Company wants HD's smashed. I recommended to zero using the seagate tools, then reinstall with just and OS and donate. They claim it can still be reversed. I was under the beleif that once you zero the sectors and copy new data onto it, that no data recovery services would work.
Zero (Low Level Format) good enough?
- Thread starter Compman55
- Start date
VirtualLarry
No Lifer
- Aug 25, 2001
- 56,570
- 10,203
- 126
Remove and destroy the HDs, donate the rest. That's your best bet.
It is theoretically possible to recover data from a HD that's been zero-wiped. I personally don't worry about it, but companies make it a business to be paranoid.
It is theoretically possible to recover data from a HD that's been zero-wiped. I personally don't worry about it, but companies make it a business to be paranoid.
Nist 800-88 said:
If they aren't more paranoid than gov agencies, it'll work just fine yes.
Nobody so far was able to do that with electron microscopes or anything else for modern disks - so any sources for that? (or everyone who did it successfully joined a secret club and nobody let the people who write security directives or are on the internet in
)
Last edited:
taltamir
Lifer
- Mar 21, 2004
- 13,576
- 6
- 76
First of all, zeroing out is not a low level format. Low level formats haven't been possible for 15 years.
It has been HYPOTHESIZED to be theoretically plausible in the same way warp drive is (if we only found a magical material that can bend space, we could bend space to effectively move faster then light, because we wouldn't be moving, space would be moving around us... totally plausible, just missing this magical material) or the ability to record the pulses of energy from black hole and reconstruct whatever it ate (actually, surprisingly that is more plausible then both).
My educated guess is that it is not actually possible to reconstruct with any technology. This is because the data is not only randomized beyond recovery, but because modern drives store data in a relative rather then absolute manner.
Smashing is actually significantly less safe then zeroing. Zeroing it alters each individual bit to be a zero, smashing it just breaks it into bite size pieces, each containing thousands, millions or even billions of perfectly unharmed bits which can be read with current technology... if someone had obscene amounts of money and willingness to pour into such a project.
If you want to be insane about it you can write a random pattern on it instead of all zeroes, which NOBODY at all believes is recoverable, ever. In fact that is the pattern used by the USA Department of Defense on their drives... that would make it an easy sell to ignorant management, "DoD level data shredding". It is absolutely unnecessary of them and shows ignorance and fear of computer by their top brass... but if extra terrestrials with tech a million years ahead of us land tomorrow not even they could recover that data (assuming I am wrong about it being fundamentally impossible to recover a single zeroing).
I think zeroing it and then overwriting it with live safe data (aka, a clean install of windows) and donating it is actually far far more effecting then anything you can do... because it gets hidden with an unassuming random person who will proceed to write random data over it again and again.
But again, we are talking about science fiction level of tech here. The argument isn't whether we can do it...
there are two options:
A. In a million years we will probably have the technology to do that, because its theoretically possible.
B. We will never have the technology to due that, since it violates the most basic of laws of reality.
I firmly support B.
And there is nobody at all claiming you could recover data after multipass overwrite of random data (known as shredding).
All that being said... don't get into a fight with the boss over this... just suggest that if you ARE going to physically smash it, it will be better to zero it before smashing... although to be honest I don't see anyone bothering to read the smashed fragments of whatever company data that is.
I am told that the military physically shreds HDDs, melts the chips into 1 inch balls, buries them, and posts guards over the slag... Someone here in the forum is in the military and has been assigned to guard said slag... got punished for arguing that not even god could recover data from that. Or so he claims, this could be a load of BS.
PS. there is the possibility that the zeroing is not performed properly though. For example I know of one program that will try to save time by only zeroing the first and last 100MB of the drive, making it very difficult but not impossible to recover the other data.
Just use http://www.dban.org/
It has been HYPOTHESIZED to be theoretically plausible in the same way warp drive is (if we only found a magical material that can bend space, we could bend space to effectively move faster then light, because we wouldn't be moving, space would be moving around us... totally plausible, just missing this magical material) or the ability to record the pulses of energy from black hole and reconstruct whatever it ate (actually, surprisingly that is more plausible then both).
My educated guess is that it is not actually possible to reconstruct with any technology. This is because the data is not only randomized beyond recovery, but because modern drives store data in a relative rather then absolute manner.
Smashing is actually significantly less safe then zeroing. Zeroing it alters each individual bit to be a zero, smashing it just breaks it into bite size pieces, each containing thousands, millions or even billions of perfectly unharmed bits which can be read with current technology... if someone had obscene amounts of money and willingness to pour into such a project.
If you want to be insane about it you can write a random pattern on it instead of all zeroes, which NOBODY at all believes is recoverable, ever. In fact that is the pattern used by the USA Department of Defense on their drives... that would make it an easy sell to ignorant management, "DoD level data shredding". It is absolutely unnecessary of them and shows ignorance and fear of computer by their top brass... but if extra terrestrials with tech a million years ahead of us land tomorrow not even they could recover that data (assuming I am wrong about it being fundamentally impossible to recover a single zeroing).
I think zeroing it and then overwriting it with live safe data (aka, a clean install of windows) and donating it is actually far far more effecting then anything you can do... because it gets hidden with an unassuming random person who will proceed to write random data over it again and again.
But again, we are talking about science fiction level of tech here. The argument isn't whether we can do it...
there are two options:
A. In a million years we will probably have the technology to do that, because its theoretically possible.
B. We will never have the technology to due that, since it violates the most basic of laws of reality.
I firmly support B.
And there is nobody at all claiming you could recover data after multipass overwrite of random data (known as shredding).
All that being said... don't get into a fight with the boss over this... just suggest that if you ARE going to physically smash it, it will be better to zero it before smashing... although to be honest I don't see anyone bothering to read the smashed fragments of whatever company data that is.
they make a paper shredder and magnetic shredder for military sensitive data for hard drives
I am told that the military physically shreds HDDs, melts the chips into 1 inch balls, buries them, and posts guards over the slag... Someone here in the forum is in the military and has been assigned to guard said slag... got punished for arguing that not even god could recover data from that. Or so he claims, this could be a load of BS.
PS. there is the possibility that the zeroing is not performed properly though. For example I know of one program that will try to save time by only zeroing the first and last 100MB of the drive, making it very difficult but not impossible to recover the other data.
Just use http://www.dban.org/
Last edited:
How you destroy your data comes down to your perception of risk, what is on the drives and also how much traceability you want in destroying the data. There may be legal requirements that the data destruction is traceable and of a guaranteed minimum standard - e.g. laws like SOX, HIPAA, etc.
Wiping should be good enough for most practical purposes - although a number of governments recommend shredding for classified data, or highly valuable commercial data (e.g. worth more than $10 million) - on the off chance that a very expert data recovery company could recover it.
However, you also need to consider the costs.
Is it worth erasing the disks yourself? Old hard drives are worthless. Paying someone to supervise the erasure of old disks seems a bit of a waste.
Would it be better to pay a data disposal company to bring a shredder on site, and shred 30 drives in 1 hour, and give you 30 data destruction certificates to show the boss that the data has been totally destroyed, to the latest expert recommendation?
Maybe your boss is unconvinced by the quality of the wiping software you will be using. Government guidance to businesses is that 'no-name' software e.g. DBAN should only be used for routine office work, because it may contain unknown bugs and may not clear 'hidden' partitions properly, etc. Why not get a quote on buying a government approved data wiping software package (e.g. Blancco government edition)? Don't forget that commercial data wiping software will produce tamper-proof digital certificates confirming data destruction to legally mandated standards.
taltamir
Lifer
- Mar 21, 2004
- 13,576
- 6
- 76
Businesses are legally obliged to destroy (well and obviously also to keep) data securely and need proof for that, so no I don't see any relation between the two.
And I agree with Mark that it depends on the actual situation to decide what's the best action. Zeroing out drives cost lots of time, need someone with the right experience and if we're talking about old drives it may not even make sense to reuse them. No idea about how much it costs to get a shredder once per year on place, but that could be actually the cheaper variant..
Last edited:
If you plan to destroy perfectly good hard disks, at least have the decency to liquefy them first. Theoretically, fragments larger than 1/128 inches (a track length, according to the NIST document) of the platter can be recoverable, assuming unlimited resources and money. If the platter is melted and resolidified, the chances of recovery from that are exactly zero, due to physics (look up Curie temperature). I believe some quality iron oxide mixed with powedered aluminum can do the trick
Last edited:
Hu, why exactly? Lots of technologies are based on that stuff (hi https) and work just fine.
I'm really not sure what you're getting at, but a signed certificate just assures that the message a) really comes from the signing entity (well as long as the private key stays private; but there are extremely high security requirements for that, at least in the EU) and b) wasn't tampered with.
In the easiest way you just encrypt the given message with your private key and voila: Everyone can read the message just fine as long as the public key is known, but as long as you haven't found a way to crack RSA and the used implementation and values are sound you're fine.
no the army uses magnetic shredder. anything that does survive is subject to so much magnetism its dead. not sure how that works for ssd.
DO NOT BURN your gear. it will release toxins and is highly illegal. esp if older non-ROHS compliant. bad idea anyways to start fires.
DO NOT BURN your gear. it will release toxins and is highly illegal. esp if older non-ROHS compliant. bad idea anyways to start fires.
bryanl
Golden Member
- Oct 15, 2006
- 1,157
- 8
- 81
I assume your company is concerned that thieves could get ahold of the passwords that were used to encrypt old drives. After all, no responsible organization stores computer data in unencrypted form.
The US army's intelligence center in Arizona grinds old drives into particles the size of grains of sand, but even they can't read drives that have been overwritten with even just a single pass. If you don't have such a grinding machine available, just erase the drives in a single pass (be sure the whole drive is erased - some utilities erase only the first few gigabytes), remove the top, and hammer the platters so all of them are bent.
There are claims that erased data can be recovered with a tunneling microscope, but it's not only very expensive - far more than the value of the data - but also extremely slow.
Don't trust erasure done with large magnets, such as bulk tape erasers, because it's not very thorough. It's more likely to destroy the heads but leave the platters intact, but even that isn't guaranteed.
The US army's intelligence center in Arizona grinds old drives into particles the size of grains of sand, but even they can't read drives that have been overwritten with even just a single pass. If you don't have such a grinding machine available, just erase the drives in a single pass (be sure the whole drive is erased - some utilities erase only the first few gigabytes), remove the top, and hammer the platters so all of them are bent.
There are claims that erased data can be recovered with a tunneling microscope, but it's not only very expensive - far more than the value of the data - but also extremely slow.
Don't trust erasure done with large magnets, such as bulk tape erasers, because it's not very thorough. It's more likely to destroy the heads but leave the platters intact, but even that isn't guaranteed.
StinkyPinky
Diamond Member
- Jul 6, 2002
- 6,946
- 1,250
- 126
We wipe the drives with zeros seven times where I am. Even for random general use pcs and pcs for interns etc.
Ridiculous. It's just retarded policies made by "IT managers" that have no knowledge of IT. Oh yeah, then they go into storage for five years or so and then we cut them in half.
I'm sure the Secret Spy Agency is going to spend hundreds of thousands unsuccessfully recovering the data from Sally the Secretary's pc from 1996.
Ridiculous. It's just retarded policies made by "IT managers" that have no knowledge of IT. Oh yeah, then they go into storage for five years or so and then we cut them in half.
I'm sure the Secret Spy Agency is going to spend hundreds of thousands unsuccessfully recovering the data from Sally the Secretary's pc from 1996.
Just open them up, take out the fun armature magnets to stick on your fridge (they will hold a thick stack of papers without falling!). While your doing it, just wipe the armature magnets across the disks. No one's gonna read the disks after being swiped by the magnet and scratched all up from removing the heads (to get to the magnets)! And you have fun magnets to play with when your done!
taltamir
Lifer
- Mar 21, 2004
- 13,576
- 6
- 76
while no one is going to use the equipment and time and money needed to recover from that, it is possible to recover data from that.
It is arguably impossible to recover from writing zeroes and agreed by all that it is impossible to recover from multipass random pattern. Its cheaper, easier, faster, and doesn't leave a mess.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 24K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 20K
-
-
-
Facebook
Twitter