A View from Simson Garfinkel
Putting a computer hard drive in the freezer will help recover lost data.
I buy a lot of used hard drives on eBay. Originally, I bought these drives to demonstrate that people throw away or sell computer equipment without much regard for the so-called residue data. About one-third of the hard drives that I bought had confidential information on them, one-third of the drives had been properly wiped, and one-third were broken. I published and made a big splash with my findings. The research was even part of my PhD thesis.
After I graduated, I turned my attention to other uses for this information. One of the more interesting things you can do is develop new computer-forensics tools. Most academics and other researchers who are developing such tools today base the tools on a very small data sample–but by using my collection of used hard drives, I could develop and validate tools using more than a thousand different drive images.
There is just one problem: ever since I published my research, fewer and fewer of the drives that are sold on eBay actually have data on them. I believe that this is one of the positive results of my research–more people are aware of the need to overwrite their data before tossing (or selling) their drives. But it has also caused a problem for me because I’m still trying to grow the corpus of disk-drive images.
A few months ago I was visiting another computer-forensics specialist when I learned about the freezer trick. This fellow gets a few broken disk drives now and then, and, by putting the drives in a freezer overnight, he’s frequently able to recover data that would otherwise be “lost.” Well, when I got back to Harvard, where I work, I took a few of my “broken” drives down from the shelf and put them in the freezer overnight with a note: “These hard drives are being used for a research project; please don’t eat them.”
The next day I took two of the drives back to my desk and plugged them into my computer. How about that: two of the drives that had been “broken” were now giving me their data.
This is a big deal for me. For starters, it means that I can now get data off many of those “broken” drives I’ve been keeping on my shelf. But it also means that many of the drives being sold on eBay as broken can nevertheless be scavenged for data. This is particularly troublesome because it’s unlikely that the previous owners of the drives were able to properly clear them before they were sold.
I don’t know why people continue to sell used hard drives online. I mean, there’s not a lot of money to be made. And given that more than a third of the drives I buy are broken (even the ones advertised as working), I can’t figure out why people are buying them. But I can tell you one thing: when I bid for hard drives on eBay, I lose most of the auctions.
Become an Insider to get the story behind the story — and before anyone else.