Millions of deleted files recovered on hard drives purchased online
Data recovery specialist Secure data recovery shared the results of a recovery project that tried to find out how many files could be recovered from a large number of hard drives (instead of solid-state drives or memory cards) for the sole purpose of TechRadar Pro.
The company purchased 100 hard drives at random and attempted to recover the data using reasonable means; as part of this task, it was decided not to invest resources in recovering data from damaged or encrypted secure drives, as many of these cases could have been salvaged.
Secure Data Recovery recovered data from 35 drives with 34 wiped, 30 damaged hard drives and only one encrypted drive. None of the drives were hybrid (which combines some solid-state storage and traditional spinning drives). Over 5.7 million files were recovered, although this number was skewed by a single hard drive that contained over 3.1 million files. The oldest drive recovered was a Western Digital 2.5-inch model from 2004; nearly two-thirds of drives purchased are 3.5-inch models.
(This article has been updated to reflect that only 35 drives were recovered, the rest were deemed recoverable, but SDR chose not to invest time or resources in their recovery for this study)
A disturbing trend
The findings highlight a well-known fact: most users have no plans for thorough destruction or disposal after replacing failed or obsolete hard drives (e.g. those using PATA or SCSI interfaces).
In other words, a worrying minority of users will get rid of hard drives filled with files, while some will go through the process of actually deleting them. Only a small fraction (1% in the study) will go all the way and actually encrypt the host drive.
Turns out years of warning potential vendors on eBay to make sure their laptops and storage devices were wiped down probably fell on a ton of deaf ears.
A company spokesperson told us that a hard drive is defined as wiped if no data was found, or if it was completely wiped or filled with a random pattern (like the Department of Defense’s three-pass method). The Ombudsman also confirmed what happened to the data after recovery: “We followed our usual strict data handling practices, which include more than 100 security checks. We never reviewed the contents of any recovered file and safely deleted the data after the exercise.”
How to safely dispose of your hard drive
Jake Reznik, lab operations manager at Secure Data Recovery, is an expert in file recovery. Here is his take on getting rid of your hard drive (internal or external).
“Before cleaning, back up your important files to avoid data loss (Ed: You can use backup software or our best cloud backup service), then choose your preferred shred method based on your needs. The wiping software allows the erased hard drive to be reused but replaces the original data with random patterns in multiple passes. Then check if the program has properly wiped all the data.
Other methods damage the hard drive beyond repair. Degaussing uses a strong magnetic field to demagnetize the platters and encrypt existing data. Passing a hard drive through a media shredder tears the components of the device into small metal pieces. Grinding is an enterprise option that reduces particle size to a fine residue. Using a drill to pierce the disk platters in several places is a cost-effective method.
In general, methods that physically destroy the hard drive are safer. Some sites even choose a combination of destruction methods to ensure data is irreversible. For best results, consult a professional service provider for safe destruction and disposal of your hard drive.”
For more information, take a look at what is difference between data recovery software and data recovery services to find the best solution to your file recovery problem, understand how data recovery software works AND what to look for when choosing data recovery services