When reviewing the procedures for the disposal of computers, which of the following should be the
GREATEST concern for the IS auditor?
Hard disks are overwritten several times at the sector level, but are not reformatted before leaving
All files and folders on hard disks are separately deleted, and the hard disks are formatted before
leaving the organization.
Hard disks are rendered unreadable by hole-punching through the platters at specific positions
before leaving the organization.
The transport of hard disks is escorted by internal security staff to a nearby metal recycling company,
where the hard disks are registered and then shredded.
Deleting and formatting does not completely erase the data but only marks the sectors that
contained files as being free. There are tools available over the Internet which allow one to
reconstruct most of a hard disk’s contents. Overwriting a hard disk at the sector level would
completely erase data, directories, indices and master file tables. Reformatting is not necessary
since all contents are destroyed. Overwriting several times makes useless some forensic measures
which are able to reconstruct former contents of newly overwritten sectors by analyzing special
magnetic features of the platter’s surface. While hole-punching does not delete file contents, the
hard disk cannot be used anymore, especially when head parking zones and track zero information
are impacted. Reconstructing data would be extremely expensive since all analysis must be
performed under a clean room atmosphere and is only possible within a short time frame or until
the surface is corroded. Data reconstruction fromshredded hard disks is virtually impossible,
especially when the scrap is mixed with other metal parts. If the transport can be secured and the
destruction be proved as described in the option, this is a valid method of disposal.