On this page:
- Removing Data from Mobile Devices
- Removing Data From Computers
- Software Options
- Additional Resources
- Related Links
Sometimes sensitive and private information can remain behind and be accessed on your device even after you think it has been "erased," making this source a gold mine for criminals.
The sections below outline the steps you can take to ensure your data doesn't inadvertently leak out when you willingly separate yourself from your devices.
The media sanitizing information on this page is offered as a suggested guideline only. IS&T currently only offers such services to departments, labs and centers with DITR contracts.
There are plenty of people who will happily buy a used device. When these items are bought, data from previous owners can be retrieved with a little "know-how." The "smarter" the phone, the more likely it will contain data such as bank account passwords, personal emails or private photos.
Phones retain data two ways:
- On the SIM card or SD card, which can be removed
- Stored in flash memory (the device's internal memory) - the data in memory can be retained if not properly erased, even if the device's battery is drained or removed.
Back up any important data and transfer important files to your new phone, or temporarily to your computer. This includes pictures, documents, books, applications and media.
While most people remember to remove the SIM or SD card, they often forget about the internal memory. To delete memory data, users have to do a "hard reset," which returns the hardware to original factory condition. Each phone has a different hard reset procedure; some can only be done by a technician or by contacting the service's customer support. In other words, deleting information using the "clear" option in the interface is not a secure method for erasing data.
- Android: A factory data reset can be done by going to Menu > Settings > Privacy > Factory data reset. Conversely, you can also dial *2767*3855# which will cause the phone to power off and then power back on in a factory reset. There is some inconsistency with how certain Android phones react to the dial reset, so it may not completely wipe some phones. Also keep in mind that rooted Android smartphones may react unpredictably to a factory data reset.
- iPhone: You can erase all content from the device itself. The reset command is in the Settings menu under the General category. Steps before selling or giving away your iPhone, iPad or iPod touch. It's also possible to perform a factory data reset by connecting the phone to a computer and using iTunes. In the source list, click on the iPhone, then click on the Summary tab and choose Restore. You will have the option to restore to a backup copy of your data or "Set up as a new phone." Choose to set it up as a new phone and all personal data will be wiped.
- Blackberry: Go to Options > Security Options > General Settings > Menu > Wipe Handheld.
- Windows Phone 7: Go to Settings > About > Reset Phone. There are also methods to perform a hard reset using just physical buttons (volume and camera buttons, for instance), but they vary based on manufacturer and model, so you'll need to look up the method for your specific device.
- More on mobile devices can be found here.
- You can not always count on the company you donate or return your phone to to erase it. Research has found that not all companies that claim to scrub data before reselling or recycling your phone actually do so.
- Follow the manufacturer's instructions for hard resetting the phone. If you can't find your manual or need assistance, the mobile support members of the IS&T Help Desk may be able to help you.
- The phone's cellular service provider (AT&T, Verizon, Sprint, etc.) may offer assistance with erasing the data. They may even have a recycling program available or will erase the data for you.
- If you are donating your phone to a charitable organization, ask if they change out the software. If not, your private data might not be removed.
- If applicable, remove the Subscriber Identity Module (SIM) card or microSD card and store it in a safe place. This portable memory chip, used in some models, holds your personal identity information and may contain phone book data and text messages. You can use the same card in your new phone if it supports the technology.
- Portable devices such as USB flash drives and iPods can also contain private information. These should be erased using the manufacturer's recommendations.
- When in doubt about whether sensitive information is retained on your device, you may want to consider physically destroying it.
Don't wait too long to remove the data from an old computer. You may not be able to find the plug or get the computer to start up. However, even if the computer is "broken," somebody else may have the skills to access the data stored on it. (Back in 2003, grad students from MIT were able to recover private data on discarded disk drives. Of the 158 drives, only 12 had been properly sanitized.)
- Reformatting a drive (the "format" command on a Windows machine) doesn't actually overwrite each block of data. To properly sanitize a hard drive, you need to overwrite every block.
- Deleted data using the "erase" command can often be retrieved. Tossing files into the computer's trash bin and then emptying the trash deletes the record of the file, but not the data the file points to. Think of it as removing the labels from folders in a file cabinet: the folders and information in them still exist, even if retrieving the data now takes more time and effort.
It helps the planet to consider recycling this equipment responsibly. According to the International Association of Electronics Recyclers, the world's massive heap of what's called eWaste currently consists of about a billion pieces of computer equipment.
If there could be any sensitive information on the equipment, make sure the hard drive is completely erased ("wiped").
To wipe the drive yourself, use a utility tool that overwrites every sector of the hard drive with binary 1s and 0s. Tools that meet government security standards overwrite each sector multiple times for added protection. There are many tools that meet this standard. For more information, see: Software Options.
- If you only have a few computers, hard drives or thumb drives, MIT Facilities will pick them up at no cost (items must weigh under 50 lbs). Facilities will NOT remove the data from the drives. The items are then prepared for pickup by third-party vendor, IRN, a recycling company, who must destroy the drives of computers they recycle. They guarantee to remove data according to MA data protection law standards. Contact firstname.lastname@example.org for more information. Learn more about eWaste disposal at MIT.
- For large amounts of equipment, consider paying a service to wipe the drives for you. The potential liability if sensitive data gets out could easily justify the cost. MIT has an agreement with Intechra, an IT Asset Disposition services firm, to manage the disposal of IT products across the Institute, in collaboration with VPF Property. After de-activating equipment through VPF Property, DLCs should contact Melanie Jacques (401.225.6429) at Intechra to arrange for the pick-up and disposition of equipment. The company provides a certificate ensuring secure data disposal when the equipment has been processed for repurposing.
- If your area has a contract with IS&T through the Distributed IT Resource (DITR) group, your consultant will arrange for your systems to be wiped here on campus and will store your items in a safe location prior to being picked up by Intechra.
- If not using any of the above options, make sure to use vendors who are National Association for Information Destruction (NAID) certified.
When erasing the data is no longer an option because of the item's condition, physically shredding or otherwise destroying the item is the only way to protect the remaining data from access. If you have a contract with DITR, ask your consultant about this option.
The software tools listed below are just a sampling of those available for wiping hard drives. They are provided for informational purposes only and are not currently supported or recommended by IS&T. If you have used any of these tools, or even other ones not listed, please send us your feedback. We would be happy to hear about your experience, whether good or bad, so that we can forward on the information and keep this page updated.
The IS&T Help Desk is not trained and does not offer support for the following software options. Customers should contact the vendor directly with usage questions.
|Warning: These products are designed to irretrievably erase data on your hard drive. You will not be able to recover data after running these tools on a disk. Make sure you have copied or backed up any data you need to retain.|
||DOS, Windows 7, 2008, Vista, XP||Free or purchase||Overwrites data using zeros. The professional version conforms to U.S. Dept of Defense (DOD) standards.|
| BC Wipe
||32/64 bit, Windows 7, 2008, Vista, 2003, XP, 2000||Free trial or purchase||Repeatedly overwrites a special pattern to the hard drive to destroy its files.|
| Darik's Boot & Nuke
||Any Windows platform||Free||Completely and permanently erases all content of any hard disk it detects by overwriting it with random numbers.|
| Ontrack Eraser
||Windows 7, 2008, Vista, 2003, XP Professional||Purchase||Permanently deletes information by overwriting all data on the hard drive or on selected partitions of a drive.|
||Windows 7, 2008, 2008 R2, Vista, 2003, XP Service Pack 3 (Windows 98, ME, NT and 2000 can still be used with version 5.7)||Free||Securely deletes specific files. Can delete files manually via right click on the file (or Recycle Bin), or set up a scheduler. Can also overwrite all 'free space.'|
| R-Wipe & Clean
||Any Intel-compatible platform running Windows 7, Vista, 2003, XP, 2000, NT||Free trial or purchase||Shreds specific files or folders using either fast or secure erase algorithms.|
| Softpedia/DP Wiper
||Any Windows platform||Free||Overwrites data from one to 35 passes and has DOD-compliant wiping.|
||Any Windows platform||Free trial or purchase||The program's overwrite methods include user-defined options with up to 35 passes.|
||Any Windows platform||Purchase||Overwrites data as many times as you need and runs a verification test|
||Mac OS X 10.3 or later||Free||Permanently deletes files on hard drives and iPods or similar devices.|
| Darik's Boot & Nuke
||Apple Power Mac and Intel computers||Free||Completely and permanently erases all content of any hard disk it detects by overwriting it with random numbers.|
| Disk Utility Secure Erase
||Mac OS X 10.4 or later||Built into the OS||Overwrites data as many times as you need from select hard drives using several options.|
| NetShred X
||Mac OS X 10.1 or later||Free||Erases files your browser and email program leave behind.|
| Permanent Eraser
||Mac OS X 10.3.9 or later||Free||Uses Gutmann Method: overwrites 35 times, scrambles original file names, truncates file size to nothing.|
|Secure Empty Trash||Mac OS X 10.3 or later||Built into the OS||Shreds specific files. Move the file to the Trash, and then the "Secure Empty Trash" is accessed from the Finder menu. Overwrites data 7 times.|
||Minimum OS 7||Purchase||The program's overwrite methods include user-defined options with up to 35 passes. Can also overwrite rewritable CDs (Mac version only).|
||Various||Free or purchase||Overwrites data using zeros. The professional version conforms to U.S. Dept of Defense standards.|
| BC Wipe
||Various||Free trial or purchase||Repeatedly overwrites a special pattern to the hard drive to destroy its files.|
| Darik's Boot & Nuke
||Various||Free||Completely and permanently erases all content of any hard disk it detects by overwriting it with random numbers.|
||Various||Purchase||Overwrites data using methods that meet DOD regulatory requirements and produces a Disk Overwrite Report to verify and document the procedure and results.|
| Wipe Drive
||Various||Purchase||Overwrites data as many times as you need and runs a verification test.|
Thanks to the University of Minnesota for this software listing. Used with permission.