How To Really And Fully Wipe A Hard Drive?

root_dev_X ventures: "Admittedly, this is a random question, but here goes - Does anyone out there know of any ways to totally erase the data on a drive? Some friends of mine got into a discussion about this not too long ago; one of them told me they had heard from a friend in the military that they hooked up old HDDs to modified stun-guns and zapped them in order to totally erase them - apparently this method scrambled the magnetic field of the disk, leaving the data irrecoverable. Does this work? Are there any other methods for "data-destruction" (keeping the platter intact, that is)?" A nice "obliberate data to the point of senselessness" tool would be nice -- or is keeping the platter intact a senseless question if you want true security?

Re:its easy....

[babbage (61057)]

...and ineffective.

Playing off ideas from Bruce Schneier's writings, there are three different people you want to protect yourself against here: casual snooopers, experienced hackers, and dedicated experts.

The casual snooper is someone like, say, my mom, who is baffled by Windows Explorer. You strategy will handle people like this very well, for the most part. If however you're trying to "really" wipe out the hard drive though, that's not enough.

The next person is the moderately adept hacker, who probably has the smarts but doesn't necessarily have the tools to get everything. This kind of person might be able to, for example, mount your hard drive on a Linux system and use various filesystem tools to retreive the contents of the disc. This is easier to do than you might think (anecdote: on my last computer, I went through various partitioning schemes to make room for Win95, BeOS, and Linux. I was surprised to find that one of my reinstalls brought me back to an earlier state of the disc, because the "new" partitioning was one I had used before, and the data was now accessible again. What I thought I had thrown away forever was once again accessible). A quick format might or might not fend off this level of cracker, but don't get your hopes up. A more thorough defense here would be to rewrite the whole drive at least once, if not a handful of times, with something like 1010101010101010101 etc.

The third level of cracker is someone with both the expertise and the tools needed to get whatever they want from your drive. Apparently, the magnetic field on the disc stores an imprint of the last dozen or so writes, thus the above 101010101 strategy only masks the contents of the disc, but it does not remove them. Slightly more clever destruction attacks add more entropy to what you're writing to the disc (add in enough variation to disrupt the magnetic field in various ways: 0000000111111111000000001111111) but even still you're just sweeping over your tracks, not really eliminating them. For this level of attacker, the only sure defence is really to thoroughly destroy the disc -- break it, burn it, scratch it up & cast the remains to the four corners of the world.

So, the short answer to the original question would be something like: "yes, it's possible to *really* erase a disc, but you have to know who you're trying to hide things from and how far you're willing to go to hide it."

Just destroy the sucker..

[cmowire (254489)]

A few points that haven't been mentioned yet.

1) Even if you overwrite the data with a "Military grade" data wipe tool, there exist pieces of hardware that will still be able to recover your data, if they want to enough.

2) Low-level formating is left for the factory. Modern drives have embedded servo information that you can't recreate without the aid of expensive factory hardware. And that wouldn't help you too much, anyways, given that it won't do a satisfactory job of wiping the disk.

This is why the manual warns you to not degaus the drive.

So your best bet is to just destroy the sucker. First wipe the drive using one of the wiping tools mentioned and then have fun.

I'd suggest you try microwaving it. But don't use your own microwave, because it'll probably end up frying the microwave given enough time. The fireworks are sure to be a crowd pleaser.

You also might consider playing hard disk platter frisbee. Although, with modern 3.5" drives, it's a lot harder than 5.25" or 8" platters.

And, once you've had your fun -- make sure that your disk platter frisbee buddies are people you trust -- just thermite the platters. You can find instructions on how to do thermite at any popular anarchist webpage.

If you leave the drive usable, there is always the possibility of discovery.

Re:Data destruction 201

[SEWilco (27983)]

Burning lighter fluid in a metal wastebasket won't do all that much to the data on the platters. There's not very good air circulation, and lighter fluid burns at a low temperature. There should be air holes in the incinerator, at least, and preferably plenty of fuel.

You need to raise the temperature of the magnetic coating above the Curie temperature [britannica.com] (770 C for iron). But as the platters are probably aluminum, and the melting point of aluminum is around 660 C -- you're probably going to have to settle for melting the platters and stirring them up.

Be aware that melting aluminum in your wastebasket will damage your wastebasket. And you probably should not do this near your cubicle.

Herkimer...

[bobhope (118008)]

I think the best way to destroy would be to bring it to the Herkimer Diamond Mines (http://www.wpi.edu/~stype/herk2k.html (see pictures)). Just use it as a fulcrum or a chisel and it won't last long. I have seen old leaf springs (tempered steal, VERY hard!) that had been converted into wedges twisted worse than Dale Earnhardt's car.

Or you could just give it to my friend Liz, she seems to break everything....

Re:Cryptonomicon: magnetic doorway

[Pogue Mahone (265053)]

they're erased with no effort

Who are? The disks, or the people who are leaving?

--

separate the pieces

[PapaZit (33585)]

There is at least one military organization that decomissions drives by overwriting them a bunch of times. Then, they cut the drive in half with a saw and take each half to a different facility for disposal (which usually involves melting the drive).

See Peter Gutmann's Usenix paper on secure deletion of data from magnetic and solid state memory [auckland.ac.nz] for some truly impressive data recovery methods.

--

Re:This won't work.

[Tackhead (54550)]

>if you're not going to damage the surface of the drive, you're going to need to format like crazy, and fill it with junk every time.

Yup. And even this won't work. Suppose you've got data in marginal sectors on the drive - the data gets mapped to spare tracks, and the marginal sectors are blocked out and remapped by the drive's firmware.

No amount of repartitioning and reformatting and "overwriting with junk" will overwite the mapped-out sectors, because the OS (and BIOS) never sees the mapped-out sectors.

Whether this is sufficient depends on who your imagined adversary is.

If it's Joe Average, who bought your used P166, repartition and don't even bother reformatting.

If it's Joe Linuxgeek, who bought your used P166, repartition and overwrite with junk.

If it's Fred the Fed, degauss. This will likely ruin the drive, as there's lots of information embedded between tracks on the platters that the drive heads use to figure out whether they're tracking correctly. This is why you can't "low-level" format (in the sense that you could with old-sk00l MFM drives) an IDE drive.

If you are Fred the Fed, and just got busted for selling secrets to the Russians... it's too late to use thermite.

There are reasons why military and intelligence organizations require physical destruction of drives on which classified material has been stored.

Re:There is no 100% sure way to destroy data.

[Tackhead (54550)]

>Several wiping programs are available that will overwrite data multiple times with binary patterns - checkerboards, solid 0's, solid 1's, random patterns, etc.

You correctly point out that physical destruction of media is the only way to be sure.

One thing to be aware of when overwriting data with patterns is that what you think you write to disk isn't what you write to disk.

A string of "00000000" isn't "all magnetic north poles up", and a string of "11111111" isn't "all magnetic north poles down".

Drive firmware maps these bit streams into encodings that are broken up into patterns of ones and zeroes that the heads can always read - much the same way that your serial port would get very confused if you tried to download a 100K file of "all zeroes" by just holding the ReceiveData line low for 30 seconds with no parity or stop bits.

The actual encoding method by which the bitstream is encoded into alternating magnetic patterns is probably drive-dependent. As a result, the "ideal" pattern of bytes the controller should write to the drive to create patterns of alternating, or mostly-North, or mostly-South, magnetism, will also be drive-dependent.

Practical application: The Apple ]['s "disk ][" floppy controller used to have a feature where you could tell the floppy drive to give you the data as seen by the read/write head. By changing the encoding scheme to a less-redundant, but equally-reliable one, you went from 13 sectors per track to 16 sectors per track. Many copy-protection-breaking programs of the day would give you the bytes as seen by the drive head and use this to determine what encoding (or if a custom encoding) was in use.

In hard drives - MFM and RLL are two encoding schemes. RLL drives were exactly the same hardware inside, but used a different encoding scheme. RLL stood for Run-Length-Limited, where "Run-Length" can be loosely translated into "number of consecutive all-north-poles-in-a-row the drive firmware will tell the head to read/write for any given input bit sequence. As such, the RLL version of a drive typically had 30M of user space, whereas the MFM-encoded drive - same hardware - had 20M of user space.

Today's drives work on the same mechanism at the head/platter level, it's just buried under many more levels (BIOS, C/H/S remapping, LBA, etc. etc. etc.) of abstraction.

Others have posted links to this paper [auckland.ac.nz]. I've merely summarized section 3. It's a damn good paper.

If it's important - whether military or corporate secrets - physically destroy the media and buy a new drive.

Re:How about Something Different

[Tackhead (54550)]

>Memory is recoverable from DRAM/SRAM for some time. Not trivially, but it takes a long time for the electron density in all of the cells to return to a statistically meaningless state.

True. An old stunt we used to love doing as kids was to load an image into an Apple ]['s graphics RAM, then power-cycle the machine and go into graphics mode on power-up.

Most of the time, there was corruption, but the image remained recognizable - the chips retained the ability to return a TTL signal to within spec - even after 5-10 seconds of power-down.

I have no doubt the data was recoverable (i.e. measure analog voltages) for power-down periods of time much longer than that.

Big ass magnet

[AntiFreeze (31247)]

And I'm not kidding.

I've done it before, works like a charm.


---

Re:its easy....

[Royster (16042)]

...and ineffective.

/. needs a new moderation category "didn't get the joke".

Simple

[SanLouBlues (245548)]

Put it under that gun that shrinks quarters. Give it to a friend. Say "Hey man I compressed my hard drive" :)

Hysteresis is your friend.

[nylreM (69033)]

http://www.lassp.cornell.edu/sethna/hysteresis/Wha tIsHysteresis.html

Stick the platters near a source of strong alternating magnetic fields, change the relative 3d orientation of the source a few times, and run the source for a long time. Make sure there's no interposing metal that could reduce the field density at the surface of the platter, or increase field strength to compensate, and then melt the entire drive.

Physical distruction

[SuiteSisterMary (123932)]

When you cannot have ANY data recoverable, you either acid bath the thing into non-existance, or melt it into undifferentiated slag, and break the lump into little bits, and pass it around. Lets assume that doing the standard 'alternating 10-pattern fill' routine is 99.999 percent effective. On a 10 gig drive, that leaves 1 megabyte recoverable. For some applications, that's 1 megabyte too much that can be recovered.

Re:Cryptonomicon: magnetic doorway

[Dr. Evil (3501)]

Yeah, I can just imagine it now.. some fellow carrying a server walks out of the room. In doing so, some shoplifting-type sensor picks up this little detail, discharging an arc-welder into a thick coil wrapped around the doorframe.

The fellow notices a loud "wooosh", kind of a rapid tinkling as wiring squeezes about the doorframe and shifts in its mountings, fine ferrous dust immediately sucks towards the extremeties of the door, instantly forming a fine iron fur. All zippers, key rings, watch springs, and other iron sundries jolt imperceptably. The case of the computer is torn through inches of open space and slammed into the door frame. Anybody within 30 yards with a pacemaker dies instantly. The hard drive jumps as its magnets align to the strong magnetic field.

Then great capacitor in the arc welder fades, and only the smell of melted insulation and positive ions is left in the air.

I bet the data would still be intact... if not, easily recovered using advanced techniques. A uniform magnetic field would probably leave the ferrite in a predictable alignment... anything which isn't is part of the old data structure.

Encryption and writing random data acros the drive would probably work better. Maybe even mounting a coil near the platters then using a garage-door-opener type device to trip a battery inside the case to send crazy fields through the platters.

Re:Then again...

[SuiteSisterMary (123932)]

Can you take that chance? Even thirty contiguous bytes can give you a username and password.

Re:Data destruction 101

[PhilHibbs (4537)]

3. Overwrite all your data with a good random or pseudorandom stream of data.

I think creating a stream of plausable-looking data, ie. with a similar bit distribution to the original data, would be better. If you overwrite with random data enough times, the original data may become partially visible therough statistical analysis.

The smart user uses encryption.

[by Anonymous Coward]

The difficulty of erasing data from a hard drive is a very good reason for using encryption to store your data. By simply storing all your data in encrypted form, removal of the key to your encrypted data will erase all of it. For instance you can keep your key on a floppy disk or by remembering your key (although most keylengths you can remember seem to be crackable these days). In the floppy disk case, you simply destroy your floppy and the data on your hard drive is gone forever.

Look at www.kerneli.org [kerneli.org] for information about how you can encrypt your hard drive on Linux. Other tools exists too.

Re:Data destruction 101

[thogard (43403)]

Flight recorders used to use a metal wire that would run in an endless loop as its "tape". It was common in the 1970s to be able to read 6 generations of recordings off of them.

Re:Some thoughts...

[thogard (43403)]

You don't know what a modern drive will do.

We got some brand new 1 Gig IDE drives in a few months ago. They look like 10 gig drives but they claim 1. maybe they have 9 gig worth of bad sectors or maybe they have 9 gig worth of sectors that can be remapped.

When a modern drive is told to put a sector at a specific location, its going to do its own mapping and if its detected an area of the disk is going bad, it will put the new data someplace else leaving the old data there where you can't delete it as a user.

its easy....

[ndfa (71139)]

right click on the drive and choose format, quick format is nice and fast!!!

;)

There is no 100% sure way to destroy data.

[meldroc (21783)]

Several wiping programs are available that will overwrite data multiple times with binary patterns - checkerboards, solid 0's, solid 1's, random patterns, etc. Even after all of that, it is still possible for an organization with lots of resources such as a data recovery service or a three-letter agency to recover the residual remains of the data, though it would be very difficult.

The only sure way to eliminate the data entirely is to completely destroy the media. Sandpaper on hard disk platters or CD-Rs (the top side, make sure you sand off the silver and dye layers) works, incinerating also works. Be careful. I saw a case where a suspect tried to destroy a floppy disk with incriminating evidence by cutting it up with scissors. The FBI was able to put the disk back together like a jigsaw puzzle and recover the data. Make sure there is nothing left of the recording surface.

This company does just that

[Diffraction (70861)]

Blancco Ltd. [blancco.com] is a company that sells piece of software that erases your hard drive permanetly. It is based on Septem OverWrite method that they have developed which seems to consist of overwriting the data seven times with random data. They claim that it is impossible to recover the data but the hard disk is still usable. See the Brochure [blancco.com] and decide for yourself if it makes any sense.

No, I don't work for them, they are just located a few blocks away from where I live.

Answer depends on your threats

[coyote-san (38515)]

Like all questions with security, the answer depends on your threat. Ensuring data isn't recoverable by your spouse or parents is very different from ensuring it isn't recoverable by a TLA.

PARENTS: <code>dd if=/dev/zero of=/dev/hdc</code> will make the disk appear empty to anyone who uses the standard access hardware.

TABLOID JOURNALISTS: you'll probably want to use one of the multi-pass programs. Civilian data recovery sites might still be able to pull up the data, but multiple writes (properly done) will make it expensive enough to discourage most people. If the material is sufficiently sensitive (e.g., you're protecting medical records of celebrities and the tabloids have been caught dumpster-diving) you might want to proceed to the next step.

TLA: big vat-o-acid to dissolve the platter. Forge to heat the platter to melting temperature, or at least hot enough to completely scramble all magnetic domains. Heavy duty sanders, again producing enough heat to scramble any magnetic domain that survives the abrasion and magnetic fields in the motor.

ALL: don't forget that data rarely exists in only one place. It's a waste of time to carefully scrub hard disks, yet toss backup CD-Rs into the trash as-is.

How to destroy anything...

[chipuni (156625)]

Give it to a five year old. They can destoy anything .

Some thoughts...

[jd (1658)]

None of these are guaranteed to be 100% effective, but they're probably better than doing nothing.

• Low-Level format the drive. No, that's NOT the same as a typical user-land format. We're talking actual hardware-level. This is usually not done on hard drives, simply because it has a tendancy to mangle them.
• Place the drive in a variable, high-power magnetic field. Ideally, the magnetic field should be comparable to those used in linear accelerators. You -DON'T- want a constant field, though, unless you want the drive permanently magnetized, rendering it useless.
• Smash the heads against the buffers, repeatedly, until they're no longer aligned with where they were. Don't go too far, or you'll lose the heads altogether.

Data recovery companies

[Hall (962)]

I went to www.ontrack.com to see if, by chance, they had a FAQ like "Can I erase my data to the point that even you can't recover it ??". Didn't find it, nor did I look very hard, but did find this faq [ontrack.com]

No Need to!

[Smitty825 (114634)]

Here is a fool-proof method to keep people from even wanting to read your data:

For the next week, take all of the Trolls posts on Slashdot and store them in random places on your harddrive where the data needs to be destroyed. Anybody who trys to read that data would get so sick of reading "Frist Post", "wh00p", "pron" & "3133t h4x0r" and seeing lots of nasty goatse.cx links that they would immediatly dispose of the hard drive without getting any sensititve material

I guess that method wouldn't work if you were a troll trying to cover your footsteps, though! :-)

This won't work.

[Wakko Warner (324)]

In order to truly erase a drive, for good, you need to wipe it dozens of times. There are data recovery centers that can recover files on drives that have been written to (i believe) 8 or 9 times after a file has been deleted or a disk has been formatted, so if you're not going to damage the surface of the drive, you're going to need to format like crazy, and fill it with junk every time.

- A.P.

--
* CmdrTaco is an idiot.

Now you did it

[JediTrainer (314273)]

All of you who said that no matter what, data can't be erased, gave me an idea.

Unlimited storage.

That's right. Every time you need more disk space, simply delete something not used in a while, then overwrite it with a new file. Need that old file back? Great - have the filesystem automagically run a recovery on it. Put it into the kernel, and we've got blackholefs.

The end result is a bottomless pit of unlimited drive space :) Even more interesting is that the files you use the least may eventually become unrecoverable and forgotten over years, lessening the need to clear out your clutter. Files that you haven't used in a while might take a bit of time to come up, but you usually won't mind the wait. Stuff you use all the time will always be available. So how about it, kernel hackers? And my sig's appropriate this time around, too!

(and yes, I am joking, but if someone can think of a way to really do this them I'll REALLY be impressed!)

Data destruction

[Terri416 (131871)]

There are two scenarios: with disk reuse and without. Without disk reuse, you simply destroy the magnetic material by raising it well above the curie temperature for a long time. A conventional gas or electric oven (NOT a microwave) will do the job fine, just remember to pierce or open the casing to avoid an explosion! The weakness of this is that the bad guys can still find the dead drive and get suspicious. You could use thermite or other thorough destruction method, but that can leave evidence that's even more suspicious. A domestic oven is a very innocent degausser. If you want to keep the use of the disk (you might have a regime of regular data shredding - weekly, maybe) then you have to accept compromise. Although you won't have to explain the molten pool of metal, your disks will still retain the secure deletion software, so that might need explanation. Also, for technical reasons, there is NO WAY to guarantee complete destruction of all data. You can make it difficult to recover. You can make it so difficult that it isn't worth they're making the effort, but they just might get lucky and recover something important. It's a matter of a trade-off. One method is to use encrypted loopback devices to store the data in the first place. Just change your password (which you NEVER wrote down) and they'll have to break AES to recover it. This is quick and easy, just give the device the new password and store something innocent in it and hand the new password to the baddies. Destroying plain text is difficult, destroying encrypted data is not so bad. Just a thought.

Other techniques

[satch89450 (186046)]

Lawrance Livermore used to take decommissioned hard drives and Syquest style media in the green area and dump the platters into a vat of acid. Floppy disks went through the three-pass shredders, so you end up with fine magnetic dust.

The original specification for overwriting disks containing classified but not secret data called for 300 overwrite passes, alternating between all-zeros, all-ones, alternating zero-one, alternating one-zero, and "worst case pattern" (for those old MFM drives, the 16-bit pattern 0xDAC3). You needed to know the exact drive geometry, because you want to do all the tracks on a platter individually, using a back-and-forth sweep so as to get into the guard bands as much as possible.

(In other words, wipe from cylinder 0-max on head zero, then from cylinder max-0, then go to the next pattern and wipe. Then you go to the next head.)

Is it worth it? At today's prices, I don't think so.

Re:Hysteresis is your friend.

[Detritus (11846)]

Where I work, we have a tape degausser that is powerful enough to erase all of the credit cards in your wallet and stop your heart pacemaker if you are anywhere near it while it is in operation. It still isn't powerful enough to erase high coercivity media to NSA standards.

Re:This company does just that

[Fillup (121335)]

There is a little hacker tool called "Burn" [staticusers.net] that has been out for the mac for like 5 years (i know i know, nobody here uses a mac....)

Burn is a file-deletion utility that does what this poster just described---you can set the pattern (0000, 1111, or maybe 1010101)---and the number of passes it makes. Highly configurable.

Also has a command to "erase free space" on the hard drive---same options as the file deletion, only it cleans all the os-marked "free space."
--

I did this once

[scorbett (203664)]

Several wiping programs are available that will overwrite data multiple times with binary patterns - checkerboards, solid 0's, solid 1's, random patterns, etc. Even after all of that, it is still possible for an organization with lots of resources such as a data recovery service or a three-letter agency to recover the residual remains of the data, though it would be very difficult.

About a year ago I worked for a company (which shall remain nameless) that tasked me with writing a secure disk wiping algorithm. I did a little homework, and found that the US Department of Defense had a recommended 7-pass algorithm. A little more homework, and I discovered a crypto guru named Peter Gutmann [auckland.ac.nz] who had a 35-pass algorithm. I implemented both of those, and then took it a step further and allowed the user to create a custom wiping algorithm, up to 99 passes (I figured any more than that would probably be overkill). We had a professional cryptographer on staff who assured me that even after 99 passes of overwriting the data on disk with different patterns, the NSA or some other such agency could still recover the data if they wanted to badly enough. I had my doubts, but then I've never ventured into the field of electron microscopy.

Anyway, the project was killed due to management/marketing cluelessness, so we never actually shipped it, but it sure was educational to implement. I had been under the impression that simply overwriting a file even once with 0's and 1's would be enough to render it unrecoverable, how naive I was.

--

Re:How about Something Different

[b1t r0t (216468)]

Then it was either Flash or had a battery built into the module.

Re:This company does just that

[Raven667 (14867)]

I thought that I should just mention, to all those people recommending software solutions, they don't mean squat to someone willing to have the drive analysed by a professional data-recovery service. Mondern drives are getting harder and harder to erase this way and modern OS's don't help either, both abstract the actual physical data so much that you can't be abusolutely sure about anything.

Take ext2fs for example, to prevent fragmentation it stores files all over the surface of the disk, if a file grows in a way that would fragment it the entire file is moved to annother location on disk to prevent this fragmentation. That means you now have two copies of the file on disk.

There are also stupid bugs possible in this software (well, any software has bugs but . . . ). For example a couple of months ago someone on Bugtraq noted that shread (or wipe, I can't remember) truncated the file to 0 bytes before it overwrote it, this had the effect of creating a new file on disk and doing _nothing_ to the existing data, which can be recovered by a simple grep of the raw disk device.

Even if your wipe software works the hard disk itself abstracts the actual structure of the disk with things like automatic bad block relocation and such, making it impossible to know for certain that your sensitive data doesn't exist in a backup area of the hard drive.

I guess the important consideration is who are you trying to keep the data from, people who are going to use:

1. Software: If you expect that your attacker will be limited to accessing the disk using only normal software than dd if=/dev/zero of=/dev/hda would work fine.
2. Hardware: If someone is going to take apart the drive (business rival, military foe) then nothing short of melting your drive into slag (Blowtorching for Fun and Profit!) will help you, anything less is a waste of time.

Re:Military methods

[Calle Ballz (238584)]

I've heard the same thing from many of the ex-military i work with, but I also hear they did the same with monitors back in the day. (because classified text might have been burned into the screen)

Use Shred from GNU Fileutils

[mojo-raisin (223411)]

GNU fileutils has a program called 'shred' that writes over a harddrive ~30 times in a way that makes data recovery ~impossible. I have two drives in my Linux box. What I do is mount the one I want to wipe out as ext2. Then

shred -z /dev/hd[a,b,c or d]

It takes ~6-8 hours to wipe out a 10GB drive.

Re:There is no 100% sure way to destroy data.

[Tower (37395)]

Well, if you are going the sandpaper route, you might as well drop the platters (or the whole drive) in some nice strong acid, or possible a smelting furnace... that should take of it.

--

Another guaranteed way...

[davejhiggins (188370)]

... is to run the Win95 installer program on it. Guaranteed to erase all data, ext2 partitions, hpfs partions, mbr, everything.

No special configuration options needed, and in many cases technically counts as overwriting with totally random data. :)

Dave

Data destruction 101

[rjh (40933)]

• The naieve way
  
  Delete your files. This will keep a six-year-old from recovering them. If you're running a UNIX which doesn't have a recycling bin, nor a broken file system which still leaves data lingering intact long after "deletion", then you'll be able to keep a seven-year-old from recovering them.
  
  
• The cryptographic way
  
  Follow the following procedure:
  
  1. Overwrite all your data with 0xFF.
  2. Overwrite all your data again with 0x00.
  3. Overwrite all your data with a good random or pseudorandom stream of data.
  4. Repeat this process at least seven times--more if you like.
  
  
  
• The smart way
  
  Follow the cryptographic method outlined above. Then get out a sledgehammer and physically destroy the drive. Drop the platter in a metal wastebasket, douse it in lighter fluid and set the thing on fire. Don't stop until the platter is totally destroyed.

... All this may sound overly paranoid, but if your data really is that important it's the only way to go. A new hard drive is $250 nowadays; the cost of important secrets getting out is easily a few orders of magnitude higher. Physical destruction of media is the only way to be fairly certain that the data is destroyed.

Keep in mind that the cryptographic method may fail, and even a bulk degausser isn't guaranteed. They can do amazing things with electron microscopy today.

Yet another yarn

[Zerth (26112)]

In the USAF about 20 years ago, usual process for the drives with the 2' platters was just to sand them until they were dull and then sand them until they were nice and shiny again. Then take a vise and a hammer and bend them in half and then half again. I've still got one on my wall(it is /such/ a pain to unbend those things:)

Military methods

[ptomblin (1378)]

Many years ago, I read about how the military destroys hard disks that have contained highly secret data. (I believe this was in comp.risks or sci.military). The procedure was as follows:

• overwrite the disk using something like Norton "wipedisk"
  
• take the disk under armed guard to a secure facility
  
• use thermite to melt the disk into slag. If any slag still looks like a recognizable part of a hard disk, use more thermite.
  
• bury the slag.
  

Now that's secure.

Re:How about Something Different

[coyote-san (38515)]

Memory is recoverable from DRAM/SRAM for some time. Not trivially, but it takes a long time for the electron density in all of the cells to return to a statistically meaningless state.

An excellent example of this was the recent Concorde crash. I recall reading a little blurp about how it used a solid state memory data recorder which had lost power... yet the investigators were still able to extract most of the information from it.

Re:Military methods

[David Gould (4938)]

The version I heard floating around was a somewhat urban-legendish-sounding story of <some vendor, possibly Norton> trying to sell <some product, possibly "wipedisk"> to <some security-paranoid gov guys, possibly the military, Lawrence Livermore Lab, etc.>. The military (or whatever) guys listened politely to the vendor's pitch, then said "That's nice, but let me show you how we destroy classified data..." and led them over to where they had set up some sort of guillotine thing, put a drive in, and chopped it in half; the message was "we don't need no steenkin' software -- if it's important, we can afford a new drive"; the vendor was suitably chagrined, etc...

Of course, the guillotine thing wouldn't be nearly as effective as the various other versions already posted (acid bath, thermite, etc.), which for that reason sound much more probable, but it's interesting that someone would have said it that way -- I guess to the less-imaginative, the guillotine makes an easier image (embellish the story with loud noises, pieces of platters and arm assemblies flying around, etc.) To me, the acid bath / thermite sound more impressive, but maybe it takes a little more sophistication to visualize. The embarrasing-the-vendor part seems extraneous, especially as it assumes the vendor would have failed to know better.


David Gould

Re:Some thoughts...

[unitron (5733)]

A "low-level" format on a modern drive probably won't really low-level format it, especially if it uses some sort of servo information track or tracks that the drive's electronics are programmed to not overwrite. The factory can use a much more expensive machine to write sector markers with a much stronger magnetic field than can be generated by the heads that the drive ships with. Running a low-level format program that only uses the drive's own heads and electronics can possibly refresh some sector markers that are starting to fade magnetically but they probably won't write new ones anywhere where the old ones weren't.

Re:Another guaranteed way...

[unitron (5733)]

But then you've got Win95 on it, and the idea is to leave it usable.

Back in the days...

[MongooseCN (139203)]

Crackers used to use a coil of cables wrapped around the harddrive and hooked up to a 120V outlet and a lightswitch. Then if someone came into the house to confiscate the computer and hit the wrong light switch when entering the room, the 120 volts through the coil of cables would generate a massive electo magnetic field that would wipe out all the contents of the drive and be completely unrecoverable. Of course you might have a lot of melted wires on the drive too.

shred (of the GNU fileutils) works well

[meyering (265933)]

Source is here: fileutils-4.0.41 [gnu.org].

For the theory behind it, see "Secure Deletion of Data from Magnetic and Solid-State Memory" [auckland.ac.nz].

On-line documentation (if you have the package installed already):

$ info 'file util' basic shred