Exothermic Data Destruction: Defeating Drive Recovery Forensics
With rogue data harvesting from discarded devices an ever-present risk, the question of how to safely dispose of data storage components ranging from hard and solid state drives to SD cards and flash drives should be at the forefront whenever old equipment is being upgraded, not just to foil adversarial access to sensitive internal information, but to comply with data handling legislation.
Any number of software solutions exist which advocate wholesale drive encryption (for instance, via open source tools such as VeraCrypt and LUKS)–so as to make the data unreadable even if it were recovered–as well as subsequent wholesale drive erasure (for example, via open tools such as DBAN).
But software solutions are woefully inadequate for the task, given the possibility of encryption keys being forcibly or incidentally divulged, drive wiping solutions being ineffective against new solid state drives, and any number of other attacks.
After outlining the various privacy risks inherent in insecure data disposal, this talk will then present a case study demonstrating the pitfalls inherent in the TRIM and Secure Erase operations of solid state drives, pointing to the need for a more comprehensive data erasure protocol. The talk will then present a pragmatic hardware solution: secure device destruction via an open source chemical recipe, presenting the principle of exothermic data destruction. Health and safety concerns will be addressed, and the most expedient acquisition of the various necessary ingredients will also be presented.