Windows Enterprise Desktop

Oct 11 2010   1:33PM GMT

Selling/surplusing PCs? Replace and crush the hard disks!

Ed Tittel Ed Tittel Profile: Ed Tittel

I’ve been working on revising a couple of books lately — namely, the CISSP Study Guide (going into a 5th edition) and Computer Forensics JumpStart (for a 2nd edition; both books for Sybex/Wiley) — and in that context found this SuperUser.com Q&A extremely interesting. It’s entitled “What’s the best way to compleely remove everything from a computer, without re-installing?” and it addresses sanitization of a PC in advance of its sale to a third party.

In a nutshell, the solution posted to this query essentially involves multiple levels of hard disk clean-up, then free-space scrubbing (so-called/claimed “secure erasure”) to remove all traces of files removed during the clean-up effort (see the posting for the details, which may of interest to individuals seeking to squeak a few extra bucks out of personal equipment, perhaps to help fund the purchase of replacement gear). This is all well and good for machines that have never played host to anything sensitive, proprietary, or protected under various rules and regulations governing customer, client, or patient confidentiality.

This is not a viable solution for corporate gear. Under no circumstances should hard disks that have been used for business purposes ever be re-sold to a third party. Baldly put, these devices need to be securely destroyed to prevent their contents from getting into the wrong hands. After reading (and in some cases writing) about the kinds of tools and techniques available for data recovery and restoration, and understanding the liability and risk exposures that unauthorized access to such data can pose, the only truly safe way to dispose of hard disks used for business purposes is to subject them to some process that damages the platters on hard disks sufficiently that the pieces can’t be put back together again for aggressive scanning and recovery efforts.

That means crushing, shredding, or otherwise mangling the devices so that they simply can’t be accessed and read ever again. With storage as cheap as it is today, it even makes sense to remove and replace drives when equipment is slated for donation to schools or charities, as is sometimes the case with corporate equipment retirements. Anything less risks data discovery, and is simply not worth the potential exposure incurred thereby. Make this stipulation part of your security and lifecycle management policies, and you’ll never have cause to regret this decision.

 Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: