It's 10:00 pm - Do you know where your data is?
Erasing files is not enough. Although various operating systems handle file allocation and directory organization differently, they all pretty much do the same thing when it comes to erasing data. To keep the process simple and fast when a file is "erased," the name is usually modified and the portion of the drive where the content is actually stored is simply made available to store new information. In other words, your data is not "gone" when you erase a file. Similarly, when you format a drive or even perform a full system recovery, data can still exist on the drive where new information has not been copied.
Data recovery programs vary in their sophistication, from something as simple as un-erasing deleted files to scanning the "unused" data space for recognizable data. In either case, the program can only work as long as nothing has overwritten the information you are trying to recover. Software programs such as Data Rescue PC (RecoverSoft), Recover My Files (Channel Access) and Search and Recover (Iolo), typically have simple un-erase capability if the drive is partitioned as FAT, or can scan a drive looking for data still hiding in unused data areas. In some cases, the utility may not even need to recognize or support the operating system, allowing it to find information on Linux, Macintosh, Windows, or other partition types.
Iolo Search and Recover includes tools to make exact image copies of your drive and to perform quick or intensive file recovery of a drive.
If the drive is physically damaged, such as where the electronics have failed or the motor no longer spins, then software programs cannot help at all. Under these circumstances, your only real alternative is to send the drive off to a company that can try things like replacing or repairing the defective electronics, or go to the extreme and physically remove the data platters from your drive and place them in an operational unit to access the data. This type of clean-room recovery is usually very expensive, but worthwhile if your information is truly irreplaceable.
Some conditions can make it difficult for full recovery, most of which are preventable or at least minimize the degree of loss. The most important condition is that no new data be saved on the drive until you can run a recovery program. Once your old data has been overwritten with new information, recovery is no longer really an option. Depending on the type of file system and how large your files and drive are, fragmentation of your data could result in only partial recovery or corrupted content. Performing regular defragmentation of your hard drive keeps the data in your files contiguous (all in one piece) on the disk, and therefore, much easier to recover. File encryption may protect your data from prying eyes, but it scrambles the contents of the data file. This would probably reduce your chances of recovery, at least when the application tries to identify file types by scanning for specific data headers.
Tips to improve your chances of recovering a file:
- Attempt recovery as quickly as possible. The longer a file goes unrecovered, the more chance that some other data will be saved over top of it.
- Don't install, create, or copy anything new to a formatted or re-imaged drive.
- Recommended: Make an exact image copy to an identical or larger drive This gives you an additional backup to work with if things don't go well with the original drive. Recovery programs should not alter the content of the source drive, though having an exact copy provides some insurance against Murphy's Law.
- Recover your data to a target drive of equal or larger capacity. Some data recovery programs will scan the source drive and give you an estimate of required space for the files.
- When all else fails - restore a backup (you DO have a backup, right?)
Is Y our privacy at risk?
The first time you successfully perform a data recovery on a drive and save data you were sure were gone, it can be a great relief. At least right up until the moment it sinks in that anyone with one of these products might be able to access your files, pictures, and other personal information on any drive you left in an old computer. I already mentioned that formatting a drive or even restoring a factory system image only overwrites a portion of the data on the disk. Any unused space may hold data that can be rediscovered and copied off for good, malicious, or just voyeuristic reasons.
If it's so easy to recover files you thought lost or erased, what about securing data on hard drives you might have in old computers or external enclosures or even flash drives? There are a couple of different ways to approach securing your old data drives. If you actively use, or need access to the information, data encryption may be the easiest. File level encryption may be tied to a user login under your operating system. But encryption is more useful when you can move and maintain the scrambled file between systems, drives, and even to optical media or flash drives. Stand alone-encryption programs use a password to scramble and unscramble your information on demand, as long as you have the program installed on the system with the data. Another approach is to wipe or low-level format the drive. The last and most permanent method is physical destruction of the drive media.
A variety of options exist to encrypt files. Windows NT, 2000, and XP Pro all have built-in encryption, but this requires that the drive be formatted NTFS, and the encryption is only in place as long as the files remain on the drive. If you move or copy an encrypted file somewhere, the operating system removes the encryption to perform the copy. If you have a version of an OS that does not support encryption, or you want to keep your files scrambled even if they move, then you usually need some sort of third-party encryption program. This will allow you to password protect files or create encrypted archives with multiple files. Kubicki Turbo Encrypter and Namo FileLock are just a couple of the titles available for stand-alone encryption. Encryption is generally overkill for most users but concerns about private information getting into the wrong hands make such methods more desirable for some.
Programs that securely wipe data can help make sure it does not turn up again later. These programs promise security because they will specifically target the existing file on the drive and deliberately save null or random information over the top before deleting the file. There are degrees of security available with most of these programs, depending on how many times information is written. Most wiping programs will use a "government acceptable standard" of scrambling and re-writing the surface of the disk enough times that not even spies in high-tech laboratories will be likely to guess what had been previously saved on the drive. This presumes that there really do exist high-tech methods that could be used to determine if the random characters of information found on a disk platter really used to be a 1 and not a 0, and putting enough of these back together to make something coherent. Programs that can securely wipe your data before erasing include DriveScrubber and System Mechanic (Iolo); Symantec System Works or the older Norton Utilities both contain a wipe-info tool and a quick search of the Internet will turn up many more.
Iolo Drive Scrubber is a tool to securely erase all of a drive or just unused space where your personal data might still exist even after being erased or formatted.
Low Level Format
For the average user, even a single recording of (random) information over your files will equal permanent loss of data. One tool that can be found on many hard drive manufacturer sites is a low-level format utility or diagnostic utility that performs a similar function. Low level formatting of a drive will write zeros to every sector of the target drive to verify there are no bad or unusable blocks. Surface diagnostic programs may do the same thing by destructive (loss of data) testing of every sector with multiple data patterns to make sure the data read matches what was written. Fujitsu, Western Digital, and Seagate (Maxtor) all have some sort of low-level format tool or diagnostic you can download.
If your drive failed, but at one time had private information on it, you won't be able to perform a secure wipe of the information or low-level format the drive. Under these circumstances, about the only way to guarantee that your data does not get out is to physically destroy the drive. Have fun - bash it with a sledge hammer or drill holes through the platters. Many hard drive platters are now made of glass, and will shatter when you "execute" this type of abuse on them. I usually just like to disassemble them into interesting or useful parts, pulling the platters and magnets out. (I also try to look for anything that might be artistic in appearance for use in a case mod or other project.) Check for local regulations on disposing of electronics and what may be considered hazardous waste in your state or area; this may limit your options a bit.
Most hard drive platters are glass, not metal. It's unlikely any data is coming back from the one on the left.
Tips to protect your data and your privacy:
- Encrypt data you use or need to access regularly. Stand-alone encryption software is required to use the information on multiple systems, or to move it to different media such as flash drives or CD-ROM without losing the encryption.
- Wipe individual files, wipe disks before disposal, wipe free space periodically to destroy old information.
- When disposing of old drives or systems with hard drives, disk wipe or low level format the drive before reimaging with the factory recovery.
- Network - Share folders not drives; restrict access with passwords; use read-only unless changes are needed; turn off WiFi routers when not in use and use the highest possible security to prevent easy access to your network.
- Use Malware protection and keep your OS current with critical updates
- Data backup anything you cannot afford to lose. Keep your backup media or drives in a secure location.