Abstract
A personal computer is often used to store personal information about the user. This information may be intentionally kept by the user or information maybe automatically stored as the result of the user’s activities. In this paper we investigate whether it is possible for identity fraud to occur as a result of post-disposal access to the residual data stored on a personal computer’s hard drive. We provide indicative types of information required to commit an identify fraud and examine the personal information contained in a series of second-hand personal computer hard disk drives, purchased as part of a wider research study.
Please use the following formal when citing this chapter: Thomas, P. and Tryfonas, T., 2007, in IFIP International Federation for Information Processing, Volume 232, New Approaches for Security, Privacy and Trust in Complex Environments, eds. Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R-, (Boston: Springer), pp. 461–466.
Chapter PDF
Similar content being viewed by others
References
Tryfonas T., Thomas P., Owen P. (2006), “ID Theft: Fraudsters’ techniques for Personal Data Collection, the Related digital Evidence and Investigation Issues”, Information Systems Control Journal, (JOnline) Vol. 1.
Federal Trade Commission (2003), Fair and Accurate Credit Transactions Act of 2003 Revision, http://www.ftc.gov/os/2004/10/041029idtheftdefsfrsm.pdf
Leyden, J., “Oops! Firm accidentally eBays customer database”, The Register, 7 June 2004.
Jones A., Mee V., Meyler C, Gooch J., “Analysis of Data Recovered from Computer Disks released for Resale by Organisations”, Journal of Information Warfare, 2005.
Jones A., Valli C, Sutherland I., Thomas P. (2006), “An Analysis of Information Remaining on Disks offered for sale on the second hand market“, Journal of Digital Security, Forensics & Law, Vol. 1 No 3.
Windows Forensic Toolchest, freeware tool available for download at http://www.foolmoon.net/security/wft (last accessed January 2007).
Fragkos, G., et al. (2006), “An empirical methodology derived from the analysis of information remaining on second hand hard disks”, in Blyth, A., Sutherland, I., WDFIA 2006, Proceedings of the First Workshop in Digital Forensics and Incident Analysis.
Marshall, A.M. and Tompsett, B.C. (2005), “Identity theft in an online world”, Computer Law & Security Report, Vol. 2005, Issue 2, Page 128–137.
Garfinkel, S.L., Shelat A., “Remembrance of Data Passed: A Study of Disk Sanitization Practices”, IEEE Security & Privacy, Vol. 1, No 1, 2003.
Valli, C. (2004), “Throwing out the Enterprise with the Hard Disk”, In Proceedings of 2nd Australian Computer, Information and Network Forensics Conference, We-BCentre.COM, Fremantle Western Australia.
Department for Trade and Industry, on-line (latest accessed 20-01-2007) http://www.dti.gov.uk/innovation/sustainability/weee/page30269.html.
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2007 International Federation for Information Processing
About this paper
Cite this paper
Thomas, P., Tryfonas, T. (2007). Hard-drive Disposal and Identity Fraud. In: Venter, H., Eloff, M., Labuschagne, L., Eloff, J., von Solms, R. (eds) New Approaches for Security, Privacy and Trust in Complex Environments. SEC 2007. IFIP International Federation for Information Processing, vol 232. Springer, Boston, MA. https://doi.org/10.1007/978-0-387-72367-9_41
Download citation
DOI: https://doi.org/10.1007/978-0-387-72367-9_41
Publisher Name: Springer, Boston, MA
Print ISBN: 978-0-387-72366-2
Online ISBN: 978-0-387-72367-9
eBook Packages: Computer ScienceComputer Science (R0)