Byron Rashed, Senior Director of Marketing, Advanced Threat Intelligence for InfoArmor explains the process of destroying hard drives, and recovering data, in light of reports that the recent San Bernardino, California, attackers did just that to cover their tracks.
Byron Rashed, Senior Director of Marketing, Advanced Threat Intelligence for InfoArmor :
“The erasure of data and the destruction of hard drives is not that difficult to do. Hard drives are routinely destroyed to protect highly sensitive data from getting into the wrong hands. Today, almost every device such as computers, mobile phones, tablets, etc. contain personal and financial data, and credentials to authenticate users and allow access to Web service and applications.
In most cases, the destruction of a hard drive is to ensure that legitimate personal data is property disposed of. From news reports, in the case of the San Bernardino shooters, it was most likely done to destroy incriminating evidence that could have possibly linked them to terrorist activities.
In simplified terms, a hard drive consists of the outer housing, a movable arm that reads and writes data to either a magnetic or ceramic platter. These drives are often referred to as HDDs (Hard Disk Drives). SSDs (Solid State Drives) are becoming more popular as the cost continues to drop. These drives use memory arrays to store and access data in a similar way as RAM modules do in a computer, but not clearing the data randomly to support applications that are currently being used.
Destruction of ceramic and SDDs are quite similar, after the drive is disassembled, breaking the disk or the modules can be done by simply smashing them with a hammer. Destruction of a HDD with a metal platter can be accomplished by fully demagnetizing the disk with a strong magnet, then bending, hammering and shearing the metal. Burning the disk using a very volatile fuel at high temperature will destroy the disk as well.
Depending on the damage to the disk, there are highly specialized forensic recovery methods utilized by law enforcement to recover all or some data to be used as evidence in a case or investigation. That recovered data is very useful in finding accomplices or other bad actors who could be associated with the targeted illegal activities.”
[su_box title=”Byron Rashed at InfoArmor” style=”noise” box_color=”#0e0d0d”]
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.