Hard drive active kill erase help

ok, i know i can find the info after some research but im going on day 13 straight of working day job grrr... took a few hard drives from lap tops and did a dod disk erase 3 pass to erase the drive for security.. question is once that's done how do you prep the hard drive to sell so someone can do like a fresh install of an Os? without any problems.



thanks for info.

Interesting this came up as I'm sitting here wiping the hard drives in several laptops. Perfect timing.

First thing, the DoD 3 pass is overkill. One pass with a zero write is more than sufficient to securely remove data. I have one laptop that I booted up with Dban and I think it's only option is the Dod 3 pass, which takes for bloody ever. The other laptop, I booted up with an Acronis True Image boot disk which has a drive wipe utility in it. While I had the option to do the DoD 3 pass wipe, I stuck with the quicker zero pass, which writes zeros over every bit on the drive.

I've been reading about it a lot over the last week or so and pretty much the experts conclusion is that even a zero write pass will make it **** near impossible to recover any data off of a hard drive and it certainly won't be recoverable using standard software tools like Recurva and such.

To your other question, once the drive is wiped, right click on "Computer" (assuming this is Win 7, My Computer if XP), click Manage, then in the left window pane click Disk Management. The drive you just wiped will be the one in black saying "Unallocated". Right click on that, choose "Simple Volume", follow the prompts, use the defaults, do a quick format converting the drive to NTFS and you're good to go.

Another thing I would do is download and install HD Tune Free. It reads the SMART info from the disk to determine health and also has another few health checks to run against the drive. This way it's a little more assurance that you're not selling someone a bum drive.

Hope this helps.

All I'm saying is the DOD 3 pass wipe, while secure, is basically a waste of time when the single zero pass method takes 1/3 the time and renders anything on the drive unrecoverable. The only chance it may be recoverable is if the drive was broken apart in a clean room and the platters themselves scanned in whatever manner companies who do high level data recovery companies use. Even doing this, they are unlikely to recover anything, it would be extremely expensive, and extremely time consuming. Someone you're selling the hard drive to has no chance in recovering anything off of a drive that was erased using the single zero pass method. None. No amount of hacking by someone who you sell your drive to is going to get that data back. It's gone.

You are correct that the data is gone. However, it gives buyers a greater comfort level that the DOD 3 pass wipe was used.

I totally agree with easyrecycle. DOD Wipe.

Also, I wouldn't format the drive afterwards. That can be done by the OS installation when someone buys the drive, and as someone above said, you don't know which format they want.

If you are not doing a DOD 7 pass, the data can be recovered. One pass writing zeroes is only slightly better than formatting, and pretty much anything can be recovered.

Originally Posted by AuburnEwaste

If you are not doing a DOD 7 pass, the data can be recovered. One pass writing zeroes is only slightly better than formatting, and pretty much anything can be recovered.

This is simply not true. Especially with today's high density hard drives.

Read this: The urban legend of multipass hard disk overwrite and DoD 5220-22-M | Grot

I'm really not trying to be contrary, but even someone like Ontrack, who is in the business of recovering data, would be hard pressed to recover data that was wiped with a single zero wipe pass.

It's an interesting topic, you guys got me reading some more.

From the wikipedia article on data erasure:

Number of overwrites needed[edit]
Data on floppy disks can sometimes be recovered by forensic analysis even after the disks have been overwritten once with zeros (or random zeros and ones).[22] This is not the case with modern hard drives:

According to the 2006 NIST Special Publication 800-88 Section 2.3 (p. 6): "Basically the change in track density and the related changes in the storage medium have created a situation where the acts of clearing and purging the media have converged. That is, for ATA disk drives manufactured after 2001 (over 15 GB) clearing by overwriting the media once is adequate to protect the media from both keyboard and laboratory attack."[18]
According to the 2006 Center for Magnetic Recording Research Tutorial on Disk Drive Data Sanitization Document (p. 8): "Secure erase does a single on-track erasure of the data on the disk drive. The U.S. National Security Agency published an Information Assurance Approval of single pass overwrite, after technical testing at CMRR showed that multiple on-track overwrite passes gave no additional erasure."[23] "Secure erase" is a utility built into modern ATA hard drives that overwrites all data on a disk, including remapped (error) sectors.[24]
Further analysis by Wright et al. seems to also indicate that one overwrite is all that is generally required.[25]

Doesn't anybody use Secure Erase?

Originally Posted by easyrecycle

Justintime, I will have to relook into it. But from what I know/learned that is not true but then again I never tried to recover data and I can see on a larger disk that a one pass would make it very hard. I just know that data mining from old hard drives is a very real thing but again, I never went over seas and sat in there shops to know what they are doing or not doing.

But something to ponder on and read up on any new data that maybe different than I had learned.

I actually find it a fascinating topic to read up on. I've wiped quite a few hard drives over the last couple of weeks and was quite concerned over the ability to recover data after a wipe so the conversation is a timely one.

One of the more highly ranked software available for download to recover data is Recurva. I've ran it's deep scan, which takes a while, against multiple drives that I wiped and came up empty. Pretty much all the software available out there does the same process so that should say something.

As for the recovery companies like Ontrack, they are ungodly expensive and I read a quote somewhere from someone in their management stating that they wouldn't be able to recover data overwritten even with a single pass of zero's.

The other week, we had a client who had a RAID controller crap out and take their whole drive array with it. We sent the drives over to Ontrack for an evaluation and recovery. Just to evaluate the drives was $2000. The recovery itself ended up costing the company over $18k.

Ontrack knows their stuff and if they're stating they can't recover data after a single zero pass, well, that should say something.

Of course, if a company tells you to wipe the drives using the DoD spec, that's what the company wants. Time is money though...

Flimits, I've never used it but most drive wiping software uses the same wipe algorithms. The single pass zero wipe, DoD whatever, Gutenmens(or whatever his name is), it's pretty standardized. DBan uses the DoD wipe, the Acronis disk I have has like ten different wipe options, most being insane overkill. Secure Erase probably uses the same thing or does the same thing by physical overwriting every single bit(unit of measurement, think byte only smaller) of data on the drive.

JustInTime, I'm with you -- this is a fascinating and increasingly important topic. Unfortunately, the proliferation of storage media and evolution of drive architectures have led to some confusion and misapplication of older research results. The multiple-pass wipe (DOD 3-pass, Gutmann 35-pass, etc.) is a case in point. These protocols were based on the results of research using previous generations of magnetic storage media, including a very influential 1996 paper by Gutmann. (You can get his paper at https://www.cs.auckland.ac.nz/~pgut0...ecure_del.html. For a brief non-technical critique of it, check out Can Intelligence Agencies Read Overwritten Data?.) Today, however, the general consensus is that multiple passes really aren't necessary for most modern drives, due to their encoding methods and higher data density (narrower tracks). Of course, if someone is in the business of sanitizing hard drives, and a client requests a protocol that might be more stringent than necessary, it's probably easiest just to go with their preference -- and price the job accordingly.

Secure Erase is actually code that's embedded in the firmware of all ATA drives > 15GB produced since the early 2000s, as mandated by the NSA and incorporated in the ANSI spec for the ATA interfaces. SCSI drives now usually include it as well, although I think it might still be optional. The most basic implementation of Secure Erase, as developed by CMRR under the sponsorship of the NSA, essentially just overwrites all user data areas with binary zeroes in a single pass. Manufacturers have developed their own proprietary implementations, some of which include multiple overwrites, etc. Using Secure Erase (or its variants) is not identical to performing a software-based single-pass overwrite, however. Secure Erase can access the entire drive, including bad sectors (the g-list), the Host Protected Area (HPA), and the Device Configuration Overlay (DCO). Some other benefits, especially in a high-volume environment, are that it's purportedly 8-18 times faster than other methods, and it doesn't consume system resources since the code is embedded in the drive's firmware and executes on the drive only. That means you should be able to Secure Erase multiple drives concurrently on a single system.

To comment, I have used secure erase before and it has completely wiped data for the average home user to recover. I personally have not used acurva though so I can not comment on that