Data Sanitization Evaluation in Donated Computers During the COVID-19 Pandemic: A Case Study at IFSP Hortolândia
Resumo
This study evaluates the effectiveness of data sanitization procedures on IT equipment donated to the Federal Institute of São Paulo (IFSP) Hortolândia campus during the COVID-19 pandemic. Using forensic computing techniques, some donated computers were examined, revealing the presence of sensitive personal data belonging to public servants from the donor agencies. This discovery highlights a significant failure in the data sanitization process conducted by the federal donor agency, emphasizing the urgent need for compliance with Brazilian regulations such as Normative Instruction No. 01/2010 and the General Data Protection Law (LGPD - Lei Geral de Proteção de Dados Pessoais). The study underscores the importance of adopting rigorous data sanitization practices, providing continuous training to staff, and conducting regular audits to ensure the security and privacy of information in public agencies.
Referências
Governo Federal Brasileiro (2018). Lei geral de proteção de dados pessoais (LGPD). Presidência da República.
Governo Federal do Brasil (2010). Instrução normativa nº 01, de 17 de janeiro de 2010. Ministério do Planejamento, Orçamento e Gestão.
Hands, J. and Coughlin, T. (2023). New IEEE media sanitization specification enables circular economy for storage. Computer, 56(1):111–116.
International Organization for Standardization (2012). ISO/IEC 27037:2012 - Guidelines for identification, collection, acquisition, and preservation of digital evidence. IEC.
McManus, S. (2023). Why millions of usable hard drives are being destroyed. [link]. August.
Meyer, A. and Roy, S. (2023). Evaluating Deleted File Recovery Tools per NIST Guidelines: Results and Critique, chapter Chapter 2, pages 13–49.
Nelson, B. (2018). Guide to Computer Forensics and Investigations. Cengage Learning.
Nikkel, B. (2016). Practical Forensic Imaging. No Starch Press.
Yusof, N. A. B., Abdullah, S. N. H. B. S., bin Md Senan, M. F. E., binti Zainal Abidin, N. Z., and Sahri, M. B. (2019). Data sanitization framework for computer hard disk drive: A case study in malaysia. International Journal of Advanced Computer Science and Applications, 10(11).
