I have a hard drive that I need to destroy the data on. What is the most dependable way to do this? Can reformatting the drive as ext3 or ext4 or some other filesystem effectively destroy the existing data?
Is there free software that can write zeroes or some form of nonsense to every storage location?
Thanks
Bob Cochran
Robert L Cochran writes:
I have a hard drive that I need to destroy the data on. What is the most dependable way to do this? Can reformatting the drive as ext3 or ext4 or some other filesystem effectively destroy the existing data?
Is there free software that can write zeroes or some form of nonsense to every storage location?
dd if=/dev/zero of=/dev/youbettergetthisright bs=1M
On Thu, May 28, 2009 at 9:29 PM, Robert L Cochran cochranb@speakeasy.net wrote:
I have a hard drive that I need to destroy the data on. What is the most dependable way to do this? Can reformatting the drive as ext3 or ext4 or some other filesystem effectively destroy the existing data?
Is there free software that can write zeroes or some form of nonsense to every storage location?
Thanks
Bob Cochran
You can also use the badblocks program in write mode which writes a repeated random sequence to the drive
Sam Varshavchik wrote:
Robert L Cochran writes:
I have a hard drive that I need to destroy the data on. What is the most dependable way to do this? Can reformatting the drive as ext3 or ext4 or some other filesystem effectively destroy the existing data?
Is there free software that can write zeroes or some form of nonsense to every storage location?
dd if=/dev/zero of=/dev/youbettergetthisright bs=1M
If you want to be really sure you need to do the command above several time or use software like
On Thursday 28 May 2009, Robert L Cochran wrote:
I have a hard drive that I need to destroy the data on. What is the most dependable way to do this? Can reformatting the drive as ext3 or ext4 or some other filesystem effectively destroy the existing data?
Is there free software that can write zeroes or some form of nonsense to every storage location?
dd if=/dev/urandom of=/dev/(ice) repeated 3 or so times should pretty well destroy any attempts to recover any valid data from that drive. Don't use the partition, such as /dev/sda1, but the whole drive, /dev/sda which should also get the partition tables.
Formatting a hard drive just installs a new inode framework and root directory. The data itself is still there for something as simple as: dd if=/dev/sdX which will spit it all out to the screen with only the holes created by the installation of a new filesystem framework being invalid.
But /dev/urandom written to everything 3 or more times should render the data unrecoverable unless they wanna call out the guys with the electron microscopes to read the edges of the track byte by byte.
Thanks
Bob Cochran
Bob
I have used this utility before with good success http://www.soft32.com/download_191651.html
I have used this one with greater success http://www.killdisk.com/?gclid=CKatoNLX4JoCFQENDQodO0xTAQ
both are free utilities
-----Original Message----- From: fedora-list-bounces@redhat.com [mailto:fedora-list-bounces@redhat.com] On Behalf Of Gene Heskett Sent: Thursday, May 28, 2009 10:54 PM To: Community assistance, encouragement, and advice for using Fedora. Subject: Re: OT: Can Reformatting A Hard Drive To ext3 Destroy All the Data On It?
On Thursday 28 May 2009, Robert L Cochran wrote:
I have a hard drive that I need to destroy the data on. What is the most dependable way to do this? Can reformatting the drive as ext3 or ext4 or some other filesystem effectively destroy the existing data?
Is there free software that can write zeroes or some form of nonsense to every storage location?
dd if=/dev/urandom of=/dev/(ice) repeated 3 or so times should pretty well destroy any attempts to recover any valid data from that drive. Don't use the partition, such as /dev/sda1, but the whole drive, /dev/sda which should also get the partition tables.
Formatting a hard drive just installs a new inode framework and root directory. The data itself is still there for something as simple as: dd if=/dev/sdX which will spit it all out to the screen with only the holes created by the installation of a new filesystem framework being invalid.
But /dev/urandom written to everything 3 or more times should render the data unrecoverable unless they wanna call out the guys with the electron microscopes to read the edges of the track byte by byte.
Thanks
Bob Cochran
On Thu, 28 May 2009 22:29:23 -0400 Robert L Cochran cochranb@speakeasy.net wrote:
I have a hard drive that I need to destroy the data on. What is the most dependable way to do this?
Thermite ?
Can reformatting the drive as ext3 or ext4 or some other filesystem effectively destroy the existing data?
No
Is there free software that can write zeroes or some form of nonsense to every storage location?
That isn't completely guaranteed. Modern drives have a security erase command which I think some tools like hdparm can issue as shipped nowdays
Il giorno ven, 29/05/2009 alle 14.52 +1200, Clint Dilks ha scritto:
dd if=/dev/zero of=/dev/youbettergetthisright bs=1M
If you want to be really sure you need to do the command above several time or use software like
/dev/zero is not the right device to use. Better is /dev/random or /dev/urandom But they are not speed
Bye Ambrogio
Robert L Cochran wrote:
I have a hard drive that I need to destroy the data on. What is the most dependable way to do this? Can reformatting the drive as ext3 or ext4 or some other filesystem effectively destroy the existing data?
Is there free software that can write zeroes or some form of nonsense to every storage location?
Thanks
Bob Cochran
Anglegrinder or Drill lots of holes.
FRank
/dev/zero is not the right device to use. Better is /dev/random or /dev/urandom But they are not speed
It makes no real difference - use the drives own secure erase feature if you want to be sure, otherwise you've got no guarantee that everything will be cleared - only the drive knows enough to do the job.
Robert L Cochran wrote:
I have a hard drive that I need to destroy the data on. What is the most dependable way to do this? Can reformatting the drive as ext3 or ext4 or some other filesystem effectively destroy the existing data?
Is there free software that can write zeroes or some form of nonsense to every storage location?
Thanks
Bob Cochran
As many others have said, the answer is no.
Use the various tools to erase the drive as suggested.
I have actually formatted a drive as VFAT and EXT3 and still recovered data off of that drive. It was not a test but a major mistake on my part. Even recovered data from a drive that was part of an LVM and reformatted.
If the drive is small, it may be better to just destroy the drive. One technique that I read about was to drill holes into the drive and fill it with Cola. The acid will destroy the surface of the drive.
I physically take the drives apart and use the platter for various things. They are so shiny at first. :)
On Thu, 28 May 2009 22:29:23 -0400 Robert L Cochran cochranb@speakeasy.net wrote:
I have a hard drive that I need to destroy the data on. What is the most dependable way to do this? Can reformatting the drive as ext3 or ext4 or some other filesystem effectively destroy the existing data?
Is there free software that can write zeroes or some form of nonsense to every storage location?
'shred' is part of coreutils (i.e. installed by default). Doing something like
shred /dev/sdX
as root will write various bit patterns 25 times over the entire drive (see the man page for more options).
Srdan
On Fri, May 29, 2009 at 21:51:57 +0200, Srdan Tosovic tos@prip.tuwien.ac.at wrote:
as root will write various bit patterns 25 times over the entire drive (see the man page for more options).
If recovery after one pass of rewriting a disk is a credible threat you should be physically destroying the disks. Writing over the disk multiple times is not going to reach some sectors (bad ones or spares) and for most people the threat of using an electron microscope to try to overwritten data is not a credible threat. So there isn't a lot of point of doming anything more than writing zeros over the disk, after the fact. Using block level encryption in the first place is a relatively cheap way to make recovery harder as well as protect against some other things.
'shred' is part of coreutils (i.e. installed by default). Doing something like
shred /dev/sdX
as root will write various bit patterns 25 times over the entire drive (see the man page for more options).
Whoopeeedoo. Thats still not the correct way to erase a disk.
Use security erase, that is why it is there.
2009/5/29 Alan Cox alan@lxorguk.ukuu.org.uk:
'shred' is part of coreutils (i.e. installed by default). Doing something like
shred /dev/sdX
as root will write various bit patterns 25 times over the entire drive (see the man page for more options).
Whoopeeedoo. Thats still not the correct way to erase a disk.
Use security erase, that is why it is there.
I use a hammer, because it wins over all other solutions on both ease of use and catharsis.
Quoting "Sharpe, Sam J" sam.sharpe+lists.redhat@gmail.com:
2009/5/29 Alan Cox alan@lxorguk.ukuu.org.uk:
'shred' is part of coreutils (i.e. installed by default). Doing something like
shred /dev/sdX
as root will write various bit patterns 25 times over the entire drive (see the man page for more options).
Whoopeeedoo. Thats still not the correct way to erase a disk.
Use security erase, that is why it is there.
I use a hammer, because it wins over all other solutions on both ease of use and catharsis.
For laptop (1.8" and 2.5") disks, sure. A couple of good bangs and you have yourself a maraca.
I haven't so far been able to destroy 3.5" disks with a hammer, as the enclosure is quite durable. A sledgehammer would probably do the trick. Or, you can open up the hard drive and smash the magnetic disks.
2009/5/29 Jussi Lehtola jussilehtola@fedoraproject.org:
Quoting "Sharpe, Sam J" sam.sharpe+lists.redhat@gmail.com:
2009/5/29 Alan Cox alan@lxorguk.ukuu.org.uk:
'shred' is part of coreutils (i.e. installed by default). Doing something like
shred /dev/sdX
as root will write various bit patterns 25 times over the entire drive (see the man page for more options).
Whoopeeedoo. Thats still not the correct way to erase a disk.
Use security erase, that is why it is there.
I use a hammer, because it wins over all other solutions on both ease of use and catharsis.
For laptop (1.8" and 2.5") disks, sure. A couple of good bangs and you have yourself a maraca.
I haven't so far been able to destroy 3.5" disks with a hammer, as the enclosure is quite durable. A sledgehammer would probably do the trick. Or, you can open up the hard drive and smash the magnetic disks.
I use some of the undocumented options to /usr/sbin/hammer that are relevant to larger disks:
hammer --unscrewfirst|-u disassemble the drive using a tork wrench first before smashing the platters hammer --force|-f use more force with the hammer
NOTE: use of -u and -f together is discouraged unless wearing suitable protective equipment.
Sharpe, Sam J wrote:
2009/5/29 Jussi Lehtola jussilehtola@fedoraproject.org:
Quoting "Sharpe, Sam J" sam.sharpe+lists.redhat@gmail.com:
2009/5/29 Alan Cox alan@lxorguk.ukuu.org.uk:
'shred' is part of coreutils (i.e. installed by default). Doing something like
shred /dev/sdX
as root will write various bit patterns 25 times over the entire drive (see the man page for more options).
Whoopeeedoo. Thats still not the correct way to erase a disk.
Use security erase, that is why it is there.
I use a hammer, because it wins over all other solutions on both ease of use and catharsis.
For laptop (1.8" and 2.5") disks, sure. A couple of good bangs and you have yourself a maraca.
I haven't so far been able to destroy 3.5" disks with a hammer, as the enclosure is quite durable. A sledgehammer would probably do the trick. Or, you can open up the hard drive and smash the magnetic disks.
I use some of the undocumented options to /usr/sbin/hammer that are relevant to larger disks:
hammer --unscrewfirst|-u disassemble the drive using a tork wrench first before smashing the platters hammer --force|-f use more force with the hammer
NOTE: use of -u and -f together is discouraged unless wearing suitable protective equipment.
I generally take the drives out to the desert and use /sbin/detonate. As Jamie Hyneman once said on "Mythbusters"...
When in doubt....C4! ---------------------------------------------------------------------- - Rick Stevens, Systems Engineer ricks@nerd.com - - AIM/Skype: therps2 ICQ: 22643734 Yahoo: origrps2 - - - - The world is coming to an end ... SAVE YOUR FILES!!! - ----------------------------------------------------------------------
On Fri, 2009-05-29 at 23:37 +0100, Sharpe, Sam J wrote:
2009/5/29 Jussi Lehtola jussilehtola@fedoraproject.org:
Quoting "Sharpe, Sam J" sam.sharpe+lists.redhat@gmail.com:
2009/5/29 Alan Cox alan@lxorguk.ukuu.org.uk:
'shred' is part of coreutils (i.e. installed by default). Doing something like
shred /dev/sdX
as root will write various bit patterns 25 times over the entire drive (see the man page for more options).
Whoopeeedoo. Thats still not the correct way to erase a disk.
Use security erase, that is why it is there.
I use a hammer, because it wins over all other solutions on both ease of use and catharsis.
For laptop (1.8" and 2.5") disks, sure. A couple of good bangs and you have yourself a maraca.
I haven't so far been able to destroy 3.5" disks with a hammer, as the enclosure is quite durable. A sledgehammer would probably do the trick. Or, you can open up the hard drive and smash the magnetic disks.
I use some of the undocumented options to /usr/sbin/hammer that are relevant to larger disks:
hammer --unscrewfirst|-u disassemble the drive using a tork wrench first before smashing the platters hammer --force|-f use more force with the hammer
NOTE: use of -u and -f together is discouraged unless wearing suitable protective equipment.
You're forgetting the -v (verbose) option:
# hammer -v /dev/sda bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang ...
poc
Rick Stevens wrote:
I generally take the drives out to the desert and use /sbin/detonate. As Jamie Hyneman once said on "Mythbusters"...
When in doubt....C4!
Can I come with the next time you take one out? They will not let me play with C4 any more. :(
Mike
Mikkel L. Ellertson wrote:
Rick Stevens wrote:
I generally take the drives out to the desert and use /sbin/detonate. As Jamie Hyneman once said on "Mythbusters"...
When in doubt....C4!Can I come with the next time you take one out? They will not let me play with C4 any more. :(
Well, I'm not supposed to either, but "it's only illegal if you get caught!"
Mike
2009/5/30 Mikkel L. Ellertson mikkel@infinity-ltd.com:
Rick Stevens wrote:
I generally take the drives out to the desert and use /sbin/detonate. As Jamie Hyneman once said on "Mythbusters"...
When in doubt....C4!
Can I come with the next time you take one out? They will not let me play with C4 any more. :(
I've never been "allowed" to play with explosives (I don't live in the US). This has not stopped me building up a considerable corpus of personal knowledge about them. C4 is not a particularly cheap or easy thing to use - if you want to blow things up, take some lessons from McVeigh or Kaczynski and use something more common and easy to obtain!
2009/5/30 Patrick O'Callaghan pocallaghan@gmail.com:
On Fri, 2009-05-29 at 23:37 +0100, Sharpe, Sam J wrote:
2009/5/29 Jussi Lehtola jussilehtola@fedoraproject.org:
Quoting "Sharpe, Sam J" sam.sharpe+lists.redhat@gmail.com:
2009/5/29 Alan Cox alan@lxorguk.ukuu.org.uk:
'shred' is part of coreutils (i.e. installed by default). Doing something like
shred /dev/sdX
as root will write various bit patterns 25 times over the entire drive (see the man page for more options).
Whoopeeedoo. Thats still not the correct way to erase a disk.
Use security erase, that is why it is there.
I use a hammer, because it wins over all other solutions on both ease of use and catharsis.
For laptop (1.8" and 2.5") disks, sure. A couple of good bangs and you have yourself a maraca.
I haven't so far been able to destroy 3.5" disks with a hammer, as the enclosure is quite durable. A sledgehammer would probably do the trick. Or, you can open up the hard drive and smash the magnetic disks.
I use some of the undocumented options to /usr/sbin/hammer that are relevant to larger disks:
hammer --unscrewfirst|-u disassemble the drive using a tork wrench first before smashing the platters hammer --force|-f use more force with the hammer
NOTE: use of -u and -f together is discouraged unless wearing suitable protective equipment.
You're forgetting the -v (verbose) option:
# hammer -v /dev/sda bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang bang
I was trying to be funny. You succeeded. Well done Sir!
On 05/29/2009 05:44 PM, Alan Cox wrote:
'shred' is part of coreutils (i.e. installed by default). Doing something like
shred /dev/sdX
as root will write various bit patterns 25 times over the entire drive (see the man page for more options).
Whoopeeedoo. Thats still not the correct way to erase a disk.
Use security erase, that is why it is there.
Thanks very much to all who responded! I'm going to use Alan's suggestion first of all and if necessary a mixture of everyone else's. For good measure maybe I'll dump a pound or so of salt in a gallon of nice hot water and drop the hard drive in and wait for signs of rust to appear. Ha ha!
Thanks again!
Bob
Robert L Cochran wrote:
Thanks very much to all who responded! I'm going to use Alan's suggestion first of all
if you are going to resell drive/system, ok.
For good measure maybe I'll dump a pound or so of salt in a gallon of nice hot water and drop the hard drive in and wait for signs of rust to appear. Ha ha!
is 'ha ha' because of suggestions, or aluminum rusting?
if you have no need for drive and wish to insure removing all data, take drive apart, remove disk and burn oxide coating with a torch. or use lighter fluid or charcoal starter.
is 'ha ha' because of suggestions, or aluminum rusting?
I think the idea of dropping a hard drive in brine is funny. Hence the ha ha!
if you have no need for drive and wish to insure removing all data, take drive apart, remove disk and burn oxide coating with a torch. or use lighter fluid or charcoal starter.
That's another interesting suggestion. Very imaginative too!
Bob
Robert L Cochran wrote:
I think the idea of dropping a hard drive in brine is funny. Hence the ha ha!
ok. be aware that you would have to open cover to allow good saturation of inner contents. many drives are sealed in such a way that there is little to no venting. this is to keep moisture out and prevent rust, oxidation or other corroding of inner surfaces. some have pressure compensation.
That's another interesting suggestion. Very imaginative too!
it works. but be sure that you do not inhale fumes. iron oxide particles are not good for lungs.
all in all, it is one of easiest ways insuring that all data is destroyed.
passing a large strong magnet over surfaces is second easiest.
i have used ceramic magnets from speakers. 2 of same size on opposite sides of disk with poles attracting is very effective. just put something on surfaces to allow movement of disk.
On Fri, May 29, 2009 at 4:39 AM, Ambrogio fn050202@interfree.it wrote:
Il giorno ven, 29/05/2009 alle 14.52 +1200, Clint Dilks ha scritto:
dd if=/dev/zero of=/dev/youbettergetthisright bs=1M
If you want to be really sure you need to do the command above several time or use software like
/dev/zero is not the right device to use. Better is /dev/random or /dev/urandom But they are not speed
See the mkfs.ext3 man page for: "-c " Check the device for bad blocks before creating the file system. If this option is specified twice, then a slower, read-write test is used instead of a fast read-only test. "
Once the device is formatted the paranoid can fill it with files containing random and other bit patterns (0xa5a5, 0x5a5a, 0x0000, 0xFFFF..).
Solve the dev/random dev/urandom slow part by reusing a modest block of random bits over and over to build large and small files that fill the disk. Finish with lots of copies of your favorite Fedora.iso image file.
The cautious should use vendor tools to reformat the disk... Special attention to the partition table should be given so 'spare' or 'hidden' partitions are dealt with.
The very very paranoid should cut the drive into bits with a cutting torch since bad block spares or unused flash ram might contain sequestered bits that might get recovered.
On Fri, 2009-05-29 at 13:31 +0100, Alan Cox wrote:
It makes no real difference - use the drives own secure erase feature if you want to be sure, otherwise you've got no guarantee that everything will be cleared - only the drive knows enough to do the job.
But do you know what the drive does when you use that function? ;-\
Alan Cox wrote:
Use security erase, that is why it is there.
How do you access the security erase facility?
On 05/30/2009 04:49 AM, Mike Cloaked wrote:
Alan Cox wrote:
Use security erase, that is why it is there.
How do you access the security erase facility?
From `man hdparm`:
--security-erase PWD Erase (locked) drive, using password PWD (DANGEROUS). Password is given as an ASCII string and is padded with NULs to reach 32 bytes. The applicable drive password is selected with the --user-master switch. No other flags are permitted on the command line with this one. THIS FEA- TURE IS EXPERIMENTAL AND NOT WELL TESTED. USE AT YOUR OWN RISK.
--security-erase-enhanced PWD Enhanced erase (locked) drive, using password PWD (DANGEROUS). Password is given as an ASCII string and is padded with NULs to reach 32 bytes. The applicable drive password is selected with the --user-master switch. No other flags are permitted on the command line with this one. THIS FEATURE IS EXPERIMENTAL AND NOT WELL TESTED. USE AT YOUR OWN RISK.
I think that is what Alan means. You can google on 'security erase' to look for the procedure for doing it. The drive itself has to be capable of this kind of erasure.
Bob
On Sat, May 30, 2009 at 18:16:00 +0930, Tim ignored_mailbox@yahoo.com.au wrote:
On Fri, 2009-05-29 at 13:31 +0100, Alan Cox wrote:
It makes no real difference - use the drives own secure erase feature if you want to be sure, otherwise you've got no guarantee that everything will be cleared - only the drive knows enough to do the job.
But do you know what the drive does when you use that function? ;-\
Reading the drive back in should give you a good idea. If that isn't enough of a check for you then you should just be destroying the drive.
On Fri, 29 May 2009 16:57:09 -0700, Rick Stevens wrote:
Mikkel L. Ellertson wrote:
Rick Stevens wrote:
I generally take the drives out to the desert and use /sbin/detonate. As Jamie Hyneman once said on "Mythbusters"...
When in doubt....C4!Can I come with the next time you take one out? They will not let me play with C4 any more. :(
Well, I'm not supposed to either, but "it's only illegal if you get caught!"
I have it on excellent authority that a .45 acp won't make a hole clear through a hard drive, but that a .30-06 will.
Sharpe, Sam J wrote:
2009/5/30 Mikkel L. Ellertson mikkel@infinity-ltd.com:
Rick Stevens wrote:
I generally take the drives out to the desert and use /sbin/detonate. As Jamie Hyneman once said on "Mythbusters"...
When in doubt....C4!Can I come with the next time you take one out? They will not let me play with C4 any more. :(
I've never been "allowed" to play with explosives (I don't live in the US). This has not stopped me building up a considerable corpus of personal knowledge about them. C4 is not a particularly cheap or easy thing to use - if you want to blow things up, take some lessons from McVeigh or Kaczynski and use something more common and easy to obtain!
This should probably be taken to another list... But I can not resist one last comment - low explosives like McVeigh was reported to have used would probably send the drive flying, rather then destroying it directly. A shaped charge from C4 will tend to shatter the drive. You could also use thermite (sp) to melt the drive.
Now, if I have a bunch of drives to erase, I would probably ask Steve to let me barrow the induction furnace. Between the magnetic field, and the fact that they would become a puddle, I don't think any data could be recovered. It would add a few impurities to the mix, so it probably would have to go in with a load of scrap.
Mike
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On 05/29/2009 10:08 AM, Robin Laing wrote:
Robert L Cochran wrote:
I have a hard drive that I need to destroy the data on. What is the most dependable way to do this? Can reformatting the drive as ext3 or ext4 or some other filesystem effectively destroy the existing data?
Is there free software that can write zeroes or some form of nonsense to every storage location?
Thanks
Bob Cochran
As many others have said, the answer is no.
Use the various tools to erase the drive as suggested.
I have actually formatted a drive as VFAT and EXT3 and still recovered data off of that drive. It was not a test but a major mistake on my part. Even recovered data from a drive that was part of an LVM and reformatted.
If the drive is small, it may be better to just destroy the drive. One technique that I read about was to drill holes into the drive and fill it with Cola. The acid will destroy the surface of the drive.
I physically take the drives apart and use the platter for various things. They are so shiny at first. :)
I like to put the drives on a sidewalk and whack them a few times with an 8 lb sledge hammer. When I pick up the drive and shake it and it makes a nice jingling sound, the job is done.
- --
Steve
"Mikkel L. Ellertson" mikkel@infinity-ltd.com writes:
This should probably be taken to another list... But I can not resist one last comment - low explosives like McVeigh was reported to have used would probably send the drive flying, rather then destroying it directly. A shaped charge from C4 will tend to shatter the drive. You could also use thermite (sp) to melt the drive.
McVeigh used ANFO, a common and cheap high explosive used for road work, by farmers to remove boulders etc. The wiki article does claim the propagation velocity of the explosion is faster than the speed of sound. That would make it a high explosive.
http://en.wikipedia.org/wiki/ANFO
As for decommissioning a drive with secrets on it, I have no idea if it is a good choice. dd-ing /dev/zero over the raw partition works well enough for me, but then I don't need to clear my drives in only a few milliseconds.
-wolfgang
On 05/30/2009 04:49 AM, Mike Cloaked wrote: How do you access the security erase facility?
All kidding aside, there's a web site from which you can download a little DOS utility to invoke security erase on a drive. The README claims that security erase is better than smashing the drive to bits, though (I suspect) not better then pulling out the platters and blowtorching them till the oxide falls off.
URL for the site is: http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml
jon
On Mon, Jun 01, 2009 at 01:58:27AM -0700, Jonathan Ryshpan wrote:
On 05/30/2009 04:49 AM, Mike Cloaked wrote: How do you access the security erase facility?
All kidding aside, there's a web site from which you can download a little DOS utility to invoke security erase on a drive. The README claims that security erase is better than smashing the drive to bits, though (I suspect) not better then pulling out the platters and blowtorching them till the oxide falls off.
URL for the site is: http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml
Use disk vendor tools!
If you are an individual worried about other individuals reading your data then vendor tools are more than enough.
Each vendor has their own download tool set to partition, format and check the drive for errors. Look for (demand) tools you can burn to a stand alone CDROM.... (think .iso file).
These tools are most valueable when repurposing hardware inside an organization.
Speaking of Burn.... the only way to 100% wipe a magnetic drive is to take the media up to and beyond the Curie point -- i.e. blow torch to cut it in half... turn it to slag.
http://en.wikipedia.org/wiki/Curie_point
If you are an "agency" then you should not be getting info from this list so go away or call me for an expensive consultation gig. Governments will go to astounding lengths to extract data each group has policy and procedures to match the needs.
If you are a company (federal contract, human resources personal data, credit card data or pharmaceutical company for example) then each drive and the data set needs to be tracked and audited from beginning to end and more. By more I mean that it is important to comply with national, state and local policy and regulations. Any ad-hock tool is fine and dandy but will not meet compliance requirements unless it happens to be specified.
If you are a criminal just toss it in the dumpster no one will find it anyhow.
Following Jonathan's excelent URL pointer found this fun read:
http://cmrr.ucsd.edu/people/Hughes/DataSanitizationTutorial.pdf
On Sun, 2009-05-31 at 12:52 -0500, Steven Stern wrote:
I like to put the drives on a sidewalk and whack them a few times with an 8 lb sledge hammer. When I pick up the drive and shake it and it makes a nice jingling sound, the job is done.
Wouldn't you love to see someone doing that out the front of a computer shop, just as some customers were about to come in to get their PC fixed? ;-) You could imagine them turning around and walking away as fast as they could manage.
Tim:
But do you know what the drive does when you use that function? ;-\
Bruno Wolff III:
Reading the drive back in should give you a good idea. If that isn't enough of a check for you then you should just be destroying the drive.
While that would tell you that *you* couldn't read your own drive back, it doesn't tell you whether someone else could. In the paranoid security concious arena, you'd need to know exactly how their secure erase function works, before you could trust it.
On Mon, 2009-06-01 at 01:58 -0700, Jonathan Ryshpan wrote:
The README claims that security erase is better than smashing the drive to bits, though (I suspect) not better then pulling out the platters and blowtorching them till the oxide falls off.
Though not as fun...
On 05/29/2009 09:46 PM, Robert L Cochran wrote:
On 05/29/2009 05:44 PM, Alan Cox wrote:
'shred' is part of coreutils (i.e. installed by default). Doing something like
shred /dev/sdX
as root will write various bit patterns 25 times over the entire drive (see the man page for more options).
Whoopeeedoo. Thats still not the correct way to erase a disk.
Use security erase, that is why it is there.
Thanks very much to all who responded! I'm going to use Alan's suggestion first of all and if necessary a mixture of everyone else's. For good measure maybe I'll dump a pound or so of salt in a gallon of nice hot water and drop the hard drive in and wait for signs of rust to appear. Ha ha!
Thanks again!
Bob
I bet you all want to know what I did to the hard drive. Well, maybe you don't. First off, I tried to find out of the drive has a secure erase feature.
# hdparm -I /dev/sdb
/dev/sdb: HDIO_DRIVE_CMD(identify) failed: Invalid exchange # hdparm -i /dev/sdb
/dev/sdb: HDIO_GET_IDENTITY failed: Invalid argument
[It does not seem to have a secure erase feature.]
[So I did this:]
# dd if=/dev/zero of=/dev/sdb bs=1M dd: writing `/dev/sdb': No space left on device 28630+0 records in 28629+0 records out 30020272128 bytes (30 GB) copied, 1579.48 s, 19.0 MB/s #
...and tomorrow, I will remove the circuit board from the drive, and if time allows, try out the brine-and-cola treatment. Or perhaps I'll disassemble the drive into parts for my own education.
Thanks everyone!
Bob
Robert L Cochran wrote:
I have a hard drive that I need to destroy the data on. What is the most dependable way to do this? Can reformatting the drive as ext3 or ext4 or some other filesystem effectively destroy the existing data?
Is there free software that can write zeroes or some form of nonsense to every storage location?
Overwriting the disc, even several times, is not enough to guarantee that the data _cannot_ be recovered. If you truly need to make the data unrecoverable, then a hammer is all that's needed. To be truly sure, open the case (also requires a screwdriver or nutdriver), and shatter each disc separately. They are usually ceramic these days, I think. Anyway, physical destruction is the only real guarantee.
Mike
On Tue, Jun 9, 2009 at 6:00 PM, Mike McCarty Mike.McCarty@sbcglobal.netwrote:
Robert L Cochran wrote:
I have a hard drive that I need to destroy the data on. What is the most dependable way to do this? Can reformatting the drive as ext3 or ext4 or some other filesystem effectively destroy the existing data?
Is there free software that can write zeroes or some form of nonsense to every storage location?
I haven´t done this task from Linux, but if you´ve got access to a windows computer (or VM) and you can install the drive into an external USB enclosure, use this GPL program http://sourceforge.net/projects/eraser/
FC
Check out:
- Henrik
From: fedora-list-bounces@redhat.com [mailto:fedora-list-bounces@redhat.com] On Behalf Of Fernando Cassia Sent: Wednesday, June 10, 2009 2:51 PM To: Community assistance, encouragement, and advice for using Fedora. Subject: Re: OT: Can Reformatting A Hard Drive To ext3 Destroy All the Data On It?
On Tue, Jun 9, 2009 at 6:00 PM, Mike McCarty Mike.McCarty@sbcglobal.net wrote:
Robert L Cochran wrote:
I have a hard drive that I need to destroy the data on. What is the most dependable way to do this? Can reformatting the drive as ext3 or ext4 or some other filesystem effectively destroy the existing data?
Is there free software that can write zeroes or some form of nonsense to every storage location?
I haven´t done this task from Linux, but if you´ve got access to a windows computer (or VM) and you can install the drive into an external USB enclosure, use this GPL program http://sourceforge.net/projects/eraser/
FC
Henrik Schmiediche wrote:
Check out:
HenrikFrom: fedora-list-bounces@redhat.com [mailto:fedora-list-bounces@redhat.com] On Behalf Of Fernando Cassia Sent: Wednesday, June 10, 2009 2:51 PM To: Community assistance, encouragement, and advice for using Fedora. Subject: Re: OT: Can Reformatting A Hard Drive To ext3 Destroy All the Data On It?
On Tue, Jun 9, 2009 at 6:00 PM, Mike McCarty Mike.McCarty@sbcglobal.net wrote:
Robert L Cochran wrote:
I have a hard drive that I need to destroy the data on. What is the most dependable way to do this? Can reformatting the drive as ext3 or ext4 or some other filesystem effectively destroy the existing data?
Is there free software that can write zeroes or some form of nonsense to every storage location?
shred (man shred) will do it. "dd if=/dev/zero of=/dev/sda" would do it. Not that none of these guarantee that a disk will be unreadable. Not even commercial programs.
No matter how many times you rewrite the media, someone with equipment sophisticated enough may be able to read the data. The only way to ensure that a drive is unreadable is to physically destroy the platters. Scraping off the magnetic coating into a fine dust is probably the best...it would be possible, given enough time, to reconstruct a shattered platter.
I haven´t done this task from Linux, but if you´ve got access to a windows computer (or VM) and you can install the drive into an external USB enclosure, use this GPL program http://sourceforge.net/projects/eraser/
FC
I'm surprised this thread was reawakened...makes me wonder what sort of child I created here!
I first used Alan's suggestion about checking for, and if possible, using the security erase feature of a security-erase enabled hard drive. This drive was too old to have such a feature. I checked it with hdparm -I and then hdparm -i to verify the fact.
I then used Sam's dd suggestion on the drive. I selected his suggestion because dd is standard Unix/Linux software, it has presumably passed security audits, and I don't have to make some decision about whether it would "phone home" on me or perhaps leave a nice little tar file on some area of the drive.
Then I disassembled the drive. You don't need a standard screwdriver for it; the main requirement is a torx driver and a little ability to peel off the seals marked "warranty void if removed".
I then did some fairly nasty things to the read/write heads and platters and threw out certain items drive hardware so that it is most unlikely the drive can be reassembled. The platters were futher belabored and rendered scratched, badly bent, and little-kid dirty.
Thanks to all who answered. I'm anxious to try out Alan's "security erase" suggestion on a much newer drive. It appears to be a lot less labor intensive.
Bob
On 06/09/2009 05:00 PM, Mike McCarty wrote:
Robert L Cochran wrote:
I have a hard drive that I need to destroy the data on. What is the most dependable way to do this? Can reformatting the drive as ext3 or ext4 or some other filesystem effectively destroy the existing data?
Is there free software that can write zeroes or some form of nonsense to every storage location?
Overwriting the disc, even several times, is not enough to guarantee that the data _cannot_ be recovered. If you truly need to make the data unrecoverable, then a hammer is all that's needed. To be truly sure, open the case (also requires a screwdriver or nutdriver), and shatter each disc separately. They are usually ceramic these days, I think. Anyway, physical destruction is the only real guarantee.
Mike
On Wed, Jun 10, 2009 at 5:49 PM, Robert L Cochrancochranb@speakeasy.net wrote:
I'm surprised this thread was reawakened...makes me wonder what sort of child I created here!
I first used Alan's suggestion about checking for, and if possible, using the security erase feature of a security-erase enabled hard drive. This drive was too old to have such a feature. I checked it with hdparm -I and then hdparm -i to verify the fact.
I then used Sam's dd suggestion on the drive. I selected his suggestion because dd is standard Unix/Linux software, it has presumably passed security audits, and I don't have to make some decision about whether it would "phone home" on me or perhaps leave a nice little tar file on some area of the drive.
Then I disassembled the drive. You don't need a standard screwdriver for it; the main requirement is a torx driver and a little ability to peel off the seals marked "warranty void if removed".
I then did some fairly nasty things to the read/write heads and platters and threw out certain items drive hardware so that it is most unlikely the drive can be reassembled. The platters were futher belabored and rendered scratched, badly bent, and little-kid dirty
With all that effort to securely erase the data, and the question on a public mailing ist, anybody would think that you HAD important data to begin with in there!.
If I were an evildoer, I´d google your name, lookup your home address and then pick up your trash tonight. *VBG*
FC
Tim wrote:
Tim:
But do you know what the drive does when you use that function? ;-\
Bruno Wolff III:
Reading the drive back in should give you a good idea. If that isn't enough of a check for you then you should just be destroying the drive.
While that would tell you that *you* couldn't read your own drive back, it doesn't tell you whether someone else could. In the paranoid security concious arena, you'd need to know exactly how their secure erase function works, before you could trust it.
Unfortunately, the only way to guarantee complete security is to completely destroy the drive.
Writing 0-zeros or other data may still leave ghost trails a really good expert (say with government connections and the proper hardware) could still read back.
James
Rick Stevens wrote:
Henrik Schmiediche wrote:
Check out:
HenrikFrom: fedora-list-bounces@redhat.com [mailto:fedora-list-bounces@redhat.com] On Behalf Of Fernando Cassia Sent: Wednesday, June 10, 2009 2:51 PM To: Community assistance, encouragement, and advice for using Fedora. Subject: Re: OT: Can Reformatting A Hard Drive To ext3 Destroy All the Data On It?
On Tue, Jun 9, 2009 at 6:00 PM, Mike McCarty Mike.McCarty@sbcglobal.net wrote:
Robert L Cochran wrote:
I have a hard drive that I need to destroy the data on. What is the most dependable way to do this? Can reformatting the drive as ext3 or ext4 or some other filesystem effectively destroy the existing data?
Is there free software that can write zeroes or some form of nonsense to every storage location?
shred (man shred) will do it. "dd if=/dev/zero of=/dev/sda" would do it. Not that none of these guarantee that a disk will be unreadable. Not even commercial programs.
No matter how many times you rewrite the media, someone with equipment sophisticated enough may be able to read the data. The only way to ensure that a drive is unreadable is to physically destroy the platters. Scraping off the magnetic coating into a fine dust is probably the best...it would be possible, given enough time, to reconstruct a shattered platter.
But the point is how much does someone want to spend to recover the data. If you don't have state secrets where noone else has backups, then I really doubt anyone will invest the time and money to recover the data.
There was a challenge put out to recover data that was erased with dd but no takers. The comment that I read on the web site pointed to a phone call that dd makes it to costly to recover.
On Thu, 2009-06-11 at 10:38 -0600, Robin Laing wrote:
There was a challenge put out to recover data that was erased with dd but no takers. The comment that I read on the web site pointed to a phone call that dd makes it to costly to recover.
The title says it all:
http://www.h-online.com/news/Secure-deletion-a-single-overwrite-will-do-it--...
A few excerpts:
"Craig Wright, a forensics expert, claims to have put this legend finally to rest. He and his colleagues ran a scientific study to take a close look at hard disks of various makes and different ages, overwriting their data under controlled conditions and then examining the magnetic surfaces with a magnetic-force microscope. They presented their paper at ICISS 2008 and it has been published by Springer AG in its Lecture Notes in Computer Science series (Craig Wright, Dave Kleiman, Shyaam Sundhar R. S.: Overwriting Hard Drive Data: The Great Wiping Controversy)."
"A single bit whose precise location is known can in fact be correctly reconstructed with 56 per cent probability (in one of the quoted examples). To recover a byte, however, correct head positioning would have to be precisely repeated eight times, and the probability of that is only 0.97 per cent. Recovering anything beyond a single byte is even less likely."
Beartooth wrote:
I have it on excellent authority that a .45 acp won't make a hole clear through a hard drive, but that a .30-06 will.
factory .45 acp may not. custom .45 acp can.
.357 mag good for spindle motor.
rem 720 .306 can at 600 yds. .25c print @ 100 yds
On Wed, Jun 10, 2009 at 16:49:03 -0400, Robert L Cochran cochranb@speakeasy.net wrote:
Thanks to all who answered. I'm anxious to try out Alan's "security erase" suggestion on a much newer drive. It appears to be a lot less labor intensive.
If you are really worried about this, set up encrypted partitions when you install on the new drive, so the unencrypted bits (other than stuff in /boot) never get to the drive in the first place.
-
Alan Cox -
Ambrogio -
Arthur Pemberton -
Beartooth -
Bruno Wolff III -
Clint Dilks -
Fernando Cassia -
Frank Murphy -
g -
Gene Heskett -
Henrik Schmiediche -
James Kosin -
Jonathan Ryshpan -
mike cloaked -
Mike McCarty -
Mikkel -
Nifty Fedora Mitch -
Patrick O'Callaghan -
Rick Stevens -
Robert L Cochran -
Robin Laing -
Sam Sharpe -
Sam Varshavchik -
Srdan Tosovic -
SternData -
Stuart Munro -
Susi Lehtola -
Tim -
Wolfgang S. Rupprecht