Businesses that migrate from Windows XP to Windows 7 by purchasing brand-new PCs with Windows 7 preinstalled face the problem of decommissioning their old PCs in a way that prevents any significant leakage of sensitive information.
The key to decommissioning PCs is to wipe hard drives so that the likelihood of anyone successfully recovering data from the drives is infinitesimally small. Once the drives have been wiped, it’s safe to send the old PCs to a local recycling depot. Here are some tips to securely wipe your drives.
Standard (spindle) hard drives can be successfully wiped using either Windows tools or various third-party utilities. Some third-party tools such as Disk Wipe and Darik's Boot and Nuke (DBAN) are free and do the job well but offer only basic functionality. Others such as Acronis Drive Cleanser cost money but have additional features that make them suitable for enterprise environments.
If you have only a single system drive to wipe, you can use built-in tools in Windows. Take the drive out of its PC and insert it as a second drive into a different PC. Then use either Disk Management or theFORMAT K: /FS:NTFS /V:LABEL /X command to format the drive and give it a drive letter such as K: drive. Finally, run the CIPHER /W:K:\ command, which will write random data to all sectors of new volume.
If you need to wipe a lot of drives and if your business has a Software Assurance (SA) agreement with Microsoft, you can use a Diagnostic and Recovery Toolkit (DaRT) CD to quickly boot and wipe each PC’s drive. DaRT is part of the Microsoft Desktop Optimization Pack (MDOP).
Short of incinerating the drive using a plasma blowtorch, the above procedures are the best way to render your drives unreadable unless the organization trying to recover data from them is willing to spend a great amount of time and effort to do so.
Notebook hard drives running Windows Vista or later that have been encrypted using Windows BitLocker Drive Protection are much easier to wipe. All you have to do is destroy the BitLocker recovery key info for that drive — from a security perspective, this is essentially equivalent to wiping the drive.
To do this on a BitLocker-protected system, run the MANAGE-BDE –FORCERECOVERY C: command to place the computer into recovery mode. The next time the computer is started, the BitLocker recovery console is displayed, and the user is prompted to provide the recovery password needed to decrypt the volume (in this example, the C: drive). Then once you've destroyed any copies of the recovery password that are lying around, the encrypted data on the C: drive becomes unrecoverable. You've locked the door on the data and thrown away the keys. For extra safety, formatting the drive using the FORMAT command in Windows Vista and later also erases the BitLocker keys.
Wiping the solid-state drives (SSDs) found in newer notebook computers can be more problematic. DaRT doesn’t work because it can’t guarantee that all data will be wiped from the drive. SSDs have a reserve area on them that is used to load balance writes across the cells, and it’s possible that the reserve area might contain copies of sensitive business data.
The reserve area of an SSD can be large, and the operating system is not aware of the existence of these reserve areas or able to access any data stored in them. Only the SSD’s firmware knows of the existence of these reserve areas and what’s stored in them.
If you need to wipe all data from an SSD, the best bet is to use a tool provided by the SSD manufacturer. For example, the Intel SSD Toolbox with Intel SSD Optimizer can be used to securely erase Intel 320 Series SSDs. If no such tool has been provided by the manufacturer, you should physically destroy the SSD drive.
Of course, SSDs aren’t cheap (though they will be one day), so you might want to remove the SSD, insert it in another computer, reformat it and use it as an additional drive for that computer. But if you do this and the SSD contains sensitive business data in its reserve area, the potential for information disclosure is still present.
Even if your Windows-based network is configured to use technologies such as Folder Redirection or Roaming User Profiles which keeps sensitive business data from being stored on end-user PCs, it’s still important to wipe the hard drives in your PCs before recycling them. Cached user profiles, product keys and other important data still remain on the system drive, so if you value privacy as a business be sure to perform this important step before you send your old PCs to the recycler.
Finally, it’s not just the privacy of your sensitive business data that is at stake here. Data breaches can also lead to lawsuits or other legal action that can drive you out of business. Government regulations such as HIPAA, Sarbanes–Oxley, the Gramm–Leach–Bliley Act and others might require that your organization adhere to specific practices for safeguarding customer data. It's time to take data protection seriously, so make sure to wipe your drives before decommissioning old PCs.