All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 15 posts ] 
Author Message
 Post subject: How to destroy a hard drive
PostPosted: April 8th, 2017, 23:31 
Offline

Joined: April 8th, 2017, 21:47
Posts: 4
Location: planet earth
I've got a question for the data recovery pros that the search function didn't turn up any answers to. I don't want to recover a damaged drive, I want to damage a drive beyond reasonable recovery. I work for a largish company with around 30,000 computers. Our life cycle is around 5 years from when a computer is purchased to when it is replaced, so on an average year we've got around 6,000 used drives to deal with. My company is like many others and doesn't want its data getting out. The data in question is the typical business data of personnel records, HIPAA, accounting spreadsheets, email, etc, etc. What our data is not, it is not state secrets, child porn, or anything else that would draw the attention of law enforcement.

I've googled and watched a bunch of youtube videos about HD destruction and if you were to believe what those videos and web pages say there is basically no amount destruction that can't be recovered with a determined enough person. Frankly comments like that set off my BS alarm. I've recently been assigned the task of dealing with those old computers and that's not my only assignment. There's no time to do HD destruction beyond the minimum required to stop what a data recovery company could do.

I hope I'm not asking for anybody's secret blend of spices and herbs by asking this, but what amount of damage to a hard drive makes you say, "nope that can't be recovered by me or any other data recovery company."


Top
 Profile  
 
 Post subject: Re: How to destroy a hard drive
PostPosted: April 9th, 2017, 4:53 
Offline

Joined: May 21st, 2007, 16:10
Posts: 1592
Location: Gothenburg/ Sweden
A real good Degausser will do the job :-)
https://en.wikipedia.org/wiki/Degaussing

_________________
Rescue IT Datarecovery service Sweden
Rescue IT Dataräddning Göteborg AB
http://www.rescue-it.se


Top
 Profile  
 
 Post subject: Re: How to destroy a hard drive
PostPosted: April 9th, 2017, 8:47 
Offline
User avatar

Joined: April 3rd, 2011, 0:19
Posts: 2003
Location: Providence, RI
Our company offers free hard drive destruction service to just keep the salvage of the old drives. If possible we digitally wipe the drive to DoD standards with security measures to remove things like host protected areas, etc. so it's certain to be a complete wipe. Then we keep the sanitized drive for our parts stock to be used in our data recovery work. If we can't digitally wipe the drive fully, such as if it has bad sectors or isn't functioning, then we remove the platters and degauss them outside the drive (this is better than doing it inside the housing). We then recycle the aluminum and steel and keep the PCB board for our stock.

We've got quite a few large companies who regularly use our services including one multinational conglomerate who has locations in nearly every country on earth (they drop off a huge box every few months). Since we're a data recovery company we regularly deal with HIPAA compliance and other regulated data types. We can even provide you the necessary paperwork for HIPAA.

The service is free for SATA and IDE drives, we just charge $5/drive for SCSI and SAS drives. Also, if you want certificates along with the wiping logs it's an additional $2/drive (the process is handled the same regardless, but some people want certificates made up for their own records).

_________________
Data Medics - Hard Drive, SSD, and RAID Data Recovery Service Company


Top
 Profile  
 
 Post subject: Re: How to destroy a hard drive
PostPosted: April 9th, 2017, 12:24 
Offline

Joined: April 8th, 2017, 21:47
Posts: 4
Location: planet earth
mr_spokk - IMO the problem with degaussing alone is there's no easy way to tell if the drive is wiped or not. With thousands of drives tracking could be handled procedurally, but there are those in the organisation the believe than anything short of complete and utter annihilation is insufficient. (kind of like the guy in the link below)

Data-Medics - thank you for the offer I will seriously keep it in mind.

What about physical damage, where do you draw the line? This guy https://community.spiceworks.com/topic/586771-the-leftovers-is-drilling-holes-in-an-old-hard-drive-really-enough?page=1 seems to think that drilling holes isn't good enough. Then following his post there are pages of arguments full of tin-foil hat craziness and what seem to be reasoned disagreement.

My reason for coming here is it seems to be where the pros hang out and maybe there will be some truth and experience rather than conspiracy theory speculation. I need to make a case for my destruction plan that is based on fact and practicality to several people. I mentioned above that this task has been recently assigned to me. There's no point to getting into the politics of that decision, but to say the previous guy wasn't doing a good enough job. :roll:


Top
 Profile  
 
 Post subject: Re: How to destroy a hard drive
PostPosted: April 9th, 2017, 16:32 
Offline

Joined: October 16th, 2013, 13:21
Posts: 713
Location: Brazil
And if you really need to destroy the drives, just make a hole through them with a drilling machine. As long as it goes through the platters, you got your needs covered.


Top
 Profile  
 
 Post subject: Re: How to destroy a hard drive
PostPosted: April 9th, 2017, 16:51 
Offline
User avatar

Joined: February 9th, 2009, 16:13
Posts: 2520
Location: Ontario, Canada
We recovered 70% of a drive that was improperly drilled several years ago.

_________________
Luke
Recovery Force Data Recovery


Top
 Profile  
 
 Post subject: Re: How to destroy a hard drive
PostPosted: April 9th, 2017, 18:10 
Offline
User avatar

Joined: April 3rd, 2011, 0:19
Posts: 2003
Location: Providence, RI
In my opinion, as a data recovery professional, the safest options are the ones that digitally alter the data on the platters to make it unreadable. Zero-filling is certainly enough to do the trick, (as long as 100% of sectors are verified as wiped). Multi-pass wiping is actually redundant but satisfies the paranoia of those who have doubts (thus the reason we offer DoD 3-pass). That's preferable as it keeps the drive intact where it can be re-used or kept for parts to be used in later data recovery projects. However, amateurs can easily make a mistake like only wiping a partition instead of the entire drive, or they might miss a HPA at the end of the drive where data could have been hidden by an employee looking to sneak information out. So it's best left to professionals who have equipment specifically designed for the task and eliminate human error.

The next best option is degaussing, which if done properly is just as effective at preventing future recovery. The strength of the electromagnet on a good degausser/demagnetizer is enough to alter a majority if not all of the bits on the drive so that no single sector will ever be readable. In fact, the servo data will even be messed up so badly that the heads will never be able to even track their location to attempt reading a sector should someone ever manage to properly rebuild the drive. The downside to degaussing is that it ruins all but the PCB (which doesn't contain any data and can be removed before degaussing). It's actually the process the military and other high-security facilities use as they don't trust their own workers to properly wipe drives 100% of the time. But then, they've actually got state secrets to protect.

Drilling a hole (if you actually make it to the middle of the platter and don't miss) generally, will prevent recovery. However, it's not really a best practice as it still leaves the data intact on the remaining platter surface. While the drive is never going to work again, the data is still "technically" there. We never can know what technology the next 20 years might bring, and while we all doubt a device will exist that can read bits from a platter without skimming the surface (and being destroyed by the hole), you never can be sure. Perhaps one day they'll invent a sort of electron microscope laser that can read from a higher fly height to safely do it. Unlikely, but not necessarily impossible.

_________________
Data Medics - Hard Drive, SSD, and RAID Data Recovery Service Company


Top
 Profile  
 
 Post subject: Re: How to destroy a hard drive
PostPosted: April 9th, 2017, 20:05 
Offline

Joined: April 8th, 2017, 21:47
Posts: 4
Location: planet earth
data-medics wrote:
In my opinion, as a data recovery professional, the safest options are the ones that digitally alter the data on the platters to make it unreadable. Zero-filling is certainly enough to do the trick, (as long as 100% of sectors are verified as wiped). Multi-pass wiping is actually redundant but satisfies the paranoia of those who have doubts (thus the reason we offer DoD 3-pass). That's preferable as it keeps the drive intact where it can be re-used or kept for parts to be used in later data recovery projects. However, amateurs can easily make a mistake like only wiping a partition instead of the entire drive, or they might miss a HPA at the end of the drive where data could have been hidden by an employee looking to sneak information out. So it's best left to professionals who have equipment specifically designed for the task and eliminate human error.

I can see how in small numbers wiping the drive could seem feasible. But, at 6000 drives/year that is one big pile of work. I've tried Apple's secure erase and with their 1 pass option and the drive in an external USB adapter it took about an hour+ to do the job. So even on the low side, 1 hour * 6000 drives / 8hrs/day = 3 computers working full time erasing drives. Add a techs time to mount, unmount, deal with failed drives (the cost purchase equipment to physically destroy the failed drives) and the costs go through the roof.

Your offer of a free drive wipe service which sounds interesting, and is a real potential. But, I'm still working on the plan I'm going to present to those who care about data security. Some of the ones that care the most are the least technical, so they default to tin-hat thinking. I am educating myself so I can educate them about what is possible in the real, non-tin-hat world.

Quote:
The next best option is degaussing, which if done properly is just as effective at preventing future recovery. The strength of the electromagnet on a good degausser/demagnetizer is enough to alter a majority if not all of the bits on the drive so that no single sector will ever be readable. In fact, the servo data will even be messed up so badly that the heads will never be able to even track their location to attempt reading a sector should someone ever manage to properly rebuild the drive. The downside to degaussing is that it ruins all but the PCB (which doesn't contain any data and can be removed before degaussing). It's actually the process the military and other high-security facilities use as they don't trust their own workers to properly wipe drives 100% of the time. But, then they've actually got state secrets to protect.

Back in the day when big mainframe computers had 32K (yes K) of RAM I worked on classified military computer projects. (yup, with actual state secrets. I could tell you, but then I would have killed you, with boredom. The military loves to stamp secret on everything. :lol: ) Back then they would accept degaussing for tapes that were going to be reused for other classified work. But, when one of the "big" 70 meg drives crashed we were required to deeply score both sides of every platter and then incinerate them until they were deformed by the heat. The melted drive then had to be recovered from the ashes and given as proof of destruction to the military folks. The fuel for this fire was provided by used up tapes, classified paper printouts and a whole bunch of natural gas. Fortunately for me my clearance wasn't sufficient to allow me to do that task. My coworkers with the correct clearance said it was a miserable job destroying classified materials.

Fast forward to today and a degausser is one of the options for sure. I'm betting the last spinning hard drive we buy for a user is only a year or two away. A degausser that is industrial strength enough to destroy 40K plus drives over the next 7-8 years isn't going to be cheap, but a lawsuit because of misplaced data with make it seem like chump change.

Quote:
Drilling a hole (if you actually make it to the middle of the platter and don't miss) generally, will prevent recovery. However, it's not really a best practice as it still leaves the data intact on the remaining platter surface. While the drive is never going to work again, the data is still "technically" there. We never can know what technology the next 20 years might bring, and while we all doubt a device will exist that can read bits from a platter without skimming the surface (and being destroyed by the hole), you never can be sure. Perhaps one day they'll invent a sort of electron microscope laser that can read from a higher fly height to safely do it. Unlikely, but not necessarily impossible.


If a holed, bent, or shattered drive can be read by some yet uninvented device 20 years from now, I can live with that. I think even my tin-hatters could live with that. 20 years from now the chance of someone recovering data from a properly recycled hard drive that could harm my company is so tiny I can't imagine a scenario where it could happen. Could it happen? Yeah and I could win the lottery 10 times in a row. But, what are the chances of that? What no one can live with is finding data from a computer that was replaced within the last couple of years floating around on the internet.

Drilling holes seems like the simple and inexpensive answer on the scale I'm dealing with. I could pick up a quality drill press, drills and related gear for well under $3,000. But, IT people aren't typically known for their skill with power tools. A spinning bit, a moment of inattention = a workers comp claim or worse. Not to mention the mess of drill shavings and shattered glass everywhere.

I've also looked at hard drive crushers. There is still a mess to deal with, but I think with the safety interlocks nobody is going to get hurt. And the crushers life could be longer as SSD drives start reaching their end of life.


Top
 Profile  
 
 Post subject: Re: How to destroy a hard drive
PostPosted: April 9th, 2017, 20:13 
Offline

Joined: April 8th, 2017, 21:47
Posts: 4
Location: planet earth
lcoughey wrote:
We recovered 70% of a drive that was improperly drilled several years ago.

Was that because they missed the platters?


Top
 Profile  
 
 Post subject: Re: How to destroy a hard drive
PostPosted: April 9th, 2017, 22:17 
Offline
User avatar

Joined: December 4th, 2012, 1:35
Posts: 3844
Location: Adelaide, Australia
I have always wondered if there was a way to analyse the disk differently.
such as taking some kind of graphic image of the disk. not sure what would work, but there are some amazing things out there. maybe you could radiate it somehow and capture the difference in lighting using filters. possibly the actual data on the disk "looks" different enough to somehow "OCR" it.

Once you had the image, you could use software to process it instead of the heads. then you do away with any physical issues such as a hole in the platter.

I am sure you could do this with old vinyl records, maybe some kind of radar unit that measures the pits and lands and converts it to digital data.


Top
 Profile  
 
 Post subject: Re: How to destroy a hard drive
PostPosted: April 10th, 2017, 9:11 
Offline
User avatar

Joined: July 12th, 2010, 4:38
Posts: 1418
Location: Portugal
Brake the platters into pieces.
I doubt someone can get data from them :mrgreen:

_________________
http://www.pclab.com.pt facebook.com/PCLAB.A.T
ACELab partner


Top
 Profile  
 
 Post subject: Re: How to destroy a hard drive
PostPosted: April 10th, 2017, 17:37 
Offline

Joined: October 16th, 2013, 13:21
Posts: 713
Location: Brazil
Well, you can drill them, then take the results to some place to get them melted. If somebody recovers the data after that, well, they deserve it.


Top
 Profile  
 
 Post subject: Re: How to destroy a hard drive
PostPosted: April 13th, 2017, 7:46 
Offline

Joined: March 9th, 2017, 6:16
Posts: 103
Location: trinidad
I think if laptop drives are having TPM enabled bitlocker or some enterprise Full disk encryption , chances of recovery are very low.
A simple Zero fill by standalone Eraser or Secure Eraser will be further enough to completely destroy data as it is erased from firmware level.
You can recover all expenses incurred in this process by selling all drives to disk refurbishing company which will further erase disk .


Top
 Profile  
 
 Post subject: Re: How to destroy a hard drive
PostPosted: July 18th, 2020, 10:48 
Offline

Joined: July 18th, 2020, 9:56
Posts: 1
Location: San francisco
Your first option for deleting data from your hard drive is using a data-wiping program. Do this if you want to keep the drive usable but data erased. You can use the free program called Darik’s Boot and Nuke (DBAN), which comes in a version that runs off USB flash drives and another that runs off a CD or a DVD. DBAN has a solid reputation among security experts.


Top
 Profile  
 
 Post subject: Re: How to destroy a hard drive
PostPosted: July 18th, 2020, 11:04 
Offline

Joined: September 30th, 2005, 7:33
Posts: 849
ATA command sanitize is devoted for such a purpose...


Top
 Profile  
 
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 15 posts ] 

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 118 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group