How to REALLY erase a LOT of hard drives

How to REALLY erase a LOT of hard drives

Summary: "Deleting" a file does nothing of the sort: the file is still on your hard drive, you just can't see it anymore. Cheap file recovery software will reclaim the data in a flash.

SHARE:

"Deleting" a file does nothing of the sort: the file is still on your hard drive, you just can't see it anymore. Cheap file recovery software will reclaim the data in a flash. Which is why smart folks sanitize their disk drives before selling them.

Overwriting your hard drive with meaningless data is the basic concept behind disk sanitization. But it isn't easy to overwrite ALL the data.

Hidden pockets of data Disk drives contain a number of areas where data can hide from overwriting, including

  • Host protected areas
  • Drive configuration overlays
  • Re-mapped bad blocks

Even if you overwrite all "free space" 7 times you can still leave megabytes of data on a drive.

What's a business to do? The National Institute of Standards and Technology (NIST) rates the SATA and PATA Secure Erase feature equivalent to physical destruction of a drive (see How to REALLY erase a hard drive). Secure Erase is fast and effective, but if you need to erase more than a few drives a week the "reboot from a floppy" technique gets cumbersome.

You need industrial strength sanitization Ensconce Data Technology markets a device that will Secure Erase 3 drives at a time. [Disclosure: I have no financial relationship with Ensconce.] The Digital Shredder handles SATA, PATA drives today and, they promise, SCSI drives Q1CY08. 3.5" and 2.5" drives are supported.

Secure Erase is a feature built into ANSI spec for SATA and PATA drive commands. Since the drive runs the process, it doesn't require any external computing horsepower or bandwidth. The Data Shredder just locks the drive in place, starts the process, and doesn't let the drive go until the Secure Erase is complete.

It records the data about the erasure - day, date, operator etc. - for audit purposes and prints out a label to stick on the drive so you know it's been cleaned. The Shredder has no network connection for security reasons. Budget about $11 grand for your own copy.

Another option Secure Erase is both more secure and much faster - 15 to 30 minutes per drive - than overwriting a high-capacity drive, especially if you use the obsolete DOD 7x overwrite standard. But maybe you don't need your drives to be squeaky clean. If regular overwriting is good enough for you there is an alternative.

The ICS [Disclosure: no financial relationship with them either] WipeMASSter will clean 9 drives, including HPA and DCO areas, at once using the older DOD standard from 1995.

It isn't Secure Erase, but if your business isn't covered by HIPAA, Graham-Leach or SOX you're probably fine.

WipeMASSter handles 3x the drives of the Data Shredder, but it uses a slower overwrite, so Data Shredder looks like it will clean more disks per day. On the other hand, WipeMASSter is 1/4th the price so it probably all evens out.

The Storage Bits take Getting data off hard drives isn't as easy as you might hope. If you have a lot of drives passing through your company, the ability to safely sell used equipment should be financially attractive. With these high-volume disk cleaners you can take advantage of the value of old equipment.

Comments welcome, of course.

Topics: Storage, Data Centers, Hardware

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

57 comments
Log in or register to join the discussion
  • DBAN

    No DBAN listed in the options available?

    Tor those looking for an affordable option, try DBAN (Darik's Boot and Nuke) hosted at sourceforge.

    It's not only free, but will gladly wipe 8 SATA HDD at once with minimal hassle.
    startx.jeff
  • $11k for a program that will wipe a used drive that will fetch $20?

    Plus the time it takes to do it? It will be cheaper to get a 32 ounce Ball Pein Hammer and a 5/16" drift pin and punch thru the case and platters. Heck I can dismantle them in 5 minutes and recover the aluminum. I have 30lbs ready for the scrap heap.

    I usually use Aefdisk to destroy all partitions. Then use FDisk and Format or use the utility that came with the drive if it exceeds 137GB. It may not be as good but it is good enough.
    osreinstall
    • $11k for a program that will wipe a used drive that will fetch $20?

      LOL. Good question. I'm sure the commercial announcer would say something like, "It pays for itself in just 550 drives*"


      * And at the end of the commercial, the announcer, at auctioneer speed, would say:
      "Does not include man hours or processing time." ;-)
      MGP2
      • I would offer him $40 for it.

        Sometimes this security mindset can get blown way out of proportion and as a result and the prices get goofy, especially after 9/11. Security can be a racket.
        osreinstall
        • I agree with all of you.

          I completely agree. If the data is so sensitive it must not be recovered under any circumstances, simply destroy the device physically. It's a lot cheaper.

          Otherwise, just use a DoD wipe - I've never heard of data being recovered after a DoD wipe. Never. Robin is just daydreaming here.

          If data thieves are going to such great lengths to recover your data, then you needed to destroy the drive physically anyways.
          CobraA1
          • I believe in security.

            But lets not get insane about it and drive ourselves to bankruptcy. I believe common sense is the last variable to be considered these days.
            osreinstall
          • And...

            ...unless you're in organised crime, why indeed would you have anything to hide?

            Privacy to a degree by all means - but to this point? I think governments, government agencies and businesses/corporations with sensitive data that needs erasing are the primary market here for this technology.

            Average Joe? Well, like i said, why indeed would average Joe have anything to hide - or worth hiding to this degree, come to think of it?
            thx-1138_
          • Privacy is not a crime, ya know...

            I don't know why people make it seem like a crime to want privacy. So, let's say you e-file your taxes from your home pc. The tax form has your name, address, social security number...all the elements for identity theft. Is that "nothing" to hide? Simply leave the drive in the PC and toss it out with the weekly trash? Maybe you bank online and may have downloaded your statements. Don't wanna "hide" those either? How about publishing your name, address, phone number, and social security number in this blog post? Unless you, um, have something to hide.....
            MGP2
          • He might have some banking on his machine.

            That is worth hiding from all of the dumpster divers. I have received donated computers with personal info on them like tax returns. Also porn in the cache whether accident or on purpose is worth getting rid of so you are not considered a suspect if the future owner is a predator and law enforcement tries to link you to it. You don't have to be a gangster and need privacy. Yes Joe Sixpack does have something to hide. We all do for there is someone out there that will kill you for your beliefs. Sick people seek power to hurt others. Us primates are funny that way.
            osreinstall
          • That's how you get you identity stolen

            Chances are slim that this would occur but do you really want to leave it to chance. If you sell your PC you'd better wipe that drive as you never know who might end up with that PC.

            Many people doing banking and tax forms on the PC. Some people do budgets and small business stuff as well. On top of that many people have sensitive data from work on their home PC, something I don't believe they should have but they do.

            So Joe Average might not think he has anything important but could have something really important.
            voska
          • Small businesses collecting credit card info

            I have had the opportunity to see how some small (10 people or less) businesses handle credit cards. You probably do business with some of these people... if you have ever paid for a haircut with a credit card, if you use a travel agency, etc. you may have your credit card info on someone's hard drive. I don't know about you but I would want to make sure that got securely erased before that business sold or scrapped those computers.

            So, I think the answer to your question becomes a little more obvious when you look at it that way.
            raintree
    • wind chimes

      The platters make great wind chimes, too. Drill a small hole in a few platters, tie some fishing line through the holes, add a fishing swivel, and run them all up to an old CD.
      Dr. John
      • Great Idea.

        Now you will have to drill a number of holes in them to get the different notes. Otherwise it will sound busy with a half dozen with the same note. Must make a blueprint to get C or C# or E flat and the number of holes to do it.
        osreinstall
        • Done it for years

          Using 2 1/2", 3 1//2" and 5 1/4" (old Bigfoot platters) with numerous holes, I drove the neighbors crazy. I don't leave them up very long.
          rketchum@...
    • It wasn't software. It is hardware

      The $11 K disk cleaner is hardware. If you have a company that has a few hundred or several thousand hard drives that get "cleaned" a year it is well worth the money. And such companies usually like donating the old (but not ready for the junk heap) computers to schools and other such for a tax credit. So, yeah, they would love the device, especially with its audit features.
      Weldon@...
      • Sure doe look like a device to me. Oh well.

        I still think that 3 at a time on 2 year old drives and the time it takes still will not be cost effective. This procedure will take a lot longer than a repartition then a reformat which is good enough within an organization. Giving them to charity, I would just get a deal on new ones and save the hassle and time you must pay someone on the payroll. You also have to realize that most computers in an organization never sees sensitive info.
        osreinstall
  • RE: How to REALLY erase a LOT of hard drives

    I got a 5 lb magnet from my chiropractor, he uses it for healing(?) I use it for scrambling old drives and old floppys.

    I also shred documents, and destroy with either putting the shreds in a plastic garbage bag, fill it with water, punch a few holes, let it water my garden or take the bag when we go to the beach or camping and burn the paper, I also use it as a fire starter during the winter, shredded wrapped very tight with string. The water method works fine, the burn method leaves ash.
    kkrimmer@...
  • Driving off with my data

    It's not the drive that's the issue. It's the data on the drive. I would think that a couple hundred thousand social security numbers would be worth the expense.
    R.L. Parson
  • OK.. but

    Isn't it cheaper to simply destroy the old HardDrive via hammer methods and buy a new drive and put in the PC.... or if it is ancient and you are selling in bulk just have no hard drive in it. Most likely will be parts anyway. If the idea is to donate old PC's to charity buy el cheap HD and stick in the PC....
    Am I missing something ?
    redtrain65
    • No kidding.

      Take the drive apart and run the platters over a grinder for fifteen seconds.
      frgough