Slashdot Mirror
Secure Hard Drive Deletion Appliance?
An anonymous reader asks "I am searching for a box into which I can plug a hard drive (IDE or SCSI of various flavors) and automatically begin a secure deletion process (DoD 2250 compliant or the like would be good). This is normally for dead drives which need to be RMA-ed. Because of various regulations (HIPAA for starters), we need to at least attempt to do a good job clearing the disk. I've heard from a number of places, including this Slashdot story, that degaussing isn't great. There are software solutions out there, but in general, I want to toss a replacement hard drive in and not have to hunt around for hardware to put the bad drive in in order to run the software. Given the right case, a solid state drive, some SCSI cards and one of various pieces of software, I can imagine such a beast. Has anyone seen someone selling something like this?" No case-opening is necessary to use a USB/IDE converter, which might be a good middle ground. Any other ideas?
If you have something so important, it might be best to destroy/keep the dead drives and pay for new ones, which aren't that expensive compared to the risk of someone finding out a way to recover your data even after it's been processed by the state-of-the-art secure deletion processor.
I believe the information is secured only if it's still in your hand.
Rock that crushes, Paper & Scissors that don't matter.
Re:Oh, man. Hear it comes. (Score:5, Informative)
by QuaZar666 (164830) Alter Relationship on Thu 16 Jan 04:03AM (#5091822)
Now days the dod drills a hole through the platter on drives that are bad that have to be RMA'd and have contracts so all they have to return is the top of the drive with the label. as for drives they no longer need i do not know. im guessing they write 0 and 1 patterns on the drive 7+ times. (even then data recovery services could recover it)
Silly, but I have this association:
Ground control to major tom
Your circuit's dead, there's something wrong
Can you hear me, major tom?
CC.
TaijiQuan (Huang, 5 loosenings)
It really depends upon what level of security you are talking about. Degaussing certainly does not do the job adequately enough for some purposes, but the issue of maintaining a box that has all the hardware to be backwards compatible can be cumbersome and expensive. I suspect you are not in a sensitive/classifed government position as they have protocols for this sort of thing, but if you truly have seriously data sensitive needs for hard drives you are going to retire, I would suggest first formatting the drive with multiple writes and reads of serial 1's and 0's which should prevent 99.9% of data recovery attempts. An older G4 tower running OS X, should allow you to recognize and mount drives formatted with a variety of operating systems. Stick a couple of SCSI cards in it and an ATA and SATA card (Sonnet makes a combined card) which should give you multiple SCSI formats, ATA, Firewire and USB depending upon your needs. If you are really paranoid, actually disassembling the drives, degaussing and physically destroying the platters will finish the job. Believe it or not, data can even be reconstructed at the microscopic level through the use of electron microscopy, so the more damage done to the physical media, the harder it is to extract information.
Visit Jonesblog and say hello.
The best you can do is use a degausser, since you can't open the drive without voiding your warranty.
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
...44 Oz. Framing Hammer.
Just explain to the RMA operator how you work for a "major construction contracting firm"...
https://www.accountkiller.com/removal-requested
provided some links, like what the heck is HIPAA? Wikipedia says Health Insurance Portability and Accountability Act of 1996, but that doesn't really make much sense to me.
I realize this was a question and those people who don't know what HIPAA is probably shouldn't be answering, but still...
dban.sourceforge.net
http://dban.sourceforge.net/
Good hardware detection, GPL.
Use good old Norton Diskreet (DOS version) and automate it with a batch file running on a tired old PC set out to pasture. All supplies are available on Ebay.
I am becoming gerund, destroyer of verbs.
The second method is to set up a *nix box with some hot swap drive bays and use that (I actually prefer this method). You can find removable bays all over the place and use *nix to format the drive writing all 0s to it.
I don't think anyone makes a machine exactly like you describe, but both of these methods will do the trick. Good luck!
US Democracy:The best person for the job (among These pre-selected choices...)
I have used BCWipe to declassify Secret hard drives. They have a DOS version you can throw on a MS-DOS boot disk and a linux version you can put on a livecd. Either works equally well.
Precisely. Why RMA a drive if you're so worried? Smash it and bin the fragments.
Engineering is the art of compromise.
Easy, just use the Etherkiller.
(actually, not really; it'd just fry the controller, not the data on the disk)
Hard drives are so cheap that you can just destroy the hard drive with a drill press. Afterall, they say construction workers that demolish buildings have the highest job satisfaction, you can get your own taste of that.
These guys will have a solution for you. They know how to recover the data. They know how to erase it past any hope of recovery.
Disclaimer: Affiliations from past work experience.
Smash the thing to bits! What's wrong with that?
Plastique Explosives.
Rhymes that keep their secrets will unfold behind the clouds.There upon the rainbow is the answer to a neverending story
See http://www.g4tv.com/unscrewed/features/45707/Dark_ Tip_Destroy_All_Data.html
have a few pieces of s/w and h/w mentioned there. use the floppy method on a standalone machine to plug your disk into and wipe it. try Darik's Boot and Nuke method: http://dban.sourceforge.net/
http://www.driveduplicators.com/124.html
:)
Its primarily a hard drive duplicator but it also has DoD 5220.22-M level wipe. Sorry to plug a specific product
I have such a machine. I call it "Sledge Hammer"
also a great stress relief tool, ala "Office Space"
Don't Tread on Me
Fire.
With all the advances in data recovery, and the cheap cost of EIDE drives, it's the most effective solution.
You must have seen Shred mentioned in the previous discussion. It's GNU coreutils so comes as standard with most Linux (ahem: GNU/Linux) distributions, and deals with file references in your filesystem.
/dev/blah" to the device. The man pages say that this will write random data 25 times across the device before zeroing it, making a mess of the filesystem and the files too, whether or not they're stored with journaling data.
Shred is not complicated enough to waste files that has been stored on a journaled filesystem, which includes NTFS, ext3, ReiserFS and friends. This doesn't stand in the way of you plugging in a device, for example by USB/Firewire enoclosure), having it automount, according to your distribution's setup, before running "shred -z
Do a couple of formats/reformats with various filesystems. Write lots of data to the disk and then delete it. When you send the disk back, make sure it has a filesystem different from what it had before. And make sure it's an encrypted file system.
If all else fails, just overclock your PCI bus enough so that your system boots but your hard drive controller writes crap to its hard drives.
Go to http://www.granitedigital.com/catalog/pg28_firewir eidesmartlcdbridge.htm and pick up one of their FireView firewire bridge boards, with display. This is a conventional IDE-to-firewire board, but has a diagnostic system on board, with a two line alphanumeric display and two menu buttons. With this, you can tell the hard drive to do a low level reformat, without even hooking it up to a PC. All you need is a regular USB or firewire external hard drive case and replace its regular bridge board with a FireView.
The FireView also does a lot of other nice things, like checking SMART status, displaying SMART error logs, enabling or disabling SMART, telling you thruput, status of both firewire ports and the computers you've plugged them into, etc. It can also invoke the short and thorough self-tests in the hard drive's firmware to check for problems.
It's also got a short reformat that just blasts the partition map, useful for those HDs that have a hopelessly confused partition table that hangs any machine you boot them up in.
I work for the Department of Redundancy Department.
These guys have even done the demonstration for you:
http://driveslag.eecue.com
Is the drive dead or not?
Seems to me the drive is either working or it isn't.
If it's not working, software erasure isn't going to work. If it is working, it's not broken.
Just my $0.02
Michael
"Goodness me, how unlike the FBI to abuse the trust of the American public." -- The Onion
I use Autoclave. Although people don't support it anymore, I've never had a problem with it.
The Slashdot search engine! Just type in your search query with as much detail as possible and have a thousand slashdot monkies find the answer!
or else!
I think HIPPA requirements are met by the electronic equivalent of a cross-cut shredder, destruction beyond all possible recovery is not required. A multi-pass overwrite is probably enough. Almost all bootable Linux CDs have the basic tools to do this, but you may find it handy to write a shell script to automate the process. Some may even have e-z shredders right there in the KDE or Gnome menus. Get a distro that reads USB drives and an external USB/IDE box and you are in business.
Another possiblity is to use Bart's PE Builder and one of many MS-Windows-based shredders to make a bootable MS-Windows XP CD that does the same thing.
If overwriting the data one or more times does NOT meet legal requirements, then you should overwrite the data once as a precaution in case someone steals the drive before you can permanently erase it, disassemble the drive, drill holes in the platters, then heat the platters, including the drilled-out parts, long enough to completely degauss them. A fireplace should do the trick, but an autoclave or better yet a pottery or cement kiln would do a better job. A kiln might actually melt the platters, which is pretty much the ultimate in data destruction.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
...a really HUGE magnet?
-Valiss
...is my recommended approach. I actually built one of these myself, powered by an embedded Linux PC that boots from CD-ROM. It uses modular exponentation to generate a cryptographically random sector distribution list, to which it writes entropy data generated from an onboard Random Event Generator. It repeats this process 10 times consecutively, then cuts power to the drive and degausses the entire disk. This process is extensive enough to ensure that even the world's most sophisticated data recovery experts will recovery nary a bit from such a drive, and I've automated it to a plug and play process. Simply insert the drive into the degaussing chamber and attach data and power cables, then throw the switch. Wait about an hour or so, and the drive comes out irrevocably blank.
Slashdot already covered the best method of data destruction.
Drive Slagging!
"You never know when some crazed rodent with cold feet might be running loose in your pants."
-Calvin
Drop a nice little mixture of aluminum and iron oxide on the drive, ignite it. Nothing will retrieve that data, not even electron microscopy.
Two words
:-)
Shotgun
It also does wonders on zombies
Cheers,
Adolfo
just defrag it
There is no substitute for heat.
Cook the drive past the Curie Point with a
blowtorch. You'd be amazed what folks can recover
from drives even if they've been "destroyed."
load it into a skeet shoot device, launch it, and shoot it with a shotgun. repeat until its blown up good.
...I am fairly certain that the only way to get this done is by causing the IDE hard drive to fall from a metal catwalk into liquid metal. I tried using liquid nitrogen and a hammer once but when I woke up in the morning the hard drive was reconstituted back inside my box and all the data was intact.
I am pretty sure that SATA drives need a priest, holy water, a crucifix, and a copy of the Roman rituals.
And I just use a shotgun (or chainsaw) on my CD-RW's because the only way to stop them is by "removing the head, or destroying the brain."
I say we take off and EMP nuke them from space. It's the only way to be sure.
How would you use anything to destroy the data through the bus on a dead drive - the reason you're replacing it in the first place?
- It's not the Macs I hate. It's Digg users. -
Its a cd based linux distribution that will 0 fill a drive very easily. Great tool. First thing I had to do at my job was clear 25 old drives for recycling (aka donating to employees). Using 3 computers I cleared all the drives in less than a day
Check out http://blackbagtech.com/hardware.html The FBI will soon be carrying them at all times when they wanna copy your stuff (seriously). This will do shredding too but no SCSI http://diskology.com/
Seriously. If you're RMAing a drive because it's dead, there ain't no magic appliance that's going to bring it back to life long enough to erase (read "overwrite", because that's what really happens) the data.
And no external magnet is going to erase it either. Well, not short of the kind of magnets they use for MRI scans.
If you just want to make sure the drive is unreadable before disposing of it, use a drill press.
-- Alastair
I use an external firewire enclosure and wipe to nuke drives that I ebay.
There's a self-booting CD diskzapper that looks like it ought to do the trick, though I have not used it.
Other posters mentioned Darik's Boot and Nuke as a floppy-boot solution.
The ultimate boot cd has a number of different disk wipers on it -- and a ton of other useful utilities on it. No self respecting geek should be without a copy.
The Recovery Is Possible bootable CD has a copy of wipe on it.
I wouldn't be suprised if Knoppix-STD had some erasing tool on it too, though I haven't checked.
Anyone know of a bootable image suitable for USB flash sticks?
If you are a "big" shop, have an agreement with your vendor that says "some percentage of our drives are used with sensitive data, and when we return dead ones they will be returned in pieces, without the platters. If they are under warranty you will replace them no questions asked." Expect to pay a premium for this privilage.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Attacking the magnetic media is surprisingly hard. Doable, as other posters have said, but hard.
Let's stipulate that my solution to the literal question is let the pros do it (which also addresses the liability issues).
So I have another question. Heat is hard on magnetism. What if we hit the drive with an oxy-acetylene torch? Would you have to melt it (expensive), or would the hard drive stop being recoverably with an electron microscope long before then?
I'd prefer this be answered by someone with experience in the relevant materials science; I can pull an answer out of my ass, too.
Here: http://www.softwareandstuff.com/TOL10248.html
Anyways, it can repair as well as delete.
A minute or two on high will delete any magnetic media quite effectively. Works fairly well on CD's too.
May not be the best thing for the microwave though.
You can't RMA the bits. The summary says he wants to wipe all data off drives so he can RMA them and not worry the manufacturer will be able to see anything.
Just cover up the medical data with a bunch of illegal porn.
An old PC and a copy of DBAN works just fine for me. But while I do decommission drives with HIPAA in mind, I don't do more than a few every year.
But I like that USB-IDE idea... in combination with the GPL'd Eraser it should make wiping old drives a lot easier for me, and let me get rid of that dusty dinosaur I keep around for wiping drives.
With reasonable men I will reason; with humane men I will plead; but to tyrants I will give no quarter. -- William Lloyd
If you prize so much the confidentiality of the date to go to very extreme measures like high level gear just for that, as cheap as the HDs are now, I would just throw them inside a furnace.
Scientia est Potentia
Not all in jest, may I suggest just using a big magnet in the form of a hammer with which a 5 year old kid will smash the drive to dust? Combining the physical damage/destruction with the repeated strong magnetic influence, this should be enough for anyone. 8-)
Yesterday was the time to do it right. Are we having a REVOLUTION yet?
There was a two-part segment on the Screen Savers with Patrick Norton and Kevin Rose covering methods of data destruction, including software, grinding, acid, thermite...
Watch it here
I can't tell if you are joking or being serious.
If you are being serious, I doubt this technique works the same way brand-to-brand. In any case, if you aren't joking, a real example like "with model X hard disk, jumper these pins together and restart and the data will be rendered inaccessible and the data [will|will not] be overwritten [with 0's, 1's, pattern, random data]" would be helpful.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
for your standard 3.5" drive, this works nicely
For those old MFM and SCSI drives though....
Lawyers, MBA's, RIAA? A jedi fears not these things!
Why not use software that encrypts everything written to the HDD? I'm no security expert, but you could probably rest easier when retiring/returning HDDs if you're using Pointsec. All of the laptops where I work have Pointsec on them so that if they are lost or stolen, the data on them is probably safe.
~Someday, I hope to be an aspiring author.
From the comments of this slashdot.org story it seems setting an ATA password after wiping the disk would help head off a person trying to read the data. It would raise the bar pretty high. A person would need fancy equipment to get back into the drive.
According to the article, resetting the password wipes the drive automatically via the drive's firmware.
You can play around with block size "bs=" and number of blocks "count=", but my experience was that just choosing something big but smaller than the cache size of the disk is good. Checking "man dd" might be a good.
It takes a while. An old Dell laptop with a 40GB drive took several days. /dev/random is slow, use /dev/urandom, unless the drive contains the secrets of the Illuminati and you're afraid the NSA is after you. In which case speed might be of the essence.
... grumble, grumble, grumble, mutter, mutter, Millenium... Hand... Shrimp, I tol' 'em, I tol' 'em.
we have a csc duplicator that we use to erase and copy drives.. VERY slow.. but it does the job. CSC Portable Pro Drive Service/Test/Duplication Workstation
Everyone knows the only way to truly destroy the precious data on your old hard drive is to throw it in to the fires of Mount Doom where it was forged and watch that sucker melt.
You know, those ones used to pick up cars.
This signature is part of a balanced post.
I start out thinking it would be easy to to a google search for a electric disk grater... something at would shred the disk so you could just end up with bits of metal. I'm sure they exist... but then I thought, you could probably just rent one of those truck-mounted tree chippers and chuck your disk drives into it. (There is probably a pun here about b-trees and leaf nodes.) A bit of overkill, but a lot of fun. Actually, the chances of collecting on an RMA, and it being worth the time and effort to file one are so small, you should just buy a dedicated disk shredder if you have a lot of them. Alternatively, store them until you've accumulated enough and have one of the mobile data grating services come and shred them along with the paper that needs to be destroyed. See http://www.shred-tech.com/mds/html/ among others.
The general rule of thumb for data security sensitive industries is to never return the platters.
Most governments have arrangements to either get a discount up front, or to get the manufacturer to accept the top cover as proof the drive is destroyed, and then provide a warranty replacement.
For everyone else it is the cost of doing business. Depending on your business the risk is measured in years in court, 7+ digit claims and real impacts on stock price. Replacing failed harddrives out of pocket is cheap.
Best thing to do is remove the platters and store them as they take up less space, and once you have enough pay a degauss service to blast the entire box. Even then, get an artist to turn them into a piece of art for your front lobby.
If it's dead, it is DEAD. No plugging it into a box to write zeros and ones.
Your BEST bet is to eat the cost of the drives, and then degauss and then melt/feed to industrial grinder the remains.
Maybe you can cut some kind of deal with the bendor to just return the PCB top part, or maybe part of the drive case, but most likely they will laugh at you for trying to waste their time.
LongTail SSH Brute Force analysis tool is here!
they need external power source and in my experience they tend to be a lot more picky when handling deffective drives (which is what your RMAed drives are, right?).
Just a plain old ide card/mb with a removable caddy tray will do just fine.
TODO: 753) write sig.
If the drive is faulty, you just might not be able to overwrite the info (not reliably anyways).
I'm surprised he's even looking for this. I work in a place where for similar regulations we have to wipe HDs securely before disposal, but that's only for working ones. Damaged HDs cannot be sent back because of the info on them, they have to be destroyed locally. We take the platters out, but I'm not 100% sure how they get destroyed (probably degaussed then physically damaged). The companies we buy PCs from are aware of this too. If a drive dies in one of the PCs that's still under warranty, they replace it and we keep the old drive for proper disposal.
Such a device would only be useful for disposing of old PCs with functionnal HDs in them. I can't see the regulations let them do this.
///<sig
... a sledgehammer.
I've yet to hear of anyone recovering data after a good 5 whack "scrubbing".
Put between two 12" Rockford Fosgate Punch subs, hook up subs to 1600 watt Phoenix Gold amp, crank the rap/techno/rock/country music for about twenty minutes Make sure magnets on subs touch hard drive surface. No way to retrieve data.
Still waiting on Serviscope_minor to wake up to fucking reality and realize that Jessica Price isn't going to fuck him.
I worked at a US Family Health Plan facility (like an HMO for veterans - one step below a VA hospital), and our contract with the DOD specifically listed the approved methods of data destruction. There was a software solution which we were able to use to recycle the hardware to poor rural school districs, mostly though we took those machines home or trashed them.
I would check with the DOD before you spend too much time messing around with drills or less-than-rigorous software solutions. They most likely have something in mind for the kind of information your facility handles.
No battles to the death are recalled. Mumpsman can hit to attack and cause brainsmashing.
Also, what do you propose to do when the electronics die? The info is still on the platters, but no software solution can touch it. You're back to those two choices again ...
See what I've been reading.
I am not sure if this would damage anything in the harddrive, but what if you bought a super strong electromagnet (~.5-1 tesla) and gave it several passes over the harddrive, wouldn't that be enough to erase the data?
Writing zeros doesn't work. The way modern hard drives operate, it is never possible for the sectors on a hard disk platter to be put back into a truly neutral state by the write heads, especially if all you do is write zeros over it. The current DOD standard for sanitizing confidential and secret data, 5220.22-M, requires for a sector to overwritten seven times with an alternating pattern to hopefully render the recovery of data from the sector impossible. However the DOD, as of 2003, suspended the use of this practice because a GAO audit determined that the inability to control the flow of top secret data combined with problems with the accepted algorithm caused top secret data to be recovered from hard drives removed from non-classified systems. The ruling came down that all hard drives from deprecated systems had to be physically destroyed in the interim until another solution was discovered.
Remember the Alamo, and God Bless Texas...
Assuming the drives function a good way to do this is to add a removable drive carrier for each device type SCSI IDE etc.. that you need to erase into a computer with wiping software installed. Just drop the drive into the carrier, insert into computer, Scan for hardware changes, wipe drive. Data Express make some really good ones. I currenly use this type of setup in a disaster recovery server to backup drives that are not connected to the network for various reasons.
The purpose of language is communication, If the idea is clear the grammar ain't important
It's what we do with dead drives, it's not quite a mangle really .. more an industrial strength shredder.
If the drive needs service, it's probably too late.
The data has to be written to the drive encrypted, look into AES-256 on Linux (possibly with tweak).
Some hardware assist may help to get you going: my company makes a data assurance solution (plug).
In any case, with an encrypted solution: The data keys are revoked, and Bob's your Uncle - the data is gone. You need to secure your key repository.
If the drive needs service, writes may fail, so any "pre-service" solution won't be secure.
So, bring out the sledge, and whack that thing!
Ratboy
Just another "Cubible(sic) Joe" 2 17 3061
How about using a vanilla PC with a removable HDD bay. Grab a copy of Darik's boot and nuke from here. Set a few options on the boot disk and get it to run automatically when booted, set floppy as boot device. Now you can just whack in any HDD through the enclosure, power on, and it'll nuke itself automatically. Advantage of using lesser and more common hardware.
Thermite.
This industrial shredder can shred couches, refridgerators, or computers. It could probably erase your hard drive!
It's not *plagiarizing if you cite where it came from, arse.
-gjr
"No case-opening is necessary to use a USB/IDE converter, which might be a good middle ground. Any other ideas?"
Nearly all USB (and Firewire) mass storage devices won't allow you to do a number of things, including check your SMART info on the drive. It is probably not the tool I would use for this kind of operation, which could involve some very low-level IDE operations.
Slightly OT, but I recently had a hard drive go bad in a USB enclosure - it was maddening to not have any way to know of this beforehand, and actually somewhat of a pain to diagnose (is it the hard drive, the enclosure, or some cable?). I've sworn off ideas of serious USB or Firewire RAID because of this very problem.
-Erwos
Plausible conjecture should not be misrepresented as proof positive.
I'm not joking. One of my company's large clients refuses to send their drives off because of litigation they have been through before. They require us to totally destroy the drives before recycling any computers. We use a large shredder which turns the hard drive to dust within a few seconds.
We went through the routine of trying to get them to use an NSA approved wipe utility, or multiple formats and 1 byte garbage writes, but they weren't convinenced. Considering how many problems they've had in court before because old documents past their retention age have shown up I can't say I blame them.
"We can't solve problems by using the same kind of thinking we used when we created them."
I'll build you one. Seriously.
You make a list of all the drive interfaces you want, and I'll put together a system or systems (depending on how many) that automatically overwrite all data on them to match DoD 2250 on any boot.
Obviously this won't be able to overwrite data where the heads have failed, but it'll make a good attempt to blow away whatever is possible without hardware intervention.
As noted in another reply, the real answer is to change your RMA contract so you only have to return the covers.
Email me if you're actually interested in this.
Looking for freelance Actionscript (Flash/Flex) or ColdFusion work and/or freelance developers. Email me, put Slashdot
I think if the data is really sensitive, then there no way any deletion program would work. The reason is that sometimes the drive can detect bad sectors before they fail completely and copy it to a previously "hidden" sector. At this point, there no way you can access data on the "bad sector" to delete it.
Opus: the Swiss army knife of audio codec
I deal with this all the time. There are a few methods that have been approved. You can format with a writting a complete random 0's, 1's across the entire disk 3 times (this includes the protected area where the MBR sits and is hidden from normal usage). Or you can destroy the disk completely. Typically destruction of the disk entails dismantaling the enclosure, removing the platters and then emmersion in a acid or burning in furnace to melt the platters. Hammers are not recommended as the broken pieces can still contain data which given enough resources can be extracted.
We were all warned a long time ago that MS products sucked, remember the Magic 8 Ball said, "Outlook not so good"
Just like the said in Aliens "Nuke the site from orbit, it is the only way to be sure". Buy/Build a forge and then take the old platters our and burn em up (don't put a whole sealed harddrive in, it might asplode).
Any other ideas?
Disassembly the drive with proper tool. Use the acetylene cutter on magnetic plates to burn surface. I have witnessed this procedure on damaged (heads drop) mainframe disks with secret data several decades ago. You even need no electricity, for which may come handy if your shop is currently... under siege.
There you are, staring at me again.
1) Locate a bitch box (faster is better for randomizing writes).
2) Locate enough HBAs, adapters cables et cetera do be able to do a good batch of drives at a time.
3) Get a DBAN cd, floppy or USB drive.
4) Wipe it.
5) If you have any reason to think the drive is bad (slow erasure, clicking noises et cetera), DEGAUSS it.
6) LABEL ALL DRIVES PROPERLY. Note who wiped it, with what setting, how many passes et cetera.
v4sw6PU$hw6ln6pr4F$ck 4/6$ma3+6u7LNS$w2m4l7U$i2e4+7en6a2X h
I would recommend trying Eraser, which is free, easy to use and seems quite credible.
:)
With it you can erase everything on a disk or just unused space or selected files with selectable number of patterned overwrites (not just 1 or 0). Supports the elsewhere-mentioned "Darik's boot and Nuke method". Integrates very nicely and non-obtrusively into MS operating systems.
With the risk of sounding like a fanboy: Recommended
Here's the blunt facts. If you need to destroy the data completely, you can't give reasonably intact platters back to a company for RMA. Period.
However, let's look into this. If your disk is one in a RAID5 or stripeset, then collecting the data off of it intact is only going to be moderately useful at best. How much can someone do with every seventh (or so) block of data?
If you're doing truly sensitive stuff (healthcare, military, etc.) then I don't see any alternative but destruction. If you're dealing with 'typical' corporate security, a narrow-stripe RAID5 (or 0) and a decent wipe utility should be sufficient.
"People who do stupid things with hazardous materials often die." -- Jim Davidson on alt.folklore.urban
The drive housing may, in fact, shunt the field around the drive if it is ferromagnetic. (See if a magnet sticks to it)
If it were me, I'd make a nonmagnetic aluminum housing to screw the drive onto, pad the hell out of it (just incase I slipped), and head on over to Radiology, and use a 10 Tesla (or stronger) MRI to erase that bad boy. I'd rotate it in all 3 dimensions, more than once, just to make sure.
If the field you use demagnetizes to the servo and drive magnets, it'll probably be safe to return for replacement.
I agree that it's probably better to eat the cost of the drives than to risk the getting made the poster child for HIPAA. (You just know they'll looking for someone pull a Martha Stewart on.)
--Mike--
We have done a few of these setups. Essentially we set up a rack at your location that has several slots for ide or scsi drives, you plug the disk in and it wipes it and reports the serial number of the disk as wiped. You can also have a barcode sticker on the hard drives and scan it with a barcode reader(optional) during erasure. Check out our site. And tell em Mike sent ya ;)
http://www.blancco.us
is to destroy it with something VERY VERY heavy, oh, I suppose, a multi-tonne press of some kind. And if you have access to a multi-tonne press, I personally would sandwich it along the plane of the platter. That way you have a better chance of physically distorting the platter, let's say, into a "V", "S", or "W" shape. After that, toss the remains into a chemical bath capable of solvating Iron, Aluminum, and Copper. Your choice of strong acids might include 12.1 Normal hydrochloric acid, 36 Normal sulfuric acid, and possibly chromic acid. Another technique used for solvating iron, and this method is very dangerous, so kids, don't try this at home, I mean it, is to take concentrated nitric acid and 30 percent hydrogen peroxide and slowly, I mean slowly, pour the 30 percent hydrogen peroxide into the concentrated nitric acid. WARNING: The fumes from this concoction will cause severe damage to the respiratory track, skin, eyes, and any part of your body left exposed. THIS CAN BE EXPLOSIVE WHEN MIXED TOO QUICKLY: IT BOILS AND SPATTERS AND ENTERS THE GASEOUS PHASE RATHER QUICKLY. Common laboratory gloves (latex and blue nitrile), even triple gloving, will not protect your skin. This chemical concoction literally breaks down all organic material and dissolves iron, iron oxides, and many other metals etc... To safely work with this chemical you need commercial industrial strength black rubber gloves, appropriate goggles, face shield, and environment suite.
This is serious stuff and is not appropriate for practical jokes, and will cause serious injury when used inappropriately. In short, we all saw what water did to the Wicked Witch of the West in The Wizard of Oz, well this stuff will do exactly that to human and animal flesh.
Given my experience using concentrated nitric acid and 30 percent hydrogen peroxide for cleaning glasware in graduate school, this should be sufficient for destroying just about anything.
Cheers!
There are a lot of ways to encrypt a disk, either using disk virtualization or on an OS level. This ensures that your data is useless to pretty much anyone short of the NSA. If someone swipes a disk from the lab and wants to take a "peek," or finds a laptop your contractor accidentally left in the park, you're safe. The performance hit these days on desktops is negligable and on servers seems acceptable. And good luck decrypting a disk that's been degaussed or otherwise had data overwrites / losses.
Encrypting disks these days is pretty painless and automatic, and ensures one more way that your private data is going to stay private. Highly recommended.
The ______ Agenda
Why can't you simply write nothing but 1's (or 0's) to every bit of the hard drive? If anyone could give an explanation, that'd be great!
There is a machine that is purpose-built for this job: the SSI Quad.
He said remove the jumpers and reformat.
If the electronics were fried, you couldn't do that.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
ICS DiskMASSter devices are for imaging drives for forensic capture, and they have DOD-compliant wipe routines. They're quite configurable. I have used the IDE one (1 master and 8 target devices, can wipe all nine at once, IDE plus SATA adapters), and the SCSI one (worked with everything SCSI (50 pin, 68 pin, SCA) except a few disks from a Sun Enterprise 1000, but the little bird inside may have died of old age in them.
http://www.ics-iq.com/
I have an old scsi drive with a little A-10 symbol on the board and a mil spec type number on it and rubber shock mounts on the corners. I always wondered how the heck it ended up at the bottom of the world down here. Maybe it fell from a passing plane....
We used one of these at the last place I worked. Plug the drive into the unit using an external swappable bay, and you're set. Does 7 pass DoD standard wipes, and is hella fast in doing them.
Also great for doing direct data copies of an exsisting drive for backup.
Especially under HIPAA, we are talking thousands of dollars *per* violation. To simply write zeroes or random bits to each sector is not good enough. Melt that thing into slag or destroy it in acid, then pick randomly from the leftover bits and dispose of them in separate physical locations.
Run a Google search for "external hard drive case" and buy MediaWiper. Piece of cake.
http://nerdfortress.com/
There was a company advertising information destruction services. They had degaussing devices, and an even better option. Tom's Hardware did a story on the RSA conference and took some pictures, which you can see here: http://www.tomshardware.com/business/20050219/rsa_ conference-06.html#sem_destruction_guaranteed. If anything can do what you want, I'm guessing the hard drive shredder that they offer is just the thing.
Check out our infosecurity industry blog: http://securitymusings.com/
What you need to do is to never store plaintext data on the hard drive in the first place. I believe Asus makes a system case with built-in encryption and a company in Norway, High Density Devices ( http://www.hdd.no/ ), builds an after-market device that sits between the mainboard IDE controller and the drive. Keying material is physically and logically NEVER part of the CPU or main memory. The advantage to both of these is that the encryption is spindle-to-rim; even the MBR is encrypted. 256-bit AES is good enough for the U.S. military right now - the CNO has even allowed it for classified data.
With these solutions, when the drive crashes, just send it to the recycler - no keying material means that the drive contents are digital kibble.
Spiritus ex Machina
"The universe is not only stranger than we imagine, it's stranger than we CAN imagine."
I'm going to try something out when I get home.
;->
Open up the air hole on an old drive, and use a can of butane lighter fluid to fill the inside with a nice gas/air mix.
A bit of tape over the hole should seal it up so that I can get far enough away to light it. I think I might even try the trail of gasoline method of lighting as it only has to be hot enough to melt the tape.
We used to do this with old monitors (drill the face and pour gas in) but this sounds like fun...
Should wreck the platters and make a nice bang in the process. A brick wall to hide behind is always nice.
I'll post the pics when I get back to my supply of old drives
------
All Your Fish Are Belong To Us
You could take them to a company that has an industrial shredder. The kind that shreds metal, not just paper.
Or you could do what I did for the longest time - stack old drives up in a cardboard box in the corner of the vault.
Failing space for that, disassemble the drive down to just the bare platters. You can toss everything except the platters. A box in the vault (or wherever) will hold an awful lot of those platters. The magnets you'll recover are fun, too.
Finally, take the platters to the firing range. Mount them on targets. Have a relaxing afternoon. I know I did.
"An unarmed man can only flee from evil, and evil is not overcome by fleeing from it." Col. Jeff Cooper
"...entropy data generated from an onboard Random Event Generator. "
Like a cup of really hot tea?
Spiritus ex Machina
"The universe is not only stranger than we imagine, it's stranger than we CAN imagine."
Use one of these. No, you don't have to open the case, although you may need to work a little harder if you don't.
More seriously, you can use one of these.
A more elegant solution is to encrypt your data to begin with.
After the upfront cost/time of putting in the encryption solution, replacing and discarding drives incurs zero overhead. An encrypted drive is useless to anyone who does not have the encryption key.
Encryption also provides ongoing protection for the drives during use and for backups.
You can start your look here.
Where can I find info on DoD 2250?
Douglas Calvert
Put the harddrives in a kilm. Boil off the magnetic media. Once the media has evaporated nobody will ever be able to recover the data. Watch out for toxic fumes.
There was a two-part segment on the Screen Savers with Patrick Norton and Kevin Rose covering methods of data destruction, including software, grinding, acid, thermite...
Watch it here
Mr. Hammer.
Just give em to my two year old
Si vis pacem, para bellum! For evil to succeed good men need only do nothing!
SafeGuard Easy
Plenty of businesses use it to encrypt a hard drive (boot time password) prior to production. This way, if the drive fails mechanically and the data can't be destroyed (without physically destroying the drive), the data is still encrypted. As a plus, there is no need to wipe a drive since you only need erase the SafeGuard Kernel which renders it just about as useless. There was a case a while back where one of the European countries tried to brute force this software for a criminal trial and could not do so.
For HIPAA, you'll need to physically destroy a drive if it has failed mechanically and you can't otherwise wipe it.
Don't get me wrong - this software is a pain in the ass since you have to decrypt a drive using the admin software if the underlying OS becomes unbootable. But it is a relatively simple solution, otherwise.
More
The link is mid page on the right. I think it's video part 2
I'd really like to know where you work so I can make sure your employer get's their ass sued off for exposing people's private information. If you and your employer are such ignorant cheapskates that your would RMA a drive with people's personal information then neither of you should be roaming free.
If the security of the content on the drives is that important, they should be encrypted. Encrypting the drive almost eliminates the risk of data disclosure from theft. It's tempting to think that the organization is secure and that nobody could pull an inside job, but it's deluding yourself. Each drive should be encrypted with a DIFFERENT key. When a drive fails/is stolen, it is not a worry.
When you say "secure" I have to ask "how secure?"
For example, in any situation that deals with classified data, once classified the disks can never, ever be unclassified without physical destruction. Part of the reason is that data recovery technology is VERY good, a few years ago, state of the art was the ability to recover data that had been overwritten up to 20 times.
In a nutshell, it worked by looking at the "edges" of the data tracks, because of the minute variations in head positioning, each time the drive wrote out data, the write head was not perfectly centered so there would be enough "splash" on the sides of the track to be able to recover the information. And that was a few years ago, who knows how good the tools are today.
Another thing to watch out for with all of these software solutions - you can only over-write what you can access. If the disk has acquired new bad sectors during its use, the controller automagically copies the data to a spare sector and then puts the bad sector on the "grown defect list." Generally, through software, you can't get to the sectors on the grown defect list - the controller has them remapped to the new sectors But, someone with the right tools can usually read those sectors well enough to extract the data from them.
Do you care about that level of security? I don't know, but you should at least be aware of fragility of most solutions proposed here so far.
When information is power, privacy is freedom.
It uses modular exponentation to generate a cryptographically random sector distribution list, ... then cuts power to the drive and degausses the entire disk.
50% Informative and 50% Interesting? For such a pile of random buzzwords shoved into sentences like five year old stacking their toys into a big heap, I was expecting 20% Funny, 40% Overrated, and 60% Troll.
Oh come on, slashdot math DOES work like that.
LAVA!
:)
If your hard drive or the data survives the lava, let 'em have it, because whoever goes diving into lava to get a hard drive obviously *really* wants to get the data.
My method has the benefit of being a bit more fum than a degausser or wipe utility. (Actually I wiped them first...)
If you want a vision of the future, imagine a youtube comments section scrolling - forever.
A hundred amps, intense heat and sputter. Ten seconds a drive. Hard to go past that for making data unrecoverable. (-:
Good luck RMAing the drive - "Uh, it jus' come apart in me 'and, surr" - but OTOH anything you do to erase the data on a dead drive is likely to void the warranty anyway."
Got time? Spend some of it coding or testing
Certain TLA's simply shred their hard drives, but then money's no object for them. Here's a company that'll do it for you. Boy could I have fun with one of those.
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
ok... let me get this streight...
your going to delete information on a drive your about to RMA because it's dead...
so you want a peice of hardware/software that will magically bring this DEAD drive back to life, and write to the whole platter 7+ times?
sir, if you can write to the WHOLE PLATTER enough to erase data on a DEAD DRIVE then your drive probably isnt dead.
and if it isnt dead, and just flaky... i've noticed that linux via ide and isb-ide devices allow you to read/write to flaky drives usually. and there is some software out there that can do that. alturnatively you can probably just write a script that will write 1's, then 0's to the whole drive multiple times and at the end will write random characters to the drive.
in fact, i think i'ma go learn how to do just that.
---- The first point-and-click interface was a Smith & Wesson
The best way is to not worry about returning the drives under warranty, just buy a new one.
And as for the old one, a sledgehammer and a horseshoe magnet should do the trick. Beat the HE-double-hockeysticks out of the drive (or maybe just the removed platters, if you want to save some energy by unscrewing the case), and then pass a magnet over the fragments a few times in the hope that anything still left might be scrambled.
A solar death ray should be able to handle a hard disk too. 600 degrees Celsius should cut it, eh? Of course, it's cheaper just to shatter the platter with a sledgehammer.
(Disclaimer: I am not a lawyer, engineer, physicist, chemist, biologist, or healthcare professional, nor do I play any of the above on TV. By acting upon any suggestions contained herein, which do not constitute expert advice, you agree implicitly to this contract. I am not responsible for injury, death, destruction, dismemberment, liability, or prosecution such as may ensue from your actions. Use at your own risk, contains no CFCs, Barbie(R) dolls do not talk or move by themselves. Do not eat iPod shuffle)
Until this week I worked at a place where we had to deal with literally hundreds of bad drives and a company hyper-paranoid about data security. Old drives were sent to a scrap yard to be shredded but the data had to be well and truly trashed first. DoD wipe works great but only for good drives, not bad ones.
Our solution for bad drives: A drill press. Drilling is fast and reasonably secure. It keeps the platters together with the serial number for easy record keeping. Drilling completely through the drive makes spot-checking a breeze. Just be sure you use 3/8" cobalt-tipped bits (that thick top plate will eat plain bits like candy) and stab them into a can of Crisco every so often to keep them lubricated.
Note: This may void your warranty.
Never approach a vast undertaking with a half-vast plan.
One word...MAGNETRON! juss nuke it
perhaps if you're 15 and found that the auto re-imaging process on those machines has made all your scripts useless?
Mongrel News all the news that fits and froths
If an agency is working with sensitive information, why is ANY information stored on individual PCs? Information like that should be stored centrally, so access to the information can be audited easily. And if it is so important, do you really want to be in the game of keeping it where it can be lost if a PC goes down?
I work in the banking industry. We do not allow any information to reside on the individual PC level. I maintain the PCs... I don't bother to ask if you have personal info when it is time to replace the PC... if you do, you are violating company policy and would be written up.
See my journal for slashdot ID's by year. Mine created in 2005. http://slashdot.org/journal/289875/slashdot-ids-by-year
Before you return the drive ask them how they would like you to destroy the data. The might be entitled to their drive back, but they need to tell you what to do. If you are trustworthy they are likely to say something like "Send us the circuit board and destroy the rest". Normally they want proof that you are using the RMA to get a second free drive. Sometimes (rarely) they want the broken drive so engineering can figure out why it died, in which case they might have other instructions. You need to ask though.
If the sledgehammer treatment seems too uncivilized:
Try this.
Our 1.5-tesla phased-array coil MRI does the trick for me.
How about simply running a high-powered magnet around the HD while it's running? WOuldn not such a crude method be effective?
Very customizable and tasks (as the individual wiping profiles are called) can be customized to be fast or extremely thorough.
And he's right. It's cleared for use in wiping classified disks, so I'm pretty sure it'll cover HIPAA too.
All you should need to destroy the data on a hard drive is an electro magnet. At my work we had one, that was a little smaller than an iron, that we used to rapidly destroy round reel, and cartridge tapes.
Microwave
There is no such thing as a perfectly secure wipe, especially not of a drive you can't write to. Crack the case, pull the platters, run them through an industrial metal shredder. I defy anyone to retrieve useful data from a mixed box of shreddings from multiple platters from multiple drives.
Media that can be recorded and distributed can be recorded and distributed.
-kfg
Sounds like a good job could be done automatically by changing the application code for the Linksys NSLU2 which as we know has complete Linux source available and also has a substantial following.
http://www.nslu2-linux.org/
1) Format to EXT3 deleting all partions.
2) DOD wipe. Format to Desired End state.
Mail if you are interested. Cheers!
Vista, the single biggest argument for Desktop Linux! It doesn't "Just Work"(TM).
I find it hard to believe that you find a sledge more fun than a torch, a better workout yes, more fun no. But I may be biased, my grandfather is a retired master welder (or something like that, whatever you call the guys rated to assemble submarines). Time to spend some quality time with grandpa. ;-)
Active volcano
;-)
Good idea, time to visit volcano national park on the big island of Hawaii. Honest Mr. IRS Auditor, it was a business trip.
As much as I enjoy hi tech it is not the answer for everything. C-clamp the platter to a bench, put a second c-clamp in the hole as a safety, apply the belt sander.
Been there, done that. At least with AOL CDs. They launch just fine but they are much faster than a clay and present a very slim profile. Nearly impossible to hit. I don't expect platters would be much better.
(You can substitute a Brillo pad if Svinto isn't handy.)
#naabhaprzrag, #sverubfr-000, #agi-fcbafberq, negvpyr[pynff*=' negvpyr-ary-'] { qvfcynl: abar !vzcbegnag; }
a good free utility is SDelete, developed by Sysinternals Freeware. 5220.22 M compliant. What's good about this is you can choose the number of passes on a drive -- in case you didn't feel safe with one pass.
That and it's free
Mens et Manus
One Word... kiln.
(but keep the magnets!)
I've always been told that Aluminum will burn like magnesium if you get it hot enough. I wonder if a cutting torch could ignite it?
well in this context anyway
Engineering is the art of compromise.
The platters make nice hand mirrors.
The closer you are to the code, the happier you are. - Ancient Geek Proverb
I use a Craftsman drill and a small carbide bit. Goes through all drive platters like butter. Don't even need to remove the drive from the machine (assuming the whole PC is being decomissioned, of course). I suppose it would be possible for someone with incredibly vast resources to recover some bits and pieces of data, but man, I doubt it. Think of all the shrapnel grinding around in there! You'd have to have some pretty sensitive and valueable data on that drive to need better than this technique, I think.
I am not left-handed, either!
At out office we have a machine that has different rail sets for our drives (which are already in carriers - some LianLi others StorCase), so we just lock them in and boot off of a floppy (mini-linux distro homebrew). We then 'dd /dev/hdx' a couple of times before we take a radio shack magnet to them. Afterwards we dismantle the drives and either smach the glass platters or make frisbee/wall decorations with the metal platters.
Not sure if this is something you can use, but it has come in handy for us. I imagine with SCSI you could have an external tower with rails in them for sliding the drives in and out without having to crack the case each time.
I only need the Preview button when I haven't used the Preview button.
To wipe the drive insert a knoppix disk, once booted mount your partitions. Cd to a partition and type
# shred [options] *
man shred for specifics but shred does NSA style wipes of HDD with as many overwrites as you want (25 is stock) then follow it up with rm -Rf * (since shred destroys the data not the "name") then once all files on all partitions are "wiped" fdisk it, one big partition and put a new file system on it.
This can be done to NSA standards with a little bit of effort.
shred is beyond any doubt the most overlooked utility in Linux/Unix.
I'm sorry, I'm to tired to be witty at the moment so this message will have to do.
http://www.logicube.com/ The sonix one has a 7 pass DoD standard wipe option.
Click Here
// TODO: Insert Cool Sig
I have to clean 5 drives a month, every month, and reuse if possible. I have turned to running Norton Ghost of a Fresh windows install overnight (all of our workstation drives are 80 GB drives) and physically "Deleting" (1500lb press brake) those that fail. Cheap, easy, and secure. I do wish a piece of hardware existed out there, off the shelf, to do what you suggest though.
Physics is nothing like religion. If it was, we'd have an easier time trying to raise money!
Watch the videos on http://www.goldcircuit.com/
It's a really neat place where old computers go to get ground up. Looks like they could handle a few tons of hard drives per hour too...
If worse comes to worse, makes for some good internet tv watching...
---The person (my Wife) who trashes the hardware, or the malcontent who goes thru to read some obscure file format, to determine some kid's IQ?
WHen trash is on the corner, anybody has the right to rummage. The Police have fought for that one, for due reason.
And since your wife didnt go through proper disposal methods of destroying information (at least a 7-pass DoD reccomended), I'd say a judge would find your wife negligent. If, though, a Computer Expert reccomended a "format", I'd exonerate her and go after the "expert".
There's tons of available software. Just dedicate a PC to the task and shove drives in it and wipe them with any of the many secure erase utilities out there that at minimum do the DoD standard patterns. Some of the utilities do a great deal more than the standard DoD patterns for better security, but they take longer.
If the drive is malfunctioning at all, don't trust the delete. And don't trust deguassers unless you've really done your homework on the theory (how much does it take to destroy your drive? it varies by drive. What distance does the device need to be from the platters to be effective? Can you leave the case on?). Even if you can answer those questions, I would feel better using physical destruction than degaussing.
Don't trust simplistic physical destruction either, like drilling holes, or whacking the whole drive with a hammer. People can and will extract data off of fragments of platter. Best bet would be to open up the drive, remove the platters, and melt them with thermite. Don't do it in your office though, do it outside on thick pavement or something - the stuff is very hot and very dangerous. Google for how to make the thermite yourself. Basic ingredients are essentially rust and finely powdered aluminum, and a magnesium strip to ignite it with. It'll melt/burn the platters.
11*43+456^2
Like this one
Sorry folks, I'd rather rely on my community there than a bunch of fellow /.'s (grin). Elitist? Yar!
"[I]t is a wise man who admits the limits of his knowledge or skill, and that pretending either causes harm." --Terry Go
As I know, most drives now days are built using glass substrait platters. For example, one day I took apart a dead laptop IBM drive once. As I was playing around with it, I dropped the drive. What really sucked however, was that the all the platters shattered into tiny glass slivers/shard which made cleanup a major PITA.
But now that I think about it, this really is good for security. Should the FBI ever come knocking on my door (not they would have a reason mind you), I would yank the drive and hit the damn think really hard with a hammer. What do you know eh? An instant maraca!
Life is not for the lazy.
As a first step, you should keep the data encrypted on all your hard drives while you are using them (both Linux and Windows/NTFS will enable you). Then, when you want to reuse them, you erase them with the best tool around. If someone will try to recover data from that HD, they will get, at most, fragments of encrypted data: not very informational.
1. Encrypt
Miracles can happen in hard disk recovery, much more rarely in encryption. Even if it auto-boots, all you really need to destroy is the key block, other fragments are useless.
2a. Wipe
If it is working, use something like dban to work it over. The only potential danger left is that the key block has been remapped (less than one in a million chance of that, on top of everything else).
2b. Degauss
If it is not working, degauss it. IBAS and whatnot sell them. See if you can get it RMA'd (If you're a company with legitimate security concerns, they will... otherwise you might switch HDD supplier). If not, I guess you have to eat the cost.
3. Total annihilation
If the first two didn't cover it, open the drive, degauss the platters directly, shred them to shrapnel and then melt them to a piece of slag. You can still try to get a RMA based on the casing, depending on who you are.
The truth is that RMAs, with shipping, diagnostic, refurbishing, repackaging and reshipping costs quite a bit due to low and sporadic volume. A large steady volume of purchases is worth far more than a few missing RMAs, don't forget that when negotiating.
Kjella
Live today, because you never know what tomorrow brings
In Linux, the command would be 'shred /dev/hda' The shred program will do multiple passes of random data (default 25) /proc/partitions should give you a list of the drives available and their sub-partitions. If you're shredding the entire drive (/dev/hda) you can safely ignore the partitons (/dev/hda[0-9]+).
Knoppix boots off of a CD-ROM, so you don't have to worry about accidently erasing the OS -- and, as long as the machine you're wiping can boot off of a CD, you can even shred the drive in place before you take it out to ship it (just make sure you shred the right drive).
If you want an 'appliance' then you can build it with
- A boot CD-ROM
- an external USB drive enclosure which does IDE->USB.
- a SCSI controller with adaptors for the various drive plugs. If you start with an ultra-wide drive, you should be able to get adapters that will allow you to go all the way back to old SCSI-1.
- an SATA controller/plug
- I don't know if there are any native-firewire drive. Chances are you should be able to take the raw (ide/scsi) drive out of the enclosure and use one of the other connectors to munch it.
- Spare cables... If you do this often enough, the cables will start to wear out. As they do replace the cable in the system (avoid plugging/unplugging the end that connects to the board as much as possible to avoid permanent impairment).
- You may have to build your own kernel to recognize RLL drives and controllers, or older, but Linux should recognize it. You will probably need a mobo that accepts ISA cards (P3 or earlier CPUs, generally).
For something that even a custom-build Linux kernel can't write to, I think you'd probably have to go to early '80s technology (or really esoteric hardware that's more recent).(to 'load', you just unplug the enclosure, load a new drive, plugi it in. The system should recognize it. Syslog output should give you all the info you need).
Free Software: Like love, it grows best when given away.
I have no doubt that you could use an AVR or PIC microcontroller to do this, and it wouldn't even be hard to design. IDE interface, microcontroller, maybe some kind of random number generator, and you'd be set.
This is kinda interesting, I think I'll look into it. Add a few buttons on the front of the dongle to chose your paranoia level..
old netware 2.x required a process called compsurf. it was part of the setup. netware 3.x and 4 had the tool also (i think).
compsurf ran a write and read test pattern on *every* byte of the hard drive. there were multiple bit patterns run.
in the early 1990s, when a large hard drive was 300MB (M not G), a compsurf took several days.
i would look into that.
eric
dban.sf.net
Get Firefox!
The whole idea of reading stuff that has "spread" from the side of the tracks doesn't really work. In any case, the head will always write with roughly the same amount of spread. The way it works is this - read off what you can of the spread at the side of the track. Work out the difference in flux density between the spread and and actual track. This will allow you to recover the last lot of data written. If you write two sets of random data, your original data may still be vaguely readable in the spread area but you won't know what the last lot of random data was, so you cannot extract it.
For a good source of random noise, plug a good white noise source into your sound card.
insert drive and just do this a good 8 or 9 times as root:
/dev/urandom > /dev/hdb
cat
http://illhostit.com/ - Webhosting
Just create an enclosure that holds the drive and wrap 200 turns of wire around it. Connect that to an oscillating electric source. Probably doesn't need to be more than about 12V.
Even if it doesn't work, it'll give the drive one hell of a headache.
PocketGamer.org - For the gamer on the go!
If you give up, and time is short, don't forget the other military edict regarding the disposal of 'sensitive' electronics: "Heat sufficient to melt steel, or a hastily dug hole and the use of explosives."
A Gutmann scenario might work very well, but personally, lacking the sort of kiln required in the event of failure, I lean towards the foxhole/grenades idea.
If you meant "US Department of Defense 5220.22 M", try ( http://www.dss.mil/isec/nispom_0195.htm ). That's the home page for the National Industrial Security Program Operating Manual (NISPOM).
Spiritus ex Machina
"The universe is not only stranger than we imagine, it's stranger than we CAN imagine."
Secure Harddisk Eraser - in compliance with DoD 5220.22-M NISPOM recommendations
Any sufficiently advanced libertarian utopia is indistinguishable from government.
What it takes to securely delete data, so that it can never be recovered, is
Exactly two overwrite cycles.
Almost every computer ever built has used magnetic memory of one description or another to some greater or lesser extent. If magnetic memory really had a fourth dimension, there would be evidence for two phenomena. Firstly, accidental reads of "past" data would be be cited as a cause of misreads. Secondly, the phenomenon would have been commercially exploited. Although we think disk drives are cheap today, there have been times in the past when it would have been economically prudent to cram in a bit of extra storage, almost whatever it took.
Human memory is not overwritten in the same way as machine memory: it's four-dimensional, meaning that events are stored with a timestamp and can be recalled at any time in future. Machine memory is three-dimensional -- unless you deliberately try to make it act four-dimensionally, by storing all updates in their own right.
The nearest thing to four-dimensionality in magnetic memory is that you can sometimes discern a vague difference between a "1" written over a "1" and a "1" written over a "0", and you can sometimes discern a vague difference between a "0" written over a "1" and a "0". written over a "0". That's a natural phenomenon due to the hysteresis of magnetic media. The difference is hard to see because in digital recording, you are only concerned about two states; once the material has been magnetised to saturation, you are by definition outside of the hysteresis loop. Even near saturation, you are working away from the broadest part of the loop, and so the result you get will be subject to tolerance.
Note also that the reading head of a disk drive is connected to an amplifier which is designed to saturate. The drive really doesn't know the difference. To be able to discern this information in practice, you would have to perform some serious mods on the drive.
Don't pay any attention to the Guttmann report -- it's long out of date and has since been discredited, though it keeps popping up again and again. There are very few people in the world who could actually carry out the procedures talked about there for recovering overwritten data, and there are easier techniques anyway {find someone who knows that information and threaten them, their family and/or pets with torture
Think of data being stored using pennies on a revolving, felt-topped table, with heads for ones and tails for zeros. Maybe the pennies will leave a weak impression in the felt, but it's not certain. If you turn them all tails-up, then all the data that was stored by the pattern of heads and tails is lost, and all the impressions on the table felt will become impressions of heads; if you then turn all the pennies heads-up, then all the impressions will be tails.
It ought to be almost trivially simple for motherboard manufacturers to build in a BIOS option to erase a hard drive. However, I've not found one on any machine newer that the Amstrad MegaPC; that had a Quadtel BIOS which incorporated a "drive test" function, which just happened to leave the drive in a known state, i.e. it erased it. I'm guessing that there are some political reasons for not doing so.
Je fume. Tu fumes. Nous fûmes!
My old sysadmin, where I worked back in '92, had a LARGE electro magnet in a seperate room. Whenever a harddrive was to be discarded, he went in there, turned the magnet on, and passed it through the hole a few times. There was n-o-t-h-i-n-g on it afterwards. You can acquire one such magnet cheap. He took it out of some other equipment ;P
Any technology distinguishable from magic, is insufficiently advanced.
This should work well:
http://www.datadev.com/v94.html
-ted
I'm an OEM and I buy drives from suppliers (IBM/Hitachi) who accept my companies written word who accepts my customer's written word that a drive has been destroyed or who accept a Xerox of the drive case and a written stastement (Seagate). Since my drives go into 3 letter agencies, I anticipate the possible repair need in selecting a supplier.
Doesn't help you in your "transfer a working drive to another person" scenerio but does solve the RMA need (I never did figure out why I'd trust a overwrite performed by a drive that was known to be failing).
And since the "transfer" case affects working systems, what you want there is a software product loaded from a floppy that deals with the drive on a physical level. Takes a long time given today's size drives.
How many people want this? And how much would you be prepared to pay? And how many disks do you want to clean each day?
I'm imagining, you pull the disk from the box, slip it into a caddy. Slide the caddy into the cleaner, press a button. When a light goes green, that disk has been cleaned to a particular standard.
If there's enough indication of demand, we'll build them. Send me an email - cleaner at tanasity dottt com, letting me know the answers to the questions above. Any mail I receive will be used for this purpose alone.
Jeff Veit
What we do is use Autoclave for the IDE drives (max setting, or at the very least setting #3.) Although we'll be switching to DBAN since Autoclave is no longer around. For the SCSI Also there's nothing better than a circular saw. ;)
I suppose a really good industrial wood-chipper would work as well, provided it could shred steel.
For old or dead hard drives the only way to go is to destroy the platters. Open the drive. Scratch the platters. Bend the platters. Stomp on them. Yell at them. I'm not sure if microwaving would work, but that would be great if it does. Use a gauss device too.
But that's not foolproof because there is still some data there. That's where starting with encryption on the whole drive is a plus as a precaution.
www.corpsys.com sells exactly what you are looking for, call the pro hard drive workstation. It works on both IDE and SCSI hard drives. It duplicates , tests and DOD erases hard drives.
cd pub
more beer
This is correct, just use the /DOD switch and it will make 7 passes over the disk, overwriting with random data.
Over 480 responses and maybe only 2 actually answer his question.
Instead everyone has to be a smartass and tell him that if the drive is damaged he can't write to it.
He didn't ask that - he asked if there was a good device for securely wiping a harddrive. Is it really that freaking hard to stay on topic and just answer the guy?
Ever time anyone has an ask slashdot it creates the "know-it-all" effect around here. Nobody actually knows the answer, but they feel inspired to spout off about everything they think they do know about.
Just answer the question. sheesh.
I recently wrote a paper on this topic http://www.whitedust.net/article/7/ and during the course of the research it became clear to me that the only sure way to absolutely and unrecoverably delete data from a HDD is to slag it in acid. Anything else has a relatively high margin of error. Think about all those old HDD's you chucked out after a PGP diskwipe... and what is most likly still recoverable off them. Be afraid.
www.whitedust.net
Just sand the oxide off the platters. It's not that thick.
what a microwave is for?
About using a big magnet wouldn't it kill the data on the HD ? just an idea...
Step 1: Put drive on anvil and pound on it w/8-pound sledgehammer until no piece of the media is bigger than a quarter.
Step 2: Collect pieces, and slag in gas-fired incinerator.
Regards;
I am busy designing a standalone deletion device as we speak (IDE & Ultra - SCSI .. cos thats what I got)
Watch this space.
Sproggg
Do what governments do. Grind the HDs to dust (metalic and otherwise). Then store the dust. My recomendation is to melt the grindings down and turn them into paperweights for the office. No chance of a lawsuit if, for some reason, an HD doesn't get wiped.
Fly me to the moon Let me sing among those stars Let me see what spring is like On jupiter and mars
What you really need is something that can reduce a washing machine to thumb sized chunks in little more than a minute. Check out these hungry machines. SSI
It is by the juice of the coffee bean that thoughts acquire speed, the teeth acquire stains. The stains become a warning
The British Secert Service grinds their Hard drives into dust,
puts it into a bin with other hard drive victims.
And is kept in a locked room, never to see the sweet light of day.
Now, if you're actually disposing of the disks that's a different story. Wiping will be fine for that, unless the drive is already unusable. Then you'll need to go the physical destruction route.
If you were dealing with extremely sensitive data (missile launch codes, biowarfare research, etc) then physical destruction would be your only choice.
That wouldn't work on journaled filesystems (like Ext3, ReiserFS and NTFS). Shred works on individual files. Those filesystems will first write data to a new block which then replaces the one previously pointed to by the file. Only the pointer is overwritten. The original data block is still on disk (untill this, now free, block is overwritten again).
I use a two pound sledge hammer. No shit, that is my deletion process 5 good whacks and the platters are exposed another 6 and all thats left are the broken pieces of the platters, if someone can recover data from that they are more than welcome to it.
I am Bennett Haselton! I am Bennett Haselton!
I propose a more elegant solution. Purchase some hydrochloric acid. You can find this with the pool chemicals (37% aqueous HCl) or try some muriatic acid in the home improvement section. Pour the acid into a bowl (wearing safety goggles and gloves, of course) and drop the platter(s) into the acid. Safe and proper disposal is left as an exercise for the reader. On the other hand, using a big hammer and smashing the !@#$%^&* out the platter is a lot more fun.
uhhh... Using DBAN takes about 5 minutes of my time, and then I leave the PC sitting in an empty cubicle for a few hours. I'm sure I'm cheaper than the HD's would be. Especially because I work at a non-profit, so my salary probably isn't as high as it would be at a more corporate gig.
I usually stick with using either an AR-15 or a M1911 for disposing of hard drives. YMMV depending on your aim.
It's good to use your head, but not as a battering ram.
At the company I work for (a large-ish company you've probably heard of), we don't return any dead drives. If a drive is non-functioning, the platters get incinerated and the rest is recycled.
...for a microcontroller. Seriously, get a Microchip PIC, wire up the ATA connector, and write some simple C code to handle reading the disk geometry and then blasting the data (over and over and over)...
The hardware costs could be as little as $10 or so per device, and it would be not much larger than the ATA connector!
Tiller's Rule: Never use a word in written form that you've only heard and never read. You will end up looking foolish.
Build a regular machine yourself to do it! Make it boot a very minimal Linux to a script that automatically wipes any other drives it can find. Use this.
Or just make that floppy and stick it in the computer with the faulty drive. It's no-nonsense.
It was where it is in the world that I always found weird. It is not like we have an American Air base around. Maybe they get sold second hand on the used semi sensitive device market :)
Hardware encryption which runs transparently between the controller and the hard drive has been availible for a while now. Nothing on the drive is in plaintext, not even the boot sector, and without the key it won't work.
Put the disk on a machine without the encryption system and key and you get gibberish which you will take from now until the end of the sun's expected lifespan to figure out.
Add software encryption loaders at boot and then OS loading encryption on top of that and finally file level encryption with PGP and what was what is never going to be figured out. If this is on Windows and it crashes, you'll never recover anything. I'm not sure if you can get an image off the drive in its encrypted form and have to do backups from the running decrypting state and encrypt back-ups separately as far as back-ups are concerned.
Do a simple random overwrite once booted and no one will ever recover enough of anything to decrypt through the layers even if they have some Star Trek-ish futuristic technology.
Problem solved. If the data is that sensitive in the first place, it should have transparent hardware encryption in the first place at the very least. I don't understand why so much data is kept in plaintext from the start and no thought given to this portion of the problem from the start.
If my grammar and spelling are off, I am [distracted/tired/careless] (take your pick)