Powered By Blogger

Common Doubts on DATA WIPING

 

Common Doubts on DATA WIPING

Secure Data Wiping is very important, since if both individuals and companies dispose of their old computing devices without taking measures to prevent unwanted recoveries, they put their security and confidentiality at risk.

1. DELETED- Why don't we delete them with a simple click?

When disposing of a computer, many people maintain the false idea that they do not store any important data on it, or that no one may be interested or will bother to check it. Nothing could be further from the truth. The operating system of our computer equipment –Windows, Linux, and OS X- makes us believe that when we send data or documents to the recycle bin or format the hard drive, the Data Wiping is permanent. But this is not the case. The space occupied by these files is available to be reused by others that we store later, but as long as this does not occur, the information is still stored on the hard drive. This is due to the fact that most operating systems simply assign as empty the sectors where the file that we have tried to permanently delete is located, without actually deleting that information, waiting for it to be overwritten with new data. What we stop seeing at first glance is still available if the appropriate means are known to be used for its recovery.

Can it affect us?

Both companies and Public Administrations are increasingly aware of the importance of new information and communication technologies -ICT- to manage their functions and services with full efficiency and effectiveness.

But there is no perceived threat looming over their information systems, each day more complex and with threats that advance at the same speed as technology.

The simple act of disposing of a company's desktop computer can allow competitors or former employees to take advantage of the same, even to appropriate confidential and highly relevant information for the company or customer contact data.

The Public Administrations manage millions of personal data and varied information of citizens in their daily functions, allowing in case of developing a correct disposal policy, the seizure of all this with a simple recovery procedure.

Every day we find in the different media, news about information that appears in the garbage or is in the middle of the street. But really when we eliminate our papers we try to tear them or use a paper shredder, without realizing that when we dispose of a computer or electronic device or medium, we are throwing away millions of electronic papers.

When the information refers to personal data, there may be sanctions from the Spanish Agency for Data Protection and even criminal sanctions. But avoiding damage by preventing is easier than it seems, because discarding equipment due to a breakdown, to change it for a more current one, because it does not support certain applications or for any reason, can open the door to our lives, our business and our bank accounts.

The conviction that Information Security should be a priority in companies and Public Administrations, has to be a reality, which in many cases will require financial endowments, to the same extent that an organization is concerned about having a company security and surveillance to prevent access to the facilities.

02. The Deleting Procedure - What is it?

We all know that file deletion is the action we take to eliminate certain information that is no longer useful or we need, but from a technical perspective, it would be “the action of a hard disk drive when marking a group of occupied sectors of the same as free sectors”. Common Data Wiping implies that the hard drive does not perform the complete erasure task, but marks space in use for free space, thus being able to become free space, to be used by other files that we would like to store in the future.

But secure deletion goes further. When you delete a file, this procedure overwrites a certain combination on it, thus avoiding that if done correctly, this file can be recovered. This procedure must be done in a certain way to achieve the goal, because a simple overwriting does not achieve


Is it really no use simply formatting the computer?

By formatting the equipment or device or support that we want, we can see that its capacity has increased, and the space previously occupied by the files will appear as free. But the only thing that has been done with the formatting action is to prepare the disk to store more information, keeping all the files intact so they can be recovered by third parties.


What are the dangers of not performing a secure erase?

The generation, storage and flow of information in computer systems today is constant and is increasing year after year. Many times we are not aware that we use systems that have previously been used by other people or that our old or useless systems may be in the hands of others.

Currently it is not strange to acquire or eliminate equipment in companies or Public Administrations or in our own homes, through the sale of second-hand, leasing or renting contracts, reuse of equipment, donations or a simple restructuring of areas or of personal. And the vast majority of them without proceeding to a secure Data Wiping or encrypting their content, so that the new acquirer with some computer skills will be able to access and recover what we had stored.

And that without taking into account that, the picaresque or bad faith, can make that information a real gold mine, through extortion, bribery, resale or use for their own benefit. And they are not rare cases or that are not occurring every day, for example the BBC chain, denounced a new type of business detected in Nigeria. The government of this country had sent their old computers to this country, but what they also sent was the content of all of them, which were on their hard drives, so the sale of bank details of British customers and many other information are in the hands of those who knew how to recover data that had been "formatted" or simply "deleted after being sent to the recycle bin."

It is not the only case. From personal photos, passwords, confidential documents, banking information, and all the multitude of data that we store, it can end up in the wrong hands if we do not take the appropriate measures.


03. Hard Disk Recovery


Did you delete that file that you didn't want anyone to see? Do you know that there is a way to get it back?

Whether you intentionally or inadvertently erased a document, without employing a secure erase procedure, it can be recovered. Sometimes it is necessary to recover information from old equipment, devices or media, because a breakdown, a virus, an accident, a blow or a power surge have caused the document or file we need to be lost.

One of the applications of computer forensics is precisely to examine and recover residual data from different computers or media, which have previously been tried to eliminate to avoid leaving traces.

The information that can be recovered from the devices, media and computer equipment, will be determined by the use that was given to it and by the process that has been followed to eliminate the data or files. Taking this into account, IP addresses, email addresses, bank account numbers, passwords, photographs, documents, reports, videos and all kinds of information that could have been stored a priori are susceptible to recovery.

Data recovery is a true science. Its purpose is to try to rebuild the file system, so that the data file can be accessed.

But the problem is that each operating system has its own system to index and monitor the files that are generated and each one of them is especially complex.

 

at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Necessity of a Secure Data Wipe

  Necessity of a Secure Data Wipe According to projections from  The Radicati Group , in 2021 we will be sending 320,000 million emails pe...