People who upgrade or retire their old computer equipment typically get rid of their old hard drives by selling them, donating them, or simply giving them away. Such people may be surprised to learn that if they have not taken the proper steps to insure that their old data files have been wiped from the disk, the data contained within those files can be recovered by the recipients of the old drive. Personal information such as social security numbers, driver's license numbers, birthdates, bank account numbers, credit card numbers, phone numbers and addresses, personal pictures and images, spreadsheets, emails, word processing documents, etc., can be recovered from old disk drives.
Stealing such information is called "identity theft". Every year the number of people who fall victim to identity theft increases.
Deleting old files is not enough to ensure that their contents are gone. Operating systems allocate files on the disk in "blocks", such that any given file is actually a collection of one or more disk blocks. Deleting a file simply deallocates those blocks, but does not actually erase the contents of those blocks. These deallocated blocks are then free to be used for new files created later, at which time they will be overwritten with new data. But there is no guarantee which blocks will be reused or how soon. The data contained by the original deleted file, which may have been deleted months or even years ago, may still be out there on the disk in one or more unallocated disk blocks.
The only sure way to erase a hard drive is to "squeeze" it, by writing over the old information with new data (all zero bits, for instance) at least once, but preferably several times. There are several commercial security products that do this, including PGP.
The easiest way to do this yourself is to simply create one or more large data files. By creating these files, they reuse unallocated file blocks on the disk, wiping out their old contents and writing new data it its place.
This is not a perfect strategy, of course. Creating new files overwrites the old data blocks only once. Recent advances in magnetic disk technology have made it possible to recover remnant data bits overwritten by new data bits. (This technique takes advantage of the fact that the magnetic head on a hard disk drive wobbles slightly as it flies over the disk surface, so that any given magnetic domain, or bit, is not 100% overwitten but leaves a tiny fraction of the previous magnetic domain in its previous state.) However, this technology is expensive and requires sophisticated equipment, so its use is primarily limited to the FBI and other law enforcement entities. Your typical hacker is not going to be able to recover overwritten data bits.
With this strategy in mind, I've written a DOS batch file that fills your hard drive with large data files. This has the effect of wiping out all the unallocated file blocks and all the file blocks from previously deleted files (which may contain sensitive personal information) on the current drive. This is not a guaranteed way to completely wipe out all traces of your old data files, but it's pretty good.
You can cut and paste the text of the source listing below, or you can download the executable batch file from this link:
[ http://david.tribble.com/dos/filldisk.bat ]
Note: Do not execute this link, but simply save it as a file.
You can then open a DOS command window and execute the batch file from the command line. It takes a while to run, especially if you have lots of unused space on your drive.
@echo off rem ============================================================================ rem filldisk.bat rem rem Fills the current disk drive with many large data files. rem This has the effect of wiping out all the unallocated file blocks and all rem the file blocks from previously deleted files (which may contain sensitive rem personal information) on the current drive. rem rem This is not a guaranteed way to completely wipe out all traces of your old rem data files, but it's pretty good. rem rem usage: filldisk D rem rem The 'D' parameter specifies the disk drive to fill, and is required. rem rem Note that filling an active disk drive beyond 90% of its capacity will rem probably cause MS/Windows to complain, especially if it is the Windows rem system drive. rem rem This works on MS/DOS 2.0 or later. rem rem 1.0, 2003-01-17, David R. Tribble, <email@example.com>. rem This code is not copyrighted and is in the public domain. rem ============================================================================ rem ==================================== rem Run in a temporary directory on the specified (or current) drive if not (%1) == () goto setdisk echo Fill the current disk drive with many large data files. echo. echo usage: filldisk D echo. echo The 'D' parameter specifies the disk drive to fill, and is required. goto end :setdisk set i=%1 shift echo Changing to drive: %i%: %i%: if exist fstemp\. goto skipmd echo Creating temporary subdirectory "fstemp" mkdir fstemp :skipmd chdir fstemp rem ==================================== rem Create a large file (128 MB) containing random data echo. echo Creating temporary data file: fs0.dat echo Booger> fs0.tmp echo Creating temporary data file: fs1.dat set i=a :loop1 copy /b fs0.tmp+fs0.tmp+fs0.tmp+fs0.tmp fs1.tmp >nul copy /b fs1.tmp+fs1.tmp+fs1.tmp+fs1.tmp fs0.tmp >nul set i=%i%b if not (%i%) == (abbbbbb) goto loop1 :endloop1 rem ==================================== rem Copy the random data file to multiple files until the disk fills up echo. echo Filling the disk with random data files... echo (This should eventually fail when the disk is almost full) echo (If it does not fill the disk, run it again in a different directory) rem These nested loops will create 10x10x10x10 = 10,000 files rem This gives a total of 128MB x 10,000 = 1,280,000 MB = 1,250 GB set i=0 :loop2i set j=0 :loop2j echo. set k=0 :loop2k set m=0 :loop2m echo writing: fs%i%%j%%k%%m%.tmp copy /b fs0.tmp fs%i%%j%%k%%m%.tmp >nul if (%m%) == (9) goto endloop2m if (%m%) == (8) set m=9 if (%m%) == (7) set m=8 if (%m%) == (6) set m=7 if (%m%) == (5) set m=6 if (%m%) == (4) set m=5 if (%m%) == (3) set m=4 if (%m%) == (2) set m=3 if (%m%) == (1) set m=2 if (%m%) == (0) set m=1 goto loop2m :endloop2m if (%k%) == (9) goto endloop2k if (%k%) == (8) set k=9 if (%k%) == (7) set k=8 if (%k%) == (6) set k=7 if (%k%) == (5) set k=6 if (%k%) == (4) set k=5 if (%k%) == (3) set k=4 if (%k%) == (2) set k=3 if (%k%) == (1) set k=2 if (%k%) == (0) set k=1 goto loop2k :endloop2k if (%j%) == (9) goto endloop2j if (%j%) == (8) set j=9 if (%j%) == (7) set j=8 if (%j%) == (6) set j=7 if (%j%) == (5) set j=6 if (%j%) == (4) set j=5 if (%j%) == (3) set j=4 if (%j%) == (2) set j=3 if (%j%) == (1) set j=2 if (%j%) == (0) set j=1 goto loop2j :endloop2j if (%i%) == (9) goto endloop2i if (%i%) == (8) set i=9 if (%i%) == (7) set i=8 if (%i%) == (6) set i=7 if (%i%) == (5) set i=6 if (%i%) == (4) set i=5 if (%i%) == (3) set i=4 if (%i%) == (2) set i=3 if (%i%) == (1) set i=2 if (%i%) == (0) set i=1 goto loop2i :endloop2i :end
If you have been a victim of identity theft, you can call:
FTC - Identity Theft Hotline
(1-877-438-4338) toll free.
Author web home page: david.tribble.com.
Copyright ©2003 by David R. Tribble, all rights reserved.
@(#)www/text/filldisk.html $Revision: 1.3 $ $Date: 2003/01/25 22:30:41 $