LITIGATION SUPPORT TIP OF THE NIGHT

The tracert command for Windows can trace the route that data takes from your network to a domain specified in the command. So if you go to command prompt and enter "tracert" followed by a web address results will be generated showing how many servers or routers data passes through to get its destination. Each 'hop' from one hardware device to another is numbered on the first column on the left.

. . . the next three columns show the time in milliseconds that the data takes to move between each router or server. The connection between every two points is tested three times. When the times in each test are about the same, the connection should be stable.

If there are three asterisks listed between two points at the end of the tracert report this would be an indication that the connection is down. But if the tracert test does not error out at the end, asterisks listed for one or more hops may simply mean that the routers or servers being used are set up not to provide the necessary data. Only 1 or 2 asterisks on a row are a bad sign - the connection is spotty.

The Tip of the Night for March 25, 2022, mentioned that the data on solid state drives cannot be degaussed because such drives do not use magnetic fields to store data. A USB flash or thumb drive, and most smartphones will use a solid state drive. A SSD stores data on individual microchips. Even if physical damage causes some sectors on the SSD to become inaccessible, data may still be retrieved from other sectors. A hard disk drive has spinning platters on which data is stored magnetically. The data on the new HAMR (Heat-Assisted Magnetic Recording) drives introduced by Seagate recently, can also not be effectively destroyed with a degausser.

In order to render the data on a solid-state drive permanently inaccessible, it's necessary to cause thorough physical damage to the device. Drilling holes, or hammering a nail several times through a drive is not the worst approach, but some companies market machines which will more effectively puncture the drive. On the cheap end, a manual puncher like this model sold by Media Duplication Systems will take out several sectors on a SSD if the drive is reinserted for multiple hits. But can you really make all sectors of a SSD inaccessible with such a puncher?

Garner Products markets its PD-5 Hard Drive Destroyer with a 'Solid-State Destroyer' accessory that spikes 90 holes in a SSD.

However, the same company also sells a shredding device which can tear up a drive into multiple pieces.

A company based in Massachusetts, SEM, manufacturer 'SSD disintegrators' which shred drives into bits that are less than 2mm squared. It's necessary to use a different machine to physically destroy hard disk drives. These shredders are large, production copier sized machines, which can shred dozens of drives in an hour.

Even when a solid state drive has been broken into pieces no more than two inches across, it may still be possible to recover data, since the chips they use may be smaller than this. Securis, a company based in the D.C. metropolitan area, aims for a minimum shred size of 0.5 inch:

. . . but also offers shredding machines which grind drives to less than 2 millimeters - which is a specification required by the National Security Agency. See section 8.1 of the NSA's NSA/CSS Requirements for Hard Disk Drive Destruction Devices.

The residue that is left looks like dust.

As discussed here before, even after files are removed from the Windows Recycle Bin, and even after a drive is reformatted, it's still possible to recover deleted files with widely available tools. See the Tip of the Night for December 29, 2019.

Windows 10 and Windows 11 include a reset option which can help wipe the drive of your PC, overwrite the existing data with new data, but this method may not be completely effective. Under Settings if you go to System . . . Recovery, you will see an option to 'Reset this PC'.

. . .if you then choose the option to 'Remove everything', that will initiate the process of wiping the hard drive.

However, there are some reports that even after the 'Remove everything' option has been run, files can still be recovered. See this April 2023 report by Tom's Hardware, detailing the subsequent recovery of persumably wiped files with EaseUS Data Recovery.

A better, or supplementary, option may be to use a secure erase option in the BIOS firmware that manages a computer at the most basic level without the operating system. You can enter BIOS by pressing F2 when rebooting on most kinds of PC (use F10 if you have a HP computer and F1 for a Lenovo device). Or, search for 'advanced startup options' in Windows

. . . and then select the option to 'Restart now'

When your PC restarts you should then be given the option to go into Troubleshoot mode and then under advanced options select the firmware settings.

The Dell BIOS firmware includes an option to wipe the device.