When the World Trade Center buildings collapsed last year, they took with them about $500 million worth of computer equipment, according to financial services company Morgan Stanley.
In spite of elaborate backup systems, some data was housed exclusively in hard drives buried beneath tonnes of rubble, often smashed to bits. Lost? Not necessarily.
Within a month, one computer forensics company alone, Convar Systemme Deutschland, had recovered the data from 39 computers salvaged from the WTC ruins and was beginning work on another 62 using a unique laser tool that took samples from the broken bits to make a "virtual" hard drive and then recreated the original.
It was expensive — up to $35,000 per hard drive — but the next time you "erase" something by clicking delete, it might help to remember Convar: once on view, always on recall.
But I’m Just a Home User…
It’s not likely that you or anyone else will go to those lengths to recover information from your home computer, but data recovery (snooping) tools are getting more sophisticated — and cheaper — all the time.
Convar, for instance, offers a tool called PC Inspector Smart Recovery, that will recover "lost" image or sound files from any computing device — including external memory storage devices and digital cameras — for $US139. RTT, another well-regarded data recovery company, offers a home data recovery software suite that will restore entire drives from common types of disaster (or accidental wipes) for $US80.
When you use these utilities, they’re tools. When others use them, they’re spyware.
What Happens When you Erase Data?
Computer files are just strings of numbers, 1s and 0s. When they’re organised into patterns, they can be rendered by a computer as information — words, pictures, equations, the whole shebang. When even a few number sets at the beginning of a file — the "pointer" that tells the computer where and what it is — are randomised, however, the whole file becomes becomes invisible.
Without the protection of its pointer element, the computer treats a deleted file as though it were blank space, and replaces sections of the deleted file with sections of other files until, gradually, all the numbers have been "overwritten". At that point, theoretically, the file is erased.
The process of overwriting deleted files occurs randomly, however, and some files may sit on a hard drive nearly complete for years, while others may vanish in weeks. Any part of a file not completely overwritten can be recovered — and those fragments are your "invisible" hard drive.
So what’s on this invisible hard drive? Copies of everything you’ve ever looked at online, for one thing — as well as all the email you’ve ever sent or received, and every document you’ve ever read or written using the computer.
That should give you something to think about when you trade your old model in for a new one — because the chances are good that unless you’ve taken strong measures to erase your hard drive, everything is still on it, including your financial identity details.
Can I Really Erase a File?
A growing number of inexpensive software utilities claim they can erase files completely, beyond the reach of even tools like those employed by Convert and its peer organisations — although recovery technology is advancing rapidly.
Most of the popular file wipe utilities cost under $US25 and work by trying to rewrite a file with meaningless information before it gets deleted.
The US Government has indicated, with a few important caveats, that data handled this way becomes unrecoverable after seven rewrites. Two popular wipe utilities that provide at least seven wipes are mcSanitizer and ShredX. ShredX gives users the option of 35 rewrite passes, and actually tries to wipe places the file might have sequestered away copies of itself as well. You’ll want to write over files at least 50 times to get the most complete protection, however.
These tools, and others, can also be used to overwrite — wipe — your entire hard drive, but specialty tools, like IBAS ExpertEraser, are far more effective on big jobs.
Don’t Erase: Encrypt!
Protecting the security of files you want to keep on your computer is another matter altogether, of course, and plain vanilla password protection through your screen saver or boot screen is not a real deterrent for the determined snoop.
Good encryption and locking solutions for the home user are increasingly user-friendly, inexpensive, and almost impossible for snoops to hack. Even the Government recognises this and is on the verge of requiring users who are suspected of using their computers to commit crimes (or of irritating various and sundry Government security agencies) to hand over encryption keys when computers are seized.
Security that tight should defeat casual efforts at intrusion completely — and if encrypted files are left on a re-sold computer, they won’t be readable outside a very advanced laboratory (there are always residual traces of the pre-encryption data that can be extracted under extreme recovery conditions) .
One of the best encryption tools is Kryptel, which actually encrypts both file contents and passwords using "strong" cryptographic algorithms, for $US40.
There are also, unfortunately, more than a few toy approaches to file security that abuse the term and offer what is more simple disguise than actual encryption.
Some tools, like Webroot’s PrivacyMaker, work by hiding files — including Internet activity — except by session access through an encrypted password. As Windows users can already make any file invisible, what’s added here is akin to a deadbolt on a flimsy door.
Another "encryption" technique in common use involves renaming the file extension so that it can be accessed only through the encryption software (e.g., a *.doc file becomes a *.cv4 file). Once a snoop knows the file extension, she or he can easily rename the file and it will then open in the original application.
Wiping Doesn’t Work…
Ultimately, however, wiping is unlikely to provide full erasure of data, no matter how many times a file is written over. The reasons for this are arcane, but the proof is in the pudding.
A recent analysis by Ziff Davis’ (ZDNet) eTesting Labs of nine market leading wipe tools showed that only one worked well in every case — and that product was supplied by the company that commissioned the study. IBAS ExpertEraser failed to completely wipe data from only one of the six computers in the study, however, so short of smelting the hard drive, this may be your best bet at only 28 euros for a one-shot license. Just be sure you mean it.
Redemtech Data Erasure: www.redemtech.com
For a technical overview of the sticky memory problem, see "Secure Deletion of Data from Magnetic and Solid-State Memory", by Peter Gutman of the University of Auckland, 1996.
See also this Slashdot archived discussion of how to fully wipe a hard drive. Their conclusion? Drop it into the sun.
Covering Your Tracks
Securing your files and wiping your hard drives are critical capabilities, but what if you just want to cover your tracks?
Simple as. When snoops want to find out what you’ve been up to, they look in all the likely places first — and often, last. While a computer forensics expert won’t be put off by such basic housekeeping, at least your spouse won’t find out that you’ve been shopping for diamonds if you tidy up after each surfing session.
The first place to start is with your surfing history and your cached Internet files. Both can be cleared in Internet Explorer from the Tools button. Netscape Navigator lets you do this from the Preferences file.
Neither browser always deletes all cache content, however, and Windows Explorer is a handy system tool to locate errant cache files (look into every file that says Temp, to start) for manual deletion.
Then, cookies. Many Websites set little text files on your computer every time you visit. These are usually harmless — often the sites use them to personalise presentation, or to keep track of your shopping cart. They do, however, contain in plain view the address of setting Websites and other information you might not want anyone to see (like what you bought during your visit).
To view them, go to your Start button and use the search tool to find a folder called Cookies. You can delete any of these cookie files — or all of them. Advanced browsers also let you manage incoming cookies before they take up residence on your computer by notifying you that a cookie is being set and asking for permission.
Recent Documents and Trash
The "Recent Documents" file should also be cleaned to defeat casual snooping. You can do this item-by-item using your right click mouse button from the folder, or delete those records all at once from your Start>Settings>Taskbar function.
The same tools that let you recover from an accidental delete — like Norton’s Protected Recycle Bin — also mean a snoop can recover deleted files when you’re not there. Be sure to empty your trash and the Protected File folder that comes with most undelete software.
Many security and PC performance tools, like Norton’s System Works ($US70), also include software to automate these tasks — where suites are concerned, the relationship between price and performance is often dramatically clear.
There are hundreds of software packages designed expressly for the purpose of sweeping away your tracks, however, and many are cheap — or even free.
Webroot, for example, offers an award-winning $US30 tool called "Window Washer" that removes cookies, history files, caches, and other "footprint" related Internet activity — a cosmetic once-over scrub that should defeat a casual snoop. Window Washer also allows you to "bleach" deleted files with several overwrites — not deep protection, but enough to defeat most undelete software. Another tool, less well established, is Anti Spy, which does even more than Window Washer, for $US17.
Finally, secure your email. PGPFreeware lets you exchange strongly encrypted e-mail and even encrypt files — and it’s free. This program is so powerful, the US Government fought to keep it out of non-US hands for years. Now (think big conspiracy here) the US versions are widely rumoured to be compromised. Download from the international site, which is still open source.