Whats your preferred method of safely erasing disk data?

J

JamesL

Gawd
Joined
Nov 7, 2007
Messages
657
I'm not working on any top-security projects or anything. I'm just looking for a simple way to format my hard drive so my credit card information and passwords won't be easily recoverable by the next person who acquires it.

Any preferred software for this?


Also, what is the most hassle-free method of transferring a windows OS license to a new drive? I still want to do a fresh install, and I think I still have the original key/receipt from msdn.
 
badblocks 4 pass write test.

This can be found on most linux livecd. Including sysrescuecd.

There is also dban and several other secure erase programs.
 
Last edited:
I just write zeros to it once. While it may be possible to recover data, it would not be economical for anyone to do so.
 
bexamous said:
I just write zeros to it once. While it may be possible to recover data, it would not be economical for anyone to do so.
Click to expand...

It's nearly impossible short of using an electron microscope. According to Robert Lee at the SANS institute, a single pass writing zeros to the entire disk should be irrecoverable.
 
Wompa164 said:
It's nearly impossible short of using an electron microscope. According to Robert Lee at the SANS institute, a single pass writing zeros to the entire disk should be irrecoverable.
Click to expand...

A single pass writing zeros to the entire disk is recoverable. Only way of making it irrecoverable is actually breaking it.
 
I found peace in running DBAN a few times over a drive, and if it's a RAID setup, I will drop everything into RAID-0, DBAN it, break the array, call it a day.
 
Thor said:
in befor the link to the 50cal vs 17hd's vid
Click to expand...

I really need to take pictures when my company does stuff like that. We end up destorying all old drives. Use to use a drill and put holes in them. Now we generally hit them with pistol rounds. Coworker and I generally collect 30 plus drives as well as some other junk and setup targets out in the middle of no where. Did it a few weeks ago. Had 3 10mm pistols, 2 9mm pistols, a hk usp45, and a beretta cx4 in 9mm. Also had my marine 870 shotgun.

FYI you have to be careful when shooting ink and toner from printers. They tend to blow up when hit by mr shotgun.
 
swatbat said:
FYI you have to be careful when shooting ink and toner from printers. They tend to blow up when hit by mr shotgun.
Click to expand...

oh yes, toner is quite flammable... and having it atomized= holy shit _duck_
 
naminem said:
A single pass writing zeros to the entire disk is recoverable. Only way of making it irrecoverable is actually breaking it.
Click to expand...

I already qualified that it was 'nearly' irrecoverable short of using an electron microscope, I was speaking practically.
 
JamesL said:
...
Also, what is the most hassle-free method of transferring a windows OS license to a new drive? I still want to do a fresh install, and I think I still have the original key/receipt from msdn.
Click to expand...

Well- 1-5 machines I would say keep your original discs,

Above that, SCCM starts to look attractive for imaging if you have a friend that can help with licensing costs.
 
naminem said:
A single pass writing zeros to the entire disk is recoverable. Only way of making it irrecoverable is actually breaking it.
Click to expand...

Theoretically possible, but not practically. Even breaking it is theoretically recoverable.

Anything short of military state secrets will find this(HDDErase) more than sufficient:
http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml

This accesses the secure erase mechanism built into modern drives. It was put there at the request of CMRR, after extensive research on drive erasing.

It does one pass writing of Zeros to the whole drive under drive control. It is better than most other utilities that ignore the bad sectors. SecureErase over-writes zeros everywhere ONCE and that is all you need. It also relatively fast.

Popular DBAN with multiple pass random numbers is tin foil hat paranoia, takes much longer, and actually less capable as it is ignoring bad sector listed blocks.
 
Last edited:
Another vote for DBAN, I use one of the pre-set methods, I think it does 7 passes? Anyways I just fire up some random motherboard with the drives needing wiping and let it go.
 
naminem said:
A single pass writing zeros to the entire disk is recoverable.
Click to expand...
That statement comes up everytime this subject comes up. But yet, nobody has proven that it is actually possible. There is not even a proof of concept.
 
www.killdisk.com

<object width="640" height="385"><param name="movie" value="http://www.youtube.com/v/b17uSgkisSs&amp;hl=en_US&amp;fs=1?color1=0x3a3a3a&amp;color2=0x999999"></param><param name="allowFullScreen" value="true"></param><param name="allowscriptaccess" value="always"></param><embed src="http://www.youtube.com/v/b17uSgkisSs&amp;hl=en_US&amp;fs=1?color1=0x3a3a3a&amp;color2=0x999999" type="application/x-shockwave-flash" allowscriptaccess="always" allowfullscreen="true" width="640" height="385"></embed></object>

Free - Zeros across the disk.
 
jen4950 said:
Well- 1-5 machines I would say keep your original discs,

Above that, SCCM starts to look attractive for imaging if you have a friend that can help with licensing costs.
Click to expand...

I use SCCM for imaging.

Whenever we get rid of a machine, I just yank the HDD- it's the easiest and fastest; I've got a single file drawer full of them.
 
bexamous said:
I just write zeros to it once. While it may be possible to recover data, it would not be economical for anyone to do so.
Click to expand...

Same here. As for the government, there's nothing on my computer they would give a rat's ass about so I think I'm safe. If you're really paranoid I suppose you could always incinerate the hard drive into ash. Or, dissolve it into acid.

No chance of recovery there.
 
Drill 2 holes in the drive then shoot a blow torch flame into 1 hole and let it exit the other hole for a minute or 10.

Or better yet, follow these directions for a smooth repair of your drive.

Hard Drive Repair

Don
 
jen4950 said:
Unless you are the government without a budget.
Click to expand...

Sure. They could also come take my computer and read its contents too. Or even with full disk encryption, given enough time they could break it via brute force... I may no longer be alive but its possible. At some point your just kidding yourself with regards to how important the information on your harddrive is. Wiping zeros is enough.
 
bexamous said:
Sure. They could also come take my computer and read its contents too. Or even with full disk encryption, given enough time they could break it via brute force... I may no longer be alive but its possible. At some point your just kidding yourself with regards to how important the information on your harddrive is. Wiping zeros is enough.
Click to expand...

I was being sarcastic; I only keep them because it's easier and faster while the machines are on the way to the dumpster or where ever they end up.

The machines that we get rid of are all typically really slow- hence getting replaced; so waiting around for zeros is a nuisance more than anything.
 
I second the thermite and 50 cal calls.

Also, a gigantic rare earth magnet. Run it several times clockwise around the drive.

You can also then put it in the microwave so that the godly powers of the microwave combine with magnetism to permanently and irreversibly encrypt the drive.
 
Sparkyy said:
Another vote for DBAN, I use one of the pre-set methods, I think it does 7 passes? Anyways I just fire up some random motherboard with the drives needing wiping and let it go.
Click to expand...

+1 for DBAN.
 
hmz said:
+1 for DBAN.
Click to expand...

Gah! So another vote for wasting your time and getting less secure results.

Secure Erase is faster and better, the only step up on Secure Erase is physical destruction or destructive degaussing.
Get the Secure Erase ISO here:
http://cmrr.ucsd.edu/people/Hughes/HDDEraseWeb.zip

DBAN is actually weaker, and slower than using the built in secure erase added to every drive starting in 2001. DBAN is just a variation of old obsolete DoD 5220 methods which are no longer considered acceptable.

http://cmrr.ucsd.edu/people/Hughes/DataSanitizationTutorial.pdf
It is difficult for external software to reliably sanitize user data stored on a hard disk drive.
Many commercial software packages are available using variations of DoD 5220, making
as many as 35 overwrite passes. But in today’s drives, multiple overwrites are no more
effective than a single overwrite. Off-track overwrites could be effective in some drives,
but there is no such drive external command for a software utility to move heads offtrack.
And even three overwrites can take more than a day to erase a large capacity hard disk

DoD 5220 overwriting has other vulnerabilities, such as erasing only to a drive’s
Maximum Address, which can be set lower than its native capacity; not erasing
reallocated (error) blocks; or miss extra partitions. External overwrites cannot access the
reallocated sectors on most drives, and any data once recorded is left on these sectors.
These sectors could conceivably be recovered and decoded by exotic forensics. While
enterprise-class drives and drive systems (SCSI/FC/SAS/iSCSI) allow software
commands to test all the user blocks for write and read ability, mass market drives
(PATA/SATA) cannot read, write, or detect reassigned blocks since they have no logical
block address for a user to access.

The Secure Erase (SE) command was added to the open ANSI standards that control disk
drives, at the request of CMRR at UCSD. The ANSI T13.org committee oversees the
ATA interface specification (also called IDE) and the ANSI T10.org committee governs
the SCSI interface specification.

Secure erase is built into the hard disk drive itself and thus is far less susceptible to
malicious software attack than external software utilities.

The SE command is implemented in all ATA interface drives manufactured after 2001
(drives with capacities greater than 15 GB), according to testing by CMRR. A
standardized internal secure erase command also exists for SCSI drives, but is optional
and not currently implemented in SCSI drives tested.

Secure erase is a positive easy-to-use data destroy command, amounting to “electronic
data shredding.” Executing the command causes a drive to internally completely erase all
possible user data record areas by overwriting, including g-list records that could contain
readable data in reallocated disk sectors (sectors that the drive no longer uses because
they have hard errors).

Secure erase does a single on-track erasure of the data on the disk drive. The U.S.
National Security Agency published an Information Assurance Approval of single pass
overwrite, after technical testing at CMRR showed that multiple on-track overwrite
passes gave no additional erasure.

Secure erase has been approved by the U.S. National Institute for Standards and
Technology (NIST), Computer Security Resource Center 7 . NIST document 800-88 approves SE at a higher security level than external software block overwrite utilities like
as Norton Government Wipe, and it meets the legal requirements of HIPAA, PIPEDA,
GLBA, and Sarbanes-Oxley.
Click to expand...
 
Snowdog said:
Gah! So another vote for wasting your time and getting less secure results.

Secure Erase is faster and better, the only step up on Secure Erase is physical destruction or destructive degaussing.
Get the Secure Erase ISO here:
http://cmrr.ucsd.edu/people/Hughes/HDDEraseWeb.zip

DBAN is actually weaker, and slower than using the built in secure erase added to every drive starting in 2001. DBAN is just a variation of old obsolete DoD 5220 methods which are no longer considered acceptable.
Click to expand...

What you work for Secure Erase or something ? Unless you need DOD level data destruction a Single pass of Zeros is more than good enough.
 
Kangg said:
What you work for Secure Erase or something ? Unless you need DOD level data destruction a Single pass of Zeros is more than good enough.
Click to expand...

No, I am just annoyed to see people propagating this DBAN multi-pass nonsense. It is a pure waste of time and not even particularly secure.

BTW. How could I work for Secure Erase. It isn't a company or even an external program. It is built into every HD staring in 2001, expressly for the purpose of securely and quickly erasing a drive.

The program linked is from the research group CMRR (center for magnetic recording research) and it is merely a secure way of triggering the command. There may be others, but since CMRR seems to be the primary research group on this advising government, it seems like a reasonable source.

Secure Erase does write a single pass of Zeros, but does it in a more secure manner and overwrites data not accessible by any program running at the OS level.
 
Last edited:
I've done this two different ways.
The first (and preferred)
1. Crack open the drive via screws
2. remove platters
3. pull magnets
4. recycle into notepads (ball point pen works ok)
5. recycle magnets into fridge magnes

The non-eco method I did:
1. Drill several holes through the whole drive w/ power drill
2. Use a hammer and punch to indent it a couple of times on both sides
3. throw away
 
Kangg said:
What you work for Secure Erase or something ? Unless you need DOD level data destruction a Single pass of Zeros is more than good enough.
Click to expand...

The whole point is that you CANNOT write a single pass of zeros WITHOUT Secure Erase.

Lets repeat that so it sinks in: In modern hard drives, non-drive-firmware software does not have access to the actual data on the drive. The drives employ a variety a mapping and remapping algorithms to ensure data is reliable and safe. Therefore the only way to wipe everything is with the Secure Erase firmware interface which writes zero's to the every bit of every platter.

Ideally if you care about security you are already using FDE of some sort and that combined with secure erase is about as secure a method as possible to prevent people from ever reconstructing your data.
 
You must log in or register to reply here.
Back
Top