Slashdot Mirror
Ask Slashdot: Best Way To Destroy Hard Drives?
First time accepted submitter THE_WELL_HUNG_OYSTER writes "I have 10-15 old hard drives I want to trash, some IDE and some SATA. Even if I still had IDE hardware, I don't want to wait several weeks to run DBAN on all of them. I could use a degausser, but they are prohibitively expensive. I could send them to a data destruction firm, but can they be trusted? What's the fastest, cheapest DIY solution?"
high temperature destroys the magnetic field.
Drill Baby Drill
I've got 101 mod points and you can't have them!
* Drill a hole, pour in acid.
** Pro: Fast, cheap
** Con: Requires you to have access to an acid
* Drill a hole, pour in resin. :p
** Pro: Fast
** Con: Not so cheap due to the cost of the resin.. Unless you swipe it at work
* Explosives
** Pro: Fast, extremely effective and damn fun!
** Con: Most of the time illegal.... *cough*
Exothermic oxidation-reduction makes drives dead.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
Remember: when all you have is a hammer, everything looks like a skull.
nail gun
hammer, bigger may be better
screwdriver, there are cool, powerful magnets inside and the aluminum chassis is recyclable for cash
steel wool on the platter once taken apart (not really important by that time)
Firearms, play safe
Phil
Laugh, it's good for you!
I did it today to one. Unscrew them, take the plates, throw them in different recycling bins/garbage cans/whatever. If you're concerned about someone snooping in your garbage, drop one off at a different gas station every morning. Plus you get some neat looking polished Al/Ni discs out of it if you don't feel like throwing them away...12 year old drive's guts were shinier than a bathroom mirror today
If you're looking for fast production-line destruction, take a three pound hammer and punch. A punch driven through the aluminum plate covering the platter section, midway between the center spindle and the edge of the drive, down to the bottom of the case through the platters, will effectively destroy the disks. It will cheaply render the data unreadable to anyone who doesn't want to invest ten thousand dollars investigating the remains of the disks. You can crank through many disks per hour. A 3/8" bit in an electric drill would be similarly effective, and less labor intensive than a hammer, but slower.
Leaving the aluminum plate covering on the drive has the added advantage of containing the shards if the disk platters are made of glass. Even so, I'd wear leather gloves and use eye protection if I were physically destroying them this way.
But with 15 drives, it's just not that big of a job. Why make a big mess? Disassemble them. It takes about 10 minutes per drive, and it's both educational and fun. You can probably do it watching TV on the couch.
A miniature Torx driver set (T6-T9, available from Sears), a flat bladed screwdriver, a #2 Philips screwdriver, and a pocket knife is all I need to take most drives apart down to their components. Recover the voice coil driver magnets, they're always useful. Remove the circuit boards and recycle them as they were probably soldered with lead. Remove the platters from the spindles. To truly be rid of the data, you'll have to basically destroy the platters in a very hot fire. Heating them past their Curie point will completely destroy the data, leaving them totally unrecoverable; but that may require heat as high as 1500 degrees F. You won't get that on a stovetop.
John
Drive slagging. http://eecue.com/c/driveslag
Just fun.
Just ask Blendtec, Will it Blend? LOL http://www.youtube.com/user/Blendtec Love these videos
TekGoblin
Open it up, pull the plates out, and run through each one via a shredder, using the slot for CD-ROM if your shredder has one, otherwise the normal slot for paper is fine. Just make sure you don't put it more than one at a time, and be prepare to endure the noise it generates.
New Economic Perspectives
...delete all other copies.
They should magically become unreadable.
It is my understanding that there has never been a single proven recovery of a drive that was simply zeroed out. No silly "military grade" wipe software necessary.
What - we just had the "omg how do I save my pictures/videos for my great-great-great-grandchildren!?!?" 3-monthly Slashdot story, so now the "aaaargh! I can't let some schmuck discover all the home made porn and paste it all over the interwebs!!!" was overdue?
Seriously, people... HDD tech hasn't changed enough to make the same answers from 5 years ago any different now.
http://www.google.com/search?q=site%3Aslashdot.org+how+to+dispose+of+hdd
I always take them apart for the free magnets inside.
I can't stand "security" people in business in general with this impulsive urge to physically destroy hard drives because of the data they stored.
Go do some googling, a simple ONE PASS of 0's on the disk WILL make the data absoloutely, without question unrecoverable, anyone who tells you otherwise is in to voodoo and black magic or trying to make some profit.
A huge amount of these "security professionals" insist on trashing perfectly good hardware for no apparent reason, it's a complete was of good resources.
The amount of perfectly good disks I've seen killed is astounding and not always old clunkers either, some relatively decent sized, high performing disks to boot.
DBAN doesn't take forever either, hook them up to a spare PC and fire it off, change the disks every couple of hours, infact if I recall DBAN supports multiple drives at the same time.
Sure if you have a 40gb IDE or something, just drill a hole in it - but if you're trashing anything over 160gb you're starting to ruin perfectly good hardware, for the sake of being pedantic and frankly stupid - stop and just don't do it.
This goes for anyone else suggesting the same thing, go and do some reading before believing any of this "must be 12pass write" rubbish to a disk.
FWIW A good 0 write to a disk doesn't normally take more than a few hours.
Very powerful magnets in the drives. Open them up, take out the magnets, and throw away the drives. If you are really paranoid, pop the discs out. But definitely salvage the magnets. They come in handy.
One pass with zeroes or random data over the whole drive is sufficient, unless you expect that a large government agency is going to open up the hard drives and spend millions of dollars to attempt to recover the data (and even they might be unable to get at the overwritten data. See http://www.nber.org/sys-admin/overwritten-data-guttman.html).
With dd if=/dev/zero of=/dev/sdb you can wipe all the hard drives in a weekend.
---------
There is inferior bacteria on the interior of your posterior.
The magnetic field patterns are on the surface of the platters. Sand the surface off(recommendation: do not breathe result.) and there is nothing to recover.
Unless you have pretty cool secrets, though, nearly anything that prevents them from Just Working when plugged in is probably enough.
After installing Windows on a hard drive, it becomes worthless. And after a while the actual bits will become corrupted into random values.
--
make install -not war
Thermite, or any other method to melt the platters.
You actually do not have to sit there turning a crank to power the computer. Simply start the process and then let it run. Less than a half hour of your time in total, and you have irrecoverable data.
Especially for some of the older models, check ebay first to see what they're selling for. You may be surprised at what some DIY drive rebuilders will pay for an exact match of a drive they're trying to fix. That useless-to-you old 40GB drive may contain the exact drive motor or controller somebody's looking for (and willing to pay for).
Jesus GOD mod parent up! Remember when security progressives realized that security is a cost vs. effort equation? That applies to hardware destruction. It's not fucking worth it. How many assholes with a grudge do you think actually have an electron microscope and enough hatred for you to want to use it just to get your company's expense reports? Get off the ego trip, buy a degaussing wand (what the DoD uses, btw) and take off the damned tinfoil hat.
Physical destruction is appropriate for used drives because they're really bad resources. Spinning disk drives are machines that wear out over time. They get a few thousand hours on them, and then they die.
I've measured the actual MTTF of drives that had published specs promising 300,000 hours MTTF. Of a population of 24 drives, I had 30% mortality within 60,000 hours (with somewhere near 25,000 being the mean.) That means we saw quite a bit less than the 300,000 promised hours. And these were the all-the-money high quality 15K RPM server drives, properly mounted in cooled systems, not the cheap consumer grade drives that were roasted in a cheap PC case. Old drives are a time-bomb with a very finite life.
New drives are down to $0.05 per gigabyte or less. They use less electricity than older drives, and have capacities far greater. And the machines aren't worn to within a few hours of the end of their useful life. It's false economy to think that old drives are worth saving. They're certainly not worth risking your data on.
John
They definitely wouldn't be able to get the data back if you'd formatted them with 2's and 3's.
Put them into a RAID 5 array. Tap one of the hard drives while it's running - this will lead to array failure. When it tries to rebuild, it's almost guaranteed to hose all your data. To increase the chances of data loss, be sure to place the only copies of pictures/videos of important events in your child's life.
I'll clear them off for ya, sheesh, i'll rewrite data over 9000 times if it makes ya happy, but let me have the drives.
I'm poor and destroying useful hardware hurts me.
Be seeing you...
Others have posted on what to do with your current problem. Now that you see how annoying it can be may I suggest full hard drive encryption from now on. Then when you want to get rid of the drive you just throw it away.
When I worked as a Data Security Tech we formatted them with 1's and 0's 7 times before crushing them with a drill press. NO ONE could recover that data.
You crushed them with a drill press? Here's a tip: the switch on the drill press makes the pointed thing spin, and you can turn the handle to make the pointed thing put holes in the hard drives. It's much less work than crushing them.
John
^ This.
Modern ATA drives (post 2001-ish) have secure erase which includes erasing damaged sectors which would otherwise be skipped over.
Number of overwrites needed
This is one of the laziest posts I have seen yet on Slashdot. wtf people use the internet it's faster than waiting for slashdotters to use the internet for you.
I was about to post this myself, but DBAN will do the trick. There's practically no way anyone will recover anything but a few random strings of plain text out of that, and that's only if they have the analog tools in a forensics lab. Even the chance of reconstructing a usable credit card account out of that is in the same probability range as guesswork.
But I will say that your estimate of 200GB is pretty low for what's worth re-using unless you're broke. Any drive that's been in use for 3-5 years is well past warranty and isn't really worth putting anything valuable on without a sensible backup and recovery scheme. Any drive 200GB in size (unless it's SSD, etc) is usually at least that old, I had a 200GB drive personally in early 2003. A brand new 1TB drive will only run $55.
(I of course agree that throwing fresh 3TB drives into tubs of driveway cleaner simply to "100% wipe data" would be absolutely stupid.)
... get over yourself. Your data is not that important. Nobody cares.
The magnetic field patterns are on the surface of the platters. Sand the surface off(recommendation: do not breathe result.) and there is nothing to recover.
Unless you have pretty cool secrets, though, nearly anything that prevents them from Just Working when plugged in is probably enough.
As many are glass, just remove the screws, open and hit with a hammer. Don't forget your safety glasses!
A feeling of having made the same mistake before: Deja Foobar
Not true. A data recovery firm can look at the magnetic rings left on the disk and determine what the data was before the 0's were written to it.
I have never seen any actual evidence of successfully recovered data using such a method. Not to mention, assuming it is possible, there is no way this process is cheap. Your data just is not anywhere close to that interesting.
http://xkcd.com/538/ (read the mouseover)
It's the only way to be sure
http://hostjury.com/blog/view/195/the-great-zero-challenge-remains-unaccepted
http://www.anti-forensics.com/disk-wiping-one-pass-is-enough-part-2-this-time-with-screenshots
(Key quotes: Secure Deletion of Data from Magnetic and Solid-State Memory by Peter Gutmann (35 pass wipe originated from Mr. Gutmann)
âoeAny modern drive will most likely be a hopeless task, what with ultra-high densities and use of perpendicular recording I donâ(TM)t see how MFM would even get a usable image, and then the use of EPRML will mean that even if you could magically transfer some sort of image into a file, the ability to decode that to recover the original data would be quite challenging.â)
(Article itself) http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
If you're destroying drives on your own, go for it. But in any kind of business, even if you don't have some old motherboard with an IDE connector, it's worth spending the $20 on an adapter or card to just DBAN those crappy old drives.
Why? Solely to prevent someone from injuring themselves while destroying old hard drives with a drill, which is bad in itself. It's worse when they bill the company for the ER visit because a spark gets in their eye. It gets even worse when they go on perfectly collectible workers comp and settle a lawsuit because they weren't given safety goggles when they did so.
Or, more realistically, some manager or person in HR from chewing you out for an hour and writing you up just because they think that way, and you allowed it to happen. And even that will probably not happen, but do always CYA just in case.
old hard drives that are too small to be worth someone's time reusing (really who needs a 20 gig hard drive)
He said some were SATA; I really doubt any SATA drives would be that small. It's just machismo: "My data is so evil and important that the NSA would spend a million dollars to recover it so I have to reduce the disc to constituent atoms".
Bollocks. Just write zeroes over it and you are safe in the real world. CSI and 24 notwithstanding.
What I find funny is the contradiction. When you want to make data unrecoverable, you have to do some serious abuse. Drilling a hole might not be enough! But when a hard drive begins to fail, somehow that same data is so delicate that any mistake, or no mistake, will lose it all, no recovery possible.
Intellectual Property is a monopolistic, selfish, and defective concept. It is "tyranny over the mind of man"
There was, but that was in the times that the air was clean and sex was dirty. A large capacity drive was 20MB and comprised of 4 platters in a 5.25" enclosure, double the size of a CD-ROM drive.
The original question stated no connecting the drives up to a computer was possible, since the owner didn't own anything that still had the required connectors/controllers to do so. Zeroing out isn't an option within the constraints given.
I was promised a flying car. Where is my flying car?
The above is the easiest way to do it.
Just open it up with a torx wrench, and sand the platters by hand with some 60 grit paper until they're not shiny. The magnetic dipoles only goes a few tens of nanometers deep on the surface of the platter.
More data, damnit!
The truth is that it comes down to COST. It is a bit like encryption, in that it is all about TIME and COST to brute force it. So how important your data might be to somebody is the real factor here. For 99.9% of threats you simply break the circuit board or remove it. 1 bad chip, cap, or resistor would stop these people from using the drive completely. Have you ever tried to get a drive working with a defective circuit board??? I have and it is not easy because most times revisions break compatibility so you'd have to find the exact same board; possibly even the same exact revision. The older the drive the trickier (but cheaper) finding a board gets.
Old drives leave trace data that a zero wipe will not stop and with the right gear it can be recovered. Private corps don't disclose all their tricks, researchers publish most the techniques they think of, the FBI won't get past the techniques you can find out about or they can hire out; while military or other gov have access to more cutting edge techniques. Ever hear of a low level format?? well, that places plenty of gaps on the drive-- you know the drive heads just don't calculate their position on the platter, the platters are encoded with position information. Anyhow, the older the drive the more gap space there is for one to process the noise and extract past recordings-- the newer drives are so advanced they are approaching magnetic "atomic" microscopes (note: I said "approaching,")
An FBI or private firm may have a drive head scanning microscope (using drive tech to cheaply make fast and effective drive scanners) but this will not be cheap to use; also, if you do an IDE zero wipe (if supported) the firmware level wipe will be low level and cover just about the whole surface making it safe. The other gov with more resources and time can probably go a little further... but not all that much for huge cost increases. In theory, a higher resolution reading device can pick up noise 'echos' in the material just as they can recover audio from tape a few times back- somebody dealing in this realm is not you and the cost and expertese must be crazy and on newer drives (possibly everything in the last decade) those techniques may not be feasible at all (but govs worry because unless it is proven somebody might have found a way.)
Poking holes in the platters will stop people willing to drop $1000+ to recover it. For more they can get partial data from segments of it but its not likely going to be all that useful (could be, this is where file fragmentation can cause big troubles.) Holes or shattered platters will make pretty much every reading device really labor intensive and expensive to use.
It is true that gov level wipe algs are pointless because that technique was devised for older drives with different kinds of encoding and also include techniques for floppies -- so doing the 35? pass is actually stupid because it covers a whole range of situations, no device needing them all. Canada for example, their gov lowered it down to 3 pass I think last time I looked.... like 10 years ago I think. a 1 pass is likely enough except for gov. high level gov mandates incineration as a blanket policy.
I say bust a chip; or remove the boards. that is plenty. if paranoid; then damage the platters (or the actuator arm... or a clever person would run a car battery into a few key points to kill the heads or motor in a few seconds.)
FYI: I have an expert level knowledge in this area.
Actually, there are a whole bunch of industries that have to destroy hard drives appropriately. Anything with names, address, DOB, SSN, CC#, etc... If an old drive that you let out of your custody is found, and even a small bit of data is recovered, that comes down on you like a ton of bricks. Well, a ton of lawsuits.
You are correct though, we have our procedures specifically outlined. There's no question, check with the boss. There should be a formal written policy on it somewhere. If not, you aren't handling sensitive information, and/or you aren't in compliance.
I wrote our book. It's only 107 pages. Of course, I am the IT boss.
Serious? Seriousness is well above my pay grade.
You know what's funny? I have drives to destroy. 1,500 of them. There was sensitive data on them, so they have to be physically destroyed. If we were to go that route, it'd take ... well, it'd probably cost more in drill bits than it's worth. :)
We found a local place that'll run drives through their shredder. No piece bigger than 1/4". They get to keep the scrap metal, but we have to transport the drives. Easy enough. If you look around enough, you're bound to find someone with such a facility.
Serious? Seriousness is well above my pay grade.
It doesn't work as well as you'd think - believe me, I've tried. What tends to happen is the thermite melts a small hole through the drive, and all drains to the bottom, where it burns a hole in the container and continues further down away from the drive. Even if you use a suitable container (for example, a bucket full of sand), it's difficult to get the whole drive to melt, and there's no way to know if the surviving platters got anywhere near their Curie point. Plus it's a pain in the ass to get the thermite to ignite, and the resulting thick black smoke may very well have your neighbors calling the fire department.
In the end, it's much simpler and less frustrating to simply smash the thing to pieces with a sledge hammer. Thermite for its own sake is fun and (kinda) educational - it's just not a good tool for this job. If you're really paranoid, do a single pass of zeros (or ones, if you prefer) before breaking out the hammer, but it probably isn't necessary. Unless the FBI's hunting you, no one's gonna put in the effort to recover data off a smashed platter.
I just give my old hdd's to Icelandic bankers. You wouldn't believe how adept at destroying all kinds of evidence they've become.
-- Chaos, panic, pandemonium... My job here is done!
It depends who you're trying to hide your data from. When I bin a hard drive, I'm only worried about two-bit scam artists going through my trash and finding some meet for identity theft, maybe manage to skim a credit card number, They'll be more than thwarted by bashing the thing with a hammer a couple of times until the plates rattle and the connector is mashed out of shape.
It might not protect me from the full might of the world's intelligence services- but they're not exactly a main concern of mine.
A shock wave passing through the material causes enough local heating (and a lowering due to pressure) to pass the curie point (there's papers about that happening in iron powder composites) - but a shock wave that big is most likely going to come from the sort of impact that would shatter the glass platters anyway.
It's glass in those drives. A big drop onto a hard surface is probably all you need instead of ovens and explosives.
I am going to be boring and tell you what I learned from the founder of a data recovery company.
1) One single pass of zeros is enough. urandom if you want to be paranoid.
2) If you want, or need (auditing, etc), to physically destroy the drives: Bend the platters. As soon as the platters are bent, you can not spin them for data extraction, any more. Keeping in mind the distance between head and platters, even the slightest bend becomes irreparable. And as soon as you can't spin them, you are looking at scanning the whole platter without any fancy off-the-shelf controller logic.
According to him, those are the only two cases when they tell the customer over the phone that they don't even have to bother sending the disks in.
But, for the truly paranoid, you have to bypass or trick the controller to also overwrite the remapped bad sectors. That's not trivial a task, or, more precisely, it depends heavily on the controller's firmware and drive model.
cpghost at Cordula's Web.
...the best way to guarantee that a drive will immediately become permanently unreadable and unrecoverable is to put the only copy of some really important data on to it, and let nature do the rest. (What? Doesn't nature hate you too?)
There are really some voodoo and black magic that can recover data if you erase disk that way. Last time my colleague has to pay ~US$600 on his own accord to recover data on a harddisk he accidentally overwrote with a ghost image. We didn't call for rocket scientists's help, just paid a specialist and the data was back.
Sounds more like that the data wasn't overwritten, the specialist just located the data on the disk and assembled it together. That's a whole lot different thing than trying to recover data that was overwritten and it sure as hell would cost a four-figure number, not ~$600.
Also, you would like to be aware of the fault-tolerant design of modern harddisk that might replicate data in hidden storage, which might be up to 15% of the published space. So, erase 7 times with patterns, degauss, or even physical destroy is really necessary for erasing sensitive data.
Not needed. A single ATA "secure erase" command is enough as that command also clears out remapped bad sectors and other areas only the drive itself can access.
An angle grinder with any metal-cutting bit will slice clean through the platters and circuit boards, making a pretty shower of sparks. It's much more satisfying than just using a drill, and at least as effective as swinging a big hammer on them.
BTW, remember that destroying hard drives could easily be construed as "willful destruction of evidence" if you're later accused of anything (terrorism, copyright violation, or other heinous crimes). So, whatever method you choose, it might be advisable to destroy them out of the public eye...
Those who can make you believe absurdities can make you commit atrocities. - Voltaire
The "wrong" moderation is not required because some are glass as you would have noticed if you've read about them or even better pulled some apart (and broken a platter or two - fracture surface looks like glass and is even transparent in the uncoated bits). They make good mirrors apart from the hole in the middle.
A "not always right" mod may apply because not all of them are glass, but I never said they were but I suppose somebody attempting to read too much between the lines could assume I meant that with "It's glass in those drives". Maybe I should have written "a hell of a lot of drives have glass in them" but somebody that's never looked inside or read anything about their manufacture or never found some other way to get the merest fucking clue would probably still "correct" me before finding that even Wikipedia (http://en.wikipedia.org/wiki/Hard_disk_platter) is a good enough source!
What I don't know however is if it's haematite or magnetite on the surface of those platters since I've never stuck one under a microscope - anybody here know? It's obviously an oxide since fingerprints on the polished surface don't corrode and fingerprints on polished steel (and ferrite) corrode quickly enough that you can almost see it happening.
Why are you spending $20 on a caddy for 160gig when a new 1tb is $70?
Because you don't actually need more than 160GB and it saves you $50?
(+1, Disagree)
Here in Greece we have some volcanos that are easily accessible by the public and in fact some schools go there regularly. Last time I heard children went to either to the island of Nisyros or Santorini. There are plenty of holes to the ground that lava is visible. You can drop your hard drive there. Don't breath over the holes, I heard they smell terribly of brimstone. Don't fall inside. PS: Santorini is a great island to go to the summer, so perhaps you can combine those two activities.
Unless these disks are inoperative (and you say using DBAN is an option so I guess they aren't), don't physically destroy them! One overwrite with any data - ones, zeroes or random - is enough to make the data unrecoverable on a hard drive made in roughly the last 20 years, according to US NIST (just be sure to use a tool that overwrites bad sectors as well). You can do two if you're super-paranoid. If you want to do more than that, seek professional help - psychiatric help, not IT help.
Then give the wiped disks to someone who could use them.
"When information is power, privacy is freedom" - Jah-Wren Ryel
You can make a kiln for almost nothing. Bury the drives in a barrel of sawdust, with large holes at the bottom of the barrel, and light it from the bottom. You can fire clay with a primitive kiln like that, it should be hot enough to melt the drives.
A blacksmith's forge can get hot enough to literally burn steel.
Free Martian Whores!
There's a command in the IDE and SATA spec just for this, called Secure Erase. Just get a program that can run it. It wipes everything, including reallocated sectors, the whole 9 yards.
The best way overall is to dismantle them, and melt the platters. Most platters are composed of an Aluminum alloy (~660 Celsius max melting point). The media layer that actually stores the data can vary widely between manufacturers, and product lines (Usually based on a Cobalt Chromium alloy with Platinum or Tantalum). There is no reasonably easy way to get the curie point, or the coercivity of the platters. The curie point (temperature at which the magnetic domains randomize) varies widely due to composition, and the parameters of the CVD, or PVD process, as does the coercivity (which determines the strength of the magnetic field needed to degauss the platters). The curie point of a thin film (~micron) media layer is usually substantially less than the 'bulk' curie point of the alloy, and it may be that the thin film curie point is lower than the melting point of the substrate, however it still would be a feat to find this information for each drive that you needed to wipe. So if you melt the substrate layer, then the particles left over from the media layer will be randomly oriented (even if they haven't been 'erased' by the heat), and so there would be no way to recover the data from them. You would need some torx screwdrivers, and either an oven (that gets hot enough, not an oven for baking), or a propane torch (1,000 Celsius / 1800 Fahrenheit). I use the Craftsmen variety, but they can have a tendency to break in the middle as they aren't 'full tang', they will work alirght if you are careful though. Using software can be alright, though you can't really be sure the data is gone, since the first data written gets the deepest, and widest recorded track, there may be a thin area of the data track where previously written information is still stored. Also as Peter Gutmann described it is unknown what encoding scheme is used, his 35 pass method is only suggested for PRML encoded drives, he recommends as many passes as feasible of pseudo-random data for today's hard drives. Dismantling, and melting is easier, and more assured imo.
I art more snarky, and terse than thou. I art Slashdot!