Drive Scrubbing

Forums › IT Pro and developers › Drive Scrubbing

FlyingPete

112 posts

Master Geek

#30591 14-Feb-2009 09:38

Well we are currently having a heated debate at work with my team around hard disk scrubbing.

My team members all of who are still rather green in the IT industry are taking the perspective that all drives from servers need to be smashed with a hammer and thrown in the

My perspective after working inside one of the large banks for many years, reviewing data recovery techniques and speaking to computer forensics people is that you can erase a drive so data cannot be recovered, in fact he pointed out you are more likely to be able to get data off a smashed drive than one that has had multiple scrubs (every block rewritten on the drive). Apparently after one rewrite you need to be removing platters and getting out a microscope to inspect each of the bits on the drive for its residual state.

US DOD standards up until 2007 specified that seven rewrites was sufficient, they have now changed their position to requiring a degauss which as well as erasing the drive effectively renders it useless. The perspective here is they are concerned with well funded foreign governments getting their data.

In this era of corporate responsibility we are all told to be green and not throw out e-waste in the bin. In our organisation we donate old gear to a charitable trust who specialises in its redeployment. At the moment we are looking at letting them have old servers, however possibly with no disks. Apparently this is not an issue as disks are cheap and not a problem to replace, this may be the case for desktops but as you are all aware servers use mainly more expensive less readily available SCSI drives (and more recently SAS).

So how about a hypothetical scenario. Lets say we have a drive that had some data, this drive has been erased to the old DOD (DoD 5220.22-M) standard prior to Jun 07 where the drive has been rewritten seven times. This data if recovered is worth over a million dollars. Is there anyone out there who has the resources to attempt a successful recovery. BTW lets make the data set around 2GB in size, a database so a partial recovery still may be useful.

1 | 2

985 posts

Ultimate Geek

Lifetime subscriber

#196303 17-Feb-2009 15:28

Well not sure but the past few places I've worked for simply used zero filling the whole drive a few times in a row and that was done. If the drives are part of say a raid5 set then we used to dispose of the drives at different times so the whole raid set wasnt available anyway.

Never had any problems :) but then doubt we ever had a really determinted individual (ie someone who would say pay $20k for a proper data recovery place to attempt a restore).

richms

28168 posts

Uber Geek

Trusted

Lifetime subscriber

#196311 17-Feb-2009 15:43

I know someone that was prepared to spend more then that when a stuff up happened when bringing a mirror back online that was running on a borrowed disc for a few weeks, it cloned the old one that went away in the spare server while something was developed with the old data onto the one that was running. This was only noticed after the spare drive was put back into the spare server and had its empty OS install mirrored onto it - ooops.

Anyway, it was stopping invoicing and all sorts of things till the data got re-entered, the recovery places all said no way to it, despite all their fancy promises.

The issue with drives becomes the spare sectors that replace faulty ones. there is still data on the faulty sector, and no way to overwrite it by addressing the drive normally since its being mapped out.

Other then that, if the data was recoverable then they could use that technology to pack more data in. It was explained to me that the residual traces of tracks etc became a non issue after about 80 meg drives.

Richard rich.ms

bitumen

10 posts

Wannabe Geek

#201277 15-Mar-2009 12:19

Normaly if your selling HD or PC then using a tool that dose 'zerofill' is usally enough, more security paranoiod would run the tool 2,3, or 4 times. Some HD manufactures offer these tools and there are also freeware (microsoft offers 1 that i've used with vista (but can't remember the name).

additionly you could look it this DBAN

BUT there are ways to recover even overwitten data - you just need the right equipment (goverment agencies will have it).

So the safest method is to swap out the HD and physically destroy it, litterly, Hack-chop-burn...

Make sure that all the individual plates are destryed grind em, burn em, break em ....

honem

194 posts

Master Geek

Trusted

#201287 15-Mar-2009 15:35

So the safest method is to swap out the HD and physically destroy it, litterly, Hack-chop-burn...

Make sure that all the individual plates are destryed grind em, burn em, break em ....

Yeah but if traces of the data is still there then physical destruction wont do much.

Bear in mind that for most people just whacking it a few times with a hammer is sufficient for them to "think" its destroyed.

Physically Destroying a drive completely would require taking it completely apart smashing every bit of down to microscopic pieces and scattering the parts in several different locations (like destorying a vampire lol).

Way too much effort when a simple software tool to write zeros over each sector several times would do.

EDIT : Actually if you had a strong acid you could completely destory it no problems :) ...but then you would have enviromental issues :(

==================================
- Hone , Often accused of Excess Verbosity
==================================

FlyingPete

112 posts

Master Geek

#201289 15-Mar-2009 15:43

honem:
So the safest method is to swap out the HD and physically destroy it, litterly, Hack-chop-burn...

Make sure that all the individual plates are destryed grind em, burn em, break em ....

Yeah but if traces of the data is still there then physical destruction wont do much.

Bear in mind that for most people just whacking it a few times with a hammer is sufficient for them to "think" its destroyed.

Physically Destroying a drive completely would require taking it completely apart smashing every bit of down to microscopic pieces and scattering the parts in several different locations (like destorying a vampire lol).

Way too much effort when a simple software tool to write zeros over each sector several times would do.

EDIT : Actually if you had a strong acid you could completely destory it no problems :) ...but then you would have enviromental issues :(

A big pool of molten metal like the one in Terminator 2 should do it :)

bitumen

10 posts

Wannabe Geek

#201300 15-Mar-2009 17:08

It comes down to how much certainty one wishs to ensure that the data is unrecoverable.

Zerofilling then reusing as a normal user would, will be fine.

absolute certainty requires excesive measures to be taken.

NOTE: previous post mentained desroying the plates- meaning the HardDrive disc plates that look like 2.5 inch diameter cd/dvd disc's (they did in my 80 gig HD)

[edit] typos

Athlonite

1828 posts

Uber Geek
Inactive user

#203381 26-Mar-2009 05:50

i just did a drive scrub a few weeks ago using a bootable programe that gave the options to use seeral diferent types US DOD and russian KGB seem to be the best but can take an awefull long time to complete a 250GB drive took all nite to do using the KGB type it writes 1's then 0's then a combo of both then use's a diferent bit patern and i only set it for 10 runs

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

richms

28168 posts

Uber Geek

Trusted

Lifetime subscriber

#203488 26-Mar-2009 13:02

None of those methods can touch the mapped out defective sectors, which in the case of a laptop can be considerable.

Richard rich.ms

Ping

59 posts

Master Geek

#203638 26-Mar-2009 23:05

I worked on the Westpac tech refresh project (basically upgraded all of their new stuff incl servers).

For branch servers we did a DOD scub and then crushed them into one big cube.

I have heard of people taking those steps + running over them with a big magnet too:P

Lias

5589 posts

Uber Geek

ID Verified

Trusted

Lifetime subscriber

#205700 7-Apr-2009 10:03

My personal policy is to overwite any sensitive data with a 35 pass Gutmann scrub, the rest of the drive with a 7 pass DOD scrub.

For damaged drives where you cant read the drive, I simply grab my torx bits, and strip the drive down into all its component parts, then throw the parts into a box and take it down to the local scrap metal merchants to be melted down. It's eco friendly(ish) recycling and gives me beer money. Epic Win!

I'm a geek, a gamer, a dad, a Quic user, and an IT Professional. I have a full rack home lab, size 15 feet, an epic beard and Asperger's. I'm a bit of a Cypherpunk, who believes information wants to be free and the Net interprets censorship as damage and routes around it. If you use my Quic signup you can also use the code R570394EKGIZ8 for free setup.

bitumen

10 posts

Wannabe Geek

#205701 7-Apr-2009 10:09

Some movies use MICROWAVE oven's to prevent data recovery

I've not tested this method

FlyingPete

112 posts

Master Geek

#205703 7-Apr-2009 10:12

bitumen: Some movies use MICROWAVE oven's to prevent data recovery

I've not tested this method

If for nothing else, that would at least be entertaining

garvani

1873 posts

Uber Geek

Trusted

#205711 7-Apr-2009 11:03

I recommend Active Kill Disk, it has several options including DOD 5220.22 M, Russian GOST p50739-95, and the 35 pass Gutmann method, we use that here at work for banks and other sensitive information.

Fraktul

836 posts

Ultimate Geek

Trusted

#205718 7-Apr-2009 11:22

I always find it quite amusing some of the lenghts people go to technically to secure data, when human factors and processes are usually some of the biggest weaknesses...not to say that being prudent technically isnt importent too.

nate

6473 posts

Uber Geek

Retired Mod

Trusted

Lifetime subscriber

#206338 10-Apr-2009 13:16

Interesting competition here, basically a prize if you are able to recover data from the hard-drive they have erased:

A challenge to confirm whether or not a professional data recovery firm or any individual(s) or organization(s) can recover data from a hard drive that has been overwritten with zeros once. We used the 32 year-old Unix dd command using /dev/zero as input to overwrite the drive.

and it continues...

Many people believe that in order to permanently delete data from a modern hard drive that multiple overwrites with random data, mechanical grinding, degaussing and incinerating must be used. They tell others this. Like chaos, it perpetuates itself until everyone believes it. Lots of good, usable hard drives are ruined in the process.

1 | 2