# Wiping drives



## bluetick (Apr 27, 2010)

I sit here wiping the hard drives on computers we've replaced. It's a slow process, I think of shows like CSI and NCIS. It just takes 2 seconds to wipe the drive, but on the next episode they can recover files from 2 years that have been overwritten countless times.

=)


----------



## tingo (Apr 27, 2010)

You can always invest in a magnetic eraser ("degaussing").
Hopefully you are using DBAN or something like it to ease the process?


----------



## bluetick (Apr 27, 2010)

I'm using bcwipe-total. I'll check into dban.


----------



## Ruler2112 (Apr 27, 2010)

There's 'artistic license' taken with many of the technological aspects in shows like CSI and NCIS.  (I'll never forget the episode where they take a wand and wave it back and forth over a drive's surface and watch a slightly degraded picture pop up on the screen...)

What is your question?


----------



## phoenix (Apr 27, 2010)

Drills, hammers, acid, and really really really hot fire work really well to "wipe" a harddrive, and make the data unrecoverable.  

Otherwise, you have to write out 0s to every sector on disk, then 1s, then random garbage, something like at least 9 times to consider the disk deleted to military specs.

A simple `# dd if=/dev/random of=/dev/ad0 bs=1M count=10` will wipe a drive such that non-power-users won't be able to read the data.  That wipes the MBR and partition table, making the drive appear "unformatted".


----------



## fronclynne (Apr 27, 2010)

http://www.thenetworkadministrator.com/breakingComputer.htm

*Activity 4: Hard drive defragmentation, etc.*
The infra-level repartitioning looks to be just the trick.


----------



## graudeejs (Apr 27, 2010)

I'd put geli on those drives and then dd few times....

Now if someone will try to recover, it'll probably notice that it's encrypted, and then might try to decrypt them somehow...., GOOD luck them

If I'm going to USA, I'll defiantly do that will all my media, that I will carry, because AFAIK they copy all media, and study it later (I want them to wast time and resources, just to find trash data )


----------



## Saint0fCloud (Apr 27, 2010)

killasmurf86 said:
			
		

> If I'm going to USA, I'll defiantly do that will all my media, that I will carry, because AFAIK they copy all media, and study it later (I want them to wast time and resources, just to find trash data )



Who's they?


----------



## graudeejs (Apr 27, 2010)

I dunno, the name of agency, but AFAIK when you travel to USA, you have to give them all media, to be cloned, for later analysis.... (kinda, searching for terrorists <<< the official fairytale story).

Correct me if I'm wrong, Or I've been misinformed (I've read that in news some time ago)

Since I actually haven't been to USA, I don't know exactly,
so I apologize, if I'm wrong


----------



## expl (Apr 27, 2010)

killasmurf86 said:
			
		

> I dunno, the name of agency, but AFAIK when you travel to USA, you have to give them all media, to be cloned, for later analysis.... (kinda, searching for terrorists <<< the official fairytale story).
> 
> Correct me if I'm wrong, Or I've been misinformed (I've read that in news some time ago)
> 
> ...



First time Ive heard about it. I really doubt they do like this, unless they suspect you.


----------



## Saint0fCloud (Apr 27, 2010)

killasmurf86 said:
			
		

> I dunno, the name of agency, but AFAIK when you travel to USA, you have to give them all media, to be cloned, for later analysis.... (kinda, searching for terrorists <<< the official fairytale story).
> 
> Correct me if I'm wrong, Or I've been misinformed (I've read that in news some time ago)
> 
> ...



I have never heard of that happening nor have I seen it in my lifespan of traveling between the United States and Europe multiple times every year. Now technically they do have the right to seize a computer and search it in which case your cryptography won't help at all.


----------



## graudeejs (Apr 27, 2010)

Saint0fCloud said:
			
		

> I have never heard of that happening nor have I seen it in my lifespan of traveling between the United States and Europe multiple times every year. Now technically they do have the right to seize a computer and search it in which case your cryptography won't help at all.



Not unless I encrypt random trash, just to wast time 
Anyway, that probably must be it, that they have right...  Probably news were exaggerated


----------



## mix_room (Apr 28, 2010)

phoenix said:
			
		

> Drills, hammers, acid, and really really really hot fire work really well to "wipe" a harddrive, and make the data unrecoverable.


Drills and hammers work well if you sufficiently destroy the platters, but just drilling a hole in one platter would still enable someone to disassemble the harddrive, recreate it, and read everything except for the 'data-hole'. 



> Otherwise, you have to write out 0s to every sector on disk, then 1s, then random garbage, something like at least 9 times to consider the disk deleted to military specs.


Are those the same military specs which allowed the UK military to lose about 15 laptops last year? :\



> A simple `# dd if=/dev/random of=/dev/ad0 bs=1M count=10` will wipe a drive such that non-power-users won't be able to read the data.  That wipes the MBR and partition table, making the drive appear "unformatted".


Security by obscurity. Works with people who don't know what they are looking for. 



			
				Saint0fCloud said:
			
		

> in which case your cryptography won't help at all.


That is exactly when your cryptography will help. As far as I know there are still no laws in the united states which require you to give up your passwords, contrary to ex. the UK.


----------



## michaelrmgreen (Apr 28, 2010)

How paranoid are you? If the answer is 'not much' just use dd to write zeros to the whole drive. No one gets data back from that without special tools.

If the answer is 'a lot' then reformatting with a sledge hammer is the way to go.


----------



## Ruler2112 (Apr 28, 2010)

michaelrmgreen said:
			
		

> How paranoid are you? If the answer is 'not much' just use dd to write zeros to the whole drive. No one gets data back from that without special tools.
> 
> If the answer is 'a lot' then reformatting with a sledge hammer is the way to go.



I've read reports that modern drives really aren't good for recovering data from after it's had a binary wipe with 0s.  The margin areas that the special hardware you refer to read don't retain the magnetic signatures that old drives did because now the tracks are packed so much more closely together.

Belt sander would be better for the truly paranoid.


----------



## saxon3049 (Apr 29, 2010)

A long long time ago I had to totally destroy a set of drives from a server that belonged to a accountancy firm, at the time I was friendly with a guy who owned a car body shop and asked if I could use his sand blaster for a hour, that was one fun hour and the data was totally gone.

But if your are only going to do a software option DBAN is the way to go.


----------



## paean (Apr 30, 2010)

Saint0fCloud said:
			
		

> I have never heard of that happening nor have I seen it in my lifespan of traveling between the United States and Europe multiple times every year. Now technically they do have the right to seize a computer and search it in which case your cryptography won't help at all.



Unfortunately, this has been happening for a while. 

Here's a relatively recent article on it. There's a number of other articles out there, for going in and out of the states (different rules apply). Most of them are geared for laptop users and international travel. Google is your friend.


----------



## mix_room (Apr 30, 2010)

paean said:
			
		

> Unfortunately, this has been happening for a while.



No, they have the right to seize your computer. That is not the same thing as you having an obligation to hand over EVERY media that crosses the border.


----------



## fronclynne (Apr 30, 2010)

killasmurf86 said:
			
		

> Not unless I encrypt random trash, just to wast time



The problem with this theory is that if _they_ actually suspect you, and _they_ find encrypted data, _they_'ll probably sit you down in a room and waste *your* time.  Remember, _they_ get paid by the hour to do this.


----------



## paean (Apr 30, 2010)

mix_room said:
			
		

> No, they have the right to seize your computer. That is not the same thing as you having an obligation to hand over EVERY media that crosses the border.



The document states they can "search, detain, seize, retain, and share electronic devices, or information contained therein, with or without individualized suspicion, consistent with the guidelines and applicable laws set forth herein".

If _your_ information is correct and can be confirmed it would valuable to many of us. Can you provide a link to government documentation that denies the above document and confirms what you're suggesting?

NB: My apologies to the OP for the topic shift


----------



## qsecofr (Apr 30, 2010)

*wasting time*

@fronclynne: thats an uncontested point.
I'm still chuckling.


----------



## mix_room (May 1, 2010)

paean said:
			
		

> If _your_ information is correct and can be confirmed it would valuable to many of us. Can you provide a link to government documentation that denies the above document and confirms what you're suggesting?



That is completely consistent with what I am saying. They MAY search you for any reason, that I have never contested, they MAY copy your data and do what ever they want with it. BUT that does NOT mean that YOU HAVE TO hand over your media to them. How long would it take for a 747 arriving in New York to be cleared for customs if every one of the 300+ passengers had to hand over their, on average, 1GB memory stick to be copied, filed etc etc. There is a HUGE difference between their RIGHT to copy your data and your OBLIGATION to hand it over. I don't contest that they can take a piece of media from you, but you don't have to hand over it.


----------



## kpedersen (May 1, 2010)

mix_room said:
			
		

> I don't contest that they can take a piece of media from you, but you don't have to hand over it.



I don't argue any point because I do not know. But what happens in this situation?

1) They can take a piece of media from you.
2) You don't have to hand it over.

Do you have to get on a plane and go back to your place of origin?

I ask because I am kinda interested in broken systems, not just in the computer world.


----------



## DutchDaemon (May 1, 2010)

"Hand it over" may mean "volunteer", as in "offer without being asked". Perhaps a translation difficulty here.


----------



## Carpetsmoker (May 2, 2010)

Overwriting the drive with zeroes (/dev/zero) once is sufficient for drivers manufactured after 2001-2002, NIST 800-88 covers this as well as some other research.



> A simple # dd if=/dev/random of=/dev/ad0 bs=1M count=10
> will wipe a drive such that non-power-users won't be able to read the data. That wipes the MBR and partition table, making the drive appear "unformatted".



New drives are typically empty ("zeroes"), not filled with random data.



> Drills, hammers, acid, and really really really hot fire work really well to "wipe" a harddrive, and make the data unrecoverable.



I suspect this is actually _less_ secure than overwriting a drive with zeroes, since you might be able to read information from the shattered pieces.


----------



## dennylin93 (May 2, 2010)

Carpetsmoker said:
			
		

> > Drills, hammers, acid, and really really really hot fire work really well to "wipe" a harddrive, and make the data unrecoverable.
> 
> 
> I suspect this is actually _less_ secure than overwriting a drive with zeroes, since you might be able to read information from the shattered pieces.



Do them both? :e


----------



## Carpetsmoker (May 2, 2010)

Why? There is no need.


----------



## fronclynne (May 2, 2010)

Indeed, don't store those sorts of images and movies on your HDD and you won't have to hide anything.


----------



## phoenix (May 3, 2010)

What pieces?  If you melt the drive in acid, there's nothing left but slime.  Same for melting the platters.    No need to wipe it ahead of time.  Same if you pound the platters into dust.


----------



## fronclynne (May 3, 2010)

I just put a note on my hard drive that says, "I wiped my nose on this" so no-one will touch it.


----------

