For the paranoid: how to completely scrub a data disk before reuse?

Factual Questions
1

Rather than reviving a zombie thread on a similar topic, I am starting a new one.

I have two PC computers dropped off by an attorney – they were in use in his office for a while. He wants to donate them to other people, but also wants to be absolutely sure that everything he may have ever stored on the hard drive is unrecoverable.

He would be very happy if I used a CIA-quality erasing program before reinstalling the OS and programs. Deleting files and emptying the recycle bin is not sufficient to the paranoid, and for professional reasons, I think he has a right to be paranoid. Anyone have any experience with the best programs to do a thorough wipe & clean on a HD? Recomendations would be welcome.

2

I did a bunch of research on this very topic because I want to donate my old computer to an elementary school. One option is to partition the hard drive but the old data could still be found. I asked my father-in-law (who happens to be the CIO at his company) and he said the only way to be absolutely sure that your old data can never be retrieved is to replace the hard drive. I haven’t started shopping yet but he that I could find a blank hard drive (about 40GB) for $30.00 or so. So you take out the old hard drive, put in the new hard drive and re-intsall the OS and applications. Then take the hold hard drive and smash it with a hammer.

3

I believe that there are computer programs out there that will write a 0 to every byte of the disk. Do that, and nobody short of the FBI is likely to be able to recover anything.

4

Try BCWipe 3.10. Set it on 7 passes and let it run overnight. Nobody’s gonna get anything off that disc after that.

5

They can if they are willing to spend enough money.

I’d go with “Thermite 2.0” myself…

6

Only because deleting files and emptying the recycle bin only deletes references in the directory system of where on the disk the data is. The data is all still there on the disk, unless it’s been overwritten.

7

How much does “impossible” cost these days?

8

Generally any data wiping utility will erase data such that it is unrecoverable by standard computer forensic procedures. Sure it may be possible to get deleted information from measuring the magnetics of the drive, but that is a timely and expensive process not commonly used. Even then, there would be so much noise I’m not so sure you would get much information anyway.

Still, my firms computer forensics and electronic evidence group never reuses drives for projects. When a project ends, we either have the drives destroyed or warehoused. When a new project starts, we buy all new drives.

There are private firms that specialize in data recovery.

9

Thermite and ax-smashing isn’t the kind of thing I want, since both make it difficult to reinstall an OS. :slight_smile:

If this were a one-time thing, perhaps destroying the HD and using another of similar size would be sure enough, but it would be cheaper over several units to purchase a cheap wiping program instead. I know they exist, I just haven’t used any, so I appreciate silenus’ suggestion.

10

DBAN is what most paranoid-but-not-destructive people use. It’ll take care of most of the data, and it’s about as close to CIA-level security as you can get (though from what I recall, afterwords they then put it through something similar to a wood-chipper, then thermite the remainders.)

DBAN’s free, open source, and well-trusted. The only time you’re going to run in to a problem is if “somebody with a lot of time, money, and brains needs to recover your data.” (from the FAQ)

11

Recovery of data that’s been overwritten on the disk? Glancing at the website it looks like they just recover data from drives suffering from physical damage or filesystem corruption.

12

I second the recommendation of DBAN, which is what we use in my office before we dispose of all hard drives, since some contain confidential data. As mentioned, it’s both free and open-source, and it’s fairly easy to use even for someone who is non-technical.

13

1920s style death rays?

I’d recommend getting a security LiveCD (e.g., Knoppix STD) and running the cleaning tools (i.e. WIPE, in the case of Knoppix STD).

14

This comes up every once in a while, and it quickly becomes clear that there is an entire spectrum of correct answers to this question, but they all depend on your definition of “completely.” It all depends on what you’re trying to guard against. In my mind, there are three different levels of paranoia that dictate different amounts of scrubbing.

Scenario 1: New person gets your computer, has no intention of finding your files, but runs a utility for finding deleted file fragments in order to find one of their own files that they lost. They end up accidentally finding your stuff and laughing at your amateur porn and miniscule bank balance (or maybe stealing your identity). The way to avoid this one is to use a utility that writes random data to every block instead of just repartitioning the drive.

Scenario 2: A computer forensics team gets ahold of your old hard drive and has some reason to put effort into recovering your data that has been overwritten (motivated by, say, a big lawsuit). These folks might get down to the level where they attempt to read old data from blocks that have been overwritten. The way to avoid this one is to use a utility that does a rigorous multi-pass writing of random data to every block, causing ghosts of old data to get fainter and fainter on each pass. Note that this is exactly the same amount of effort on your part as mitigating scenario 1, but the utility will take longer (maybe hours instead of tens of minutes) to do its business.

Scenario 3: A Superbad Computer Forensics team (motivated by, say, National Security) wants to nail you. Who knows what additional techniques and resources they may have. For all I know, you could slice your platters in half and if they’re still relatively flat, the NSA might have machines they can mount them in and read the data off the two halves individually, then reconstruct your whole hard drive minus the bits that were damaged by the slicing. If you’re paranoid about unspecified open-ended efforts to get your data, your only reasonable action is to physically destroy the platters. And hide the remains. By launching them into the sun.

Personally, if I were to do it, I’d go with 1010011010’s suggestion of using a LiveCD like Knoppix STD. You just boot from the CD and run the utility from there. You don’t even need the PC to have a working OS on it.

15

Hard drives are cheap. Remove and destroy the old drives, buy new ones and fit them.

16

From an email that made the rounds of the tech shop here.

17

Are 2 new ones cheaper than a free program?

18

I like your attitude :wink:

As noted, unless someone can make billions of dollars off the contents of a drive and are willing to spend millions to get it, a secure erase puts the data beyond use for all conceivable purposes. Forensic Data recovery services deal with damaged drives and undelete/unerase/unformat style recovery.

There are uber-specialists that attempt the magnetic overspill recovery - it costs huge money and is hit-and-miss at getting usable data off disks.

So erase and reuse. I am really glad that someone has taken the step of actually recyling these machines. Really poor service from computer recycling firms in the past who only did a quick format and repartition (thus not actually deleting any data) means that banks and big companies are loathe to donate old machines to worthy causes. It can and should be done safely, but people are too scared.

Si

19

2 new drives may well be cheaper than someone finding something confidential. And don’t forget the cost of the time.

20

I am thinking that steel wool could make the platters nice & shiny for their re-use as table decorations.