[unisog] Wiping hard drives before computer transfer

Ian Morey ian_m at telus.net
Mon Jan 27 07:17:11 GMT 2003


  Hi;
         Last I heard, one had to re-write each bit on a drive with 9 
writes of random 0's/1's to make it hard to decipher. Tools are out there 
that can read older magnetic fields on drives, so can read data "under" 
current data. At least till the signature gets weakened by 9 random changes.
         Since people are saying it takes 9 over-writes, I would expect the 
NSA can read drives after 20 or so. ;-). Tools such as tunneling electron 
microscopes can be used to analyse individual molecules for god-knows-what 
that tells of various magnetic field positionings.
         So writing single set of 0's to a drive may do nothing for 
stopping modern recovery techniques - I would bet it barely slows them 
down.... if it was a random 0's 1's thing, it would be a bit tougher.
         The only way to make data on drives safe is to use a vat of acid. 
Breaking them, drilling them, etc, still leaves valid pieces that can be 
read and put together. Some vital stuff will still be missing, but much 
more will be gained. Remember what happened in Saigon when the CIA didn't 
manage to burn the shredded documents. Vietnamese students pasted them all 
back together, and that cost a lot of lives.
         Using a tool such as the free "Eraser" (for file wiping), and 
Partition Magic's secure drive wiping tools aren't a bad alternative. I'm 
sure there are better ones out there, but I haven't had to worry about 
complete drive wiping.
         Anyway, that's my paranoid two cents worth. :-)

                 Cheers!
                                 Ian



At 01:49 PM 26/01/2003 -0500, you wrote:
>I'm posting what our campus does for both information and a bit of feedback.
>
>
>We picked up a tool from Gateway called GWSCAN.  It has a very handy feature
>of writing zeros to a drive.  The upside ..it's free and available online
>(at least at one time it was online).  The downside...it takes forever..a
>20GB drive is about 4-5 hours of work to zero.  The program is DOS based and
>should be run from a boot disk.
>
>I've had data recovery people tell me that they know of nothing that will
>recover the data (within reason of course).  Have I been fed a line on this
>or have I figured out a good way to take care of my old drives?
>
>Ben C.
>
>
>-----Original Message-----
>From: Marty Hoag
>To: unisog at sans.org
>Sent: 1/23/2003 5:14 PM
>Subject: [unisog] Wiping hard drives before computer transfer
>
>     I'm curious what others are doing to remove data and
>software from hard drives of surplused or "passed down"
>PCs and Macs.  Besides things like FERPA and licensed
>software concerns, there could be some liability if we
>passed along a machine which had already be compromised
>and potential embarrassment of revealing old data.
>
>     As a public institution we are to either pass along
>the systems internally or send them to purchasing as
>surplus (they often old spot silent auctions on the old
>stuff).  Our "Lan Group" provides desktop support to many
>departments on campus and is often requested to remove
>the old data but I suspect some machines are getting
>through to surplus or to some other department without
>expert attention.
>
>     Doing some Google searches reveals a plethora of
>products available with wildly different pricing
>models (e.g. per wipe, per technician, etc.).  One
>staff member created a Linux bootable CD-ROM with
>an open source tool but that took 6 hours to wipe
>a 20 GB hard drive (doing 7 passes).  I had tested
>Symantec's gdisk on a 10 GB drive doing the "DoDwipe"
>(also supposedly 7 passes) and that took little more
>than an hour.  I ran across web pages for things like
>PDWIPE, Disk Wipe, Wipedrv, Paragon Disk Wiper, Wipe,
>gdisk, and Declasfy.  I know nothing about Macs so I
>don't know what is available for them.
>
>     In our distributed environment it would be nice
>to have an institutional license for something on a
>bootable floppy and cd-rom which: the end user could
>just boot, would list the disks on the system, ask
>the user to confirm, then just do its thing.
>
>     Anyway, I'd be curious about policy and software
>(or hardware) solutions.  I'm most interested in cases
>where you do NOT want to destroy the drive itself since
>that is pretty easy given a few tools a big enough
>sledge hammer.  Depending on the responses I'd be glad
>to summarize the comments.   Thanks!
>
>     Marty



More information about the unisog mailing list