http://www.killdisk.com/killdisk-industrial.htm
This is a companion discussion topic for the original entry at https://level1techs.com/video/killdisk-industrial-enterprise-level-drive-cleaning
http://www.killdisk.com/killdisk-industrial.htm
pdf ācertificateā is great and all, but
LIMITATION OF LIABILITY. IN NO EVENT SHALL LSOFT TECHNOLOGIES OR ITS SUPPLIERS BE LIABLE TO YOU FOR ANY CONSEQUENTIAL, SPECIAL, INCIDENTAL, OR INDIRECT DAMAGES OF ANY KIND ARISING OUT OF THE DELIVERY, PERFORMANCE, OR USE OF THE SOFTWARE, EVEN IF LSOFT TECHNOLOGIES HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. IN ANY EVENT, LSOFT TECHNOLOGIESāS ENTIRE LIABILITY UNDER ANY PROVOSION OF THIS EULA SHALL BE LIMITED EXCLUSIVELY TO PRODUCT REPLACEMENT.
Which is why bank will rather buy (or hire, really) an industrial shredder.
You mentioned flash based erasure a couple times, but I couldnāt find mention of erasure procedures of flash based storage (SSDs etc.) for this software. Is it something it does properly?
Its worth noting on flash based erasure that no software can guarantee complete erasure due to how the SSD manages the flash storage and how manufacturers implement ATA secure erase.
Wendell mentions flash based storage finishing an erasue immediately because it erases just the encryption keys. This is part of the ATA Secure erase process.
ATA secure erase offers two modes.
a secure erase which blanks the disk with zeros and enhanced secure erase which blanks the disk with a predetermined set of repeating data set by the manufacturer. On hard drivers this is simple
On SSDs it gets more complicated. Manufacturers donāt implement the secure erase standard properly or in the same way, so if you want to be sure exactly what secure erase does on your SSD you need to check with the manufacturer exactly what it implements.
Secure erase in an SSD will by standard generally erase the encryption key of the drive. On SSDs with no encryption im not sure what it should do (cant remember) but I imagine it defaults to what it does on an HDD, erases with zeros.
Enhanced secure erase should implement either both or the latter erasure of encryption key plus a wipe of the cells (either by writing data (zeros or predetermined data set) or by resetting the cell to factory default). But some manufactures donāt implement an enhanced secure erase and just do the same as a standard erase. You can see this through hdparm.
Crucial SSDs (the one i have at least) donāt implement a different method for enhanced erasure. Samsung on the other hand seems to implement something different for enhanced erasure but I donāt know exactly what and im not going to test it myself. (I have previously tested this but cant remember the results and dont have access to them here)
Crucial_CT750MX300SSD1
supported: enhanced erase
2min for SECURITY ERASE UNIT. 2min for ENHANCED SECURITY ERASE UNIT.
Samsung SSD 840 EVO 120GB
supported: enhanced erase
2min for SECURITY ERASE UNIT. 8min for ENHANCED SECURITY ERASE UNIT.
Its worth also keeping in mind that its important to note that erasing an SSD by writing zeros or data to it though an OS level method (dd, etc.) and not using the SSD controller its self will not guarantee that all the cells were erased. The controller will not show all cells to the OS and so the OS if it does not use the controller to erase the SSD cannot erase all cells that are there, this might include remapped degraded cells and reserve cells.
If you look at something like Blando (software and company that owns dban) they claim support for SSD erasure but when you look at their papers on SSD erasure also show this fact, that there software cant guarantee erasure because you rely on the implementation of ATA Secure erase. A final note on that though what blanco does is implement ATA Secure erase and then also implement there own DoD standard number of passes writing random data to the disk. Maybe this software does something similar?
I hope that makes some sense to follow.
@wendell this might be slightly off topic. But since you may have the contacts? maybe you would be in a better position to find out from the different SSD manufacturers if and how they implement ATA secure erase on their SSD lines?
u1: interestingly It seems micron implementation secure erase the oposite of what i describe, secure erase sents a block erase command to every nand component and enhanced erase erases the encryption key. So I may have it the other way aroundā¦
Their bootable usb also is awesome with some neat features like windows password resetting, registry editor, binary editor and a internet browser. Only thing missing is steam
So is this better than DBAN for personal use, if you donāt need reporting?
I work for an all shred IT recycling company. Customers/clients pay us to shred hard drives. They also give us the systems. They either fill bins with loose hard drives, or they just leave the drives in the systems they are retiring and we remove them. We shred the drives, then sell the systems (diskless) on ebay.
Most of our customers/clients are banks, in the healthcare field, or other IT-related companies who cannot trust software based erasure. As @dmj pointed out, the company who makes the software wonāt be held responsible if the drive doesnāt get erased. A report and certificate saying it was wiped is all well and good, but if the company canāt be held responsible, what happens then?
The philosophy these companies take is the good old ānuke it from orbitā approach. There canāt be any chance that the sensitive data on these drives leaks. Patient data, trade secrets, whatever is on the drives cannot fall into the wrong hands. The only way to be sure is physical destruction.
Itās incredibly wasteful, but itās just how the industry is. It bothers me that all these drives are destroyed the way they are. Iāve personally thrown 2TB and 4TB hard drives as well as SSDs into the shredder by the hundreds. I was weeping internally. But these companies are basically forced to do this.
Is it a rhetorical question? Because the answer is obvious: āhold the babyā game begins. If youāre the one who suggested using the software, the best case scenario is youāre fine (but fired). But if thereās some shit like liability clause, indemnification clause or something else equally nasty in your employment contract, or if thereās some decades-old internal security document regarding magnetic data storage decommission, requiring you to physically destroy it, congratulations, youāre up to neck in shit. You can cry āblame the softwareā all you want, it simply wonāt work.
Meh. Iām never a proponent of commercial software - especially this where you have to trust that the program does what it says it does and isnāt merely a rouse.
Iāll stick to my same method of a couple passes of urandom with dd, followed by a zero pass with dd. Will that get everything? Probably not. Will it make what is recoverable practically useless, probably. That combined with the vendor tool should be sufficient for anyone looking to protect themselves from anyone except the Rooskies, The Chinese, or US Government.
Assured destruction is really the only solution. And while an industrial shredder is good, the heat energy delivered by a .308 works pretty well too. Follow that up by a soak in salt water, and you have made recovery absolutely impossible. I suppose an industrial shredder and the salt water treatment would be ok tooā¦ but target practice is fun.
It was rhetorical. I know thatās what would happen. I would hope most people would know thatās what would happen.
Thatās why companies like the place I work at exist. There are a lot of companies out there that realize (or consider) a software approach has risks. Probably vanishingly small risks, but still risks they canāt take, and therefore the only option is physical destruction.
There is one thing I have learned while working at this company. Itās one of those weird sorts of thoughts thatās hard to put into words. After seeing the sheer volume of e-waste and IT equipment and hard drives, I have come to the realization that the actual number of manufactured āthingsā is hard to fathom. Gaylords upon gaylords of keyboards, mice, fans, monitors, cables and cords of all sorts, everything. Thousands and thousands of destroyed hard drives. It makes it feel like thereās so much out there that what comes though our facility doesnāt even matter. Doesnāt even make a dent in the total out there in the world. They mass produce everything to such an insane quantity itās hard to think about.
But then, here I sit, not wanting to drop $500 on hard drives.
Do you guys recycle the shredded material after?
The thing with all this is it comes back to the usual. It depends on the risk.
Disk erasure canāt always guarantee results especially with SSDs as mentioned. But unless your worried about a specific well funded threat, good enough erasure is good enough in many cases.
Shredding disks is always the end result depending on the type of data stored. Even erasure and reuse within a company sometimes isnāt possible purely because of the type of data stored.
In most cases unless your handling sensitive government data even shredding drives is over the top, recovery of data off a shattered hard drive is not easy by any means, but these disposal companies often offer the whole service or erasure, shredding, disposal/recycle and proof of destruction so itās an easy choice if thatās your requirement.
How well does this work with using external USB hard drive bays. Like the 2 bay/4bay vertical adapters? Iāve got about 40 hard drives to wipe to donate computers for and all Iāve really got atm is some external hard drive bays unless I can buy 8 2.5 inch hard drive sleeves for my poweredge R630.
Depends, but you probably want to hook the drive up directly to a system where the drive interface controller is under direct control of the OS. In other words, the chipset SATA ports on a computer motherboard.
Yeah, figured itād probably choke out. Iāll just see if I can get the 2.5 sleeves ordered and do it that way.
What?
2.5" and 3.5" SATA drives use the same connectors for both data and power.
You donāt need any additional hardware.
I said that ambiguously
The power connector is the same for 2.5" and 3.5" drives.
The data connector is the same for 2.5" and 3.5" drives.
You donāt want to go through the RAID controller and backplane to wipe drives. It probably wonāt work anyway. You usually have to reflash the RAID controller into āIT modeā so that the RAID controller becomes a HBA
Just use the SATA ports on the motherboard for this task.
I know, right? To make it a bit easier to fathom, just google āafrican e-waste graveyardā and look at the pictures. Itās insane.
@dmj That is incredible. I know my boss has told us how hard (and expensive) it is to be sure all the material that goes through us is properly recycled or disposed of. Nothing ends up in Africa or China. We do get attempts occasionally from people trying to get us to ship overseas.
@Eden The hard drive shred is recycled. We get paid for that too I believe.
Whats crazier is that a lot of the materials (like rare earth elements) in recycled electronics are much easier to get than to mine for them, and yet they get dumped.
Iām sure that old dump sites will be mined in the future.