digg

Facebook Connect Join Digg About

How to REALLY erase a hard drive

blogs.zdnet.com You may already know that “deleting” a file does nothing of the sort. But did you know that your disk drive has a built-in system for the secure erasure of data?

Who dugg this? Made popular May 3, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

186 Comments

show profanity settings
expand all
  • tippmann1, on 10/12/2007, -2/+224@drowningfish

    It's pretty damn hard to recover a drive when the platters are a melted pool of metal. so thermite FTW
  • dave11980, on 10/12/2007, -0/+198@drowningfish

    Do you even know what thermite is?
  • greenlight2001, on 10/12/2007, -18/+197I thought termites ate wood not metal?
  • trghpy, on 10/12/2007, -5/+175I still prefer the thermite method...
    but this isn't bad for the normal folk.

  • inactive, on 10/12/2007, -6/+151Here's another one to totally destroy your computer:
    http://www.microsoft.com/WindowsMe/
  • ers35, on 10/12/2007, -4/+124Although dban is a nice program, I've found that the best program for rendering a hard drive (and a computer) unusable is:

    http://www.kazaa.com
  • RoflMyWaffle, on 10/12/2007, -0/+64@drowningfish
    just because you saw that on an episode of CSI doesn't mean it's possible... its just as possible as zooming in and refining pixels into completely visible pictures (also seen on CSI)
  • GMorgan, on 10/12/2007, -2/+65A byte by byte write over will suffice for all but the most anal of searches. At least to the level where Geek Squad won't be able to pull naked pictures of your girlfriend off there. Assuming of course you have a girlfriend and are stupid enough to take your computer to Geek Squad.

    Linux has the shred command which is a secure delete which blasts random data over the file multiple times.
  • HeroinNinja, on 10/12/2007, -3/+64I heard you can get it erased at Best Buy.
  • arunforce, on 10/12/2007, -3/+46Wait... Geek Squad knows what a HARD DRIVE is?!
  • oxdeltaxo, on 10/12/2007, -5/+43@greenlight2001

    Thermite eats whatever it combusts with, which include your little termites.
  • tdurden, on 10/12/2007, -1/+37@cactus476 hard drives are a magnetic storage mechanism... read up http://en.wikipedia.org/wiki/Hard_disk
  • skyfire1, on 10/12/2007, -6/+38A computer is like a air conditioner. It works great until you open windows.
  • monkeyness, on 10/12/2007, -1/+32Actually DoD is 3-pass and NSA is 7-pass. 35-pass is the Gutmann method.
  • sunshinex, on 10/12/2007, -2/+31I work in IT security for a large financial organization. Erasing a hard drive using pretty much any tool which overwrites the entire drive at least once will make any data on it unrecoverable. A co-worker was in a forensics course with a member of the US FBI who told him even their best labs can not currently recover data if it's been overwritten even just once. I thought this guy was BS'ing, so I called a 10 recovery labs in the US and Canada and told them I had a drive which I'd overwritten with zeros (using dd in linux). Not one of the recovery firms could do a thing - after say 'dd with zeros' they said forget it, no way, no one can do it.

    It's amazing what they CAN recover, one lab claimed to be able to pull data of a drive put through an industrial chipper (one little bit at a time, on a magnetic microscope, for tens of thousands of dollars). Overwrite it once though, and they all told me the same thing - not even with the microscope.

  • Brishen, on 10/12/2007, -1/+28@wtfersk8s

    but thermite looks sooo much cooler
  • vranghel, on 10/12/2007, -4/+31I second Boot and Nuke...great app for scrubbing a HDD.
  • tommyboy180, on 10/12/2007, -2/+27At my job, USAF, we have to destroy hard drives in accordance to remenance security. I use a Data Security 6600 Degausser! (No pacemakers please). After the Degausser destroys the drive with the EMP charge I use a huge sledge hammer to destroy the drive completely. That is how you destroy a hard drive. If I tell you any more I will have to kill you.
  • HerrEisenheim, on 10/12/2007, -1/+20Petrol stands for petroleum, which is the common name for gasoline everywhere in the world, sans the US and Canada.
  • bandeapart, on 10/12/2007, -1/+19@drowningfish

    "Actually thermite is susceptible to patient and highly sensitive recovery methods. It's about as secure as just smashing the drive."

    That's the funniest thing I've heard all week...hahaha.
  • xspinkickx, on 10/12/2007, -2/+20http://dban.sourceforge.net/

    ^^ there you go, if you want boot and nuke.
  • jalexhall1989, on 10/12/2007, -1/+18for those of you who don't know what thermite ACTUALLY is.. http://www.youtube.com/watch?v=WrCWLpRc1yM
  • IllBeBack, on 10/12/2007, -3/+20Toss the ***** into a hot kiln and once it's entirely melted, all of the data has been erased.
  • markr, on 10/12/2007, -2/+19Imagine if the final pass of random data managed to construct an NTFS full of dubious illegal material, and the complete works of Shakespeare!
  • khag7, on 10/12/2007, -1/+17After following all the links to get to the actual software download:
    http://cmrr.ucsd.edu/hughes/HDDErase.zip
  • HerrEisenheim, on 10/12/2007, -8/+24That's essentially what this is. There are typically three ways of doing this.

    1) 1-pass: Zero the drive. Write zeros over everything, but only once. This is usually "enough". Unless the data on your drive is worth a lot of money, it wouldn't be worth it to try and recover the data on a drive that's been zeroed.
    2) 7-pass: The driver is first zeroed, and then it's it's written over another 6 times with random 1's and 0's. For all intent and purposes, I believe this to leave an HDD completely unrecoverable. Only using sophisticated magnetic tracing hardware will allow you to recover this kind of data...even then, with limited success. You likely wouldn't be able to reconstruct whole files.
    3) 35-pass: Zero the drive, then write over it another 34 times with random data. Good enough for the NSA and DoD. 'Nuff said.

    The thing is, every pass takes essentially the same amount of time. On a 7200PRM 500GB HDD, zeroing the drive can take 1-2hrs. So if you want to do a DoD style erase, you better be ready to give up three days.

    OS X has some really neat utilities for secure erasing. You can secure erase (single pass) any file you can drag to the trash. You also have the option to securely erase data that you *previously* only normally erased, by means of the "Erase Free Space" function in Disk Utility. Basically, it will re-write zeros to everything on the HDD that isn't in use by the file system. So if you want to get rid of all the traces of pr0n, that's what you want to do.
  • grumpyrain, on 10/12/2007, -3/+17> Here's another one to totally destroy your computer:
    > http://www.microsoft.com/WindowsMe/

    I personally don't think it is worth it if you have to resort to THAT.
  • kevin2735, on 10/12/2007, -4/+17"3) 35-pass: Zero the drive, then write over it another 34 times with random data. Good enough for the NSA and DoD. 'Nuff said."

    I have a source who tells me in addition to the wiping, they (NSA / DOD) still remove the platters and break them up into pieces using a hammer. I have heard rumor that an electromagnetic microscope can go beneath magnetic layers and recover data.... could be true.... hang on a sec, there's a black helicopter overhead.
  • inactive, on 10/12/2007, -2/+15so... I take it it's too much to smash it with a sledge hammer, then take a giant magnet to it, while having it turned on and being dragged through a pool of acid, then thrown it into a volcano, and then detonate a nuke above it these days?
  • t0ny, on 10/12/2007, -5/+17In linux I just
    # dd if=/dev/urandom of=/dev/hda
  • dvsbastard, on 10/12/2007, -3/+14How about a magnetic hammer?!
  • spiffytech, on 10/12/2007, -0/+10I don't think anyone here is talking about just *splattering* a drive with thermite. We all mean using burn-through-a-car-engine quantities.
  • thebman990, on 10/12/2007, -1/+11Did you bother to read the comments above yours?
  • Matt2k, on 10/12/2007, -2/+11> Only using sophisticated magnetic tracing hardware will allow you to recover this kind of data

    Not even then, from what I understand. In many circles, it's believed to be a myth. There is no known instance of anyone recovering any amount of data after even a single random write. At least not with modern drives.
  • sam991, on 10/12/2007, -0/+8Does microwaving it work? Yay or nay?
  • inactive, on 10/12/2007, -0/+8@t0ny

    that is actually not fully secure. here's why.

    so let's say you write 0's to your hard disk a few times. it will certainly pass the magnetization threshold such that your disk will read back all 0's, but taking the platters out and doing some advanced signal processing of the analog data from the head would help you recover most, if not all, of the data. let's say, for example, that writing a 0 over a 1 makes the magnetization 0.1 and writing a 0 over a 0 makes it 0.0.

    now let's say you write 1's to your hard disk instead. same thing, right? writing a 1 over a 1 will make it 1.0 and writing a 1 over 0 will make it 0.9.

    the hard disk, let's say, differentiates between under 0.5 as 0 and over 0.5 as 1 so it doesn't care. but if i use my special head to read the platter, i can get the floating point magnetization values of each bit (and i would be able to differentiate between 0.0, 0.1, 0.9, and 1.0).

    now, if you write /dev/urandom, you will, on the _FIRST_ go, get the hard disk to read back exactly what random string you used correctly. so if someone finds your hard disk, they read it normally using dd, and get '01010101111010110...'
    and then they just say, ok, suppose the first bit was written with a 0, the second with a 1, the third with a 0, the fourth with a 1, etc. and then go back to the analog signal processing and hypothesis testing to determine what each bit was. for example, let's say i read '01010101111010110 as above using the hard disk, but using my special head, i read:
    0.1 1.0 0.0 0.9 0.0 0.9 0.0 0.9 1.0 0.9 1.0 ...
    i can most definitely reproduce all your data.

    So what if you apply /dev/urandom twice, you say? it's still likely that an expert can decipher a good deal of it -- additional information can be provided about the random numbers because your random numbers are probably seeded by your system clock, so if I have any information at all about *when* you erased it, I could test my hypotheses using every possible time strings (millisecond-wise) around the time I think you erased it -- that wouldn't take long for a large computer array -- and look for data that makes sense. This one is a little harder.

    The first method above, of course, is something a lot of data recovery specialists could do, so you're definitely not safe using /dev/urandom once. You're probably safe as a civilian doing /dev/urandom 2 or 3 times. But if you're working for the CIA or some other organization where people would die for your data, you probably want to do something a little different, for example, doing some sort of analog random writing of your disk, or doing several digital rewrites with a better random source than what's built into your PC.
  • dreamtenstudios, on 10/12/2007, -1/+9If only Scoffield from Prison Break read this in time...
  • spiffytech, on 10/12/2007, -2/+10shred -fuz /*

    dd won't overwrite multiple times to prevent magnetism analysis.
  • monkeyness, on 10/12/2007, -3/+10Nor would a sledgehammer, since forensics could still piece it together. Really the only guaranteed way is melting it.
  • zeppo, on 10/12/2007, -0/+7A hard drive once bit my sister...
  • inactive, on 10/12/2007, -2/+9Thermite reaction: http://upload.wikimedia.org/wikipedia/en/2/2b/Utah-thermite.jpg

    Also,
    $ cat /dev/urandom > /
  • spiffytech, on 10/12/2007, -3/+9Found out shred won't do directories. Here's a working command:

    find -type f -execdir shred -fuvz '{}' ; ; rm -rf *
  • FEDELST, on 10/12/2007, -0/+6This is typical of the plethora of misinformation and half baked concepts floating about on how to decommission a hard drive. Most of these methods are antiquated, or akin to asking your crazy cousin Bob to spend a day in your garage with a sledge hammer and your collection of drives.

    The National Institute of Science and Technology (NIST) has published recommendation 800-88 which is developed from a collection of information and best practices from government and academic resources. As stated in the recommendation, second to effective physical destruction, Secure Erase is the single best means to destroy data beyond forensic reconstruction.

    let's look at what effective physical destruction means.... According go Dr. Gordon Hughes and the University of California's Center for Recorded Magnetic Media, effective destruction of hard drive media is accomplished when the resulting particle is of insufficient size to accommodate a 512Kb block of data. Rather, based on current media chemistry, this will equate to less than 1/125". And, with future higher density compositions this size will diminish.
    Furthermore, the waste produced from shredding drives requires proper disposal, and due to the cocktail of chemicals present in the waste, warrant disposal in environmentally protected facilities.

    Overwrite is a long process that does not net the most effective results. DOD 5220 is an antiquated standard that is no longer considered an acceptable means to effectively decomission hard drives in most government departments. Yet, many software vendors proudly tout this spec, despite it's proven weaknesses.

    Degaussing has its own limitations being a no contact technology, Degaussing does not provide a defensible audit log of the devices processed, and there is no assurance that the platters in the hard drives processed with a degausser are in fact void of all data. Considering that current media composition requires between 8,000-10,000 Oerstead of energy to achieve coercion, or repolarization of the media, it must be assured that the degaussing device is capable of attaining this level of energy. If a degausser is not up to spec, the devices processed through it, will not be effectively erased. Add to this the fact that iron elements in the drive will act as a shunt for magnetic energy; the platter may have regions that do not get the required exposure, or are shadowed from effective exposure.

    I could go on but if you want to know the whole story go to http://www.deadondemand.com/assets/documents/edt_digital_shredder_2.pdf and read the white paper.


  • lonniebiz, on 10/12/2007, -2/+8This application does a good job erasing files:
    http://www.heidi.ie/eraser/download.php
  • Urusai, on 10/12/2007, -4/+10Damn UN keeps sanctioning me whenever I try to develop nuclear weapons.
  • clark1001, on 10/12/2007, -1/+6Not sure why you got dugg down. DBAN is a simple and easy way to scrub a hard drive using methods that were originated for use in the Department of Defense. It's technically a Linux LiveCD, but it only has one function. A 40 Gig hard drive can be securely erased in about an hour.
  • zixx, on 10/12/2007, -1/+6http://video.google.com/videoplay?docid=-4147847319296070400
  • hagbard72, on 10/12/2007, -0/+5I either use Nuke Disk (free) or format the drive with TrueCrypt then reformat.
  • vemerge, on 10/12/2007, -5/+10Why not just burn it and buy a new drive?
  • Slovenian6474, on 10/12/2007, -0/+5I'm not as worried about the FBI as I am those damn dishonest scuba diving identity thieves
  • Fetching more discussions...
    Show 51 - 100 of 188 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.