Finding The Hidden InfoSec Story

My Grandfather’s Record Collection

Photo Credit: Kyle Krug via Compfight cc

With the speed of developments in technology, you would expect all things to have changed over the years in IT. Yet there is one of many areas which has had little or no change that I would like to discuss.

I am talking about the removal of information from your system or the so-called formatting of a hard drive. I say hard drive but it would be better to say non-volatile memory as hard drives have been replaced on mass by devices that are capable of storing data without an active power supply.

Information is stored onto such a device by converting documents, or any information for that matter, into a long string of 0’s and 1’s. These are then recorded onto the non-volatile storage of your desktop, laptop, tablet or smartphone.

When you delete a file from your device you may assume that the entire string of 0’s and 1’s is removed. This is however not the case. Even when using a technique called “formatting” will the actual information stored be untouched.

Every storage device has an index or allocation table that tells it where a piece of information resides in memory.  When deleting a file the entry for the file is removed from that table freeing it up for new information. When formatting a disk, the entire table is removed and replaced with an empty one.

It reminds of my grandfather’s record collection. He had a vast collection of records that always resulted in me losing track of time while we were visiting. Some records were missing a part or their entire label which resulted in a guessing game which music we would hear.

Deleting a file or formatting a disk is basically the same. You may not know what music resides on the vinyl record or where a recording starts or ends but once you find the right groove the recording will play.

You may wonder why this method of removing information was used. And the answer is time; the actual overwriting of a file or entire disk varies from seconds to hours depending on the size of file or storage device causing the system to wait while the task is completed. And it has to be done meticulously: I am not suggesting I ever did this for real on my grandfather’s collection, but you need to scratch a vinyl record pretty bad to not be able to recognize the song being played. The same is true for information. Even if parts of a document are overwritten it may be possible to still retrieve important fragments of information.

That is why it is so essential that storage devices that contain sensitive information are wiped or physically destroyed. Another technique is to use encryption that encrypts both the information and the allocation table. As long as the encryption is strong and the key is not known it is as if the device is empty.

Author: Daan Stakenburg

Share This Post On