Slashdot Mirror
Secure Hard Drive Deletion Appliance?
An anonymous reader asks "I am searching for a box into which I can plug a hard drive (IDE or SCSI of various flavors) and automatically begin a secure deletion process (DoD 2250 compliant or the like would be good). This is normally for dead drives which need to be RMA-ed. Because of various regulations (HIPAA for starters), we need to at least attempt to do a good job clearing the disk. I've heard from a number of places, including this Slashdot story, that degaussing isn't great. There are software solutions out there, but in general, I want to toss a replacement hard drive in and not have to hunt around for hardware to put the bad drive in in order to run the software. Given the right case, a solid state drive, some SCSI cards and one of various pieces of software, I can imagine such a beast. Has anyone seen someone selling something like this?" No case-opening is necessary to use a USB/IDE converter, which might be a good middle ground. Any other ideas?
If you have something so important, it might be best to destroy/keep the dead drives and pay for new ones, which aren't that expensive compared to the risk of someone finding out a way to recover your data even after it's been processed by the state-of-the-art secure deletion processor.
I believe the information is secured only if it's still in your hand.
Rock that crushes, Paper & Scissors that don't matter.
Re:Oh, man. Hear it comes. (Score:5, Informative)
by QuaZar666 (164830) Alter Relationship on Thu 16 Jan 04:03AM (#5091822)
Now days the dod drills a hole through the platter on drives that are bad that have to be RMA'd and have contracts so all they have to return is the top of the drive with the label. as for drives they no longer need i do not know. im guessing they write 0 and 1 patterns on the drive 7+ times. (even then data recovery services could recover it)
Silly, but I have this association:
Ground control to major tom
Your circuit's dead, there's something wrong
Can you hear me, major tom?
CC.
TaijiQuan (Huang, 5 loosenings)
It really depends upon what level of security you are talking about. Degaussing certainly does not do the job adequately enough for some purposes, but the issue of maintaining a box that has all the hardware to be backwards compatible can be cumbersome and expensive. I suspect you are not in a sensitive/classifed government position as they have protocols for this sort of thing, but if you truly have seriously data sensitive needs for hard drives you are going to retire, I would suggest first formatting the drive with multiple writes and reads of serial 1's and 0's which should prevent 99.9% of data recovery attempts. An older G4 tower running OS X, should allow you to recognize and mount drives formatted with a variety of operating systems. Stick a couple of SCSI cards in it and an ATA and SATA card (Sonnet makes a combined card) which should give you multiple SCSI formats, ATA, Firewire and USB depending upon your needs. If you are really paranoid, actually disassembling the drives, degaussing and physically destroying the platters will finish the job. Believe it or not, data can even be reconstructed at the microscopic level through the use of electron microscopy, so the more damage done to the physical media, the harder it is to extract information.
Visit Jonesblog and say hello.
The best you can do is use a degausser, since you can't open the drive without voiding your warranty.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
...44 Oz. Framing Hammer.
Just explain to the RMA operator how you work for a "major construction contracting firm"...
https://www.accountkiller.com/removal-requested
provided some links, like what the heck is HIPAA? Wikipedia says Health Insurance Portability and Accountability Act of 1996, but that doesn't really make much sense to me.
I realize this was a question and those people who don't know what HIPAA is probably shouldn't be answering, but still...
dban.sourceforge.net
http://dban.sourceforge.net/
Good hardware detection, GPL.
Use good old Norton Diskreet (DOS version) and automate it with a batch file running on a tired old PC set out to pasture. All supplies are available on Ebay.
I am becoming gerund, destroyer of verbs.
The second method is to set up a *nix box with some hot swap drive bays and use that (I actually prefer this method). You can find removable bays all over the place and use *nix to format the drive writing all 0s to it.
I don't think anyone makes a machine exactly like you describe, but both of these methods will do the trick. Good luck!
US Democracy:The best person for the job (among These pre-selected choices...)
I have used BCWipe to declassify Secret hard drives. They have a DOS version you can throw on a MS-DOS boot disk and a linux version you can put on a livecd. Either works equally well.
Precisely. Why RMA a drive if you're so worried? Smash it and bin the fragments.
Engineering is the art of compromise.
Easy, just use the Etherkiller.
(actually, not really; it'd just fry the controller, not the data on the disk)
I've always been a fan of the sledgehammer technique. It's fast, it's cheap, it's easy to maintain. Unfortunately, it pretty much nukes the RMA options.
Hard drives are so cheap that you can just destroy the hard drive with a drill press. Afterall, they say construction workers that demolish buildings have the highest job satisfaction, you can get your own taste of that.
These guys will have a solution for you. They know how to recover the data. They know how to erase it past any hope of recovery.
Disclaimer: Affiliations from past work experience.
Is your keyboard full of semen from pr0n? Do you wish you could get rid of those stubborn protein stains?
NOW YOU CAN!
Dishwasing your keyboard may not be enough to remove all the evidence. Get the HT-67 Protein Stain [topoftheline.com] remover for a introductory price of $8.95! That's right, for only $8.95 you will be able to fully remove semen that gets trapped.. deep... down... in the crevices of your keyboard.
Just think, no more embarrassing conversations when company vsists and sees leftover residue on your keyboard. No more cover stories for your boss when he inquires about the state of your keyboard. This truly revolutionary cleaner is exactly what a slashdotter like you needs.
Amazingly, the HT-67 protein stain remover can also remove blood, urine, food and icky dirt from your keyboard as well. Don't get caught another time with a dirty keyboard. Buy the HT-67 Protein Stain [topoftheline.com] remover today!
Automatic
DoD 2250
RMA
Choose any two. You can't achieve three.
Smash the thing to bits! What's wrong with that?
Plastique Explosives.
Rhymes that keep their secrets will unfold behind the clouds.There upon the rainbow is the answer to a neverending story
See http://www.g4tv.com/unscrewed/features/45707/Dark_ Tip_Destroy_All_Data.html
have a few pieces of s/w and h/w mentioned there. use the floppy method on a standalone machine to plug your disk into and wipe it. try Darik's Boot and Nuke method: http://dban.sourceforge.net/
open the drive, thoroughly sandblast all the platters on both sides, and you're done.
Well, whenever I need to completely destroy a hard drive, I just have Reza Lockwood sit on it, when she gets that fat ass off of it there's basically nothing left but quarks
http://www.driveduplicators.com/124.html
:)
Its primarily a hard drive duplicator but it also has DoD 5220.22-M level wipe. Sorry to plug a specific product
here
I have such a machine. I call it "Sledge Hammer"
also a great stress relief tool, ala "Office Space"
Don't Tread on Me
No way anyone is getting data off this sucker: slag it!
Fire.
With all the advances in data recovery, and the cheap cost of EIDE drives, it's the most effective solution.
You must have seen Shred mentioned in the previous discussion. It's GNU coreutils so comes as standard with most Linux (ahem: GNU/Linux) distributions, and deals with file references in your filesystem.
/dev/blah" to the device. The man pages say that this will write random data 25 times across the device before zeroing it, making a mess of the filesystem and the files too, whether or not they're stored with journaling data.
Shred is not complicated enough to waste files that has been stored on a journaled filesystem, which includes NTFS, ext3, ReiserFS and friends. This doesn't stand in the way of you plugging in a device, for example by USB/Firewire enoclosure), having it automount, according to your distribution's setup, before running "shred -z
Do a couple of formats/reformats with various filesystems. Write lots of data to the disk and then delete it. When you send the disk back, make sure it has a filesystem different from what it had before. And make sure it's an encrypted file system.
If all else fails, just overclock your PCI bus enough so that your system boots but your hard drive controller writes crap to its hard drives.
Go to http://www.granitedigital.com/catalog/pg28_firewir eidesmartlcdbridge.htm and pick up one of their FireView firewire bridge boards, with display. This is a conventional IDE-to-firewire board, but has a diagnostic system on board, with a two line alphanumeric display and two menu buttons. With this, you can tell the hard drive to do a low level reformat, without even hooking it up to a PC. All you need is a regular USB or firewire external hard drive case and replace its regular bridge board with a FireView.
The FireView also does a lot of other nice things, like checking SMART status, displaying SMART error logs, enabling or disabling SMART, telling you thruput, status of both firewire ports and the computers you've plugged them into, etc. It can also invoke the short and thorough self-tests in the hard drive's firmware to check for problems.
It's also got a short reformat that just blasts the partition map, useful for those HDs that have a hopelessly confused partition table that hangs any machine you boot them up in.
I work for the Department of Redundancy Department.
These guys have even done the demonstration for you:
http://driveslag.eecue.com
Is the drive dead or not?
Seems to me the drive is either working or it isn't.
If it's not working, software erasure isn't going to work. If it is working, it's not broken.
Just my $0.02
Michael
"Goodness me, how unlike the FBI to abuse the trust of the American public." -- The Onion
I use Autoclave. Although people don't support it anymore, I've never had a problem with it.
The Slashdot search engine! Just type in your search query with as much detail as possible and have a thousand slashdot monkies find the answer!
or else!
Plug it in.
Insert drive.
Done!
http://www.experteraser.com/degausser
the only method that I am comfortable with is to smash the platters after using a military grade format (there are a bunch of linux utilities out there for this).
format the hds, then you pop the lid, take a screwdriver, and lever the screwdriver such that the platter smashes
there is no such thing as truly deleted information off of hd's unless melted, smashing them to a fine dust gets the same result as the platers are brittle and shatter into incredibly tiny fragments.
note: it helps to have a cloth material to cover your hands/plate and make sure the shards don't fly all over the place.
for me the primary motivator is being able to sleep at night knowing just how much effort someone would haveto go through to actually reassemble the data of a military grade format and a shattered platter to actually get anything usefull out of them.
conversely, just as a heads up, there are tools out there that let investigators retrieve data out of the spaces 'between' the actual bits. because of certain magnetic properties, some data actually gets stored inbetween the bits and can be read and used to 'reconstruct' data if someone has access to that really expensive tool. on the other hand, with a shattered platter, good luck.
I think HIPPA requirements are met by the electronic equivalent of a cross-cut shredder, destruction beyond all possible recovery is not required. A multi-pass overwrite is probably enough. Almost all bootable Linux CDs have the basic tools to do this, but you may find it handy to write a shell script to automate the process. Some may even have e-z shredders right there in the KDE or Gnome menus. Get a distro that reads USB drives and an external USB/IDE box and you are in business.
Another possiblity is to use Bart's PE Builder and one of many MS-Windows-based shredders to make a bootable MS-Windows XP CD that does the same thing.
If overwriting the data one or more times does NOT meet legal requirements, then you should overwrite the data once as a precaution in case someone steals the drive before you can permanently erase it, disassemble the drive, drill holes in the platters, then heat the platters, including the drilled-out parts, long enough to completely degauss them. A fireplace should do the trick, but an autoclave or better yet a pottery or cement kiln would do a better job. A kiln might actually melt the platters, which is pretty much the ultimate in data destruction.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
...a really HUGE magnet?
-Valiss
...is my recommended approach. I actually built one of these myself, powered by an embedded Linux PC that boots from CD-ROM. It uses modular exponentation to generate a cryptographically random sector distribution list, to which it writes entropy data generated from an onboard Random Event Generator. It repeats this process 10 times consecutively, then cuts power to the drive and degausses the entire disk. This process is extensive enough to ensure that even the world's most sophisticated data recovery experts will recovery nary a bit from such a drive, and I've automated it to a plug and play process. Simply insert the drive into the degaussing chamber and attach data and power cables, then throw the switch. Wait about an hour or so, and the drive comes out irrevocably blank.
Slashdot already covered the best method of data destruction.
Drive Slagging!
"You never know when some crazed rodent with cold feet might be running loose in your pants."
-Calvin
Drop a nice little mixture of aluminum and iron oxide on the drive, ignite it. Nothing will retrieve that data, not even electron microscopy.
Don't worry about the warranty. Just shred the drive. If your data is that valuable, the price of the drive doesn't matter by comparison.
Two words
:-)
Shotgun
It also does wonders on zombies
Cheers,
Adolfo
just defrag it
There is no substitute for heat.
Cook the drive past the Curie Point with a
blowtorch. You'd be amazed what folks can recover
from drives even if they've been "destroyed."
load it into a skeet shoot device, launch it, and shoot it with a shotgun. repeat until its blown up good.
...I am fairly certain that the only way to get this done is by causing the IDE hard drive to fall from a metal catwalk into liquid metal. I tried using liquid nitrogen and a hammer once but when I woke up in the morning the hard drive was reconstituted back inside my box and all the data was intact.
I am pretty sure that SATA drives need a priest, holy water, a crucifix, and a copy of the Roman rituals.
And I just use a shotgun (or chainsaw) on my CD-RW's because the only way to stop them is by "removing the head, or destroying the brain."
I say we take off and EMP nuke them from space. It's the only way to be sure.
maybe in his case the expected risk is nonzero, but still less than the cost of the harddrive?
I mean, obviously he must have considered (and dismissed) the obvious DeSTroY DA DrIvE before asking his question.
The best method for securely erasing data from Hard Disks is to configure the jumpers correctly; the jumpers that normally choose master/slave, if you jumper *all eight* connecters and then power up your PC, the drive will be securely erased. Then remove the jumpers and reformat.
RMA is,
Return Material Authorization
or
Return Merchandise on Account
or
Return to Manufacturer Authorization
or
Returned Merchandise Authorization
What did you sign and what are the exact terms?
Then it's a question of getting a HDM (Home Depot Method) that fits those terms.
A serious secure deletion process is to hold the platter with vice grips and dress the surface down on a stationary sander. The drive is junk, but the cost of the drive is very small compared to your data risk if you're serious about this. Anything but destruction can be compromised.
How would you use anything to destroy the data through the bus on a dead drive - the reason you're replacing it in the first place?
- It's not the Macs I hate. It's Digg users. -
Its a cd based linux distribution that will 0 fill a drive very easily. Great tool. First thing I had to do at my job was clear 25 old drives for recycling (aka donating to employees). Using 3 computers I cleared all the drives in less than a day
I use Killdisk for single PC's, it has several different wiping methods, and also lets you make a bootable floppy which has SCSI drivers on it. For server drives(Ultra 2,3,Ultra 160 and 320) I find it worth the time to setup a server to an array( 4214, PowerVault,etc..)and set up one logical drive and wipe that. Sdelete also makes an excellent program, but it does not boot the machine, so an OS is required, which makes it less usefull. I resell all of my drives( well, the ones that are working) and using a degausser is not possible.
Check out http://blackbagtech.com/hardware.html The FBI will soon be carrying them at all times when they wanna copy your stuff (seriously). This will do shredding too but no SCSI http://diskology.com/
Seriously. If you're RMAing a drive because it's dead, there ain't no magic appliance that's going to bring it back to life long enough to erase (read "overwrite", because that's what really happens) the data.
And no external magnet is going to erase it either. Well, not short of the kind of magnets they use for MRI scans.
If you just want to make sure the drive is unreadable before disposing of it, use a drill press.
-- Alastair
Don't forget that the drive controller may have remapped some bad blocks, which could be read back out. You might find just overwriting the 'whole drive' doesn't overwrite these.
Also, if you are RMA'ing it, its probably bad, so nothng will properly write to it.
I would suggest that you need to destroy the media.
if they are scsi drives, you may find you can write a command to them directly with e.g. freebsd's cam to cause them to do a selftest which writes all the media including the bad blocks.
I use an external firewire enclosure and wipe to nuke drives that I ebay.
There's a self-booting CD diskzapper that looks like it ought to do the trick, though I have not used it.
Other posters mentioned Darik's Boot and Nuke as a floppy-boot solution.
The ultimate boot cd has a number of different disk wipers on it -- and a ton of other useful utilities on it. No self respecting geek should be without a copy.
The Recovery Is Possible bootable CD has a copy of wipe on it.
I wouldn't be suprised if Knoppix-STD had some erasing tool on it too, though I haven't checked.
Anyone know of a bootable image suitable for USB flash sticks?
If you are a "big" shop, have an agreement with your vendor that says "some percentage of our drives are used with sensitive data, and when we return dead ones they will be returned in pieces, without the platters. If they are under warranty you will replace them no questions asked." Expect to pay a premium for this privilage.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Attacking the magnetic media is surprisingly hard. Doable, as other posters have said, but hard.
Let's stipulate that my solution to the literal question is let the pros do it (which also addresses the liability issues).
So I have another question. Heat is hard on magnetism. What if we hit the drive with an oxy-acetylene torch? Would you have to melt it (expensive), or would the hard drive stop being recoverably with an electron microscope long before then?
I'd prefer this be answered by someone with experience in the relevant materials science; I can pull an answer out of my ass, too.
Then have your client add the cost of new drives to their IT budget and destroy the bad ones really good with a sledge hammer.
It's the way I do it. So much easier, yet somehow fulfilling, and you still make money.
Here: http://www.softwareandstuff.com/TOL10248.html
Anyways, it can repair as well as delete.
A minute or two on high will delete any magnetic media quite effectively. Works fairly well on CD's too.
May not be the best thing for the microwave though.
You can't RMA the bits. The summary says he wants to wipe all data off drives so he can RMA them and not worry the manufacturer will be able to see anything.
Just cover up the medical data with a bunch of illegal porn.
I did a contract at a local hospital a while back, during the upgrade of most of their desktops. Since the old systems were PII/350's, they were just disposed of, but because of HIPAA we had to pull the drives out. In order to safely destroy them, we would take the drives apart and pull all the magnets out, bend the platters and then dispose of them. Got a great collection of some really strong magnets out of it!
I am a top secret agent for the CIA. when we need to destroy a drive, I just pee on it. The amonia in the urine destroys all of the data.
smashing them to a fine dust gets the same result as the platers are brittle and shatter into incredibly tiny fragments.
note: it helps to have a cloth material to cover your hands/plate and make sure the shards don't fly all over the place.
What kind of drives are you using? All the drives that I have destroyed, in the past 5 years or so, had platters made out of steel or aluminium. The platters would bend, scrape and even tear after a while but, none of them ever shattered. You must be using liquid nitrogen or something.
There are two levels of wiping drives. And it all depends on the data.
c ure_ del.html
0. Some SCSI utilities can do a basic wipe of data. Good for cookie recipes.
1. Software wiping
See the following paper
Secure Deletion of Data from Magnetic and Solid-State Memory
Peter Gutmann
Department of Computer Science
University of Auckland
pgut001@cs.auckland.ac.nz
A very good paper on the software wiping techniques is at
http://www.cs.auckland.ac.nz/~pgut001/pubs/se
Then run a very good wipe program.
See Eraser, BCWipe, McAfee Shredder, etc.
I know Eraser is very good, not sure about the others.
2. Destroy the data and medium
Pick your favorite method.
a. Take the drive apart and degauss
b. or Grind the platters
c. or Throw the platters in a smelting furnace, aka Terminator.
WhatMeWorry!
FINAL post. What other info is needed.
An old PC and a copy of DBAN works just fine for me. But while I do decommission drives with HIPAA in mind, I don't do more than a few every year.
But I like that USB-IDE idea... in combination with the GPL'd Eraser it should make wiping old drives a lot easier for me, and let me get rid of that dusty dinosaur I keep around for wiping drives.
With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd
Put your old drives in a couple black suitcases and abandon them in front of any federal office building. There may be some personal risk involved and it may be 10-15 years before you get to install the new drives.
If you prize so much the confidentiality of the date to go to very extreme measures like high level gear just for that, as cheap as the HDs are now, I would just throw them inside a furnace.
Scientia est Potentia
Not all in jest, may I suggest just using a big magnet in the form of a hammer with which a 5 year old kid will smash the drive to dust? Combining the physical damage/destruction with the repeated strong magnetic influence, this should be enough for anyone. 8-)
Yesterday was the time to do it right. Are we having a REVOLUTION yet?
There was a two-part segment on the Screen Savers with Patrick Norton and Kevin Rose covering methods of data destruction, including software, grinding, acid, thermite...
Watch it here
I can't tell if you are joking or being serious.
If you are being serious, I doubt this technique works the same way brand-to-brand. In any case, if you aren't joking, a real example like "with model X hard disk, jumper these pins together and restart and the data will be rendered inaccessible and the data [will|will not] be overwritten [with 0's, 1's, pattern, random data]" would be helpful.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
I torch mine at work with an oxy-acetylene cutter. A quick trip to the facilities shop and I return with a pile of molten aluminum.
It rents for $1400/mo. You could buy 10-20 hard disks/month for what this costs.
320 pounds
18 amps @ 220V
for your standard 3.5" drive, this works nicely
For those old MFM and SCSI drives though....
Lawyers, MBA's, RIAA? A jedi fears not these things!
As about 50 other people have said, DBAN, Darik's Boot and Nuke. It far exceeds HIPAA Security Rule guidelines for secure deletion of media containing ePHI. It's about as close to a truly secure disk wiping system as you can get.
Why not use software that encrypts everything written to the HDD? I'm no security expert, but you could probably rest easier when retiring/returning HDDs if you're using Pointsec. All of the laptops where I work have Pointsec on them so that if they are lost or stolen, the data on them is probably safe.
~Someday, I hope to be an aspiring author.
From the comments of this slashdot.org story it seems setting an ATA password after wiping the disk would help head off a person trying to read the data. It would raise the bar pretty high. A person would need fancy equipment to get back into the drive.
According to the article, resetting the password wipes the drive automatically via the drive's firmware.
You can play around with block size "bs=" and number of blocks "count=", but my experience was that just choosing something big but smaller than the cache size of the disk is good. Checking "man dd" might be a good.
It takes a while. An old Dell laptop with a 40GB drive took several days. /dev/random is slow, use /dev/urandom, unless the drive contains the secrets of the Illuminati and you're afraid the NSA is after you. In which case speed might be of the essence.
... grumble, grumble, grumble, mutter, mutter, Millenium... Hand... Shrimp, I tol' 'em, I tol' 'em.
we have a csc duplicator that we use to erase and copy drives.. VERY slow.. but it does the job. CSC Portable Pro Drive Service/Test/Duplication Workstation
I use a simple three-step process to nuke failed drives beyond any hope of recovery by anyone, including the NSA.
.44 Magnum)
1. Open the drive case. (I use a
2. Pile a couple pounds of thermite in and around the drive, enough to cover all drive components.
3. Ignite thermite. (Did an earlier poster mention the Curie point?)
The result is a molten mass of metal. When it cools, you can toss the mass into any insecure dumpster.
Everyone knows the only way to truly destroy the precious data on your old hard drive is to throw it in to the fires of Mount Doom where it was forged and watch that sucker melt.
You know, those ones used to pick up cars.
This signature is part of a balanced post.
I start out thinking it would be easy to to a google search for a electric disk grater... something at would shred the disk so you could just end up with bits of metal. I'm sure they exist... but then I thought, you could probably just rent one of those truck-mounted tree chippers and chuck your disk drives into it. (There is probably a pun here about b-trees and leaf nodes.) A bit of overkill, but a lot of fun. Actually, the chances of collecting on an RMA, and it being worth the time and effort to file one are so small, you should just buy a dedicated disk shredder if you have a lot of them. Alternatively, store them until you've accumulated enough and have one of the mobile data grating services come and shred them along with the paper that needs to be destroyed. See http://www.shred-tech.com/mds/html/ among others.
If your drive does bad block management, I don't think there is a way to destroy all the data. Any blocks marked as bad still have data, but are unreadable, since any attempt to read or write them will get a spare block instead.
The general rule of thumb for data security sensitive industries is to never return the platters.
Most governments have arrangements to either get a discount up front, or to get the manufacturer to accept the top cover as proof the drive is destroyed, and then provide a warranty replacement.
For everyone else it is the cost of doing business. Depending on your business the risk is measured in years in court, 7+ digit claims and real impacts on stock price. Replacing failed harddrives out of pocket is cheap.
Best thing to do is remove the platters and store them as they take up less space, and once you have enough pay a degauss service to blast the entire box. Even then, get an artist to turn them into a piece of art for your front lobby.
This is the most succinct answer to this person's question, assuming hardware destruction has already been rejected.
If it's dead, it is DEAD. No plugging it into a box to write zeros and ones.
Your BEST bet is to eat the cost of the drives, and then degauss and then melt/feed to industrial grinder the remains.
Maybe you can cut some kind of deal with the bendor to just return the PCB top part, or maybe part of the drive case, but most likely they will laugh at you for trying to waste their time.
LongTail SSH Brute Force analysis tool is here!
they need external power source and in my experience they tend to be a lot more picky when handling deffective drives (which is what your RMAed drives are, right?).
Just a plain old ide card/mb with a removable caddy tray will do just fine.
TODO: 753) write sig.
i dont know bout you people but to be honest with you 1-0-1-0 wipes are not the best way to do it
there is nothing stopping you use any other chars you want the best way to obsfucate your data is to use random chars from where ever that way if they do decide to try recover your hard disk they dont know what to disregard(this is due to residual paritcles of magnetics on the hard disk they can still retrive little bits and just filter the 1-0's out and woo they get chunks of ur data).
If the drive is faulty, you just might not be able to overwrite the info (not reliably anyways).
I'm surprised he's even looking for this. I work in a place where for similar regulations we have to wipe HDs securely before disposal, but that's only for working ones. Damaged HDs cannot be sent back because of the info on them, they have to be destroyed locally. We take the platters out, but I'm not 100% sure how they get destroyed (probably degaussed then physically damaged). The companies we buy PCs from are aware of this too. If a drive dies in one of the PCs that's still under warranty, they replace it and we keep the old drive for proper disposal.
Such a device would only be useful for disposing of old PCs with functionnal HDs in them. I can't see the regulations let them do this.
///<sig
... a sledgehammer.
I've yet to hear of anyone recovering data after a good 5 whack "scrubbing".
I say we dust off and nuke the site from orbit. It's the only way to be sure.
Aliens was the best of the series, despite Winona.
Actually they also shreded all PDA's and anything else that could hold information. I almost cried when they shredded a 3 month old Palm Tungsten that was flakey even though it could have been RMA'ed but it was against security policy to send it out. Clearing the flash was not considered secure enough.
Put between two 12" Rockford Fosgate Punch subs, hook up subs to 1600 watt Phoenix Gold amp, crank the rap/techno/rock/country music for about twenty minutes Make sure magnets on subs touch hard drive surface. No way to retrieve data.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
That actually sounds like a very neat idea. Pictures? Tips from an expert?
I worked at a US Family Health Plan facility (like an HMO for veterans - one step below a VA hospital), and our contract with the DOD specifically listed the approved methods of data destruction. There was a software solution which we were able to use to recycle the hardware to poor rural school districs, mostly though we took those machines home or trashed them.
I would check with the DOD before you spend too much time messing around with drills or less-than-rigorous software solutions. They most likely have something in mind for the kind of information your facility handles.
No battles to the death are recalled. Mumpsman can hit to attack and cause brainsmashing.
Also, what do you propose to do when the electronics die? The info is still on the platters, but no software solution can touch it. You're back to those two choices again ...
See what I've been reading.
I am not sure if this would damage anything in the harddrive, but what if you bought a super strong electromagnet (~.5-1 tesla) and gave it several passes over the harddrive, wouldn't that be enough to erase the data?
Writing zeros doesn't work. The way modern hard drives operate, it is never possible for the sectors on a hard disk platter to be put back into a truly neutral state by the write heads, especially if all you do is write zeros over it. The current DOD standard for sanitizing confidential and secret data, 5220.22-M, requires for a sector to overwritten seven times with an alternating pattern to hopefully render the recovery of data from the sector impossible. However the DOD, as of 2003, suspended the use of this practice because a GAO audit determined that the inability to control the flow of top secret data combined with problems with the accepted algorithm caused top secret data to be recovered from hard drives removed from non-classified systems. The ruling came down that all hard drives from deprecated systems had to be physically destroyed in the interim until another solution was discovered.
Remember the Alamo, and God Bless Texas...
Assuming the drives function a good way to do this is to add a removable drive carrier for each device type SCSI IDE etc.. that you need to erase into a computer with wiping software installed. Just drop the drive into the carrier, insert into computer, Scan for hardware changes, wipe drive. Data Express make some really good ones. I currenly use this type of setup in a disaster recovery server to backup drives that are not connected to the network for various reasons.
The purpose of language is communication, If the idea is clear the grammar ain't important
It's what we do with dead drives, it's not quite a mangle really .. more an industrial strength shredder.
Ars Technica reviewed the Disk Jockey a while ago. You can plug in drives to copy, wipe, or compare them. Use alone or connect to your computer via USB or Firewire.
y .ars
http://arstechnica.com/reviews/hardware/diskjocke
http://www.diskology.com/products.html
If the drive needs service, it's probably too late.
The data has to be written to the drive encrypted, look into AES-256 on Linux (possibly with tweak).
Some hardware assist may help to get you going: my company makes a data assurance solution (plug).
In any case, with an encrypted solution: The data keys are revoked, and Bob's your Uncle - the data is gone. You need to secure your key repository.
If the drive needs service, writes may fail, so any "pre-service" solution won't be secure.
So, bring out the sledge, and whack that thing!
Ratboy
Just another "Cubible(sic) Joe" 2 17 3061
How about using a vanilla PC with a removable HDD bay. Grab a copy of Darik's boot and nuke from here. Set a few options on the boot disk and get it to run automatically when booted, set floppy as boot device. Now you can just whack in any HDD through the enclosure, power on, and it'll nuke itself automatically. Advantage of using lesser and more common hardware.
I knew a guy who worked for the Hubble Space Telescope Institute. He had a Silicon Graphics Onyx computer on his desk that he got from the Aberdeen Proving Ground in Maryland.
Turns out one day the soldiers at the base were ordered to destroy a number of these machines because they were told they had classified information on them.
So they dragged them out to the firing range and fired missiles at them - except for the one the graphic artist got - he convinced the soldier in charge to just remove the hard drive and destroy that with the other computers. He also recommended that they might want to destroy just the hard drives - they didn't go for that - and they blew away some expensive computers.
Milling machine.
Active volcano.
Blow torch.
Hydrolic press.
Acid bath.
Fire. It'll be pretty, too.
Thermite.
This industrial shredder can shred couches, refridgerators, or computers. It could probably erase your hard drive!
It's not *plagiarizing if you cite where it came from, arse.
-gjr
"No case-opening is necessary to use a USB/IDE converter, which might be a good middle ground. Any other ideas?"
Nearly all USB (and Firewire) mass storage devices won't allow you to do a number of things, including check your SMART info on the drive. It is probably not the tool I would use for this kind of operation, which could involve some very low-level IDE operations.
Slightly OT, but I recently had a hard drive go bad in a USB enclosure - it was maddening to not have any way to know of this beforehand, and actually somewhat of a pain to diagnose (is it the hard drive, the enclosure, or some cable?). I've sworn off ideas of serious USB or Firewire RAID because of this very problem.
-Erwos
Plausible conjecture should not be misrepresented as proof positive.
I'm not joking. One of my company's large clients refuses to send their drives off because of litigation they have been through before. They require us to totally destroy the drives before recycling any computers. We use a large shredder which turns the hard drive to dust within a few seconds.
We went through the routine of trying to get them to use an NSA approved wipe utility, or multiple formats and 1 byte garbage writes, but they weren't convinenced. Considering how many problems they've had in court before because old documents past their retention age have shown up I can't say I blame them.
"We can't solve problems by using the same kind of thinking we used when we created them."
I'll build you one. Seriously.
You make a list of all the drive interfaces you want, and I'll put together a system or systems (depending on how many) that automatically overwrite all data on them to match DoD 2250 on any boot.
Obviously this won't be able to overwrite data where the heads have failed, but it'll make a good attempt to blow away whatever is possible without hardware intervention.
As noted in another reply, the real answer is to change your RMA contract so you only have to return the covers.
Email me if you're actually interested in this.
Looking for freelance Actionscript (Flash/Flex) or ColdFusion work and/or freelance developers. Email me, put Slashdot
I think if the data is really sensitive, then there no way any deletion program would work. The reason is that sometimes the drive can detect bad sectors before they fail completely and copy it to a previously "hidden" sector. At this point, there no way you can access data on the "bad sector" to delete it.
Opus: the Swiss army knife of audio codec
I deal with this all the time. There are a few methods that have been approved. You can format with a writting a complete random 0's, 1's across the entire disk 3 times (this includes the protected area where the MBR sits and is hidden from normal usage). Or you can destroy the disk completely. Typically destruction of the disk entails dismantaling the enclosure, removing the platters and then emmersion in a acid or burning in furnace to melt the platters. Hammers are not recommended as the broken pieces can still contain data which given enough resources can be extracted.
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
FIRE!
- olive oil
- fine sand
- cigarette ash
The HDD mechanism was still functional, and since there was no physical defect I decided to ensure they I got my warranty's worth on the RMA.Not a secure delete by any stretch of the imagination, but I feel fairly confident that the drive ended up in a discard pile instead of in another laptop as a "reconditioned" part.
Vindictive? Probably, but I also felt that their QA team was to blame for the failure in the first place. They inconvenienced me, so I (in some small way) tried to return the favor.
Just like the said in Aliens "Nuke the site from orbit, it is the only way to be sure". Buy/Build a forge and then take the old platters our and burn em up (don't put a whole sealed harddrive in, it might asplode).
Any other ideas?
Disassembly the drive with proper tool. Use the acetylene cutter on magnetic plates to burn surface. I have witnessed this procedure on damaged (heads drop) mainframe disks with secret data several decades ago. You even need no electricity, for which may come handy if your shop is currently... under siege.
There you are, staring at me again.
1) Locate a bitch box (faster is better for randomizing writes).
2) Locate enough HBAs, adapters cables et cetera do be able to do a good batch of drives at a time.
3) Get a DBAN cd, floppy or USB drive.
4) Wipe it.
5) If you have any reason to think the drive is bad (slow erasure, clicking noises et cetera), DEGAUSS it.
6) LABEL ALL DRIVES PROPERLY. Note who wiped it, with what setting, how many passes et cetera.
v4sw6PU$hw6ln6pr4F$ck 4/6$ma3+6u7LNS$w2m4l7U$i2e4+7en6a2X h
I would recommend trying Eraser, which is free, easy to use and seems quite credible.
:)
With it you can erase everything on a disk or just unused space or selected files with selectable number of patterned overwrites (not just 1 or 0). Supports the elsewhere-mentioned "Darik's boot and Nuke method". Integrates very nicely and non-obtrusively into MS operating systems.
With the risk of sounding like a fanboy: Recommended
Here's the blunt facts. If you need to destroy the data completely, you can't give reasonably intact platters back to a company for RMA. Period.
However, let's look into this. If your disk is one in a RAID5 or stripeset, then collecting the data off of it intact is only going to be moderately useful at best. How much can someone do with every seventh (or so) block of data?
If you're doing truly sensitive stuff (healthcare, military, etc.) then I don't see any alternative but destruction. If you're dealing with 'typical' corporate security, a narrow-stripe RAID5 (or 0) and a decent wipe utility should be sufficient.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
The drive housing may, in fact, shunt the field around the drive if it is ferromagnetic. (See if a magnet sticks to it)
If it were me, I'd make a nonmagnetic aluminum housing to screw the drive onto, pad the hell out of it (just incase I slipped), and head on over to Radiology, and use a 10 Tesla (or stronger) MRI to erase that bad boy. I'd rotate it in all 3 dimensions, more than once, just to make sure.
If the field you use demagnetizes to the servo and drive magnets, it'll probably be safe to return for replacement.
I agree that it's probably better to eat the cost of the drives than to risk the getting made the poster child for HIPAA. (You just know they'll looking for someone pull a Martha Stewart on.)
--Mike--
We have done a few of these setups. Essentially we set up a rack at your location that has several slots for ide or scsi drives, you plug the disk in and it wipes it and reports the serial number of the disk as wiped. You can also have a barcode sticker on the hard drives and scan it with a barcode reader(optional) during erasure. Check out our site. And tell em Mike sent ya ;)
http://www.blancco.us
is to destroy it with something VERY VERY heavy, oh, I suppose, a multi-tonne press of some kind. And if you have access to a multi-tonne press, I personally would sandwich it along the plane of the platter. That way you have a better chance of physically distorting the platter, let's say, into a "V", "S", or "W" shape. After that, toss the remains into a chemical bath capable of solvating Iron, Aluminum, and Copper. Your choice of strong acids might include 12.1 Normal hydrochloric acid, 36 Normal sulfuric acid, and possibly chromic acid. Another technique used for solvating iron, and this method is very dangerous, so kids, don't try this at home, I mean it, is to take concentrated nitric acid and 30 percent hydrogen peroxide and slowly, I mean slowly, pour the 30 percent hydrogen peroxide into the concentrated nitric acid. WARNING: The fumes from this concoction will cause severe damage to the respiratory track, skin, eyes, and any part of your body left exposed. THIS CAN BE EXPLOSIVE WHEN MIXED TOO QUICKLY: IT BOILS AND SPATTERS AND ENTERS THE GASEOUS PHASE RATHER QUICKLY. Common laboratory gloves (latex and blue nitrile), even triple gloving, will not protect your skin. This chemical concoction literally breaks down all organic material and dissolves iron, iron oxides, and many other metals etc... To safely work with this chemical you need commercial industrial strength black rubber gloves, appropriate goggles, face shield, and environment suite.
This is serious stuff and is not appropriate for practical jokes, and will cause serious injury when used inappropriately. In short, we all saw what water did to the Wicked Witch of the West in The Wizard of Oz, well this stuff will do exactly that to human and animal flesh.
Given my experience using concentrated nitric acid and 30 percent hydrogen peroxide for cleaning glasware in graduate school, this should be sufficient for destroying just about anything.
Cheers!
Whatever happened to "pistols at twenty paces"?
If standards require that confidential data be protected, then you won't be able to return such a drive for RMA. The only option to protecting the data is to destroy the drive. You might be able to work out a deal with an understanding vendor such that you return an identifiable piece of the drive, and they will provide a replacement drive. However, drives are cheap, and finding such a vendor may not be easy. An alternative would be to insure the drives against failure for a limited time.
Destroying the drive: Consider removing the platter(s) and applying them to a grinder (most grinders have wire brush wheels). Follow with an acid bath.
There are a lot of ways to encrypt a disk, either using disk virtualization or on an OS level. This ensures that your data is useless to pretty much anyone short of the NSA. If someone swipes a disk from the lab and wants to take a "peek," or finds a laptop your contractor accidentally left in the park, you're safe. The performance hit these days on desktops is negligable and on servers seems acceptable. And good luck decrypting a disk that's been degaussed or otherwise had data overwrites / losses.
Encrypting disks these days is pretty painless and automatic, and ensures one more way that your private data is going to stay private. Highly recommended.
The ______ Agenda
Why can't you simply write nothing but 1's (or 0's) to every bit of the hard drive? If anyone could give an explanation, that'd be great!
EMP the sucker.
For how to build one, just look for instructions on how to build a coil gun and dry-fire it. Although, do this away from other electronics that you don't want securely deleted.
There is a machine that is purpose-built for this job: the SSI Quad.
I once purchased a 'brand new' drive from a local supplier, and upon installing it found the complete patient records of a local psychiatric clinic.
I called the supplier's MD immediately demanding answers before 'dd'ing the disk. This could have instantly destroyed not only the patients reputations but the suppliers business. Seeing how serious the supplier took the matter, knowing how ethical and honest they'd been in all my other dealings and knowing that neither myself (or likely anyone else) had seen the data, I choose not to pursue it.
Apparently, someone had mixed up drives during a machine service/upgrade.
Be VERY VERY careful - an accident like this could destroy people's lives.
He said remove the jumpers and reformat.
If the electronics were fried, you couldn't do that.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
ICS DiskMASSter devices are for imaging drives for forensic capture, and they have DOD-compliant wipe routines. They're quite configurable. I have used the IDE one (1 master and 8 target devices, can wipe all nine at once, IDE plus SATA adapters), and the SCSI one (worked with everything SCSI (50 pin, 68 pin, SCA) except a few disks from a Sun Enterprise 1000, but the little bird inside may have died of old age in them.
http://www.ics-iq.com/
I have an old scsi drive with a little A-10 symbol on the board and a mil spec type number on it and rubber shock mounts on the corners. I always wondered how the heck it ended up at the bottom of the world down here. Maybe it fell from a passing plane....
We used one of these at the last place I worked. Plug the drive into the unit using an external swappable bay, and you're set. Does 7 pass DoD standard wipes, and is hella fast in doing them.
Also great for doing direct data copies of an exsisting drive for backup.
Given the right case, a solid state drive,
some SCSI cards and one of various pieces of software, I can imagine such a beast.
But can you imagine a beowulf cluster of... ahh nevermind.
Are we to understand that you saw some *really* bad porn, and wanted to be sure it was gone?
Of course, if you're planning on reusing the drive it's not really a great option.
Especially under HIPAA, we are talking thousands of dollars *per* violation. To simply write zeroes or random bits to each sector is not good enough. Melt that thing into slag or destroy it in acid, then pick randomly from the leftover bits and dispose of them in separate physical locations.
Run a Google search for "external hard drive case" and buy MediaWiper. Piece of cake.
http://nerdfortress.com/
There was a company advertising information destruction services. They had degaussing devices, and an even better option. Tom's Hardware did a story on the RSA conference and took some pictures, which you can see here: http://www.tomshardware.com/business/20050219/rsa_ conference-06.html#sem_destruction_guaranteed. If anything can do what you want, I'm guessing the hard drive shredder that they offer is just the thing.
Check out our infosecurity industry blog: http://securitymusings.com/
What you need to do is to never store plaintext data on the hard drive in the first place. I believe Asus makes a system case with built-in encryption and a company in Norway, High Density Devices ( http://www.hdd.no/ ), builds an after-market device that sits between the mainboard IDE controller and the drive. Keying material is physically and logically NEVER part of the CPU or main memory. The advantage to both of these is that the encryption is spindle-to-rim; even the MBR is encrypted. 256-bit AES is good enough for the U.S. military right now - the CNO has even allowed it for classified data.
With these solutions, when the drive crashes, just send it to the recycler - no keying material means that the drive contents are digital kibble.
Spiritus ex Machina
"The universe is not only stranger than we imagine, it's stranger than we CAN imagine."
I'm going to try something out when I get home.
;->
Open up the air hole on an old drive, and use a can of butane lighter fluid to fill the inside with a nice gas/air mix.
A bit of tape over the hole should seal it up so that I can get far enough away to light it. I think I might even try the trail of gasoline method of lighting as it only has to be hot enough to melt the tape.
We used to do this with old monitors (drill the face and pour gas in) but this sounds like fun...
Should wreck the platters and make a nice bang in the process. A brick wall to hide behind is always nice.
I'll post the pics when I get back to my supply of old drives
------
All Your Fish Are Belong To Us
You could take them to a company that has an industrial shredder. The kind that shreds metal, not just paper.
Or you could do what I did for the longest time - stack old drives up in a cardboard box in the corner of the vault.
Failing space for that, disassemble the drive down to just the bare platters. You can toss everything except the platters. A box in the vault (or wherever) will hold an awful lot of those platters. The magnets you'll recover are fun, too.
Finally, take the platters to the firing range. Mount them on targets. Have a relaxing afternoon. I know I did.
"An unarmed man can only flee from evil, and evil is not overcome by fleeing from it." Col. Jeff Cooper
"...entropy data generated from an onboard Random Event Generator. "
Like a cup of really hot tea?
Spiritus ex Machina
"The universe is not only stranger than we imagine, it's stranger than we CAN imagine."
Use one of these. No, you don't have to open the case, although you may need to work a little harder if you don't.
More seriously, you can use one of these.
A more elegant solution is to encrypt your data to begin with.
After the upfront cost/time of putting in the encryption solution, replacing and discarding drives incurs zero overhead. An encrypted drive is useless to anyone who does not have the encryption key.
Encryption also provides ongoing protection for the drives during use and for backups.
You can start your look here.
Where can I find info on DoD 2250?
Douglas Calvert
Put the harddrives in a kilm. Boil off the magnetic media. Once the media has evaporated nobody will ever be able to recover the data. Watch out for toxic fumes.
There was a two-part segment on the Screen Savers with Patrick Norton and Kevin Rose covering methods of data destruction, including software, grinding, acid, thermite...
Watch it here
Mr. Hammer.
Just give em to my two year old
Si vis pacem, para bellum! For evil to succeed good men need only do nothing!
SafeGuard Easy
Plenty of businesses use it to encrypt a hard drive (boot time password) prior to production. This way, if the drive fails mechanically and the data can't be destroyed (without physically destroying the drive), the data is still encrypted. As a plus, there is no need to wipe a drive since you only need erase the SafeGuard Kernel which renders it just about as useless. There was a case a while back where one of the European countries tried to brute force this software for a criminal trial and could not do so.
For HIPAA, you'll need to physically destroy a drive if it has failed mechanically and you can't otherwise wipe it.
Don't get me wrong - this software is a pain in the ass since you have to decrypt a drive using the admin software if the underlying OS becomes unbootable. But it is a relatively simple solution, otherwise.
More
How about one of the commercial devices for just such a purpose such as thish tmm l
http://www.pctestpro.com/disktest/disktest.
or this
http://www.softwareandstuff.com/TOL10248.ht
AS we use the Pro Drive system at my shop I know it will do Government approved wipes.
Hope these fit the bill.
Some vendors offer a secure disk contract, for which you pay extra but, in return, never have to return a hard drive. It gets diagnosed bad, you get a replacement disk and you do whatever your heart desires with the defective drive.
I suggest a large, hot fire.
On another note, other posters are right: if your data is really that sensitive and you don't have a support contract like the one I mentioned, it's likely cheaper just to buy a new drive rather than risk millions of dollars in financial losses or the leakage of classified information.
# dd if=/dev/zero of=/dev/hdb
or sdb, or whatever.
However, this is NOT secure enough for some purposes, in which case a 25lb sledge hammer will do - more fun anyway.
When all you have is a hard disk, everything begins to look like a sledge hammer.
The link is mid page on the right. I think it's video part 2
I'd really like to know where you work so I can make sure your employer get's their ass sued off for exposing people's private information. If you and your employer are such ignorant cheapskates that your would RMA a drive with people's personal information then neither of you should be roaming free.
If the security of the content on the drives is that important, they should be encrypted. Encrypting the drive almost eliminates the risk of data disclosure from theft. It's tempting to think that the organization is secure and that nobody could pull an inside job, but it's deluding yourself. Each drive should be encrypted with a DIFFERENT key. When a drive fails/is stolen, it is not a worry.
...a hammer?
There are two well-known, accepted methods for doing this.
The first is the non-destrucive method, which works well if the security of the data is merely important and not absolutely critical, and if the drive is functioning correctly. I think the easiest thing to do is keep a PC around with a Solaris x86 install, hook up the drive(s), run fdisk, and then run format and choose analyze from the menu. The analyze menu has several sub-commands which are destructive and write a series of bit patterns all over the disk. If you run format in multiple terminals (with xterm or screen or whatever), you can do as many disks at once as you desire, and you get a progress update in the form of cylinder numbers as well.
The other method is the destructive method, which is appropriate when the data is very sensitive, or when the drive has failed and you cannot use the software method. The method is very simple. You get a mask to make sure you don't inhale tiny particles, a pair of safety glasses to protect your eyes, a pair of vise grips to hold the disk platter firmly, and a bench grinder to ensure the bits are scrambled. You probably also want a canister vacuum cleaner, and work gloves will keep stuff off your hands but probably will not protect them much at all if you get flesh near the bench grinder. In some cases, it may be best to postpone the destructive method until you have some stress to blow off (provided this doesn't make you act sloppy and careless around the bench grinder). Whether you merely remove the surface or grind the whole platter down to dust is your choice.
I don't know if this is secure enough, but....
o du cts_id/574
http://fwdepot.com/thestore/product_info.php/pr
When you say "secure" I have to ask "how secure?"
For example, in any situation that deals with classified data, once classified the disks can never, ever be unclassified without physical destruction. Part of the reason is that data recovery technology is VERY good, a few years ago, state of the art was the ability to recover data that had been overwritten up to 20 times.
In a nutshell, it worked by looking at the "edges" of the data tracks, because of the minute variations in head positioning, each time the drive wrote out data, the write head was not perfectly centered so there would be enough "splash" on the sides of the track to be able to recover the information. And that was a few years ago, who knows how good the tools are today.
Another thing to watch out for with all of these software solutions - you can only over-write what you can access. If the disk has acquired new bad sectors during its use, the controller automagically copies the data to a spare sector and then puts the bad sector on the "grown defect list." Generally, through software, you can't get to the sectors on the grown defect list - the controller has them remapped to the new sectors But, someone with the right tools can usually read those sectors well enough to extract the data from them.
Do you care about that level of security? I don't know, but you should at least be aware of fragility of most solutions proposed here so far.
When information is power, privacy is freedom.
It uses modular exponentation to generate a cryptographically random sector distribution list, ... then cuts power to the drive and degausses the entire disk.
50% Informative and 50% Interesting? For such a pile of random buzzwords shoved into sentences like five year old stacking their toys into a big heap, I was expecting 20% Funny, 40% Overrated, and 60% Troll.
Oh come on, slashdot math DOES work like that.
LAVA!
:)
If your hard drive or the data survives the lava, let 'em have it, because whoever goes diving into lava to get a hard drive obviously *really* wants to get the data.
My method has the benefit of being a bit more fum than a degausser or wipe utility. (Actually I wiped them first...)
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
A hundred amps, intense heat and sputter. Ten seconds a drive. Hard to go past that for making data unrecoverable. (-:
Good luck RMAing the drive - "Uh, it jus' come apart in me 'and, surr" - but OTOH anything you do to erase the data on a dead drive is likely to void the warranty anyway."
Got time? Spend some of it coding or testing
I think something like this would do the trick: 2.5hp Chipper Shredder.
Certain TLA's simply shred their hard drives, but then money's no object for them. Here's a company that'll do it for you. Boy could I have fun with one of those.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
ok... let me get this streight...
your going to delete information on a drive your about to RMA because it's dead...
so you want a peice of hardware/software that will magically bring this DEAD drive back to life, and write to the whole platter 7+ times?
sir, if you can write to the WHOLE PLATTER enough to erase data on a DEAD DRIVE then your drive probably isnt dead.
and if it isnt dead, and just flaky... i've noticed that linux via ide and isb-ide devices allow you to read/write to flaky drives usually. and there is some software out there that can do that. alturnatively you can probably just write a script that will write 1's, then 0's to the whole drive multiple times and at the end will write random characters to the drive.
in fact, i think i'ma go learn how to do just that.
---- The first point-and-click interface was a Smith & Wesson
So, she tests a lot of kids for ADHD and High IQ.
If I toss a computer that might have old data on it, even if I "Just" reformat it, who is the HIPPA criminal?
The person (my Wife) who trashes the hardware, or the malcontent who goes thru to read some obscure file format, to determine some kid's IQ?
This issue is a bit more complicated than you think.
The best way is to not worry about returning the drives under warranty, just buy a new one.
And as for the old one, a sledgehammer and a horseshoe magnet should do the trick. Beat the HE-double-hockeysticks out of the drive (or maybe just the removed platters, if you want to save some energy by unscrewing the case), and then pass a magnet over the fragments a few times in the hope that anything still left might be scrambled.
A solar death ray should be able to handle a hard disk too. 600 degrees Celsius should cut it, eh? Of course, it's cheaper just to shatter the platter with a sledgehammer.
(Disclaimer: I am not a lawyer, engineer, physicist, chemist, biologist, or healthcare professional, nor do I play any of the above on TV. By acting upon any suggestions contained herein, which do not constitute expert advice, you agree implicitly to this contract. I am not responsible for injury, death, destruction, dismemberment, liability, or prosecution such as may ensue from your actions. Use at your own risk, contains no CFCs, Barbie(R) dolls do not talk or move by themselves. Do not eat iPod shuffle)
Until this week I worked at a place where we had to deal with literally hundreds of bad drives and a company hyper-paranoid about data security. Old drives were sent to a scrap yard to be shredded but the data had to be well and truly trashed first. DoD wipe works great but only for good drives, not bad ones.
Our solution for bad drives: A drill press. Drilling is fast and reasonably secure. It keeps the platters together with the serial number for easy record keeping. Drilling completely through the drive makes spot-checking a breeze. Just be sure you use 3/8" cobalt-tipped bits (that thick top plate will eat plain bits like candy) and stab them into a can of Crisco every so often to keep them lubricated.
Note: This may void your warranty.
Never approach a vast undertaking with a half-vast plan.
Data slagging would make it impossible without a doubt to recover data. All you need is a friend that does metal casting and your in business.
Note: This is a great way to pick up th' ladies.
http://driveslag.eecue.com/
OMG!!! DOUBLE PLUS FUNNY!!!!
Sometimes I wish I was a plumber, then I'd know how to deal with other people's shit.
One word...MAGNETRON! juss nuke it
perhaps if you're 15 and found that the auto re-imaging process on those machines has made all your scripts useless?
Mongrel News all the news that fits and froths
If an agency is working with sensitive information, why is ANY information stored on individual PCs? Information like that should be stored centrally, so access to the information can be audited easily. And if it is so important, do you really want to be in the game of keeping it where it can be lost if a PC goes down?
I work in the banking industry. We do not allow any information to reside on the individual PC level. I maintain the PCs... I don't bother to ask if you have personal info when it is time to replace the PC... if you do, you are violating company policy and would be written up.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
Before you return the drive ask them how they would like you to destroy the data. The might be entitled to their drive back, but they need to tell you what to do. If you are trustworthy they are likely to say something like "Send us the circuit board and destroy the rest". Normally they want proof that you are using the RMA to get a second free drive. Sometimes (rarely) they want the broken drive so engineering can figure out why it died, in which case they might have other instructions. You need to ask though.
Something like that we use at work to wipe drives to the DoD standard...kinda expensive, but can be used for other things too. Sorry I couldn't find a link
If the sledgehammer treatment seems too uncivilized:
Try this.
Our 1.5-tesla phased-array coil MRI does the trick for me.
For drives that need to be RMA'd from "black hole" environments, you can usually just send the cover plate back. They may want the drive w/o the platters, and they may want you to sign a letter indicating the drive has been destroyed, but most drive manufacturers have to deal with the reality of users (esp. government) not allowing the drive to be returned.
How about simply running a high-powered magnet around the HD while it's running? WOuldn not such a crude method be effective?
How are you going to get a "Dead Drive" to spin up and work in the deletion process? There's a real simple fix for this one, friend - take the drive outside and beat the living hell out of it, shatter every plate, and throw it away. Take the money you saved by not implementing this crazy deletion box, and buy ten new disks.
If you're looking to invest in something that will make deletion of data on dead drives easier, you can find it at your local hardware store - it's called a compressor and air tools.
Very customizable and tasks (as the individual wiping profiles are called) can be customized to be fast or extremely thorough.
And he's right. It's cleared for use in wiping classified disks, so I'm pretty sure it'll cover HIPAA too.
All you should need to destroy the data on a hard drive is an electro magnet. At my work we had one, that was a little smaller than an iron, that we used to rapidly destroy round reel, and cartridge tapes.
I'm not sure if this is what you're looking for, but it seems like it might fit the bill. They're made for the IT pro or a forensic analyst --- or so it seems:
p hp
http://www.diskology.com/
http://forensics.wiebetech.com/products/adapters.
I hope this helps, there are probably others, these are just some I know about.
Microwave
There is no such thing as a perfectly secure wipe, especially not of a drive you can't write to. Crack the case, pull the platters, run them through an industrial metal shredder. I defy anyone to retrieve useful data from a mixed box of shreddings from multiple platters from multiple drives.
Media that can be recorded and distributed can be recorded and distributed.
-kfg
Sounds like a good job could be done automatically by changing the application code for the Linksys NSLU2 which as we know has complete Linux source available and also has a substantial following.
http://www.nslu2-linux.org/
1) Format to EXT3 deleting all partions.
2) DOD wipe. Format to Desired End state.
Mail if you are interested. Cheers!
Vista, the single biggest argument for Desktop Linux! It doesn't "Just Work"(TM).
Why do you expect more out of the moderators than the chatterers themselves are capable of?
Deguassing works great, except the drive is unusable afterwards (everything inside gets messed up, motor, magnets, etcs). It is the one universally accepted method for destroying classified hard drives. Just make sure you are really far away from the machine with any credit cards when it gets turned on.
Sounds like you work in a healthcare facility.
Is it a hospital, perchance?
Why not shoot the HDD's through your MRI at night, when the machine is idle? It should be fun to use that big ol' magnet as a mass driver! Just reinforce/protect the wall it will fly into!
Seriously, though. A *really* strong magnet ought to do it, even if the MRI approach (OK, dangerous projectile run through expensive gear) might not be the one.
I find it hard to believe that you find a sledge more fun than a torch, a better workout yes, more fun no. But I may be biased, my grandfather is a retired master welder (or something like that, whatever you call the guys rated to assemble submarines). Time to spend some quality time with grandpa. ;-)
Active volcano
;-)
Good idea, time to visit volcano national park on the big island of Hawaii. Honest Mr. IRS Auditor, it was a business trip.
As much as I enjoy hi tech it is not the answer for everything. C-clamp the platter to a bench, put a second c-clamp in the hole as a safety, apply the belt sander.
Been there, done that. At least with AOL CDs. They launch just fine but they are much faster than a clay and present a very slim profile. Nearly impossible to hit. I don't expect platters would be much better.
(You can substitute a Brillo pad if Svinto isn't handy.)
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
Your best bet is to take a large hammer and hit the damn thing a few times until it sounds like confectionary sugar inside. simple fix. :P works like a charm.
I've done that before.
While it can be finicky about drives, depending on how much you want to spend you can duplicate or wipe (to DoD) virtually every disk you can get your hands on.
http://www.ics-iq.com/
0-5 lbs. is a hammer.
5-8 lbs. is a maul.
Over 8 lbs. is a sledge.
Now, back to your keyboards, I've work to do.
a good free utility is SDelete, developed by Sysinternals Freeware. 5220.22 M compliant. What's good about this is you can choose the number of passes on a drive -- in case you didn't feel safe with one pass.
That and it's free
Mens et Manus
One Word... kiln.
(but keep the magnets!)
I've always been told that Aluminum will burn like magnesium if you get it hot enough. I wonder if a cutting torch could ignite it?
well in this context anyway
Engineering is the art of compromise.
The platters make nice hand mirrors.
The closer you are to the code, the happier you are. - Ancient Geek Proverb
Then the hard drive will be in some random time and place, with a very very slim chance to be found by anybody who could read them?
There'd be less of a chance than a stored broken drive getting stolen.
I use a Craftsman drill and a small carbide bit. Goes through all drive platters like butter. Don't even need to remove the drive from the machine (assuming the whole PC is being decomissioned, of course). I suppose it would be possible for someone with incredibly vast resources to recover some bits and pieces of data, but man, I doubt it. Think of all the shrapnel grinding around in there! You'd have to have some pretty sensitive and valueable data on that drive to need better than this technique, I think.
I am not left-handed, either!
At out office we have a machine that has different rail sets for our drives (which are already in carriers - some LianLi others StorCase), so we just lock them in and boot off of a floppy (mini-linux distro homebrew). We then 'dd /dev/hdx' a couple of times before we take a radio shack magnet to them. Afterwards we dismantle the drives and either smach the glass platters or make frisbee/wall decorations with the metal platters.
Not sure if this is something you can use, but it has come in handy for us. I imagine with SCSI you could have an external tower with rails in them for sliding the drives in and out without having to crack the case each time.
I only need the Preview button when I haven't used the Preview button.
To wipe the drive insert a knoppix disk, once booted mount your partitions. Cd to a partition and type
# shred [options] *
man shred for specifics but shred does NSA style wipes of HDD with as many overwrites as you want (25 is stock) then follow it up with rm -Rf * (since shred destroys the data not the "name") then once all files on all partitions are "wiped" fdisk it, one big partition and put a new file system on it.
This can be done to NSA standards with a little bit of effort.
shred is beyond any doubt the most overlooked utility in Linux/Unix.
I'm sorry, I'm to tired to be witty at the moment so this message will have to do.
http://www.fwb.com/html/diskjockey.html
Security Erase - Disk Jockey offers you two levels of disk erasure: the first is the quick, one-pass hard disk data erase which erases all data on the drive. The second is the NSA standard three-pass erase for ultimate security. Perfect for government and forensic applications when security is critical.
http://www.logicube.com/ The sonix one has a 7 pass DoD standard wipe option.
The only way to thoroughly and fully delete all the data on a hard drive is to cast said hard drive into the fiery cauldron of Mt Doom.
Just Purchase one of these... http://www.ics-iq.com/index.cfm/action/catalog.bro wse/category/WipeMasster/id_category/24e3fd9e-e45d -489e-a15b-6fcd2f807f0d
It won't work with some of the physically damaged drives, but it is the best solution I have seen.
Click Here
// TODO: Insert Cool Sig
For God's sake people, could we be realistic? I realize that Slashdot is full of Type A geeks, but civil commitment-level paranoid Type A geeks?
If you work with a government security classification, then to be safe, this does not apply, but for the REST OF YOU:
Completely overwrite the drive in one pass, or completely write off the drive and take a sledgehammer to it.
Other than a few articles that suggest that you could retrieve data from a hard drive platter using magnetic force scanning tunneling microscopy, can anyone document any instance of somebody actually recovering data from a fully overwritten or fragmented platter?
Have you considered how many people actually have access to a scanning tunneling microscope?
Have you considered that this technique was described at a time when hard drive areal densities were less than 1 Gb/in^2? (that is less than 1 GB per platter)
Have you noticed that nobody has described the SPEED at which a scanning tunneling microscope can read data off of your not-obsolete-but-not-so-'leet 120 GB Maxtor hard drive? Will you and your family be dead before a significant fraction of the surface has been examined for the purpose of recovering your oh-so generic porn collection?
And finally, but perhaps most importantly, have you, like most teenagers, figured out that only a remarkably small fraction of humanity cares for you as anything more than an economic statistic?
If you want to brag about how unrecoverable your information is, then that's great. But intimidating normal people into going to paranoid lengths to "secure" obsolete data is just going to make it more of a problem than it's worth.
If I want to get your private data so badly, I'm going to save myself the trouble of buying/renting a scanning tunneling microscope. I'm going to watch you go to work, school or the grocery store, and I'm going to smash and grab your computer and/or hard drive. It's cheaper, easier, and by God faster than any technique besides "embarass the formerly anonymous idiot seller on eBay".
I have to clean 5 drives a month, every month, and reuse if possible. I have turned to running Norton Ghost of a Fresh windows install overnight (all of our workstation drives are 80 GB drives) and physically "Deleting" (1500lb press brake) those that fail. Cheap, easy, and secure. I do wish a piece of hardware existed out there, off the shelf, to do what you suggest though.
Physics is nothing like religion. If it was, we'd have an easier time trying to raise money!
#!/bin/bash
PASSES=50;
for LCV in $(seq 1 ${PASSES} );
do
dd if=/dev/zero of=/dev/hdX bs=1
dd if=/dev/urandom of=/dev/hdX bs=1;
done
echo -ne "Now go dump your disk in acid! ^_^"
Watch the videos on http://www.goldcircuit.com/
It's a really neat place where old computers go to get ground up. Looks like they could handle a few tons of hard drives per hour too...
If worse comes to worse, makes for some good internet tv watching...
Currently at my location the policy is "The bomb" gets dropped on all old outgoing hard drives. Essentially a very powerful electro magnet is fired at the drive equivalent to the EMP of a 20KT blast. Destroying any data on the drive and some of the IC's on it as well rendering it permanently useless and unrecoverable. Along with throwing it accross the containment chamber making a really neat sound.
I am ignorant in this regard, but what about a good old fashioned magnet?
Since the hard drives are magnetic, I would think that swiping the drives with a big magnet would wipe them entirely.. would it not?
There's tons of available software. Just dedicate a PC to the task and shove drives in it and wipe them with any of the many secure erase utilities out there that at minimum do the DoD standard patterns. Some of the utilities do a great deal more than the standard DoD patterns for better security, but they take longer.
If the drive is malfunctioning at all, don't trust the delete. And don't trust deguassers unless you've really done your homework on the theory (how much does it take to destroy your drive? it varies by drive. What distance does the device need to be from the platters to be effective? Can you leave the case on?). Even if you can answer those questions, I would feel better using physical destruction than degaussing.
Don't trust simplistic physical destruction either, like drilling holes, or whacking the whole drive with a hammer. People can and will extract data off of fragments of platter. Best bet would be to open up the drive, remove the platters, and melt them with thermite. Don't do it in your office though, do it outside on thick pavement or something - the stuff is very hot and very dangerous. Google for how to make the thermite yourself. Basic ingredients are essentially rust and finely powdered aluminum, and a magnesium strip to ignite it with. It'll melt/burn the platters.
11*43+456^2
Like this one
Im pretty sure I know what that is.
Just my guess, but I believe thats one of those drives from 'not classified but sensitive' kind of data. We got a bunch of pallets like that with mil-spec drives and such.
The sorta-classified is usually ranked as such if too much of that sorta-classified data comes together, it could create a classified source.
Mainly, the reason for sorta-classified is to make it easy on us to not have to keep track of those. We have to tally every week (or day, if we use paper) whenever we use classified or top secret. It sucks.
Sorry folks, I'd rather rely on my community there than a bunch of fellow /.'s (grin). Elitist? Yar!
"[I]t is a wise man who admits the limits of his knowledge or skill, and that pretending either causes harm." --Terry Go
As I know, most drives now days are built using glass substrait platters. For example, one day I took apart a dead laptop IBM drive once. As I was playing around with it, I dropped the drive. What really sucked however, was that the all the platters shattered into tiny glass slivers/shard which made cleanup a major PITA.
But now that I think about it, this really is good for security. Should the FBI ever come knocking on my door (not they would have a reason mind you), I would yank the drive and hit the damn think really hard with a hammer. What do you know eh? An instant maraca!
Life is not for the lazy.
As a first step, you should keep the data encrypted on all your hard drives while you are using them (both Linux and Windows/NTFS will enable you). Then, when you want to reuse them, you erase them with the best tool around. If someone will try to recover data from that HD, they will get, at most, fragments of encrypted data: not very informational.
1. Encrypt
Miracles can happen in hard disk recovery, much more rarely in encryption. Even if it auto-boots, all you really need to destroy is the key block, other fragments are useless.
2a. Wipe
If it is working, use something like dban to work it over. The only potential danger left is that the key block has been remapped (less than one in a million chance of that, on top of everything else).
2b. Degauss
If it is not working, degauss it. IBAS and whatnot sell them. See if you can get it RMA'd (If you're a company with legitimate security concerns, they will... otherwise you might switch HDD supplier). If not, I guess you have to eat the cost.
3. Total annihilation
If the first two didn't cover it, open the drive, degauss the platters directly, shred them to shrapnel and then melt them to a piece of slag. You can still try to get a RMA based on the casing, depending on who you are.
The truth is that RMAs, with shipping, diagnostic, refurbishing, repackaging and reshipping costs quite a bit due to low and sporadic volume. A large steady volume of purchases is worth far more than a few missing RMAs, don't forget that when negotiating.
Kjella
Live today, because you never know what tomorrow brings
In Linux, the command would be 'shred /dev/hda' The shred program will do multiple passes of random data (default 25) /proc/partitions should give you a list of the drives available and their sub-partitions. If you're shredding the entire drive (/dev/hda) you can safely ignore the partitons (/dev/hda[0-9]+).
Knoppix boots off of a CD-ROM, so you don't have to worry about accidently erasing the OS -- and, as long as the machine you're wiping can boot off of a CD, you can even shred the drive in place before you take it out to ship it (just make sure you shred the right drive).
If you want an 'appliance' then you can build it with
- A boot CD-ROM
- an external USB drive enclosure which does IDE->USB.
- a SCSI controller with adaptors for the various drive plugs. If you start with an ultra-wide drive, you should be able to get adapters that will allow you to go all the way back to old SCSI-1.
- an SATA controller/plug
- I don't know if there are any native-firewire drive. Chances are you should be able to take the raw (ide/scsi) drive out of the enclosure and use one of the other connectors to munch it.
- Spare cables... If you do this often enough, the cables will start to wear out. As they do replace the cable in the system (avoid plugging/unplugging the end that connects to the board as much as possible to avoid permanent impairment).
- You may have to build your own kernel to recognize RLL drives and controllers, or older, but Linux should recognize it. You will probably need a mobo that accepts ISA cards (P3 or earlier CPUs, generally).
For something that even a custom-build Linux kernel can't write to, I think you'd probably have to go to early '80s technology (or really esoteric hardware that's more recent).(to 'load', you just unplug the enclosure, load a new drive, plugi it in. The system should recognize it. Syslog output should give you all the info you need).
Free Software: Like love, it grows best when given away.
I have no doubt that you could use an AVR or PIC microcontroller to do this, and it wouldn't even be hard to design. IDE interface, microcontroller, maybe some kind of random number generator, and you'd be set.
This is kinda interesting, I think I'll look into it. Add a few buttons on the front of the dongle to chose your paranoia level..
I took a drill and drilled a crapload of holes in them. Then I carted them down to the motorpool and had an M1A1 tank run over them.
You'd be surprised what we used tanks for back in the day...crushing tank air filters, crushing empty cans, crushing looters' cars, etc.
Provider of warm, scurge of Prometheus. Eradicator of dead files. I can not think of a single problem that fire (and lots of it) can not fix.
In the not too distant future, next Sunday A.D.
old netware 2.x required a process called compsurf. it was part of the setup. netware 3.x and 4 had the tool also (i think).
compsurf ran a write and read test pattern on *every* byte of the hard drive. there were multiple bit patterns run.
in the early 1990s, when a large hard drive was 300MB (M not G), a compsurf took several days.
i would look into that.
eric
Because of various regulations (HIPAA for starters), we need to at least attempt to do a good job clearing the disk. I've heard from a number of places, including this Slashdot story, that degaussing isn't great.
I recommend you the Destruct-O-Tron
Also works for motherboards, etc...
dban.sf.net
Get Firefox!
The whole idea of reading stuff that has "spread" from the side of the tracks doesn't really work. In any case, the head will always write with roughly the same amount of spread. The way it works is this - read off what you can of the spread at the side of the track. Work out the difference in flux density between the spread and and actual track. This will allow you to recover the last lot of data written. If you write two sets of random data, your original data may still be vaguely readable in the spread area but you won't know what the last lot of random data was, so you cannot extract it.
For a good source of random noise, plug a good white noise source into your sound card.
insert drive and just do this a good 8 or 9 times as root:
/dev/urandom > /dev/hdb
cat
http://illhostit.com/ - Webhosting
Just create an enclosure that holds the drive and wrap 200 turns of wire around it. Connect that to an oscillating electric source. Probably doesn't need to be more than about 12V.
Even if it doesn't work, it'll give the drive one hell of a headache.
PocketGamer.org - For the gamer on the go!
If you're talking about MANY MANY hard drives, you could still recycle them after shredding them back, nearly to sand, with something like this. Nevermind degaussing, the rds, and all the techno-jargon. This is something that even grandpa can enjoy!!!
a tion/features/BNP__Features__Item/0,5411,133140,00 .html
http://www.securitymagazine.com/CDA/ArticleInform
Don't you mean.. BIZZARO!
1. open up you HD thus voiding your warranty
2. buy a grinder to "erase" your disk
3. grind your HD
4. All securely erased
Symantec Ghost (not Norton Ghost) includes a DOS utility called Gdisk which is current to the latest DoD specs for disk wiping !
you said: "Right now, I am probably doing a minimum of ten secure wipes every month. A new hard drive would cost roughly a hundred bucks. That's 12,000 dollars annually, minimum, just on hard drives, which would be wasted."
I'm willing to bet that the portion of your salary that covers the time spent wiping drives is more than the $12,000 cost of replacing them. So -- if you're truly serious about maximizing revenue, then recommend the company fire you and use the cost savings to treat more indigent people.
If you give up, and time is short, don't forget the other military edict regarding the disposal of 'sensitive' electronics: "Heat sufficient to melt steel, or a hastily dug hole and the use of explosives."
A Gutmann scenario might work very well, but personally, lacking the sort of kiln required in the event of failure, I lean towards the foxhole/grenades idea.
1) Need to distroy data
...)
2) It takes about seven formats to adquately remove the data. (I mean so that the FBI can't read it)
3) Now how about dead drives?
Problem 1) If the security regulations state that you need to destroy your data, you need to do it. (HIPAA privacy sections, Defense related crap,
Problem 2) I remember seeing a quote that formatting does not do the job, as you also need to remove the resonance of the old bits: You can zero the drive, but real intelligence agencies can tell the difference between what was always a zero, and what has just been changed to a zero.
Think about it, if your magno-meter (TM) reads from 0-9 and you have been using 5 as binary "1". If a particular bit was always 0, its magnometer rating is going to be closer to 0 than 4. Similarly, if you just changed your 1 to a 0, it magnometer rating is going to be more of a 4 than a 0. Hence, assume all values towards 0 or 9 were 0/1; assume all values near 4.5 have just been changed: now you can see a bunch of data.
Problem 3) If the platter is good, but the circuit board is bad - you can't format the drive anyhow.
Solution: magnatize it. OK you can take good drives and format them repeatedly under Linux (in a usb or firewire drive sled), but this won't work for dead drives & takes some time. If you put the drives in a strong enough field to magnitize the drive, you won't have any problems.
Just take an industrial strength demagnitizer, and leave in "on" on the drive over night. When you can use the drive to pick up screws and paperclips from the carpet - you are set;)
If you meant "US Department of Defense 5220.22 M", try ( http://www.dss.mil/isec/nispom_0195.htm ). That's the home page for the National Industrial Security Program Operating Manual (NISPOM).
Spiritus ex Machina
"The universe is not only stranger than we imagine, it's stranger than we CAN imagine."
We use a sledge hammer.
I am not joking. Don't RMA the drive.
Secure Harddisk Eraser - in compliance with DoD 5220.22-M NISPOM recommendations
Any sufficiently advanced libertarian utopia is indistinguishable from government.
A simple way:
Use Linux.
dd if=/dev/zero of=/dev/hda
Be happy.
Need to delete all that child porn before the cops find out, huh?
What it takes to securely delete data, so that it can never be recovered, is
Exactly two overwrite cycles.
Almost every computer ever built has used magnetic memory of one description or another to some greater or lesser extent. If magnetic memory really had a fourth dimension, there would be evidence for two phenomena. Firstly, accidental reads of "past" data would be be cited as a cause of misreads. Secondly, the phenomenon would have been commercially exploited. Although we think disk drives are cheap today, there have been times in the past when it would have been economically prudent to cram in a bit of extra storage, almost whatever it took.
Human memory is not overwritten in the same way as machine memory: it's four-dimensional, meaning that events are stored with a timestamp and can be recalled at any time in future. Machine memory is three-dimensional -- unless you deliberately try to make it act four-dimensionally, by storing all updates in their own right.
The nearest thing to four-dimensionality in magnetic memory is that you can sometimes discern a vague difference between a "1" written over a "1" and a "1" written over a "0", and you can sometimes discern a vague difference between a "0" written over a "1" and a "0". written over a "0". That's a natural phenomenon due to the hysteresis of magnetic media. The difference is hard to see because in digital recording, you are only concerned about two states; once the material has been magnetised to saturation, you are by definition outside of the hysteresis loop. Even near saturation, you are working away from the broadest part of the loop, and so the result you get will be subject to tolerance.
Note also that the reading head of a disk drive is connected to an amplifier which is designed to saturate. The drive really doesn't know the difference. To be able to discern this information in practice, you would have to perform some serious mods on the drive.
Don't pay any attention to the Guttmann report -- it's long out of date and has since been discredited, though it keeps popping up again and again. There are very few people in the world who could actually carry out the procedures talked about there for recovering overwritten data, and there are easier techniques anyway {find someone who knows that information and threaten them, their family and/or pets with torture
Think of data being stored using pennies on a revolving, felt-topped table, with heads for ones and tails for zeros. Maybe the pennies will leave a weak impression in the felt, but it's not certain. If you turn them all tails-up, then all the data that was stored by the pattern of heads and tails is lost, and all the impressions on the table felt will become impressions of heads; if you then turn all the pennies heads-up, then all the impressions will be tails.
It ought to be almost trivially simple for motherboard manufacturers to build in a BIOS option to erase a hard drive. However, I've not found one on any machine newer that the Amstrad MegaPC; that had a Quadtel BIOS which incorporated a "drive test" function, which just happened to leave the drive in a known state, i.e. it erased it. I'm guessing that there are some political reasons for not doing so.
Je fume. Tu fumes. Nous fûmes!
My old sysadmin, where I worked back in '92, had a LARGE electro magnet in a seperate room. Whenever a harddrive was to be discarded, he went in there, turned the magnet on, and passed it through the hole a few times. There was n-o-t-h-i-n-g on it afterwards. You can acquire one such magnet cheap. He took it out of some other equipment ;P
Any technology distinguishable from magic, is insufficiently advanced.
The Disk Jockey from Diskology can do a 1-pass or 3-pass DOD erase. It can also dupe disks or just mout them on the computer. IT can also RAID two disks together. Must see the web site. I own one and LOVE it.
"Creation is messy. You want genius, you get madness, two sides of the same coin." --Steve Jobs
This should work well:
http://www.datadev.com/v94.html
-ted
I'm an OEM and I buy drives from suppliers (IBM/Hitachi) who accept my companies written word who accepts my customer's written word that a drive has been destroyed or who accept a Xerox of the drive case and a written stastement (Seagate). Since my drives go into 3 letter agencies, I anticipate the possible repair need in selecting a supplier.
Doesn't help you in your "transfer a working drive to another person" scenerio but does solve the RMA need (I never did figure out why I'd trust a overwrite performed by a drive that was known to be failing).
And since the "transfer" case affects working systems, what you want there is a software product loaded from a floppy that deals with the drive on a physical level. Takes a long time given today's size drives.
How many people want this? And how much would you be prepared to pay? And how many disks do you want to clean each day?
I'm imagining, you pull the disk from the box, slip it into a caddy. Slide the caddy into the cleaner, press a button. When a light goes green, that disk has been cleaned to a particular standard.
If there's enough indication of demand, we'll build them. Send me an email - cleaner at tanasity dottt com, letting me know the answers to the questions above. Any mail I receive will be used for this purpose alone.
Jeff Veit
What we do is use Autoclave for the IDE drives (max setting, or at the very least setting #3.) Although we'll be switching to DBAN since Autoclave is no longer around. For the SCSI Also there's nothing better than a circular saw. ;)
I suppose a really good industrial wood-chipper would work as well, provided it could shred steel.
For old or dead hard drives the only way to go is to destroy the platters. Open the drive. Scratch the platters. Bend the platters. Stomp on them. Yell at them. I'm not sure if microwaving would work, but that would be great if it does. Use a gauss device too.
But that's not foolproof because there is still some data there. That's where starting with encryption on the whole drive is a plus as a precaution.
Here we use a 200-ton hydraulic press to destroy our drives. I'm paranoid, so I tend to take the drive apart and then just crush the plattens. The effects are wild. The smaller drives for laptops appear to have a platten made of glass. They shatter into a zillion pieces in the press, or turn into powder. The bigger tower drives must have a metal platten. They tend to grow significantly under the pressure. Pressing two of these plattens together results in a squishy mess.
www.corpsys.com sells exactly what you are looking for, call the pro hard drive workstation. It works on both IDE and SCSI hard drives. It duplicates , tests and DOD erases hard drives.
cd pub
more beer
This is correct, just use the /DOD switch and it will make 7 passes over the disk, overwriting with random data.
Over 480 responses and maybe only 2 actually answer his question.
Instead everyone has to be a smartass and tell him that if the drive is damaged he can't write to it.
He didn't ask that - he asked if there was a good device for securely wiping a harddrive. Is it really that freaking hard to stay on topic and just answer the guy?
Ever time anyone has an ask slashdot it creates the "know-it-all" effect around here. Nobody actually knows the answer, but they feel inspired to spout off about everything they think they do know about.
Just answer the question. sheesh.
You might want to have a read through the article on Whitedust titled 'Absolute Data Deletion'. The article basically covers every possible angle to erasing sensitive data. Well worth a read.
I recently wrote a paper on this topic http://www.whitedust.net/article/7/ and during the course of the research it became clear to me that the only sure way to absolutely and unrecoverably delete data from a HDD is to slag it in acid. Anything else has a relatively high margin of error. Think about all those old HDD's you chucked out after a PGP diskwipe... and what is most likly still recoverable off them. Be afraid.
www.whitedust.net
Just sand the oxide off the platters. It's not that thick.
what a microwave is for?
About using a big magnet wouldn't it kill the data on the HD ? just an idea...
Step 1: Put drive on anvil and pound on it w/8-pound sledgehammer until no piece of the media is bigger than a quarter.
Step 2: Collect pieces, and slag in gas-fired incinerator.
Regards;
Don't try this indoors: 1. Get steel bucket (trash can will work) 2. fill half way with diesel fuel 3. drop disk in bucket 4. cover eyebrows 5. light match
Free Scotland!
I am busy designing a standalone deletion device as we speak (IDE & Ultra - SCSI .. cos thats what I got)
Watch this space.
Sproggg
Do what governments do. Grind the HDs to dust (metalic and otherwise). Then store the dust. My recomendation is to melt the grindings down and turn them into paperweights for the office. No chance of a lawsuit if, for some reason, an HD doesn't get wiped.
Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
What you really need is something that can reduce a washing machine to thumb sized chunks in little more than a minute. Check out these hungry machines. SSI
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
The British Secert Service grinds their Hard drives into dust,
puts it into a bin with other hard drive victims.
And is kept in a locked room, never to see the sweet light of day.
Now, if you're actually disposing of the disks that's a different story. Wiping will be fine for that, unless the drive is already unusable. Then you'll need to go the physical destruction route.
If you were dealing with extremely sensitive data (missile launch codes, biowarfare research, etc) then physical destruction would be your only choice.
Just heat the drive above the Curie temperature. No special software or external electronics are required. I use an old toaster oven and it works great.
That wouldn't work on journaled filesystems (like Ext3, ReiserFS and NTFS). Shred works on individual files. Those filesystems will first write data to a new block which then replaces the one previously pointed to by the file. Only the pointer is overwritten. The original data block is still on disk (untill this, now free, block is overwritten again).
I use a two pound sledge hammer. No shit, that is my deletion process 5 good whacks and the platters are exposed another 6 and all thats left are the broken pieces of the platters, if someone can recover data from that they are more than welcome to it.
I am Bennett Haselton! I am Bennett Haselton!
So in the old days if I wanted to destroy a floppy disk, I'd run a large magnet over it several times and it would be dead.
A harddrive works by setting the magnetic data on the platters to 0 or 1 using a very small head and magnetic charge.
How hard would it be to build a box that produces a very large magnetic field that destroys all the magnetic data?
Oh wait, already done:
http://www.spectrumwest.com/Attach2.htm
And yes, they do recommend the sledgehammer mentioned above.
I propose a more elegant solution. Purchase some hydrochloric acid. You can find this with the pool chemicals (37% aqueous HCl) or try some muriatic acid in the home improvement section. Pour the acid into a bowl (wearing safety goggles and gloves, of course) and drop the platter(s) into the acid. Safe and proper disposal is left as an exercise for the reader. On the other hand, using a big hammer and smashing the !@#$%^&* out the platter is a lot more fun.
After a short and simple wipe, I pry up the corners of the cover and drop it off edge of the continental shelf.
Two million years from now my porn stash will be viewed as a religious icon. Too cool.
I usually stick with using either an AR-15 or a M1911 for disposing of hard drives. YMMV depending on your aim.
It's good to use your head, but not as a battering ram.
At the company I work for (a large-ish company you've probably heard of), we don't return any dead drives. If a drive is non-functioning, the platters get incinerated and the rest is recycled.
...for a microcontroller. Seriously, get a Microchip PIC, wire up the ATA connector, and write some simple C code to handle reading the disk geometry and then blasting the data (over and over and over)...
The hardware costs could be as little as $10 or so per device, and it would be not much larger than the ATA connector!
Tiller's Rule: Never use a word in written form that you've only heard and never read. You will end up looking foolish.
I work for a company that makes a storage security system that's designed to meet precisely this need (and encrypting tape backups, and other stuff). Encrypt everything before it touches the disk, and if there comes a time when you want/need all of the data on the disk destroyed, just wipe the key. (That's a pretty simplified description, but close enough.) We even already have a medial data storage facility as one of our customers.
a rticle/p rintablePipelineArticle.jhtml?articleId=160502579
I'm going to try to save some face and not say exactly who we are, but we're one of these:
http://nwc.compliancepipeline.com/shared/
(I think there's going to be an extraneous space in that URL that will have to be removed for it to work.)
Build a regular machine yourself to do it! Make it boot a very minimal Linux to a script that automatically wipes any other drives it can find. Use this.
Or just make that floppy and stick it in the computer with the faulty drive. It's no-nonsense.
It was where it is in the world that I always found weird. It is not like we have an American Air base around. Maybe they get sold second hand on the used semi sensitive device market :)
Now you can just sit the victim on top of the computer, hook up the appropriate data/power cables and turn it on. When the music plays you can step away from the job you're on and you've saved a pittance of time for your boss YAY! grumble grumble....
If the drive doesn't work, burn it with all the plastic and styrofoam the storeman couldn't fit in the bin....
-- Howto: Get +5 (1) Whine about M$ (2) Namedrop Gentoo (3) Casually Abuse Mods (4) Namedrop Early Computer Model
Hardware encryption which runs transparently between the controller and the hard drive has been availible for a while now. Nothing on the drive is in plaintext, not even the boot sector, and without the key it won't work.
Put the disk on a machine without the encryption system and key and you get gibberish which you will take from now until the end of the sun's expected lifespan to figure out.
Add software encryption loaders at boot and then OS loading encryption on top of that and finally file level encryption with PGP and what was what is never going to be figured out. If this is on Windows and it crashes, you'll never recover anything. I'm not sure if you can get an image off the drive in its encrypted form and have to do backups from the running decrypting state and encrypt back-ups separately as far as back-ups are concerned.
Do a simple random overwrite once booted and no one will ever recover enough of anything to decrypt through the layers even if they have some Star Trek-ish futuristic technology.
Problem solved. If the data is that sensitive in the first place, it should have transparent hardware encryption in the first place at the very least. I don't understand why so much data is kept in plaintext from the start and no thought given to this portion of the problem from the start.
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)