Reminder: Make Sure Your Servers And Drives Are Actually Wiped

Reminder: Make Sure Your Servers And Drives Are Actually Wiped

It should be 101 stuff: before you dispose of a server, drive or mobile phone, you wipe all the information from it. But has it really disappeared? Data recovery firm Kroll Ontrack purchased three “wiped” items of hardware online, and found easily restored data on all three of them.

Kroll Ontrack tested a second-hand laptop, rack mounter server and iPhone which had been advertised as “wiped of data”. Only the laptop was actually clean. In a press release, APAC general manager Adrian Briscoe explained what was discovered:

The iPhone contained personal text messages and images that had not been erased before it was being offered online. While the server and laptop had been subjected to some data erasing, the server had approximately 55GB of recoverable data in more than 70,000 files. We found data on the server, and were able to identify its previous owner, an Australian financial services company. We suspect the company had more than one of these servers and had wiped some drives, partially wiped others, and then shuffled drives around between the servers before selling them.

The lesson? Data erasure requires a little more effort than just a basic delete command. Check the video for more information on the experiment.


  • Just a small extra node: just as important in most cases when throwing away hardware – even to a professional hardware refuse buyer/handling company.

    The only real time I can think of when it’s not reaaaally practically important would be in a situation where workstations used roaming profiles and actually disallowed any local storage (even logs are redirected to your local AD DS).. You’d probably still be able to find out it’s previous owner.. But in reality that information alone isn’t inherently a security risk (except letting competitors potentially know what expired hardware you used to use I guess heh)

  • Is the data still recoverable if the server hard drives are from a RAID array? So if you only have 2 of a RAID 5 array, could the data still be recovered?

    • Yes, data can be recovered from even a single drive out of a larger RAID set. The short answer is that it comes down to the stripe size used in the RAID. A common stripe size of 128 sectors means that even a single drive out of a larger RAID set contains good, contiguous 64KB “chunks” of data from the original volume. That amount of storage space is ample to hold a PDF or Word document, or individual SQL database pages that could contain highly sensitive information.

    • Hi Jeff,

      Yes, there is! Kroll Ontrack Australia runs a community project with Goodna and Inala special schools – all drives are professionally wiped in our data recovery facility and then sent to the schools where the students dismantle the drives. The project focuses on providing skills and training to the students and all of the proceeds of salvageable parts go towards school fund raising.

      The service is free you just need to send us your drives and we take care of everything else – give us a call on 1800 872 259 if you want any more info.

Log in to comment on this story!