Best Way to Wipe a HDD - Page 5
Page 5 of 5 FirstFirst ... 345
Results 41 to 45 of 45

Thread: Best Way to Wipe a HDD

  1. #41
    Member
    Join Date
    May 2005
    Posts
    30
    Originally posted here by catch
    Fortunately no one asked or cares about how you find me.
    And fortunately, I don't require you to care in order to state my opinion. Ah, the beauty of the unbridled Internet

    A comparatively high assurance process, and clearly higher than is required.

    cheers,

    catch
    The process isn't "high assurance", any more than locking your card door is "high assurance" (armed guards and a self-destruct mechanism, on the other hand...). This is especially true considering the fact that you could be literally handing potentially valuable data to a stranger.

    Given frequent anecdotes regarding how personal and company data have been lost or stolen due to unwiped hard drives, and the widespread dissemination of this fact, I'm simply forced to disagree that overwriting isn't required in most cases. This is especially true, given the ease with which a drive is overwritten.

    Overwriting a hard drive that is about to leave your possession is a quick and easy process, and one that is indispensible if the drive has been used in a business or to store any personal data. There is simply no excuse for not taking this simple, extra step.

  2. #42
    Member
    Join Date
    May 2005
    Posts
    30
    Originally posted here by nihil
    [B]Hi kythe ,

    What Catch and I have been discussing here is a process known as "covering your a$$"

    A single overwrite would suffice in most situations, as a software retrieval solution would not be possible. Beyond that you go to laboratory forensics that rely on magnetic remnance and track overlay. Formatting, however, DOES NOT overwrite the original data.
    I agree completely, and if you're bothering to format the drive, I see no reason why you can't spend an extra hour and overwrite the drive at least once.

    If you have something that you think someone would pay for that resource for, then you DESTROY THE DRIVE
    I think it depends upon just how much they'd be willing to pay. Most people's hard drives likely contain enough information to steal their identity. Yet, I'd wager that in most cases, it wouldn't be cost-effective to subject the average hard drive to techniques that a simple overwrite couldn't defeat.

    The DoD itself considers a three-pass overwrite to be sufficient to protect Secret-level classified data. While probably not priceless, this is information that governments would pay a lot of money for; yet a cost-benefit analysis has clearly indicated that recovery of the data just wouldn't be worth it for an adversary.

    From a corporate/institutional viewpoint a properly documented process is important, because you are accountable. If it is your own stuff it is your problem and your choice.
    A properly-documented process is indeed important. There is something to the old adage about it being easier to ask for forgiveness than permission, though, and frankly, it should be a standard procedure for any corporation that used hard drives that are about to be released to a stranger be overwritten, anyway. It's quick, it's easy, and it will prevent needless loss of valuable data.

    To my mind, there's simply no excuse not to overwrite.

    Kythe

  3. #43
    Banned
    Join Date
    May 2003
    Posts
    1,004
    The process isn't "high assurance"
    When did I say a simple overwrite of the drive is "high assurance"? I said that there is no point in using high assurance data destruction when you are using low assurance data storage.

    I again made it clear in my last post that the levels of assurance I was using were relative, not absolutes.

    I have not addressed what types of data destruction I fell are high assurance.

    You're trying to be argumentative over nothing.

    cheers,

    catch

    PS.
    To my mind, there's simply no excuse not to overwrite.
    Even in instances where the costs outweigh the benefit? You must be an engineer.

  4. #44
    Member
    Join Date
    May 2005
    Posts
    30
    Originally posted here by catch
    When did I say a simple overwrite of the drive is "high assurance"? I said that there is no point in using high assurance data destruction when you are using low assurance data storage.

    I again made it clear in my last post that the levels of assurance I was using were relative, not absolutes.
    Catch,
    I wrote:
    While I disagree with Catch that a simple overwrite of a hard drive is a "high assurance" process...
    To which you responded,

    A comparatively high assurance process, and clearly higher than is required.
    Your current objection is a distinction without a difference: all such labels are, by definition, "relative", as they must be compared with other things (some of which are, presumably, "low assurance processes").

    What you wrote clearly indicated that you believe overwriting is, in the context of this discussion, a "high assurance process". If you want to argue it's all relative, then fine: I don't disagree with you. However, I'll argue that for virtually all reasonable contexts, overwriting is not a "high assurance process"--at least as compared with other, normal corporate procedures such as password-controlled logins and firewalls. Physical destruction of the disk, however, is another matter.

    Even in instances where the costs outweigh the benefit? You must be an engineer.
    All you're talking about is burning a third of a kilowatt-hour to run a single-pass overwrite, using free software, while you go off and do something else.

    Think that extra $.04 will break the corporate bank?

  5. #45
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Even in instances where the costs outweigh the benefit? You must be an engineer.
    I am not aware of any such instances

    The most I have ever worked on was 450 boxes to be released from a defence environment into a charitable one. To wipe, reformat and audit each box did not take more than 10 minutes of human support time. I guess that would work out at about 2,500. The value of the released kit was around 25,000. Without the drives it would have been around 2,500 and we would have had to pay to have the drives destroyed.



    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides