The Association of Digital Forensics, Security and Law (ADFSL)
Researchers at Rits Information Security performed a study in how the Irish population disposes of their old computers. How would you dispose of your old computer, or how would the company you work for dispose of their old computers?
The majority of Irish homeowners, would bring their old computers to local civic amenity centres, give it away to a relative or sell it on to another party.
Some organisations would give their old equipment to a staff member, as a gift gesture, others may simply discard in the local civic amenity site.
What is wrong with the methods currently being used for discarding of our old PCs?
With this question in mind, Rits Information Security embarked on a study to highlight the problems home users, and corporate users face when discarding retired PCs.
In this paper, Rits Information Security describes research in which a number of hard disks were taken from computers after they had been released for resale on Irish online auction sites. The research that was undertaken involved an analysis of the disks to determine if any information remained on these disks, and whether the information could be easily recovered using commonly available tools and techniques.
From this analysis, a number of disks could be traced to specific organisations, including large financial institutions, various consultancy firms, numerous small trade organisation, auctioneers, and insurance brokers. In addition to these, a number of computers were found to have originated from the home environment.
The results indicate that careless disposal of computers and storage media in the Republic of Ireland is a significant problem. Very few of the disks tested had undergone a thorough or efficient cleansing process. The level of information that could be recovered from the majority of the disks tested would have proven useful for corporate espionage, identity theft, blackmail, and fraud.
Bruce, L., 2004, “Removing Financial Data from your Computer”, http://www.bankrate.com/brm/news/advice/20030711a1.asp, Date accessed: 03/04/08
Jones, A., Mee,V .,et al, 2005, “Analysis of Data Recovered from Computer Disks released for Resale by organisations”, Journal of Information Warfare, Vol 4 (2) 45-53
Jones A, Valli C, Sutherland I and Thomas P, 2006, “The 2006 Analysis if Information Remaining on Disks Offered for Sale on the Second Hand Market”, Journal of Digital Forensics, Security and Law, Vol. 1(3) 23
Leyden, J, 2007, “M&S in ID theft flap over stolen laptop”, http://www.theregister.co.uk/2007/05/09/printing_security_flap/, Date accessed: 14/08/07
Breaking News, 2007, “MySpace users warned about identity theft“, http://archives.tcm.ie/breakingnews/2007/07/22/story320025.asp, Date Accessed: 14/08/07
MxSweep, 2006, “Fear of online identity theft could cost Irish businesses up to €250 million a year “, http://www.mxsweep.com/phishing-identity-theft.html, Date accessed: 14/08/07
Scott, R., 2007, “What Happens When your Computer or Gadget is Defunct?”, http://www.24hourtrading.co.uk/blog/what-happens-when-your-computer-orgadget-is-defunct-284/, Date accessed: 03/04/07
"Who is Reading the Data on Your Old Computer?,"
Journal of Digital Forensics, Security and Law: Vol. 3
, Article 2.
Available at: http://commons.erau.edu/jdfsl/vol3/iss1/2