Most people would be surprised to learn deleting a file doesn’t actually remove it entirely, but instead leaves behind a residual. They would likely be even more shocked to learn threat actors know about these remnants of information and actively pursue them to sell on the dark web. Is there any way to prevent data remanence?
What Is Data Remanence?
Data remanence is the residual form of data stored digitally. Basically, it is the leftover representation that remains after removing or erasing the original file. It happens when a storage device doesn’t completely delete the file’s contents after the initial deletion attempt.
Hard disk drives (HDDs) have spinning platters with magnetic heads that store and read information. Solid-state drives (SSDs) use flash memory chips and controllers. While remanence usually only applies to magnetic storage media, both types can produce remnants.
Common Causes of Data Remanence
When something is deleted, its contents remain. While erasure ensures the original is no longer accessible, it only removes the file’s name, references to it and its allocated space on the drive. It becomes unsearchable, but it isn’t technically gone. This is the free space problem – the remnant remains until something else must be stored and is overwritten.
Slack space – when an item requires less space than its file allocation unit size – is another common cause of remanence. If 32 kB is reserved but only 14 kB is used, 18 kB doesn’t remain unused. Instead, the entire chunk is preoccupied, creating residuals.
When a person reformats a drive, they delete every file. However, their action may not remove previously written data at first. Since it will likely take time before their operating system (OS) overwrites anything, the amount of residuals in the space will persist for a while.
System log files are among the most common causes of data remanence. They continuously store information on computer operations, such as what a user types and what text the system returns. A swap file – impermanent storage space for when memory runs low – is another temporary solution that often produces remnants.
The Master File Table is often overlooked. It keeps records of every item’s name, location and metadata – all persist after deletion attempts. While the leftover details may be overwritten quickly, there’s no guarantee it will.
Sometimes, a computer automatically saves important files so its user can revert changes in case of a technical issue or dislike for the new version. This is called a system restore point. It’s where copies of OS, driver and setting information are kept temporarily.
What Are the Risks of Data Remanence?
Remnants can be recovered with special software or tools. Users can sometimes restore the original file if they’re familiar with the OS and command prompt. Some systems leave behind enough metadata that recovery is simple. In other words, erasing information doesn’t protect people from hackers or threat actors.
If a threat actor gets ahold of a discarded drive, a breach is likely imminent. They don’t have to be technical experts to recover sensitive information from residuals. While individuals experience identity theft at worst, companies face regulatory action.
Organizations holding customer, patient or intellectual property details will be fined and may face serious legal action if they don’t address data remanence before discarding storage media. Considering the average cost of hard drive recovery ranges from $300-$1,500 – and can be as low as $100 – their odds of experiencing a leak or breach are high.
Since HDDs last three to five years on average – and are often discarded before reaching their end-of-life stage – bad actors have realized searching through electronic waste and second-hand sale websites to find them can be lucrative. In other words, many know exactly where to go to recover sensitive details on long-forgotten drives.
4 Ways to Minimize the Risks
Individuals should take these solutions for data remanence to minimize their risk.
Destroy Storage Media
Destruction involves shredding, melting, crushing, incinerating or wiping. Adequately destroying the storage media ensures no one can recover whatever’s on it. Approximately 90% of data center hard drives are destroyed because it’s one of the most effective ways to ensure sensitive information never falls into the wrong hands.
Use Degaussing
Degaussing is a sanitization method that destroys information but leaves the media in working condition. It uses an electromagnetic field to destroy the digital patterns on HDDs. The details are erased within seconds and the process is irreversible, making it a standard go-to solution for data remanence. Notably, it doesn’t work on non-magnetic drives like SSDs.
Encrypt Data on Drives
Encryption may not prevent residuals or eliminate them, but it stops threat actors from using any details they manage to recover. Currently, there’s no feasible way to make ciphertext readable without a decryption key. In fact, a conventional computer would take 300 trillion years attempting to crack a 2,048-bit key.
Use Cryptographic Erasure
Cryptographic erasure takes standard encryption further by destroying the decryption key, leaving only unrecoverable, unreadable ciphertext. Any residuals will remain encrypted permanently. This solution for data remanence is another sanitization method that leaves the drive intact.
Consider Data Remanence With Every Storage System
While destroying SDDs and HDDs because they may pose a cybersecurity risk is wasteful, it ensures no threat actor can ever recover information to sell it on the dark web. Individuals should be mindful of everything they do on their devices and ensure the action they take to minimize their risk is adequate.
The post How to Manage the Risks of Data Remanence appeared first on Datafloq.