Reallocated Sector Data Recovery:
Many of our clients come to us with questions about the risk of leaking data from reallocated sectors on their HDD. This is, of course, an important consideration when disposing of any hardware assets such as desktop computers, laptops, tablets and smartphones that may contain sensitive or proprietary data. Here is what you need to know.
What Are Reallocated Sectors?
In any device with a hard disk drive (HDD), there are sectors that make up the drive. These sectors are monitored by a kind of internal watchdog that is continually on the lookout for problems when a user attempts to read, write or otherwise access the data found in a specific sector. This Self-Monitoring, Analysis, and Reporting Technology, often referred to as SMART testing, will essentially lock out a sector once a limit (pre-set by the manufacturer) has been reached for the amount of times the drive has failed to read or write to the sector.
Most people assume that as soon as SMART testing takes action and locks out a sector, the data contained there is forever gone, since they can no longer read or write to that sector. However, nothing could be further from the truth. All of the data is still there — it is just not easily accessible.
Can You Recover Data from Reallocated Sectors?
Yes, you can — although it is unlikely that anyone would attempt to.
However, before we look at recovering data from reallocated sectors, let us first look at common ways to recover data. Many people believe that deleting a file means the file is permanently erased. Yet without data erasure, all that actually happens is when a file is deleted, the operating system deletes the pointers to the file and in the FAT or MFT the space occupied by the file is marked as available. In other words, the data on the file is not erased, it just becomes unavailable through the file system. If the data is not written over, the file can still be recovered with free or inexpensive software. Given the ease with which data can be recovered, the risk of not wiping your data is high.
When it comes to drives with reallocated sectors, it’s a different story.
Regular data recovery software is not effective when it comes to recovering data from reallocated sectors. Recovering data from reallocated sectors is expensive and time-consuming. The best way to attempt recovery is to ship the drive to a data recovery specialist who will physically dissect the drive. Still, just the costs of attempting to recover data amount to over $1,000 — and there are no guarantees of success.
Putting It All Together: What Is the Real Risk?
So, what is the actual risk of a security breach due to someone recovering sensitive data from reallocated sectors?
The truth is, the risk is minimal. Anyone who would want to exploit sensitive data in this manner cannot just pick drives at random without wasting a significant amount of money and time. Also, they would need a thorough understanding of the hard drive’s chain-of-custody, as well as what data the drive contained, before even thinking of attempting to recover data. While this might be an interesting scenario for a spy thriller, it is highly unlikely to happen in situations where hardware is disposed of responsibly in the real world.
Why does this matter?
The companies I do business with always ask if they should destroy their hard drives with reallocated sectors instead of sanitizing the drive and reselling. I always explain to them what I just shared with you. In fact, I estimate that there are better odds of winning the lottery than company data on reallocated sectors leaking.
Nevertheless, for a corporation, exposing itself to any risk — no matter how minimal — might be too great. The potential liability and damage to its reputation in the event of a security breach might not be worth the returns generated from reselling old assets.
Our Approach to Reallocated Sector Data Recovery:
Of course, every organization needs to make an informed decision about how best to dispose of their used assets in order to ensure compliance with any security regulations, as well as protect their own reputation and interests.
As we have seen, the risk of recovering data from reallocated sectors is minimal — yet even a minimal risk might be unacceptable. That is why at NextUse, we always have a discussion with each of our clients regarding their security threshold and tolerance for reallocated sectors. In cases where security is tantamount, we destroy any drive that contains reallocated sectors in order to protect client data.
Why not secure peace of mind regarding security when disposing of your old assets? Contact me to find out more about the safe handling and destruction of data. With over 30 years in the technology field, I’m always happy to have a conversation about what’s best for your data.