Perhaps this holiday season you'll get a new computer or mobile device. When you do get around to donating your old computer or mobile device many of us do not remember to remove the data. But we should. Much of our lives today are digital, in photos, emails, or bank transactions. Taking a moment to remove the data before donating or disposing of a device can prevent data thieves from learning more about you.
For a workstation or a laptop, start by programmatically wiping or shredding all the files. Deleting them merely removes a file from the directory – they're still there. Just deleting the files, re-formatting or even reinstalling the operating system isn't enough. For a digital forensics expert, there is enough data remaining on the drive to reconstruct the deleted files at a later date.
Instead digitally shred the hard drive by overwriting it with thousands of random 1s and 0s. There are numerous shredder programs on the market that can do that. Shredding will make sure that the data on the drive is unreadable to anyone.
If you can, you can also physically remove the shredded hard drive before disposing of the workstation and laptop. What do you do with the old hard drive? WikiHow has several ways to destroy a hard drive from your workstation or laptop, again so no one can read the data from it.
Elliot destroying his storage drives in an episode of Mr. Robot
If you can't remove the hard drive, if you have a SD drive for example, then you now have a new paperweight. Seriously. Unless you have access to an industrial shredder, you can't reasonably physically destroy these drives.
What about mobile devices? Removing the hard drive is definitely not an option. Here, a factory reset is the recommended option for most mobile devices being donated today. The reset does erase usable data but it does not fully destroy the data on the device.
To remove data completely from a mobile device, however, you will need to do something more drastic.
You see it in the movies: a crime has been committed and the bad guys make a dramatic show of smashing their mobile devices as they flee the scene to conceal evidence of their involvement. But does the act of smashing your mobile device really destroy evidence?
Smashing a mobile device by either driving over it with a car or taking a hammer to it in anger does not destroy data, at least not all of it. “It makes the process for doing recovery much longer than if it’s not destroyed, but not impossible,” , said Amber Schroader, CEO of Paraben Corp., a mobile device forensics firm. “There are specialized techniques that can still pull that data, but it’s a good method for most people.”
There's a fair amount of data that remains resident on the mobile device in the chips themselves. Techniques do exist to extract data from physically damaged hard drives and even circuitry. It mostly depends on how valuable the data is to an investigator and whether the resources exist to extract that data. Suffice it to say, more often than not even damaged data is recoverable.
“I’ve never measured how many hammer hits it takes,” Schroader said. “The best way to destroy electronics is to melt it together so the parts don’t exist separately, but that’s not something most people can do."
And what about the Mr. Robot solution? In several episodes of the TV series Elliot is seen putting his Sim or SD card in a microwave. In the background are flashes of blue light flash as the card burns. This is not recommended as it could cause a fire if not destroy the microwave. Short of a fire, there are toxic fumes released as well.
The Information Commissioner's Office in the UK weighs in on the pros and cons of various methods for destroying data. For most people shredding your workstation or laptop files and performing a mobile phone factory reset is probably good enough.
Robert Vamosi is a CISSP and award-winning journalist. He is also the author of When Gadgets Betray Us: The Dark Side of Our Infatuation With New Technologies (Basic Books).
Images via Mr. Robot/USA Network.