If you or your company have data which needs to be kept out of the wrong hands, the Secure Erase command built into every SATA drive -- including SSDs -- will do that job. But accessing the Secure Erase command isn't easy, as most BIOSes disable it. And if you need a record of the Secure Erase, few utilities offer that.
StarTech's Standalone Eraser Dock (SED) is the simplest and easiest way to erase a bare drive. You plug it in, select an erase protocol -- with an option to define one yourself -- and it goes to work. As the name suggests, you don't need to plug it into a computer.
The SED offers erase options for every occasion.
- Quick Erase: The partition table is quickly erased.
- 1-Pass Erase: A full disk overwrite (all zeroes).
- 3-Pass: Multi-pass overwrite per DOD 5220.22-M.
- 3-Pass: Multi-pass overwrite per CSEC ITSG-06.
- 3-Pass: Multi-pass overwrite based on HMG Enhanced IS5.
- 7-Pass Custom Erase: User specifies number of passes and pattern written.
- Secure Erase: Drive's internal Secure Erase command is executed.
- Enhanced Secure Erase: Drive's Enhanced Secure Erase command is executed.
Note that the Quick Erase option is not actually erasing your data. A decent file recovery program can reconstruct files from the remaining blocks.
Erasing disks or SSDs takes a while -- about 3 hours per TB on 2.5" disk drives for Secure Erase -- so if you're in a hurry pounding a 10 penny nail through the disks is much faster. The multi-pass erases takes that long for each pass, so the standalone operation of the dock is handy.
The unit comes with the SED, a USB 3.0 cable, a power brick, four power cords for anywhere in the world, and a printed quick start guide that covers the essentials. The SED appears to be solidly built -- a concern since consumer SATA docks rarely last more than a year -- with a two line LCD display that does its job.
I used the SED's Secure Erase function -- blessed by NIST and largely designed at the University of California, San Diego -- on a couple of drives and an SSD, and then a Mac data recovery utility to see if any data could be found. When plugged into my Mac, the drives were no longer initialized, and after they were, no files could be found.
The SED also offers a serial printer port so receipts can be printed for audit and documentation purposes. I don't have a serial printer so I'll have to take StarTech's word that it works.
The SED online was $225. Adapters for IDE, M.2 and mSATA drives are available at additional cost.
The Storage Bits take
I found the StarTech Standalone Eraser Dock worked as advertised, a refreshing trait in computer gear. It sets up in minutes, operation is simple, and it is solidly constructed.
If you work in a financial or health care organization, something like the SED is almost a must have. I've talked to bank security execs who go further: erase the drive and then physically destroy it with a drive shredder, but that's overkill for most of us. And probably even for a bank.
There are software tools that -- with some fiddling -- will start the drive's internal Secure Erase function. Other tools -- such as DBAN -- that rely on the computer's I/O to erase a drive will typically not touch data in bad blocks or in blocks that haven't been fully overwritten.
With the common availability of Windows BitLocker and Mac OS X FileVault, encrypting a drive and then reformating it is another option. It's easier than most utilities, but still more work than the set-and-forget operation of the SED.
Software tools don't require a drive to be removed from a case, which is simpler. If you're serious about security, the SED is a handy tool.
Comments welcome, as always.