If you are a regular here on Ghacks you know that one needs to be careful when it comes to giving away or selling old devices that were used for storage (read used hard drives still haven for identity theft from 2008 for example)
This can be an external hard drive, an old PC or laptop, or a smartphone or tablet. As long as there is permanent storage, there is the chance that data may be recovered even if you have deleted it or used a reset option to restore a factory state.
The reason why is simple: deleting files does not really remove the files from the storage device it only deletes the pointer to it. The occupied storage space gets overwritten with new data eventually which is the reason why the chance of data recovery drops with age.
Avast ran an experiment recently that came to alarming results. Well, if you are a reader here you know what is coming. The company bought 20 used Android smartphones on eBay and used file recovery software to restore deleted data on those phones.
The result? More than 40,000 photos of which 1500 were of families and children, 750 of woman undressing or naked, and 250 of men photographing their manhood.
In addition, Avast was able to recover 750 emails and text messages, 1000 Google searches, four identities, a completed loan application and more than 250 contact names and email addresses.
Avast used the forensic tool FTK Imager by Access Data to mount an storage image to analyze it using the forensic tool.
Avast did use three main methods to recover user data:
Avast did not reveal on how many devices the data was not deleted at all by its pre
What you do about it
The best defense against the attack form is to keep your devices or destroy them properly instead of giving them away or selling them.
This may however not always be possible. If the device supports external storage, you may want to add extra storage to it and save all important databases, files, and other data to the extra storage and not the internal one.
Before you sell the device you'd simply remove the extra storage card from it and with it all the data that you stored on it.
Any data that you stored on internal storage can be deleted using secure deletion software or apps. The following is just a selection of applications that you may use for that purpose.
You may want to test how well the wiping went. This usually comes down to connecting the device to a computer, enabling USB debugging, and running data recovery on the computer on the connected storage cards of the mobile device.
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.