My friend Simpson Garfinkel, the award-winning journalist and author, had, it seems, a fairly odd hobby. It started when he spotted piles of cheap used hard drives on sale in a local computer supply store:
I took the drives home and started my own forensic analysis. Several of the drives had source code from high-tech companies. One drive had a confidential memorandum describing a biotech project; another had internal spreadsheets belonging to an international shipping company.
Since then, I have repeatedly indulged my habit for procuring and then analyzing secondhand hard drives. I bought recycled drives in Bellevue, Wash., that had internal Microsoft e-mail (somebody who was working from home, apparently). Drives that I found at an MIT swap meet had financial information on them from a Boston-area investment firm. Last summer, I started buying drives en masse on eBay.
In all, I bought and analyzed the content of more than 150 drives with the help of Abhi Shelat, another graduate student at MIT's Laboratory for Computer Science. We found that between one-third and one-half of the drives still had significant amounts of confidential data, even though many had been through a Format or FDisk operation. On another third, someone had deleted the document files but left the applications behind. It was a simple matter to undelete the data files and retrieve their secrets as well.
In fact, only 10 percent of the drives I purchased had been properly sanitized.
Much of the data we found was truly shocking. One of the drives once lived in an ATM. It contained a year's worth of financial transactions—including account numbers and withdrawal amounts—from a organization that had a legal requirement to not divulge such information. Two other drives contained more than 5,000 credit card numbers—it looked as if one had been inside a cash register. Another had e-mail and personal financial records of a 45-year-old fellow in Georgia. The man is divorced, paying child support and dating a woman he met in Savannah. And, oh yeah, he's really into pornography.
Don't panic, though. Simpson, ever helpful, offers a simple solution. (spotted via boingboing, that directory of wonderful things)
I personally think the IEEE article is preferrable to the CSO Article: http://www.simson.net/clips/2003.IEEE.DiskDriveForensics.pdf
Nevertheless scary stuff.