Dumpster Diving

Dumpster diving is the physical analogue of OSINT: attackers comb through trash bins, recycling, dumpsters at loading bays, or e-waste piles for printouts, sticky-notes, contracts, org charts, USB sticks, drives, decommissioned servers, or network diagrams. The harvested material accelerates reconnaissance for phishing, pretexting, and intrusion, and may directly disclose credentials or PII. Defences include cross-cut shredding of any paper containing sensitive data, locked confidential-waste bins, certified destruction of decommissioned media (NIST SP 800-88), full-disk encryption so discarded drives are useless, asset-disposal procedures, and awareness training.