Best Way to Wipe a HDD

[nihil]

Catch

Why are we wasting the resources on making this one area high assurance when nothing else we do is?

That is a good question, I hope that I have understood it correctly

I am suggesting two standards:

1. Destructive
2. Secure

I am assuming we are dealing with asset disposal so it is something that involves assets, and potentially, information, that is leaving the corporate/institutional environment.

I have wiped a fair bit of stuff in my time......................all you do is launch an application and get on with your life until it finishes. It is not a "waste of resource" as such, as very little resource is used in reality.

OK you need someone independent (need two signatures on the documentation) to run some recovery apps to audit the wipe, but once again that is an automatic process. Just set it going.............if you find ANYTHING you sure as hell don't sign it off!!!!

If anyone wants to re-write that process, their time would be better spent writing their letter of resignation?



EDIT: OK I know things are probably different over here but I can get all the required software for less than one MS office licence fee, so I don't really see cost as an issue. And please remember, the alternative is to PAY someone to trash the kit?...............if you are able to sell/pass it on then this offsets the "cost".............if you give it away just charge the cost to "charitable donations"?

Hey, don't get me wrong here, I am not "preaching" or "grinding axes" just commenting on what I have come across over here.

[zENGER]

Well I think we've both said our piece, and although we might disagree about some of the details I think this all boils down to, it isn't the techs call. Management should be presented with the options and make the decision as to which route to take.

Meaning that if you wipe the drive, and or do anything to the drive that isn't considered an industry best practice and IF any data is recovered you are in worse standing than if you used the industry best practice and the same data were recovered.
No circles.

Maybe I mispoke in my first statement but my intentions was to convey formatting and then wiping. This is an extra step and goes beyond what you consider the best practice and thus couldn't be considered any worse off.

Sure I do, the simple fact that no policy, much less procedure exists for this at his company lets me know that there are no special requirements. So why do you assume that they have all this need that no one there has ever considered?

Just because no policy exists doesn't mean there aren't special requirements. Giving computers away isn't something companys address a whole lot, atleast in a working status, and thus probably doesn't warrent a policy until it happens. From the original question I take it to believe there isn't a policy on hard drive reuse and they're out to create one.

how do I know he is using low assurance data storage? if he wasn't he'd already have a policy on data destruction

A destruction policy could have been overlooked. The process of giving a system away might not be in any policy they have. In a perfect system I would agree with this, but I have seen a good number of not so perfect systems where people only seem concerned with storage up front and address destruction tomorrow. We all know, tomorrow never comes.

Yes it does, you need to acquire the tools to do this (things), and you need tools that offer some level of assurance (more expensive tools) that they actually do what you think they are doing. Then you need someone to apply the tools to the drive (time).

All of this is fairly cheap. The tools don't run more than $50 which is a one-time cost. The labor is starting tool, which is the same thing you do for formatting, and then walk away. Its not exactly breaking the bank there. This isn't a process that is going to occur daily so it isn't going to snowball over time.

It all boils down to the value of the data, which being financial should be high, and what upper management decides on.

[catch]

Well I think we've both said our piece, and although we might disagree about some of the details I think this all boils down to, it isn't the techs call. Management should be presented with the options and make the decision as to which route to take.

I completely agree.

I come from the standpoint of doing the exact minimum required, one cent more is wasted resources.

Would I wipe my own drives? I wipe them and then drill four holes through the platters. Not because I think I have anything that important, but because I can't predict how something found on my system might be able to be used by someone.

I just wanted to make it really clear to the original poster that elaborate data destruction techniques are not REQUIRED, and just because someone could possibly recovery some percentage of the data using a STEM doesn't mean that he should feel a need to surpass his minimum legal obligations.

Some people just get way over zealous with this crap all while using insecure operating systems, insecure networking/telcom equipment, most likely not following any real control process... etc, etc. Doesn't make any sense. And every cent spent on secure data destruction would have a much better ROSI when spent on many, many other aspects of the company.

All that aside, the original poster has already made up his mind, so this is all academic.

cheers,

catch

[nihil]

Would I wipe my own drives? I wipe them and then drill four holes through the platters

What!

You should drill seven, at least one of which should be random!

Just kiddin........................

[kythe]

Originally posted here by xierox
I recommend writing random bits to the entire drive more than once as a simple way to make data very hard to recover. Check out DBAN (Darik's Boot and Nuke) for your wiping needs. I think it will fit the bill nicely.
Of the five different wipe methods it offers, it has at least one that meets the American DoD 5220-22.M Standard Wipe requirements. (Features.)

- X

I also recommend DBAN, as someone who's used it and subsequently verified that the wipe was complete.

The one drawback to DBAN, as I understand it, is that it can't yet deal with Host Protected Areas on disks. You'll need to remove the HPA setting first, before the wipe. Supposedly, this is an issue that will be addressed in an upcoming version of DBAN.

[kythe]

Originally posted here by !mitationRust
DoD 5220-22.M is not good enough for top-secret data destruction. Those platters are electronically, chemically and physically "destroyed”.

While this is true, it's also true that three overwrite passes is sufficient to deal with Secret-level data destruction, according to DoD specs, and that's not small potatoes, either.

The bottom line is that if your data is absolutely priceless, and interested people with endless resources will go to any lengths to recover it, then yeah, physically destroy the drive. Otherwise, overwriting it with a few passes of random data is probably more than enough.

[kythe]

Originally posted here by fraggin
While I have noticed some very good replys. Lost of people mention zero'ing out the drive is sufficient. I know somone that claims to have an app that will restore a drive zero'ed out up to 8 times over. I have never seen this in operation, but he claims to have restored crashed drives with the application to get them up long enought xfer data. *Shrugs* could be a lie, who knows.....

There is no application which can read data that the hard drive can no longer sense--this is an impossibility. You have to physically remove the drive platters and subject them to magnetic force microscopy or somesuch procedure. Which, by the way, is not an easy, cheap or quick thing to do.

Also,
I had to take a client's think-pad HD to data recovery specialest to recover some time sensitive unique data. The place that I took it to prided theirselves on their recovery succcess rate and had some pictures of various drives where data had been recovered. Among these included Hard Drives damaged in Fires and Floods. They were good. They recovered everything from a Laptop drive for me that was no longer recognized by the computer. Yes, they were expensive. But just know that some people are willing to pay the price. When you add curiosity to the factor, you have to ask yourself how much one would pay for a key to open a chest of unknown contents.

This sounds like they had to re-mount the drive platters with a new read-write head mechanism. However, this is a far cry from data recovery when the surface itself has been wiped.

[kythe]

Originally posted here by nihil
Hi, fraggin

I can well believe it. A reasonably secure wiping sequence will use 0's 1's in a random sequence and intersperse with writes of random 0's and 1's.

If you repeatedly overwrite with the same character, it is relatively easy to unravel the overwrites.

Umm..."easy" being a relative term here. As in "spending tens of thousands of dollars and tasking tens-to-hundreds of thousands of dollars of equipment and a technician or two for several months on imaging a hard drive, all for potentially zero benefit".

Much as I actually find Catch rather annoying, he or she is right on regarding the dramatics in this thread. While I disagree with Catch that a simple overwrite of a hard drive is a "high assurance" process (more like having a firewall on your network, rather than leaving it open to the world), few hard drives that weren't owned by those involved in espionage or international terrorism will ever be subjected to data-recovery techniques that a single overwrite pass with all zeros won't defeat.

[nihil]

Hi kythe ,

What Catch and I have been discussing here is a process known as "covering your a$$"

A single overwrite would suffice in most situations, as a software retrieval solution would not be possible. Beyond that you go to laboratory forensics that rely on magnetic remnance and track overlay. Formatting, however, DOES NOT overwrite the original data.

If you have something that you think someone would pay for that resource for, then you DESTROY THE DRIVE

Otherwise just take suitable precautions that will stand up in court. Government and military standards fit this requirement.

From a corporate/institutional viewpoint a properly documented process is important, because you are accountable. If it is your own stuff it is your problem and your choice.

[catch]

Much as I actually find Catch rather annoying

Fortunately no one asked or cares about how you find me.

While I disagree with Catch that a simple overwrite of a hard drive is a "high assurance" process

A comparatively high assurance process, and clearly higher than is required.

cheers,

catch