SRI Security Research Institute, Edith Cowan University, Perth, Western Australia
When most people go to the trouble of getting erasure tools to remove data from their hard drives they expect the job is done correctly. Using erasure tools is a step to protect privacy by assuming the applied tools erase data rather than simply delete data that may be recovered using forensic tools. In this research we tested the performance of the delete function on three web browsers against the performance of eight erasure tools with alarming results. It was found that the erasure tools had almost the same capability to delete data as the web browsers delete function; and that no tool actually erased data. The implications for people using these tools to protect sensitive data are profound. People and organisations as they retire, sell or dispose of their hardware containing information assets require assurance they will not be impacted by the adverse effects of unintended disclosure of sensitive information. Better software solutions are required and better software certification measures require implementation.