbon to physically reveal the magetic code in mag stripes on cards etc.
When I worked in the seismic survey industry we recorded on magnetic tape.
Sometimes we needed to check how a tape was recording. (Can't remember details). We used a liquid called Magnasee which came in a squat can like Evostick. We poured a little into the cap, pulled a few inches of the tape through it and you could actually see the bits on the tape. Was that what you described above?
Oh that sounds like the stuff!!! Magnasee.. I still have some of the old "equipment" that we used to use.Disc head cleaner etc. I still regularly use my MICR (magnetic ink character recognition) viewer for magnifying stuff that I used to be able to see with naked eye.
Enlighten you as to just what information can be recovered.
Some people keep all sorts of personal information on their PC in the msitaken belief that becasue they have "deleted" it or because it is / was password protected that it is safe. Not so.
He may well have had details of his bank accounts and passwords actually on his PC and deleted the information. You would be suprised how many people , even IT professionals, keep extremely sensitive information in this way.
All I am saying is whatever you have had on your PC can be recovered.
> If you just delete all files, or do a format, then recovering the files would take me an hour or two (depending on disk size). Comercial recovery £10-£30.
> If you break up the chippery on the drive, but not the platters, recovery is in the £400 region. I could maybe do it myself, but it would take days of careful work and buying some special parts/tools.
Just buy an identical replacement hard drive, and swap the controller board over. Cheaper, and less effort. I did this a few years ago when I had PSU problem that resulted in smoke coming out of the controller board. Ironically, while backing up...
In reply to Nutkey: That's kind of what I was referring to. If you can get a compatible donor drive, swap the PCB over and it just works, then grand. An hours work, tops, including buying parts. It could easily run longer though if you have to transfer calibration data across (locate EEPROM or whatever, remove from broken board, solder onto new board, probably an SMT package). Admittedly, it should still be only a few hours work if you have a hot air rework station, but I don't, so a day or two maybe. Similarly firmware uploads if the donor drive is an imperfect match.
In reply to mgco3: Recovery after overwriting is either impossible or beyond economic recovery unless you have reason to think somebody will spend lots of money on the off chance they'll find something.
Residual flux allowed recovery decades ago but do you think recovery after over writing is possible for current disks?
> Do you think recovery after over writing is possible?
Don't know if its possible, however I am in the process of trying right now.
I have a 700Gb external drive which I filled completely with stuff, I then formatted it and I am now in the process of using Ccleaner to securely wipe it clean. This process has about 8-9 hours to go and after that I'm going to use some freely available software to see what I can retrieve from this hard drive.
Blimey! I think you might want a risk-proportionate response.
1. Only browsed the web; no purchases. Played a bit of solitaire.
2. Online banking and puchases.
Reformat with overwrite.
3. Something mildly illegal or highly embarassing
Reformat with multiple overwrites.
4. Something significantly illegal
Smash it up
5. Something that shows you are in charge of al quaeda
Smash it up, incinerate it and drop small portions of the ash in remote places.... Oh, but don't forget to post your concern on UKC first.
Last night I did a quick format of an external hard drive and then did a simple wipe of the hard drive using Ccleaner, only one pass but it still wrote onto every part of the hard drive. This took all night.
This morning I looked at the drive and it was indeed empty.
So I used Recuva to check that it was empty. A quick check showed the drive was empty, so I chose a deep scan.
I have 5 hours to go. So far the rile recovery software has found 927 files.
If I can use free software to find deleted files from software that is supposed to securely wipe files then I have failed.
Being a paranoid little rodent, I will continue to physically smash hard drives.
Any scavenger can retrieve a hard drive and scan it for sh1ts and giggles, but they aren't going to go to the expense of straightening a platter just to check what's there.
>Recovery of data once overwritten was possible decades ago but probably not at current disk densities.
I hear that the NSA are using scanning electron microscopes on high value data.
Even at the very high density currently being used the data isn't 'quite' put in the same place every time. As the disc heats up and cools during use it expands and contracts leaving the data in slightly different places which can be decteded.
> Last night I did a quick format of an external hard drive and then did a simple wipe of the hard drive using Ccleaner, only one pass but it still wrote onto every part of the hard drive. This took all night.
> This morning I looked at the drive and it was indeed empty.
I've completed my little experiment. Recuva found practically everything that I was expecting to be there. It also found stuff that I knew nothing about from JPEGS to documents I had no knowledge of.
Well I had a go at recovering a few files onto my main desktop. I have to say that not one of those files opened. It would seem that they were all corrupt.
I'm sure somebody could have got them to open but I was not successful.
Apologies in advance to the 99.5% of UKC that will have no interest in this ;)
Were you able to tell if the files were the correct size or look at the raw content of them? I'm quite interested in your test because I was surprised that you retrieved anything after the overwrite.
There is a risk that an overwrite will not cover literally the entire drive because during its normal lifetime a drive can remap sectors that are showing signs of failure to prevent future data loss, however the data affected should a) be very small (too small to be of use if retrieved) and b) not be retrievable without replacing (or doing some low level tinkering with) the drive controller since the controller in the drive would be what did the remapping in the first place.
If the software restored filenames then that suggests that it was able to recover the indexes for the filesystem, as if it had been able to find the data content then you may have got the data back but you would not have got meta-data (like the name and path).
What device did you set to be rewritten? In Linux (for example) for a disk holding a single partition system you could target either /dev/sda1 or /dev/sda and think that you're getting the entire device, but depending on how the partition geometry lines up with the disk geometry you might find that overwriting the file system doesn't quite overwrite the entire device and this might leave some data from previous use that could be recovered.
I believe most filesystems will also store multiple copies of themselves around different areas of the drive in order to enable recovery if the primary location gets corrupted. Some combination of the above could maybe have resulted in some of these backups still being available after the primary file system has been wiped.