How hard is it to permanently delete data?
- By Mark Pomerleau
- Mar 31, 2015
The controversy surrounding former Secretary of State Hillary Clinton’s email has brought data destruction to the forefront of the national conversation. Clinton used a server housed at her New York residence for her personal and official emails and online communications while she was at Foggy Bottom Lawmakers investigating the 2012 death of an ambassador in Libya have been concerned that official government emails from Clinton that might assist in the investigation were deleted despite assurances from Clinton that she turned over all emails pertaining to government work to the State Department.
Now reports say Clinton “wiped the server,” deleting all emails. But how easy is it to permanently wipe data from servers or storage media? According to experts who were interviewed recently by the Washington Post, the congressional committee charged with investigating the U.S. ambassador’s death in Benghazi might still be able to obtain Clinton’s deleted emails – in the event they can access the server.
Provided Clinton simply hit the delete button on her emails, they probably still exist. Files are not permanently deleted when a user hits the delete button. “Instead, the pointer the computer uses to find the file is removed, and the computer treats the space on your hard drive as reusable,” explained the Post. Though, depending on the amount of activity one performs on a device, data that is randomly stored could replace deleted items as it needs the space. Typically, additional steps must be taken in order to permanently delete items from a server.
If experienced experts were able to access Clinton’s server with the intention of retrieving emails, they might create a “physical forensic image,” which “creates an ‘identical, bit-by-bit, zero-by-zero copy of the original hard drive,’” the Post reported. This step is used to view the emails as they would appear in a read-only format preventing alterations. Following the physical forensic image, experts might attempt to locate and extract databases that house emails and then conduct a forensic analysis of unallocated spaces within those databases.
However, an equally skilled technician tasked with permanently deleting data from servers could make it very difficult for investigators to retrieve emails or discern if items were even deleted. On the other hand, the Post suggested, any IT pro working with government data would have created some type of back-up to hard drives, the Internet or magnetic tape.
In spite of data retention regulations, agencies need a way to reliably destroy government data and the media housing it. When agencies discard old equipment, for example, they have a variety of data destruction tools they can use. These include:
WipeDrive from WhiteCanyon, which is used by the Air Force and the National Security Agency.
Solutions by Code42 that are capable of triple-pass data sanitization and secure delete capabilities that make it impossible for data recovery through forensics or file system utilities while also complying with government protocols.
Methods that overwrite a hard disk’s data multiple times with random characters.
Using magnetic fields such as EMP to overwhelm systems, which damages, corrupts and renders the data virtually non-existent.
Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.