[unisog] Wiping hard drives before computer transfer

Bob Kalal kalal at tardis.uts.ohio-state.edu
Fri Jan 24 03:32:10 GMT 2003

And I would add, disk removal and acetylene torch if any
truly sensitive data was on the disk.

Bob Kalal
The Ohio State University, USAF in a previous life

At 6:36 PM -0500 1/23/03, Arnold, Jamie wrote:
>Fdisk and format then image if it's staying n campus.  Military grade wipe
>program if it's going off-site.
>"Imagination is more important than knowledge"
>Albert Einstein
>-----Original Message-----
>From: Marty Hoag [mailto:Marty.Hoag at ndsu.nodak.edu]
>Sent: Thursday, January 23, 2003 5:14 PM
>To: unisog at sans.org
>Subject: [unisog] Wiping hard drives before computer transfer
>     I'm curious what others are doing to remove data and software from hard
>drives of surplused or "passed down" PCs and Macs.  Besides things like
>FERPA and licensed software concerns, there could be some liability if we
>passed along a machine which had already be compromised and potential
>embarrassment of revealing old data.
>     As a public institution we are to either pass along
>the systems internally or send them to purchasing as
>surplus (they often old spot silent auctions on the old
>stuff).  Our "Lan Group" provides desktop support to many departments on
>campus and is often requested to remove the old data but I suspect some
>machines are getting through to surplus or to some other department without
>expert attention.
>     Doing some Google searches reveals a plethora of
>products available with wildly different pricing
>models (e.g. per wipe, per technician, etc.).  One
>staff member created a Linux bootable CD-ROM with
>an open source tool but that took 6 hours to wipe
>a 20 GB hard drive (doing 7 passes).  I had tested
>Symantec's gdisk on a 10 GB drive doing the "DoDwipe"
>(also supposedly 7 passes) and that took little more
>than an hour.  I ran across web pages for things like
>PDWIPE, Disk Wipe, Wipedrv, Paragon Disk Wiper, Wipe,
>gdisk, and Declasfy.  I know nothing about Macs so I
>don't know what is available for them.
>     In our distributed environment it would be nice
>to have an institutional license for something on a
>bootable floppy and cd-rom which: the end user could
>just boot, would list the disks on the system, ask
>the user to confirm, then just do its thing.
>     Anyway, I'd be curious about policy and software
>(or hardware) solutions.  I'm most interested in cases
>where you do NOT want to destroy the drive itself since
>that is pretty easy given a few tools a big enough
>sledge hammer.  Depending on the responses I'd be glad
>to summarize the comments.   Thanks!
>     Marty

More information about the unisog mailing list