Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
ForumsIT Pro and developersDrive Scrubbing


104 posts

Master Geek
+1 received by user: 6


Topic # 30591 14-Feb-2009 09:38
Send private message

Well we are currently having a heated debate at work with my team around hard disk scrubbing.

My team members all of who are still rather green in the IT industry are taking the perspective that all drives from servers need to be smashed with a hammer and thrown in the

My perspective after working inside one of the large banks for many years, reviewing data recovery techniques and speaking to computer forensics people is that you can erase a drive so data cannot be recovered, in fact he pointed out you are more likely to be able to get data off a smashed drive than one that has had multiple scrubs (every block rewritten on the drive).  Apparently after one rewrite you need to be removing platters and getting out a microscope to inspect each of the bits on the drive for its residual state.

US DOD standards up until 2007 specified that seven rewrites was sufficient, they have now changed their position to requiring a degauss which as well as erasing the drive effectively renders it useless.  The perspective here is they are concerned with well funded foreign governments getting their data.

In this era of corporate responsibility we are all told to be green and not throw out e-waste in the bin.  In our organisation we donate old gear to a charitable trust who specialises in its redeployment.  At the moment we are looking at letting them have old servers, however possibly with no disks.  Apparently this is not an issue as disks are cheap and not a problem to replace, this may be the case for desktops but as you are all aware servers use mainly more expensive less readily available SCSI drives (and more recently SAS).

So how about a hypothetical scenario.  Lets say we have a drive that had some data, this drive has been erased to the old DOD (DoD 5220.22-M) standard prior to Jun 07 where the drive has been rewritten seven times.  This data if recovered is worth over a million dollars.  Is there anyone out there who has the resources to attempt a successful recovery.  BTW lets make the data set around 2GB in size, a database so a partial recovery still may be useful.

View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
864 posts

Ultimate Geek
+1 received by user: 53

Subscriber

  Reply # 196303 17-Feb-2009 15:28
Send private message

Well not sure but the past few places I've worked for simply used zero filling the whole drive a few times in a row and that was done.  If the drives are part of say a raid5 set then we used to dispose of the drives at different times so the whole raid set wasnt available anyway.


Never had any problems :) but then doubt we ever had a really determinted individual (ie someone who would say pay $20k for a proper data recovery place to attempt a restore).

21380 posts

Uber Geek
+1 received by user: 4333

Trusted
Subscriber

  Reply # 196311 17-Feb-2009 15:43
Send private message

I know someone that was prepared to spend more then that when a stuff up happened when bringing a mirror back online that was running on a borrowed disc for a few weeks, it cloned the old one that went away in the spare server while something was developed with the old data onto the one that was running. This was only noticed after the spare drive was put back into the spare server and had its empty OS install mirrored onto it - ooops.

Anyway, it was stopping invoicing and all sorts of things till the data got re-entered, the recovery places all said no way to it, despite all their fancy promises.

The issue with drives becomes the spare sectors that replace faulty ones. there is still data on the faulty sector, and no way to overwrite it by addressing the drive normally since its being mapped out.

Other then that, if the data was recoverable then they could use that technology to pack more data in. It was explained to me that the residual traces of tracks etc became a non issue after about 80 meg drives.




Richard rich.ms

10 posts

Wannabe Geek


  Reply # 201277 15-Mar-2009 12:19
Send private message

Normaly if your selling HD or PC then using a tool that dose 'zerofill' is usally enough, more security paranoiod would run the tool 2,3, or 4 times. Some HD manufactures offer these tools and there are also freeware (microsoft offers 1 that i've used with vista (but can't remember the name).

additionly you could look it this DBAN

BUT there are ways to recover even overwitten data - you just need the right equipment (goverment agencies will have it).

So the safest method is to swap out the HD and physically destroy it, litterly, Hack-chop-burn...

Make sure that all the individual plates are destryed grind em, burn em, break em ....

194 posts

Master Geek

Trusted

  Reply # 201287 15-Mar-2009 15:35
Send private message

So the safest method is to swap out the HD and physically destroy it, litterly, Hack-chop-burn...

Make sure that all the individual plates are destryed grind em, burn em, break em ....


Yeah but if traces of the data is still there then physical destruction wont do much.

Bear in mind that for most people just whacking it a few times with a hammer is sufficient for them to "think" its destroyed.

Physically Destroying a drive completely would require taking it completely apart smashing every bit of down to microscopic pieces and scattering the parts in several different locations (like destorying a vampire lol).

Way too much effort when a simple software tool to write zeros over each sector several times would do.

EDIT : Actually if you had a strong acid you could completely destory it no problems :) ...but then you would have enviromental issues :(




==================================
- Hone , Often accused of Excess Verbosity
==================================



104 posts

Master Geek
+1 received by user: 6


  Reply # 201289 15-Mar-2009 15:43
Send private message

honem:
So the safest method is to swap out the HD and physically destroy it, litterly, Hack-chop-burn...

Make sure that all the individual plates are destryed grind em, burn em, break em ....


Yeah but if traces of the data is still there then physical destruction wont do much.

Bear in mind that for most people just whacking it a few times with a hammer is sufficient for them to "think" its destroyed.

Physically Destroying a drive completely would require taking it completely apart smashing every bit of down to microscopic pieces and scattering the parts in several different locations (like destorying a vampire lol).

Way too much effort when a simple software tool to write zeros over each sector several times would do.

EDIT : Actually if you had a strong acid you could completely destory it no problems :) ...but then you would have enviromental issues :(


A big pool of molten metal like the one in Terminator 2 should do it :)

10 posts

Wannabe Geek


Reply # 201300 15-Mar-2009 17:08
Send private message


It comes down to how much certainty one wishs to ensure that the data is unrecoverable.

Zerofilling then reusing as a normal user would, will be fine.

absolute certainty requires excesive measures to be taken.

NOTE: previous post mentained desroying the plates- meaning the HardDrive disc plates that look like 2.5 inch diameter cd/dvd disc's (they did in my 80 gig HD)  Wink



[edit] typos

1828 posts

Uber Geek
+1 received by user: 215
Inactive user


  Reply # 203381 26-Mar-2009 05:50
Send private message

i just did a drive scrub a few weeks ago using a bootable programe that gave the options to use seeral diferent types US DOD and russian KGB seem to be the best but can take an awefull long time to complete a 250GB drive took all nite to do using the KGB type it writes 1's then 0's then a combo of both then use's a diferent bit patern and i only set it for 10 runs

21380 posts

Uber Geek
+1 received by user: 4333

Trusted
Subscriber

  Reply # 203488 26-Mar-2009 13:02
Send private message

None of those methods can touch the mapped out defective sectors, which in the case of a laptop can be considerable.




Richard rich.ms

53 posts

Master Geek
+1 received by user: 1


  Reply # 203638 26-Mar-2009 23:05
Send private message

I worked on the Westpac tech refresh project (basically upgraded all of their new stuff incl servers).

For branch servers we did a DOD scub and then crushed them into one big cube.

I have heard of people taking those steps + running over them with a big magnet too:P

3287 posts

Uber Geek
+1 received by user: 1789

Trusted
Lifetime subscriber

Reply # 205700 7-Apr-2009 10:03
Send private message

My personal policy is to overwite any sensitive data with a 35 pass Gutmann scrub, the rest of the drive with a 7 pass DOD scrub.

For damaged drives where you cant read the drive, I simply grab my torx bits, and strip the drive down into all its component parts, then throw the parts into a box and take it down to the local scrap metal merchants to be melted down. It's eco friendly(ish) recycling and gives me beer money. Epic Win!




Information wants to be free. The Net interprets censorship as damage and routes around it.

10 posts

Wannabe Geek


Reply # 205701 7-Apr-2009 10:09
Send private message

Some movies use MICROWAVE oven's to prevent data recovery

I've not tested this method Cool



104 posts

Master Geek
+1 received by user: 6


  Reply # 205703 7-Apr-2009 10:12
Send private message

bitumen: Some movies use MICROWAVE oven's to prevent data recovery

I've not tested this method Cool


If for nothing else, that would at least be entertaining Laughing

1874 posts

Uber Geek
+1 received by user: 84

Trusted

  Reply # 205711 7-Apr-2009 11:03
Send private message

I recommend Active Kill Disk, it has several options including DOD 5220.22 M, Russian GOST p50739-95, and the 35 pass Gutmann method, we use that here at work for banks and other sensitive information.

836 posts

Ultimate Geek

Trusted

Reply # 205718 7-Apr-2009 11:22
Send private message

I always find it quite amusing some of the lenghts people go to technically to secure data, when human factors and processes are usually some of the biggest weaknesses...not to say that being prudent technically isnt importent too.

6323 posts

Uber Geek
+1 received by user: 390

Moderator
Trusted
Lifetime subscriber

  Reply # 206338 10-Apr-2009 13:16
Send private message

Interesting competition here, basically a prize if you are able to recover data from the hard-drive they have erased:

A challenge to confirm whether or not a  professional data recovery firm or any individual(s) or organization(s) can recover data from a hard drive that has been overwritten with zeros once. We used the 32 year-old Unix dd command using  /dev/zero as input to  overwrite the drive.


and it continues...

Many people believe that in order to permanently delete data from a modern hard drive that multiple overwrites with random data, mechanical grinding, degaussing and incinerating must be used. They tell others this. Like chaos, it perpetuates itself until everyone believes it. Lots of good, usable hard drives are ruined in the process.

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic

Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.