PDA

View Full Version : What to delete from your PC when leaving a company


miccol
06-28-2010, 3:42 PM
I will be leaving my company soon and prior to giving my notice I wanted to clean up my work PC. I will leave all company information on it but wanted to know what I should delete and where I should go to delete it?

Updated information - I work closely with our IT guys, they're sitting right next to me as I type this but they would go the company line. It's a small company of less than 1,000 people and nothing on my PC is backed up. They will likely keep my PC available in case they need something...what I'm not sure. Other than removing my personal stuff, clearing the cookies and favorites, what else should I remove that may show previous searches, etc. We don't archive emails (I'm very familiar with our backup procedures and archiving and this isn't one of them) so I'll probably delete any personal related emails that came to my work email. Thanks for the input so far.

winnre
06-28-2010, 3:44 PM
You want to WIPE the portions of the disk containing your data, not delete. This will require some software. Do you know anyone in IT? They can pull of company information and then delete your profile.

JDay
06-28-2010, 3:50 PM
Just get someone in IT to wipe the system on your last day, they'll probably have to clean it for your replacement anyway.

Exile Machine
06-28-2010, 4:03 PM
My standard practice is to offload any company information to their servers, then wipe the entire disk and reformat the whole thing. To be safe I do the wiping after booting from a linux operating system CD. Let them re-image it for the next guy.

-Mark

kapache
06-28-2010, 4:06 PM
Make sure to clear your Web Browser cache, and to safe your important files before doing anything with your work PC.

Chris M
06-28-2010, 4:23 PM
Usually users don't have admin rights on their computers, so a true wipe may not be possible. An I.T. guy may be able to do this for you, but not always. He may not want to deal with the repercussions, should H.R. or management ask for any data.

Deleting E-mail, Internet Cache, etc...none of that really matters - it's most likely tracked and archived somewhere. At my work (I'm in I.T.) we archive every e-mail, voice mail, website visited, etc. for every user on our network. I could take a hammer and a chisel to my hard drives, and the data will not be gone.

Ricky-Ray
06-28-2010, 4:31 PM
The last few company's that I worked for and currently work for as standard practice when a person leaves the company we will wipe the users hard drive and re-image it so that the next person get's the computer will be a "fresh" clean image for them to start with.

As a rule in the company that I'm at now, we will hold onto the users hard drive for 2 weeks just in case anything needs to be recovered from it. After that it goes to the duplicator so the standard computer image is loaded on there and then the computer can be redeployed to someone else or placed in storage till needed.

Exile Machine
06-28-2010, 4:37 PM
Usually users don't have admin rights on their computers, so a true wipe may not be possible.

That's why I use an Ubuntu CD. Boot from the CD, you're running linux, and it doesn't care about your Windows admin rights. Tell it to wipe the hard drive and it will wipe everything without question. Clean slate.

It's the equivalent of nuking it from orbit. :43:

-Mark

den888
06-28-2010, 6:22 PM
Make sure to back-up and take with you and important e-mails and documents before you leave the company. I do a back-up on my work PC every 3-4 months, just in case there is an "unannounced layoff" - I will have some of my data, at least.

kapache
06-28-2010, 7:37 PM
Usually users don't have admin rights on their computers, so a true wipe may not be possible. An I.T. guy may be able to do this for you, but not always. He may not want to deal with the repercussions, should H.R. or management ask for any data.

Deleting E-mail, Internet Cache, etc...none of that really matters - it's most likely tracked and archived somewhere. At my work (I'm in I.T.) we archive every e-mail, voice mail, website visited, etc. for every user on our network. I could take a hammer and a chisel to my hard drives, and the data will not be gone.

Most companies will reformat the machine and reload it for a new users or if its a account of a machine then the account will be deleted.

If his concern was being monitor while using the internet or using his PC, then tunneling or proxy his be the solution to his concern.

winnre
06-28-2010, 8:26 PM
A good admin will disable booting from the CD, USB drive or floppy, you can only boot from the HDD installed, you cannot access the BIOS.

If you can get by any of those they deserve what they get.

JaMail
06-28-2010, 8:47 PM
depends on how locked down the PC is, try booting to a ubunto cd, as someone said, if it lets you do that, just wipe the entire PC.. do it a couple of times.

NSR500
06-28-2010, 8:52 PM
I delete and reimage my gear before turning them in.

NorCalDustin
06-28-2010, 8:53 PM
I would suggest not wiping any free space, partitions, deleting any files, etc...

Depending on the industry, doing things like that can get the Fed's crawling up your *** even though you may not have done anything wrong.

Chris M
06-28-2010, 8:59 PM
Most companies will reformat the machine and reload it for a new users or if its a account of a machine then the account will be deleted.

If his concern was being monitor while using the internet or using his PC, then tunneling or proxy his be the solution to his concern.

We usually take the hard drive out, and set it aside for a specified period of time before wiping it clean or overwriting it with a clone image. A label will go on it with identifying information, as well as the date that the drive was pulled.

In order to get the PC out to other staff, we simply throw a pre-cloned drive into the machine, and off it goes.

Sinixstar
06-28-2010, 9:03 PM
Usually users don't have admin rights on their computers, so a true wipe may not be possible. An I.T. guy may be able to do this for you, but not always. He may not want to deal with the repercussions, should H.R. or management ask for any data.

Deleting E-mail, Internet Cache, etc...none of that really matters - it's most likely tracked and archived somewhere. At my work (I'm in I.T.) we archive every e-mail, voice mail, website visited, etc. for every user on our network. I could take a hammer and a chisel to my hard drives, and the data will not be gone.

This.

If you're on a corporate network, taking stuff off of your local hard drive probably isn't going to accomplish anything. If anything - it may just raise suspicions and cause somebody to go poking around.

Delete your personal items. Clear the Recycle Bin. Don't put personal stuff on a work computer next time.

If they're not sophisticated enough to have your data backed up on the network somewhere, they're not going to be sophisticated (or likely care) enough to go digging around for your personal crap you deleted.

Chris M
06-28-2010, 9:04 PM
If his concern was being monitor while using the internet or using his PC, then tunneling or proxy his be the solution to his concern.

Not quite that simple if there's a properly configured firewall in place.

Chris M
06-28-2010, 9:25 PM
If you're on a corporate network, taking stuff off of your local hard drive probably isn't going to accomplish anything. If anything - it may just raise suspicions and cause somebody to go poking around.

Delete your personal items. Clear the Recycle Bin. Don't put personal stuff on a work computer next time.

Exactly.

If the admins have not disabled the use of USB drives, or flash card readers, it's certainly best to save all personal data externally...or better yet, don't use your computer for any personal use. Wireless networks abound...invest in a netbook, laptop, or simply use your mobile phone if you have to have access personal stuff at work.

Massive amounts of data storage is so cheap nowadays, EVERYTHING is being archived.

As I said in a prior post - every single e-mail that comes in or out is instantly archived...forever. I'm not talking about nightly backups. I'm talking about an indexed, searchable archive, instantly accessable to anyone that has a logon to the server. Even if you delete the e-mail the instant it hits your mailbox, it's still not gone.
Voice mails are compressed, and archived...again, forever. They are also digitally converted to text, making them searchable, as well.
Every website that any employee has visited...archived forever. Weekly reports are automatically generated, showing who were the top 10 web users, the top 10 e-mail users, the top 10 FTP users, etc.

Don't think this technology is super-expensive, and deployed only at large corporations. Where I work, the IT department consists of only 5 techs, and there is a staff of a little over 200 employees, at a non-profit agency.

subrosa
06-28-2010, 9:49 PM
I am an IT guy that has done this many, many times.

Typically if your separating from the company cleanly, then your drive gets erased and "re-imaged."

If your not leaving on good terms, your drive will be kept for intellectual property reasons, not really for any other data/witch hunting (unless that is why you are leaving). However this can be very embarrassing if the drive was ever used in a legal manner.

If you want to go scare yourself, go fire up Ubuntu or any other modern linux distro and check out the "ntfs-progs" package, it contains a tool called "ntfsundelete."

If the forensics don't line up with your story and data is found to have been removed, you might just be putting yourself in MORE hot water.

JDay
06-28-2010, 10:10 PM
If you want to go scare yourself, go fire up Ubuntu or any other modern linux distro and check out the "ntfs-progs" package, it contains a tool called "ntfsundelete."

Which will show nothing if you wipe the free space. Dban will do the trick, although it will wipe everything off the drive.

http://www.dban.org/

dasmi
06-28-2010, 10:12 PM
Don't put personal information on your company computer. That's the safest bet.

gravedigger
06-28-2010, 11:41 PM
Or you can do as I did in the case where I put in two weeks of work making sales calls and designing promotional materials, and the owner decided to not pay me for my time. He left the office and told me, lock up when you leave, and don't come back. So I did, right after formatting every hard drive and 5-1/4" floppy in his office. Yes, it put him out of business. You know how every so often you run into that guy you shouldn't **** with ... well, I'm that guy.

thevic
06-28-2010, 11:43 PM
clean the keyboard and mouse you dirtied-up

Chris M
06-29-2010, 7:33 AM
right after formatting every hard drive and 5-1/4" floppy in his office. Yes, it put him out of business.

I have a hard time believing that the business owner never put into practice any kind of backup solution.

DiscoBayJoe
06-29-2010, 7:44 AM
Speaking as an IT guy, If they have any idea you are leaving, it's already been backed up for you ;)

We perform Managed IT services for small to midsized companies. In this slowing economy have been asked to jump ahead of potential terminations days (and even weeks) ahead of time to grab workstation images in the middle of the night.

I wouldn't do anything radical (such as wiping your drive), as other posters have mentioned, it will just give them cause to look closer.

I would browse thru your email to make sure you are comfortable with what you are leaving behind (most importantly your sent items). Make sure you've moved any online account/refernces that were going to that email somewhere else.

Exile Machine
06-29-2010, 8:27 AM
Don't put personal information on your company computer. That's the safest bet.

Over the years I've come to this same conclusion. I try very hard to keep that "wall of separation" between work and personal stuff. Emails, personal files, photos, etc., they stay off the work machine. The only exception is when I have a long overseas trip, I'll throw some .AVI movie (not pr0n) files on the laptop to watch on the plane. They get deleted after the trip though.

-Mark

miccol
06-29-2010, 8:55 AM
Updated my original post.

shadowofnight
06-29-2010, 9:25 AM
That's why I use an Ubuntu CD. Boot from the CD, you're running linux, and it doesn't care about your Windows admin rights. Tell it to wipe the hard drive and it will wipe everything without question. Clean slate.

It's the equivalent of nuking it from orbit. :43:

-Mark

+1......then call IT and let them know that your pc wont boot for some reason ;)

I used to work in IT, idiots would have personal account passwords stored in .txt files....porn...regular/gay/illegal...even so far as to have pictures of themselves engaging in sex on their work pc's.

With the bootable linux cd , they wont have a clue who did what...mumble something like a screen popped up saying it was erasing the MBR in 20 seconds after you opened up an email from a coworker right before leaving the day before. :p

ZX-10R
06-29-2010, 9:29 AM
Everything. They have the disks to reformat and reinstall so do not even bother making ITs job easier. You need to ensure ALL your stuff is gone.

ldivinag
06-29-2010, 12:18 PM
as a state worker who has less than 2 days left on the clock before i get laid off...

my plan was to get 2 massive HD and back up all my crap on their.

i'm IT and programmer and web guy and everything in between so i have tons of crap i need to copy.

my main workstation, i'll just rip out the HD and replace with a similar size one. i was planning on ghosting it, but not enough time.

btw, anyone hiring????


:)

sonico
06-29-2010, 1:39 PM
I recommend thermite. It's the only way to be sure. :)

Or a full DOD 5220.22-M wipe.

winnre
06-29-2010, 1:55 PM
fdisk

Chris M
06-29-2010, 2:00 PM
fdisk

If you REALLY want to get rid of the data, making it unrecoverable, don't trust fDisk or Format commands. The only way to completely wipe the hard drive is to use a utility that writes a 1 and then a 0 (or vice versa) to every bit on the drive.

If you want to be extra sure that the data is gone, take the platters out, and slide the neodymium magnets around on them...like so:

http://farm5.static.flickr.com/4138/4746527359_9729b277c2_z.jpg

winnre
06-29-2010, 2:58 PM
Killdisk is free.

Gryff
06-29-2010, 3:03 PM
Keep in mind that the computer and the data on it is company property. This is why you don't put personal files on a work computer.

Be very, very careful about deleting and wiping data. You better be absolutely sure that you are only deleting your non-work-related files.

When I handle IT for my wife's non-profit, our policy for a departing employee is to backup their files, archive them, and then wipe the hard drive and re-load a virgin system and application set. This takes time, but it also saves time in the long run since I don't have to trouble-shoot computer issues that may be carry overs from the previous employee.

VictorFranko
06-29-2010, 3:07 PM
From DOS command screen, type FORMAT C, enter.
What the hell, you're leaving anyway...........:43:

Gryff
06-29-2010, 3:10 PM
Or you can do as I did in the case where I put in two weeks of work making sales calls and designing promotional materials, and the owner decided to not pay me for my time. He left the office and told me, lock up when you leave, and don't come back. So I did, right after formatting every hard drive and 5-1/4" floppy in his office. Yes, it put him out of business. You know how every so often you run into that guy you shouldn't **** with ... well, I'm that guy.

You're lucky. With minimal legal effort, that guy would have ended up owning your computer, car, and probably your house. And a fair likelihood put you in jail, too (at least for a few hours).

novabrian
06-29-2010, 3:44 PM
Open the case and steal the hard drive.

Alex$
06-29-2010, 3:53 PM
Take it with a grain of salt, but half the things some folks are recommending may be prohibited by policy and could get you in some hot water. Be sure you do not do something destructive that could affect your employment opportunities in the future.

That being said, you should never put something on a work PC you don't want other people seeing. All policies I am aware of could result in some IT guy clawing through your files if there is a valid reason for doing so. Trying to delete information, utilizing unauthorized software, loading unauthorized software are all valid reasons for doing a recovery of deleted or wiped data.

NorCalDustin
06-29-2010, 4:11 PM
Take it with a grain of salt, but half the things some folks are recommending may be prohibited by policy and could get you in some hot water. Be sure you do not do something destructive that could affect your employment opportunities in the future..

Indeed... Just remember, a company can sue you for 'damages' resulting from ANY data you destroyed. And honestly, 'damages' becomes a very large dollar amount that a well paid IT consultant decides to spit off.

It doesn't take much for you to end up in court and lose your case when it comes to destroying data on company computers (it does not always matter if its "Your" data or not). All the plaintiff has to do to make you lose your case is use any of these words: "Cyber Terrorist", "Hacker", etc...

Those are words the freak out an uninformed judge and jury and more than likely you will lose.

blisster
07-07-2010, 8:18 AM
Or you can do as I did in the case where I put in two weeks of work making sales calls and designing promotional materials, and the owner decided to not pay me for my time. He left the office and told me, lock up when you leave, and don't come back. So I did, right after formatting every hard drive and 5-1/4" floppy in his office. Yes, it put him out of business. You know how every so often you run into that guy you shouldn't **** with ... well, I'm that guy.

You can go to prison for that sort of behavior.