Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf ·...

57
Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for Research on Computation and Society Harvard University Thursday, November 3, 9:45am 1

Transcript of Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf ·...

Page 1: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Ensure Proper Data Management with Discarded IT Assets

Simson L. GarfinkelCenter for Research on Computation and SocietyHarvard UniversityThursday, November 3, 9:45am

1

Page 2: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Ten used computers were purchased in August 1998.

This is computer #1.

2

Page 3: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Computer #1 was a file server for a 15-attorney law firm.

Contents:

• client documents

• billing records

• correspondence

Computers #2 through #10 had:

• Mental health records

• Home finances

• Draft of a novel

Was this a chance accident or common occurrence?

3

Page 4: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

This talk explores the problem of data on discardedcomputers and presents real, practical solutions.

• Scale of the problem 0

500

1, 000

1, 500

2, 000

2, 500

Meg

abyte

s

Data in the file system (level 0)

Data not in the file system (level 2 and 3)

No Data (blocks cleared)

• The Traceback Study

• Applicable Legislation

• Answers and Technology Choices

4

Page 5: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Data confidentiality is an important business goal.

Data can be:

• In flight

• Stored

Data spends most of its life in storage.Therefore, stored data must be protected.

5

Page 6: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

There are three techniques for assuring data confidentiality.

1. Physical security.

2. Logical access controls. (operating system)

3. Cryptography (disk & link)

6

Page 7: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

When a disk is retired, techniques #1 and #2 don’t work.

1. ///////////////////////////////////////////////Physical///////////////////////////////////////////////////security.

2. /////////////////////////////////////////Logical///////////////////////////////////////////access////////////////////////////////////////////////////controls.//////////////////////////////////////////////////////////////(operating////////////////////////////////////////////////system)

3. Cryptography (disk & link)

Most organizations don’t encrypt their stored data.

7

Page 8: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Hard drives pose special problem for computer security.

Do not forget data when power is removed.

Contain data that is not immediately visible.

Today’s computers can read hard drives thatare 15 years old!

• Electrically compatible (IDE/ATA)• Logically compatible

(FAT16/32 file systems)• Very different from tape systems

8

Page 9: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

The problem: 210 million drives will be retired this year.

50M

100M

150M

200M

250M

300M

350M

400M

1996 1998 2000 2002 2004 2006

Drives Shipped

Drives Retired

This is a staggering amount of data!

9

Page 10: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

“Retire?”

Deckard (Harrison Ford) retiring a replicant.“Blade Runner” (1982)

10

Page 11: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Many “retired” hard drives are actually resold orrepurposed.

Retired drives are:

• Re-used withinorganizations

• Given to charities

• Sold at auction

About 1000 used drives/day sold on eBay.

11

Page 12: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Bad news:FORMAT C: doesn’t erase the hard drive.

FORMAT just writes a new root directory.

12

Page 13: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

More bad news:DEL doesn’t delete files.

DEL simply removes the file’s name from the directory.

13

Page 14: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Between January 1999 and April 2002,I acquired 236 hard drives on the secondary market.

14

Page 15: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Drives arrived by UPS

15

Page 16: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Data on drives “imaged” using FreeBSD

dd if=/dev/ad0 of=file.img bs=65536 conv=noerror,sync16

Page 17: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Images stored on a RAID

17

Page 18: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Example: Disk #70: IBM-DALA-3540/81B70E32

Purchased for $5 from a Mass retail store on eBay

Copied the data off: 541MB

Initial analysis:

Total disk sectors: 1,057,392Sectors with data: 989,514Sectors all zero: 67,878Total files: 3

The files:

drwxrwxrwx 0 root 0 Dec 31 1979 ./-r-xr-xr-x 0 root 222390 May 11 1998 IO.SYS-r-xr-xr-x 0 root 9 May 11 1998 MSDOS.SYS-rwxrwxrwx 0 root 93880 May 11 1998 COMMAND.COM

18

Page 19: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Clearly, this disk had been FORMATed...

Windows FORMAT doesn’t erase the disk...FORMAT just writes a new root directory.

19

Page 20: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

UNIX “strings” reveals the disk’s previous contents...

Insert diskette for driveand press any key when ready

Your program caused a divide overflow error.If the problem persists, contact your program vendor.Windows has disabled direct disk access to protect your long filenames.To override this protection, see the LOCK /? command for more information.The system has been halted. Press Ctrl+Alt+Del to restart your computer.You started your computer with a version of MS-DOS incompatible with thisversion of Windows. Insert a Startup diskette matching this version of

OEMString = "NCR 14 inch Analog Color Display Enchanced SVGA, NCR Corporation"Graphics Mode: 640 x 480 at 72Hz vertical refresh.XResolution = 640YResolution = 480VerticalRefresh = 72

20

Page 21: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

70.img con’t...

ling the Trial Edition----------------------------IBM AntiVirus Trial Edition is a full-function but time-limitedevaluation version of the IBM AntiVirus Desktop Edition product. Youmay have received the Trial Edition on a promotional CD-ROM or as asingle-file installation program over a network. The Trial Editionis available in seven national languages, and each language isprovided on a separate CC-ROM or as a separaEAS.STCmEET.STCELR.STCqELS.STC

21

Page 22: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

70.img con’t...

MAB-DEDUCTIBLEMAB-MOOPMAB-MOOP-DEDMETHIMAZOLEINSULIN (HUMAN)COUMARIN ANTICOAGULANTSCARBAMATE DERIVATIVESAMANTADINEMANNITOLMAPROTILINECARBAMAZEPINECHLORPHENESIN CARBAMATEETHINAMATEFORMALDEHYDEMAFENIDE ACETATE

22

Page 23: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

[Garfinkel & Shelat 03] established the scale of the problem.

We found:

• Thousands of credit cardnumbers (many disks)

• Financial records

• Medical information

• Trade secrets

• Highly personalinformation

We did not determine why the data had been left behind.

23

Page 24: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

There are roughly a dozen documented cases of peoplepurchasing old PCs and finding sensitive data.

• A woman in Pahrump, NV bought aused PC with pharmacy records[Markoff 97]

• Pennsylvania sold PCs with“thousands of files” on stateemployees [Villano 02]

• Paul McCartney’s bank records soldby his bank [Leyden 04]

• O&O Software GmbH – 200drives.[O&O 05]

24

Page 25: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Information is even left behind on USB drives...

A “new” drive contained images from a previous owner.25

Page 26: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Why don’t we hear more stories?

Hypothesis #1: Disclosure of “data passed” is exceedinglyrare because most systems are properlycleared.

Hypothesis #2: Disclosures are so common that they are notnewsworthy.

Hypothesis #3: Systems aren’t properly cleared, but fewpeople notice the data.

26

Page 27: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

How could people not notice the data?

DEL removes the file’s name; doesn’t delete the data.

27

Page 28: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Weird Stuff, Sunnyvale California,January 1999

10GB drive: $19 “tested”

500 MB drive: $3 “as is”

Q: “How do you sanitize them?”

A: “We FDISK them!”

28

Page 29: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

FDISK does not sanitize disks

10 GB drive: 20,044,160 sectors

SectorsCommand Written %FORMAT 21,541 0.11%FDISK 2,563 0.01%

FORMAT erases the FAT,complicating the recovery of fragmented files.

29

Page 30: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Data on a hard drive is arranged in sectors.

usr bin

ls cp mv

tmp

slg

/

ba

mail junkbeth

The white sectors indicate directories and files that arevisible to the user. 30

Page 31: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Data on a hard drive is arranged in sectors.

usr bin

ls cp mv

tmp

slg

/

ba

mail junkbeth

x5 x4

x3 x2

x1

x6

x7

x8

The brown sectors indicate files that were deleted.31

Page 32: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Data on a hard drive is arranged in sectors.

usr bin

ls cp mv

tmp

slg

/

ba

mail junkbeth

x5 x4

x3 x2

x1

x6

x7

x8

The green sectors indicate sectors that were never used (orthat were wiped clean).

32

Page 33: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Stack the disk sectors:

usr bin

ls cp mv

tmp

slg

/

ba

mail junkbeth

x5 x4

x3 x2

x1

x6

x7

x8

.

.

Files

Deleted Files

Zero Blocks

33

Page 34: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

NO DATA: The disk is factory fresh.

.

.

Files

Deleted Files

Zero Blocks

time

All Blocks are Zero

34

Page 35: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

FORMATTED: The disk has an empty file system

.

.

Files

Deleted Files

Zero Blocks

time

All Blocks are Zero

BlankBlocks

File System Structures

35

Page 36: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

AFTER OS INSTALL: Temp. files have been deleted

.

.

Files

Deleted Files

Zero Blocks

time

All Blocks are Zero

BlankBlocks

File System Structures

Free Blocks

OS and Applications

Deleted temporary files

36

Page 37: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

AFTER A YEAR OF SERVICE

.

.

Files

Deleted Files

Zero Blocks

time

All Blocks are Zero

BlankBlocks

File System Structures

Free Blocks

OS and Applications

Deleted temporary files

... 1 year ...

OS, Applications,and user files

Deleted files

Blocks never written

37

Page 38: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

DISK NEARLY FULL!

.

.

Files

Deleted Files

Zero Blocks

time

All Blocks are Zero

BlankBlocks

File System Structures

Free Blocks

OS and Applications

Deleted temporary files

... 1 year ...

OS, Applications,and user files

Deleted files

Blocks never written

OS, Apps,user files,and lots of

MP3s!

38

Page 39: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

FORMAT C:\ (to sell the computer.)

.

.

Files

Deleted Files

Zero Blocks

time

All Blocks are Zero

BlankBlocks

File System Structures

Free Blocks

OS and Applications

Deleted temporary files

... 1 year ...

OS, Applications,and user files

Deleted files

Blocks never written

OS, Apps,user files,and lots of

MP3s!Recoverable

Data

39

Page 40: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

We can use forensics to reconstruct motivations:

.

. time

OS, Apps,user files,and lots of

MP3s!Recoverable

Data

Training failure

Usability failure

40

Page 41: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

The drives are dominated by failed sanitization attempts...

0

500

1, 000

1, 500

2, 000

2, 500

Meg

abyte

s

Data in the file system (level 0)

Data not in the file system (level 2 and 3)

No Data (blocks cleared)

..but training failures are also important.

41

Page 42: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Overall numbers

Drives Acquired: 236Drives DOA: 60Drives Images: 176Drives Zeroed: 11Drives “Clean Formatted:” 22

Total files: 168,459Total data: 125G

42

Page 43: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Only 33 out of 176 working drives were properly cleared!

• 1 from Driveguys — but 2 others had lots of data.

• 18 from pcjunkyard — but 7 others had data.

• 1 from a VA reseller — 1 DOA; 3 dirty formats.

• 1 from an unknown source — 1 DOA, 1 dirty format.

• 1 from Mr. M. who sold his 2GB drive on eBay.

43

Page 44: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

But what really happened?

?I needed to contact the original drive owners.

44

Page 45: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

The Remembrance of Data Passed Traceback Study.[Garfinkel 05]

1. Find data on hard drive

2. Determine the owner

3. Get contact informationfor organization

4. Find the right personinside the organization

5. Set up interviews

6. Follow guidelines forhuman subjects work

06/19/1999 /:dir216/Four H Resume.doc03/31/1999 /:dir216/U.M. Markets & Society.doc08/27/1999 /:dir270/Resume-Deb.doc03/31/1999 /:dir270/Deb-Marymount Letter.doc03/31/1999 /:dir270/Links App. Ltr..doc08/27/1999 /:dir270/Resume=Marymount U..doc03/31/1999 /:dir270/NCR App. Ltr..doc03/31/1999 /:dir270/Admissions counselor, NCR.doc08/27/1999 /:dir270/Resume, Deb.doc03/31/1999 /:dir270/UMUC App. Ltr..doc03/31/1999 /:dir270/Ed. Coordinator Ltr..doc03/31/1999 /:dir270/American College ...doc04/01/1999 /:dir270/Am. U. Admin. Dir..doc04/05/1999 /:dir270/IR Unknown Lab.doc04/06/1999 /:dir270/Admit Slip for Modernism.doc04/07/1999 /:dir270/Your Honor.doc

This was a lot harder than I thought it would be.

45

Page 46: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Ultimately, I contacted 20 organizations between April 2003and April 2005.

46

Page 47: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

The leading cause: betrayed trust.

Trust Failure: 5 cases

4 Home computer; woman’s son took to “PC Recycle”4 Community college; no procedures in place4 Church in South Dakota; administrator “kind of crazy”4 Auto dealership; consultant sold drives he “upgraded”4 Home computer, financial records; same consultant

This specific failure wasn’t considered in [GS 03];it was the most common failure.

47

Page 48: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Second leading cause: Poor training and supervision

Trust Failure: 5 cases

Lack of Training: 3 cases

4 California electronic manufacturer4 Supermarket credit-card processing terminal4 ATM machine from a Chicago bank

Alignment between the interface and the underlyingrepresentation would overcome this problem.

48

Page 49: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Sometimes the data custodians just don’t care.

Trust Failure: 5 casesLack of Training: 3 cases

Lack of Concern: 2 cases

4 Bankrupt Internet software developer4 Layoffs at a computer magazine

Regulation on resellers might have prevented these cases.

49

Page 50: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

In seven cases, no cause could be determined.

Trust Failure: 5 casesLack of Training: 3 casesLack of Concern: 2 cases

Unknown Reason: 7 cases

8 Bankrupt biotech startup8 Another major electronics manufacturer8 Primary school principal’s office8 Mail order pharmacy8 Major telecommunications provider8 Minnesota food company8 State Corporation Commission

Regulation might have helped here, too.

50

Page 51: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Legislative reactions to this research:“Fair and Accurate Credit Transactions Act of 2003” (US)

• Introduced in July 2003. Signed December2003.

• Regulations adopted in 2004, effectiveJune 2005.

• Amends the FCRA to standardizeconsumer reports.

• Requires destruction of paper or electronic“consumer records.”

The adopted rules specifically exempt resellers.

51

Page 52: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

There are three options for solving this problem.

1. Encrypt stored data.

2. Clear drives before discarding them.

3. Physically destroy drives when discarding.

Of these options, encryption is the best alternative.

52

Page 53: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Encryption protects protects data against anyone whodoesn’t have the key

Options:

• Record-level encryption

• Database encryption

• Encrypted file systems

Apple’s File Vault is aneasy-to-use encrypted filesystem.

53

Page 54: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Drives can be individually “cleared” before they arerepurposed or retired.

Commercial Software

• Wipe Drive, White Canyon Software.http://www.whitecanyon.com/

• Blancco Data Cleanerhttp://www.blancco.com/

Free Software:

• DBANhttp://www.dban.sourceforget.net

DBAN

Wiping an entire drive is easy.Selectively wiping is hard.

54

Page 55: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Features to look for in a wiping program:

• Cost: Free? Per copy? Per use?

• Bootable disk?

• Wipe whole drive?

• Wipe slack space?

usr bin

ls cp mv

tmp

slg

/

ba

mail junkbeth

x5 x4

x3 x2

x1

x6

x7

x8

usr bin

ls cp mv

tmp

slg

/

ba

mail junkbeth

Program that wipe slack space can be installed on everydesktop.

55

Page 56: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Physical destruction offers the most security.

Destruction is the only technique approved for use withclassified information. 56

Page 57: Ensure Proper Data Management with Discarded IT Assetssimson.net/ref/2005/drives-retail.pdf · Ensure Proper Data Management with Discarded IT Assets Simson L. Garfinkel Center for

Summary

Information left on hard drives:

• is a serious problem.

• is invisible

• violates Federal law

• is easily address

This is largely the fault of Microsoft, Apple, and Linux.

Destroying this information is your organization’s legal and moralobligation.

Questions?57