Best way to clean personal info off work computer?
March 29, 2016 3:11 PM Subscribe
My work computer is 5 years old and is not responding well to the latest Office upgrade. It only has 4 GB RAM and my tech guy tells me that I need a new laptop. So, yay, but I have been using this laptop for everything for 5 years and I want to make sure that all my personal info and passwords are cleared before turning it in. So, how do I do this? (oh, it's a Latitude E6510, if that matters)
Best answer: You'll want to overwrite the disk. DBAN should do the trick.
posted by ChurchHatesTucker at 3:25 PM on March 29, 2016 [3 favorites]
posted by ChurchHatesTucker at 3:25 PM on March 29, 2016 [3 favorites]
You can use Microsoft SDelete or Eraser to securely erase files that you know need to be wiped from the machine in a secure manner. You should also be careful to clear your browser history, password cache, etc.
That said, there's not any 100% effective method without formatting and zeroing out the harddrive, and there's no telling what data might have already been logged and stored by your firm. Aside from having your information possibly caught up in a system backup or accessed on the sly by support, there are a number of asset management/security tools that can reveal far more information to your company than the layperson (or even the power-user) expects, i.e. by doing things like dumping a snapshot of your active system memory to disk, then whisking it off to corporate for archiving and possible inspection.
Bottom line: if you don't want your company to possibly have access to your personal life, don't use your personal accounts on company computing assets.
posted by BrandonW at 3:27 PM on March 29, 2016 [6 favorites]
That said, there's not any 100% effective method without formatting and zeroing out the harddrive, and there's no telling what data might have already been logged and stored by your firm. Aside from having your information possibly caught up in a system backup or accessed on the sly by support, there are a number of asset management/security tools that can reveal far more information to your company than the layperson (or even the power-user) expects, i.e. by doing things like dumping a snapshot of your active system memory to disk, then whisking it off to corporate for archiving and possible inspection.
Bottom line: if you don't want your company to possibly have access to your personal life, don't use your personal accounts on company computing assets.
posted by BrandonW at 3:27 PM on March 29, 2016 [6 favorites]
2nding DBAN. Won't work if the BIOS is locked (you might not be able to boot from the disk without a password that you don't have) but yes, DBAN.
posted by BungaDunga at 3:34 PM on March 29, 2016 [1 favorite]
posted by BungaDunga at 3:34 PM on March 29, 2016 [1 favorite]
Best answer: Does the laptop need to have Windows still installed on it after you clean the data off of it?
The most secure way to go about this is to use a low-level drive erasing utility that overwrites the drive with zeros or garbage data, however this results in a wiped drive with no operating system or programs (e.g. no Windows or Office). I don't know if it would raise flags with IT if you returned your laptop like this, but this is the safest route. DBAN (mentioned above) is a good way to do this.
The utilities like SDelete or Eraser that can handle individual files only are useful if you know where the files containing personal data are, which isn't always the case, but it's better than nothing, I suppose. If you can't use DBAN to nuke the data off of the drive completely, I'd try to create a local administrator account on the laptop, and then use that to delete your user account, then find the user folder for that account and use Eraser to delete that as well.
posted by Aleyn at 3:35 PM on March 29, 2016
The most secure way to go about this is to use a low-level drive erasing utility that overwrites the drive with zeros or garbage data, however this results in a wiped drive with no operating system or programs (e.g. no Windows or Office). I don't know if it would raise flags with IT if you returned your laptop like this, but this is the safest route. DBAN (mentioned above) is a good way to do this.
The utilities like SDelete or Eraser that can handle individual files only are useful if you know where the files containing personal data are, which isn't always the case, but it's better than nothing, I suppose. If you can't use DBAN to nuke the data off of the drive completely, I'd try to create a local administrator account on the laptop, and then use that to delete your user account, then find the user folder for that account and use Eraser to delete that as well.
posted by Aleyn at 3:35 PM on March 29, 2016
Formatting shouldn't raise red flags at any company of repute. If anything, it's a favor to IT that says you won't be coming to them asking for files off your old machine. As long as you get everything off that people might ask for, you should be fine unless there's a policy against this.
posted by rhizome at 3:50 PM on March 29, 2016
posted by rhizome at 3:50 PM on March 29, 2016
Echoing the 2nd paragraph in BrandonW's reply; if you believe your IT department have not yet learnt everything you wouldn't want them to know, then fully zeroing the drive would prevent future snooping.
posted by Bangaioh at 3:52 PM on March 29, 2016
posted by Bangaioh at 3:52 PM on March 29, 2016
Best answer: I'd check with IT before zeroing the drive; the system may have licences that need recovering. IT may be ready to replace the HDD (which may be 5 years old if it hasn't been replaced in the intervening time), in which case there are some nice ways to render that unusable to all but the most dedicated snoopers, with the added bonus of letting you take apart, smash, shoot, drill, or burn the components, whatever satisfies you the most. (Observe all appropriate safety measures, and the rules of the range, if applicable. Dispose of debris properly.)
IF you need a folder to wipe using Sdelete or Eraser, take out c:\Users\Yourusername
Assuming you used default locations, that's going to take out your desktop, your photos/video/documents, your Dropbox (and similar), your appdata, a hidden folder that includes all of your settings, including a lot of application storage, such as your thunderbird email.
Everything of value will have been copied over when you use the Microsoft User Migration tool to get over to the new laptop. So that folder can be destroyed if, humbug, the physical drive must be spared.
DBAN stands for Darik's Boot and Nuke. The only reason it doesn't satisfy the NSA's requirements for really really erasing hard drives is that it's not auditable. But it also takes a dog's age to complete on a larger drive, so keep in mind that perfect is the enemy of good when dedicating your efforts to protecting your stuff here.
posted by Sunburnt at 5:22 PM on March 29, 2016 [2 favorites]
IF you need a folder to wipe using Sdelete or Eraser, take out c:\Users\Yourusername
Assuming you used default locations, that's going to take out your desktop, your photos/video/documents, your Dropbox (and similar), your appdata, a hidden folder that includes all of your settings, including a lot of application storage, such as your thunderbird email.
Everything of value will have been copied over when you use the Microsoft User Migration tool to get over to the new laptop. So that folder can be destroyed if, humbug, the physical drive must be spared.
DBAN stands for Darik's Boot and Nuke. The only reason it doesn't satisfy the NSA's requirements for really really erasing hard drives is that it's not auditable. But it also takes a dog's age to complete on a larger drive, so keep in mind that perfect is the enemy of good when dedicating your efforts to protecting your stuff here.
posted by Sunburnt at 5:22 PM on March 29, 2016 [2 favorites]
Does your tech guy want it back in working shape or can you wipe the entire drive? This will have a big effect on what the best answer is.
posted by Candleman at 6:51 PM on March 29, 2016
posted by Candleman at 6:51 PM on March 29, 2016
Does your IT staff even need the drive itself?
Because physically removing the drive and keeping it is one way to ensure you don't hand over anything sensitive. When we turn in systems in my workplace, the drives are (not gently!) removed and then physically destroyed (think a paper shredder, but for hard drives). They're happy to accept back systems with the drives pre-removed for those cases where we need to keep the data but not the system, or want to put the drive into a new/existing computer.
posted by caution live frogs at 10:22 AM on March 30, 2016
Because physically removing the drive and keeping it is one way to ensure you don't hand over anything sensitive. When we turn in systems in my workplace, the drives are (not gently!) removed and then physically destroyed (think a paper shredder, but for hard drives). They're happy to accept back systems with the drives pre-removed for those cases where we need to keep the data but not the system, or want to put the drive into a new/existing computer.
posted by caution live frogs at 10:22 AM on March 30, 2016
Another vote for the fact that you need to find out from your tech guy how he wants the laptop back before you do anything.
In all the organisations I've worked in, erasing a hard drive before you give it back to IT support is a no-no.
In addition, introducing any executable that hasn't been tested or approved by IT support (such as something to securely erase files) would be an instant sackable offence.
Tread carefully...
posted by mr_silver at 10:54 AM on March 30, 2016 [2 favorites]
In all the organisations I've worked in, erasing a hard drive before you give it back to IT support is a no-no.
In addition, introducing any executable that hasn't been tested or approved by IT support (such as something to securely erase files) would be an instant sackable offence.
Tread carefully...
posted by mr_silver at 10:54 AM on March 30, 2016 [2 favorites]
This thread is closed to new comments.
posted by Huck500 at 3:24 PM on March 29, 2016 [1 favorite]