Securely Erase A Hard Drive

I have a handful of hard drives that have been sitting around. 6-8Tb I would love to sell them off now that they don’t fit in my server. What is the proper way of making sure the info on the drives are reasonably not accessible by the next user. I can encrypt the entire drive and run HDDErase or DBAN. Does anyone have any recommendation? Or am I on the right track?

pretty much, write a bunch of random data to each harddrive 5-10 times or so. Can be easily accomplished with Linux, but will take time. Boot any live CD (like an ubuntu install disk), find a terminal and type:

dd if=/dev/urandom of=/dev/sdb bs=1M

Assuming, of course, your harddrive is /dev/sdb. Easiest to get it right is to unplug your regular drives until done!

Put them all into one PC and start DBAN. Run a single write with zeros or random data. This should be sufficient to sell them off. Every instance where I read that restoring data after a single successful write with zeros was doable required significant professional effort for restoring small chunks of data. Any normal person that receives your drives won’t be able to restore data from a disk successfully overwritten once with zeros.
I would only advise to overwrite the data multiple times if you deal with highly sensitive data, but in this case I would suggest professionally destroying the drives rather than selling them.

Maybe an additional remark to put things into perspective. If you have top-secret US military’s secrets on your drive, overwrite it as often as possible and then physically destroy it. If you want to sell your external drive that had some photos and a few ripped movies on it, overwrite it once with zeros or random data, that’s it.

I work at a ewaste / refurbishing company, and dban is my way to go. Basically what @anon27075190 said. You really don’t need go overkill on the erase unless absolutely necessary.

Basically my set up for it.

image562×1000 148 KB

Yeah, I nuked my dual-booted Windows gaming install by picking the wrong device when making a USB stick with dd once, and I had chained it with sync afterwards, so it was well and truly toasted. Something to keep in mind unless you’ve got a dedicated setup for it like @Big_Al_Tech

Huh, surprised you’re not using a hot-swap cabinet for it, should save you a bunch of time and energy, especially if you connect a Linux computer that munches every data you put into that hot-swappable drive cage automagically.

The company I work for is not exactly keen on buying things that make life easier. We’re a small outfit, so it works for my needs, but it would be nice to have a trayless hotswap bay.

that’s the most glorious jury-rigging I’ve ever seen.

My rough understanding of these things is that on HDDs, the LBA addresses used for partitioning roughly map to the actual data blocks on disk; so overwriting the entire drive with dummy data actually does clear most of the disk.

Known caveats

• You should overwrite with at least pseudo-random data, not “only zeros”

  I imagine this is because all-zero-data gives you a clear baseline to see any residual “signal” from the pre-erase data; you want to make the “signal/noise” ratio as unpleasant as possible to any recovery attempt.

• Especially on old drives, consider overwriting the drive more than once

  I think I read somewhere that on older drives, there was a concern that when overwriting data to erase a drive, that original-data “write” and the erase “write” would not necessarily happen in exactly the same place, so there was a chance that you could recover some “overwritten” data by looking in-between the write tracks on the platter. I think this is the origin of the excessive Gutmann method (Wikipedia page , Gutmann paper) policy of of erasing by overwriting 35 times.

• Be mindful of hidden areas like HPA/DCO

  ATA (and potentially other protocols like SCSI, NVMe) can define areas of a drive that can be hidden from normal disk access; Host Protected Area (HPA) and Device Configuration Overlay (DCO) are two well known variants of this, but for all I know there may be more, or non-standard variants of this that only work with with a particular manufacturer or drive (maybe using proprietary extensions to ATA?).

Additional non-caveat information

Drive-side security/erasure functions

Drives can optionally support some kind of security/erasure functionality; at a glance I see:

• mention of some kind of user/master password-based system (see wikipedia link)
• Trusted Computing Group (TCG) has an Opal Storage Specification that deals with hardware-based or self-encrypting drives - I think with these there is a way to tell the drive to erase its encryption key, which would be faster, but security could depend on the manufacturer’s implementation

on SSDs, the TRIM-related commands also tell the drive to destroy data; I do not know what running those same ATA/SCSI/NVMe commands would do on a HDD.

SSDs

On most SSDs LBA-style block addresses do not correspond to particular physical locations in the drive. Overwriting the entire drive with pseudo-random data might put unnecessary wear on your SSD, while providing little or no additional security to running TRIM or Secure Erase commands.

If you need to erase an SSD I would look up information about your specific SSD or your SSD’s controller, since with SSDs you are very much at the mercy of your controller’s firmware regarding what is actually being stored or erased.

If you are curious, I would start looking here: Data remanence - Wikipedia
or reading Gutmann’s usenix paper since half of the information online seems to just be rehashing what he wrote there.

I understand that, but you could always make the argument that if you have a few trayless hot-swaps that are automatically set to wipe and check harddrive integrity, you could probably double or triple your throughput of harddrives, not to mention a fully automated setup would free quite a bit of your time to focus on something else.

Since they’d be spending like $200 to free 40-50% of your time to other tasks, the investment alone should pay off after only 40 hours of you doing other stuff. But yeah, I understand if that is not feasible, after all not all jobs are about efficiency.

Yup my job in a nutshell.

But honestly the wipe times take so long that having a hot swap bay would not really be saving me that much time. Just run it once in the morning and another before I leave.

@Big_Al_Tech @wertigon I suppose it depends on the ewaste/recycling customer, but would you not need to keep logs of some sort that a particular drive completed erasure?

I would have thought that company policy might prevent an automatic setup like you describe, since, if it automatically clears drives without interaction, one could build up a habit of not checking if there were any errors or if the process crashed before completing.

Thermite! Need I say more?

That might make selling the drives difficult, unless you plan on creating some kind of modern art exhibit.

Dban tells you if the drive failed during the wipe process. So typically there isn’t an issue there. On top of that the drives that are wiped are almost never sold as is. They are typically put into other computers for reselling (so they are formatted again with windows installed on top of them.)

dban works wonders with cleaning out hdd’s
because it overwrites a drive a total of 37 times in three passes using a mersene twister algorithm.
usually it will take a bit of time but the drive is forensically sterile.
if for any reason d-ban quits early the drive is unuseable due to too many damaged blocks.

but do take note that some early sata drives would often make dban quit early.
this is where my second method came into play.

another method is to re-partition and format it at least three times(using different format schemes) then wipe it using any live cd.

I am curious, how does DBaN identify drives that it erases?

If I were doing this manually, I imagining either manually keeping track with a written mark, printed label, or sticky note for drives confirmed clean; or keeping a typed log by brand+serial number:

<Brand> S/N: <#> erased: <YYYY-MM-DD HH:MM>

Is that not beyond excessive? Even the Gutmann method (Wikipedia page , Gutmann paper) only uses all 35 writes when the magnetic encoding format is unknown.

Ah, I thought I was remembering that @wendell had made a video about this:

I wonder how DBaN compares to that proprietary KillDisk product.

It will show the model and typically the serial number on the drive, I just let it complete all the drives before removing and testing the drives further. Once they are tested to my standards and wiped I put a just put green stickers on them and call it there. I’m not moving massive quantities of computers out the door so the output is fast enough.

In 99.99% of cases, absolutely.

Typically not a large difference between them, the only thing the really differentiates them is that you get a certificate of data removal. Which is a necessity for some businesses.

Does the certificate actually mean anything legally or otherwise, or is it just a pretty picture to show a boss/manager? In the video it just looks like an autogenerated PDF; though the files wendell showed on screen looked like XML files.

I imagine if you were really trying to make worthwhile certificates you could sign them with a timestamping server to prevent them from being faked retroactively, though I doubt that is what is actually going on.

I honestly don’t know how legally binding it is. But something is better than nothing I suppose.