unModified()

The only way to know for sure is to try

Sending Off Hard Drives

And the dangers of not following proper disposal procedures.

February 28, 2024

image of an M.2 SSD and a 2.5in ssd under a hammer held by a person Photo by Andrey Matveev

Last weekend, I went on a thrift store run and managed to snag a few external drives that were in good condition: a 500GB, a 160GB, and a 40GB - a rare find and all for just $22. I believe the 500GB and 160GB drives were mistaken for a pair of bookshelf speakers because their enclosures looked identical, black, and heavy. It's also probably why they were taped together and in the electronics section, instead of being in the display case where routers and consoles usually go.

To a normal person, this means absolutely nothing. To a techie, it's nothing special. 500GB drives are practically worthless these days given that 4TB drives sell for about $99. Even games these days are like 250GB on their own (*cough* Call of Duty *cough*). I don't know in what state the drives are in, I don't know how it was handled by its previous owners, I don't know if they were thrown around by thrift store staff either. I may have just thrown away $22. But I don't care about all of that, I'm not after the drives.

It's what I can recover from them.

When you store a file on HDDs/SSDs, the data itself is stored in some location in the media, and an index records the file's metadata including the data's location on the media. However, when you delete a file from an HDD/SSD, the drive only removes the file's entry from that index and treats the location the data is on as "empty". But the data is still there, and still readable. And due to the nature of HDDs and SSDs, they also prevent total data deletion. Even if you write zeroes over the data on an HDD, the original bits can still be picked up from the platter, albeit faint. Meanwhile, SSD wear-levelling extends the longevity of the flash cells by evenly spreading writes across cells, but keeps the data on the cells for longer as a side-effect.

I've already recovered the data from the drives with free software you can readily find online. No personal information regarding the original owner was found on the drive, but it was enough to paint a picture of what the original user was like. It's amazing how much can be inferred from just the metadata alone. Partition information can tell you what device it was used on. File names and types give you a sense what it was used for. SMART drive information can tell you how often it was used. Directory structure gives you an idea of what software was present. The original owners got lucky or were smart. Important files probably stayed on their machine, while the external drives were only a music/share drives.

With my curiosity satisfied, I got rid of the recovered files, wiped all the drives clean, and ran the recovery software again to make sure the files weren't recoverable anymore. As easy it is to download recovery software, it's just as easy to find software for wiping HDDs. These work by "scribbling" over the drive with random data multiple times to obscure the original data's bits. For SSDs, they typically require manufacturer-specific utilities to have the SSD wipe itself. I have not wiped enough SSDs to know for sure if they totally get wiped. In any case, I reuse the drives I find for cold storage if they're still up to the task.

If there's any take-away from this exercise, it's that:

  • Encrypt your drives, especially SSDs. As long as the encryption is strong and the key unobtainable, the recovered encrypted data is effectively indistinguishable from random bits.
  • Wipe the storage prior to sending devices off, or have someone you trust do it for you.
  • Alternatively, remove and hold on to the storage media, and send off the rest of the device.
  • Worst case scenario, destroy the storage media and, by extension, the device.

Think twice before sending off your devices. Your PC, your laptop, your tablet, your phone, your old external storage, heck even your old mp3 player, anything that has some form of persistent storage. Think long and hard about what you previously put in these devices. Think of the impact to you, your family, your friends, your work, if someone got their hands on that data.