How To Keep Your Data From Being Destroyed - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


How To Keep Your Data From Being Destroyed

With products like Boot and Nuke, Data Eraser, Cybercide, and Evidence Eliminator, industry experts offer their tips on how to secure information and intellectual property.

If the thought of employees stealing confidential data makes IT and security managers restless at night, then the prospect of those employees destroying that confidential data is enough to make them feel like they're sleeping on a bed of nails. The recent case of insider theft and attempted erasure of confidential product information at chemicals-maker DuPont highlights this growing problem. Yet, despite the plethora of tools available for wiping hard drives clean, there are several measures that companies can take to protect themselves from this malicious behavior.

Former DuPont research chemist Gary Min next month faces sentencing of up to 10 years in prison, a fine of $250,000, and restitution for stealing $400 million worth of company trade secrets. Equally as troubling as his violation of DuPont's trust, however, was his attempt to conceal the crime. Law enforcement arrived to search Min's home shortly after the crime had been revealed only to find a software erasure program in the process of wiping evidence from one of Min's external disk drives.

The DuPont case is the tip of the iceberg when it comes to a company's vulnerability at the hands of its own employees, says Rian Piccolo, PC engineering manager with DriveSavers Data Recovery, a firm specializing in the recovery of data from damaged computing equipment. "We're seeing a lot more of this, insiders taking information and intellectual property," he adds.

"We regularly do recovery for law enforcement so that we can provide them with an image that they can use to get forensic evidence," says DriveSavers director of PC engineering Michael Hall. DriveSavers doesn't actually handle the forensic evidence, but it does provide law enforcement with a restored drive and data that officials can use to conduct an investigation.

The availability of data erasure tools online means insiders and other criminals don't have to be as technologically savvy as before. A layman can find via a search engine the software needed to delete and wipe a drive. This includes open-source freeware such as Darik's Boot and Nuke, which renders data on PC hard drives unrecoverable, as well as commercial products such as Kroll OnTrack's Data Eraser, CyberScrub's Cybercide, and software from Finland's Blancco, all of which work on PCs and storage media. Deletion also comes as a feature with certain EMC and IBM storage and records management products.

One of the more common data deletion tools that's used is BCWipe, which claims to be fully integrated into Windows so that it can digitally "shred" file data so that recovery by any means is impossible. "Then there's my personal favorite, Evidence Eliminator," says Kristin Haworth, managing director of LECG's forensic investigative services division. "How do you defend yourself if you're caught using a product with this name?"

While none of these products is marketed as a tool that should be used to cover up a crime, IT managers need to be aware of data-wiping utilities surreptitiously installed on their company's PCs. Outside of IT department personnel, other employees have a hard time making a case for using this type of software. IT managers also must be careful in the handling of PCs that have maliciously been wiped. "If you see a drive has been wiped, you do not want to touch the drive because the courts will want to know why the drive was tampered with after being discovered," Haworth says.

Once IT departments get a better understanding of what's on their PCs, they have a few other factors working in their favor in guarding against destroyed data. Wiping a hard drive isn't an easy or smart thing to do, Haworth says, adding that it can take about four hours to properly wipe a drive, depending on its size. Not to mention, destroying data is highly incriminating behavior, regardless of whether the person destroying the data is actually guilty of anything. "If you wipe a hard drive, then we say that everything on that hard drive must have been relevant to your case," she says. "But you probably have less incriminating information on your computer than you think."

The two most common ways to delete data are to do a logical delete or to actually physically damage the hard drive. Often, insiders will perform a logical delete rather than wiping a drive because they don't know any better. "If you delete files on the PC, they still exist on a physical level on the drive," DriveSavers' Hall says. "As long as the person doesn't overwrite that data, we can get it back."

In fact, data theft often can leave a long trail that's difficult to erase, even if hard drives are wiped. Haworth is familiar with one case where sales employees of a company attempted to destroy client account data on their computers before leaving to work for a competitor. These employees were smart enough to hire a firm to properly wipe their drives, but they didn't think to delete the AOL e-mails they exchanged when planning to do this.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
State of the Cloud
State of the Cloud
Cloud has drastically changed how IT organizations consume and deploy services in the digital age. This research report will delve into public, private and hybrid cloud adoption trends, with a special focus on infrastructure as a service and its role in the enterprise. Find out the challenges organizations are experiencing, and the technologies and strategies they are using to manage and mitigate those challenges today.
Enterprise Guide to Digital Transformation
Cathleen Gagne, Managing Editor, InformationWeek,  8/13/2019
IT Careers: How to Get a Job as a Site Reliability Engineer
Cynthia Harvey, Freelance Journalist, InformationWeek,  7/31/2019
AI Ethics Guidelines Every CIO Should Read
Guest Commentary, Guest Commentary,  8/7/2019
Register for InformationWeek Newsletters
Current Issue
Data Science and AI in the Fast Lane
This IT Trend Report will help you gain insight into how quickly and dramatically data science is influencing how enterprises are managed and where they will derive business success. Read the report today!
White Papers
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Sponsored Video
Flash Poll