Data destruction tool

J

jbo@

Developer
Which tool(s) do you guys use to ensure that there's no more recoverable data left on a storage device (spinning rust, flash, ...) prior to releasing it into the wild?

Ideally something that already has a FreeBSD port or that is portable.
 
2kg sledge hammer works for me :)
In the past I've used self written scripts that use "dd" from /dev/zero, /dev/random. Some of the government secure erase algorithms may be online that you can figure out the patterns to use.
I'm sure there are some in ports I've just never looked for them.

by our own Cy:

bcwipe « security - ports - FreeBSD ports tree

cgit.freebsd.org
 
Crivens said:
Anything that goes over 1000C° usually does the trick.
Click to expand...
Yeah, you also saw Frank's HDD-Killing experiment? 😁

Well, I don't play with thermite, and am concerned about the environment; (If I would do this I would smelt the disks only, but for sure not the whole drive [As an electronics development engineer I'm aware of what unhealthy stuff is within electronics, not only the capacitors, and the plastic - for sure nothing to put into open fire, especially not to take a breath of that smoke!])

So here's what I do:

1. dd if=/dev/random of=ada[I]X[/I] bs=100M status=progress over the HDD.
2. Open it (screwdriver), remove the disks, and the magnets of the read-and-write head arm's drive (pretty strong)
3. Several times strike those magnets over all disk's surfaces.
4. Take a lighter and heat the disks (You neither need to reach Curie temperature of the metal, nor to smelt it.)
5. Take a screwdriver, or sandpaper and scratch the disk's surfaces
6. Take tongs and bend the disks (Be careful at this step! Some (older?) disks are made of glass!)
7. Dispose disks separated from the rest: housing with electronics anyway into electronics recycling.

I keep the magnets; pretty good for the bulletin board :cool:
 
jbo@ said:
or that is portable
Click to expand...

I boot a Linux LiveUSB and use hdparm:

Code: 
sudo hdparm --user-master u --security-set-pass 'x' '/dev/sda' && sudo hdparm --user-master u --security-erase 'x' '/dev/sda'

Code: 
sudo hdparm --user-master u --security-set-pass 'x' '/dev/sda' && sudo hdparm --user-master u --security-erase-enhanced 'x' '/dev/sda'

I used to do multiple drives at a time overnight (it takes hours) and hooked up drives outside a desktop case on long SATA cables :p I did both commands back-to-back with && since some drive firmwares do a quick format with one or the other.
 
FWIW, in all seriousness, it really depends on who you want to keep from accessing the data. since rotational disks suffer from something called radial-arm-shift over time, and being that a magnetic flux state change won't affect all molecules on the coating, it is possible to reconstruct data after it has been overwritten many times. 30 years ago the process involved coating the surface with a nickel powder in a vacuum chamber and then looking at the peeled nickel layer under an electron microscope to note and analyze the patterns in it. Since that was cutting edge 30 years ago you can use your immagination to think about how sophisticated the methods are now.
 
jbo@ said:
Which tool(s) do you guys use to ensure that there's no more recoverable data left on a storage device (spinning rust, flash, ...) prior to releasing it into the wild?

Ideally something that already has a FreeBSD port or that is portable.
Click to expand...

Just dd(1) the /dev/random on this device several (5+) times. Nothing more needed.

# dd bs=1m status=progress < /dev/random > /dev/device

You may add /dev/zero as the last run.

# dd bs=1m status=progress < /dev/zero > /dev/device
 
Last century a New Zealand crew led by Peter Gutmann devised a method to securely erase MFM/RLL encoded disk drives. It was quite a hit at the time. However, it's no longer relevant as recording methods have changed, and Gutmann has observed:

"In the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques."​

No disk drive ever left the premesis of where I last worked, except in a special secure container that went straight to a crusher. Some new maintenance engineers had to be educated on that policy, frustrated because their standing instructions were to take away broken drives for refurbishment.
 
That's why UNIX-users don't need file-shredder software! One of the most obnoxious things about Windows, in my opinion, is that you need 3rd party software to simply just use functions that are already in the OS! Extra points if the software is obnoxious proprietary nagware!
vermaden said:
Just dd(1) the /dev/random on this device several (5+) times. Nothing more needed.

# dd bs=1m status=progress < /dev/random > /dev/device

You may add /dev/zero as the last run.

# dd bs=1m status=progress < /dev/zero > /dev/device
Click to expand...
 
RetroComputingCollector said:
That's why UNIX-users don't need file-shredder software!
Click to expand...
Especially not, if you figured out, any 'shredder software' does nothing else what cannot already be done with dd: write garbage to every block.
If I take a look at the above linked-to-git software example's log:
6 1/2h for a 500G drive? Where is the benefit?
Two times dd if=/dev/random... do the same, maybe even quicker.

Besides:
I would never release any of my HDDs/SSDs back to the wild, ever.
I either re-use them myself, or they are destroyed.
 
You must log in or register to reply here.
Back
Top