Slashdot Mirror
The Homemade Hard Disk Destroyer
Barence writes "All businesses have sensitive data they need to destroy when they replace PCs, but disposing of hard disks properly can be an expensive business. This has led one IT manager in the UK to come up with his own, homemade solution — Bustadrive. It uses a powerful 'hydraulic punch' to physically deform a hard disk, rendering it virtually unreadable, and requires nothing more than a pull of the lever on the front — similar to a drinks-can crusher. PC Pro tested the Bustadrive, and also sought the opinions of data destruction companies as to whether the device was really as effective as hoped, or just a fun way to mangle a hard disk or two."
I just use a stand drill. I goes through all the platters and the circuitboard.
Fairly easy to find and purchase.
I gave up with the idea of an useful sig...
Thats probably because you used some silly setting like Gutmann. Just use pseudorandom and be done with it. (esp since gutmann isnt really relevant anymore....)
:)
Pseudorandom wipe can apparently do an 80gb drive (hooked up via usb) in about 40 minutes.
If youre doing multiple passes, you may want to make sure that doing it via overwrites (rather than destruction) is really good enough for your data
Raise the drive to the curie point. All magnetic domains are destroyed, and recovery is impossible with currently known methods.
dont forget the safety goggles!
If they're reusable afterwards, you didn't use a proper degausser.
There is no need to physically destroy a drive to prevent data from being read. The claims of Gutmann that it was possible to read overwritten sectors were never sustained by his sources. I investigated this years ago and reported in Can Intelligence Agencies Read Overwritten Data that he was very much overwrought. I see he has gone on to tilt at other windmills since he propagated that myth.
This is not effective, I've successfully recovered drives where the PCB had been smashed, broken, etc. You just need to find the same model and replace with that.
Here is an easier method (version that may make from work).
There are commerical version that do alot better bending job, try http://www.garner-products.com/ for videos and pictures to gladden your hard drive destroying heart.
Buy a package or 2 of sparklers, scrape the magnesium off onto the hardisk (encased or not, if cased maybe 2-3packages), light a sparkler and stick the end into the pile. Done.
A collegue of mine used to work at a financial institution where they had a special heat resistant receptacle for hard disk destruction. They put the stacks of hard disks down, put thermite packs on top, closed the lid, and punched the "ON" button. Said slag after cooldown was then put out for scrap metal.
Another place didn't go with the thermite, but instead had an industrial grade shredder where the drives were tossed in, and parts the size of marbles came out the other end.
Both methods work. The thermite is more thorough and fun to watch, but the industrial confetti also does the job well. In a business, I prefer the shredder, because it is more idiot resistant than highly reactive chemical processes.
Sure it can. And then someone can use techniques such as MFM, SPM or STM to recover the disk. And then there is this patent which notes that data is often partially written off the track, and thus can't be wiped.
I guess for most people's purposes something like DBAN will work well. But for the truly paranoid, you really need to read NIST's recommendation that you clear, purge and destroy. And by destroy, they mean that you use "Disintegration, Pulverization, Melting, and Incineration." At a "outsourced metal destruction or licensed incineration facility with the specific capabilities to perform these activities effectively, securely, and safely", no less.
XML is like violence. If it doesn't solve the problem, use more.
A lot lower for alloys so it really depends on what it is. If we assume it's pure iron and a decades old drive then you are correct but small traces of other alloying elements have a dramatic effect (eg. for most stainless steel it's below room temperature in the extreme example).
There's a discussion at http://www.ocforums.com/archive/index.php/t-454159.html of a few different magnetic materials used in drives and Curie points with a few links to where they got the source data from.
Just destroying the universe after the disk failed isn't enough. If many-worlds is true (and the paranoid sysadmin must consider this possibility), the fact that you destroyed the universe in this world doesn't guarantee that the data isn't destroyed in any other world. Indeed, you have to setup the universe-destroying device before writing the first bit of data onto the drive, and have it automatically triggered if it can't detect any accesses to the drive any more (after all, you might forget to activate it by hand in some of the universes). Only by setting it up before writing data you ensure that it will be in every universe where the disk contains any data, despite all the universe splitting going on.
The Tao of math: The numbers you can count are not the real numbers.
Note that there are two dimensions to security. One is how big a problem it is if the secret leaks, the other is how long this is true for. Troop movements in Iraq, for example, could cost lives if they are leaked today, but if they are leaked next month then the data is irrelevant. The NIST recommendations that suggest destroying the drive are based in the principle that the secrets may be important in 20-50 years. They factor in attacks that are hypothetical now, but could become practical over this timeframe. For a commercial entity, this level of paranoia is rarely required. Most businesses don't have any data that would be a problem if it leaked even 5 years in the future - even credit card numbers have a shorter lifespan than that, so if someone recovered a five-year-old list of credit card numbers they wouldn't get anything of value.
I am TheRaven on Soylent News
If you are wiping a hard disk to reassign within a company, and the hard drive isn't requiring top security, I've found that using HDDErase and DBAN are a good combo. HDDErase performs a complete erase on the controller level using ATA firmware commands (zeroing even the relocated sectors), then following up by usage of DBAN will put the chance of any recovery past anyone but the most determined.
Bonus points if you use TrueCrypt or BitLocker, so to ensure that a HDD is wiped, you just do a quick format, or a once over with zeroes. If you format a BitLocker drive in Windows 7, the format command explicitly zeroes out the areas with the volume keys on it making it impossible to recover the rest of the volume (more info here http://technet.microsoft.com/en-us/library/cc512654.aspx).
If you read the enhanced version on his homepage, he says that he didn't update the paper because it is practically unfeasable to try and restore overwritten data from a modern disk. In the epilogue he says:
Never ascribe to malice that which is adequately explained by incompetence.
Gutmann's paper was based on 1990-era technology. And even then you didn't need all 35 passes, just the ones that correspond to the encoding used on the disk. If I read the enhanced version of the paper correctly, restoring even plainly overwritten data from a modern disk is a hopeless task.
Never ascribe to malice that which is adequately explained by incompetence.