I know what you did last summer... An Investigation into Remnant Data on USB Storage Devices Sold in Australia in 2015

Document Type

Conference Proceeding

Publication Title

Proceedings of the Australasian Computer Science Week Multiconference


Association for Computing Machinery


School of Computer and Security Science




Robins, N., Williams, P. A., & Sansurooah, K. (2016, February). I know what you did last summer... an investigation into remnant data on USB storage devices sold in Australia in 2015. In Proceedings of the Australasian Computer Science Week Multiconference (p. 35). ACM. Available here


The demand for portable digital data storage has increased with the evolution and advancement in consumer electronic devices. USB storage devices, also referred to as USB sticks, pen drives, flash drives, thumb drives, and key drives, have replaced many other portable storage. With the evolution of these devices, an increased use for data transportation has been seen for both private and commercial data. USB storage capacity has increased during the past decades with capacities up to one terabyte available today. Such devices are increasingly popular given their robustness, low power consumption, rapid response rates, non-volatile nature, and ease of transportation. This study obtained second hand USB flash memory storage devices, purchased from eBay Australia over a period of seven months, to determine whether there were any traces of data on the devices, and whether or not an attempt had been made to securely wipe the devices. If data fragments were recovered, it was assessed to see if there was a sufficient volume and sensitivity of data to be of value to anyone with malicious intent. The findings from the research show that in the majority of the cases, the USB flash memory storage devices retained a large volume of data. Concurring with outcomes from previous studies in 2009 and 2011, the devices investigated in this study, owned by both individuals and organisations, were used to store highly sensitive and confidential data. This data was not permanently nor securely destroyed prior to disposal (by sale) of the devices. Such incidents highlight the failure to meet regulatory obligations with regard to privacy legislation in Australia. Copyright 2016 ACM.



Access Rights

subscription content


Article Location