back to article Take a hammer to your hard drive, shrieks Which?

Which? Computing has lost faith in wiping technology and advised punters to take a hammer to hard discs they intend to get rid of. Reg readers and experts have slammed the advice as misguided and irresponsible. The possibility that dodgy sorts might be able to recover deleted data with the help of specialist software from PCs …

COMMENTS

This topic is closed for new posts.

Page:

Silver badge

Thud!

Wiping the hard drive works great if the hard drive is fully functioning. I'm usually throwing them out because they aren't.

The sharp end of a slate bar stabbed through the hard drive works great and keeps your face clear of the platters. Yes, many are glass now. Not window glass, but non-crystalline solid.

0
0
Thumb Down

Hammer not enough?

What most commenters seem to overlook is that if you take a hammer to the platters, there is a chance the info is still in the platter, intact. Sufficiently advanced forensics might actually extract the data if the platters remain undamaged, as most average users will assume that hammering the outer shell until the HD is in an unworkable state is enough.

If you really have to do this, *first* do the datawipe, *then* do the BOFH treatment on the thing. Oh, and damage the actual platters, not just the outer shell.

0
0
Thumb Down

Overkill

Overwriting ONE time is enough to make data unreadable. Any data recovery expert will tell you that.

If it was possible to recover previously-written data, then someone would certainly have exploited the phenomenon in order to increase storage capacity. At some point in the past, this would have been the cheapest way to do it.

Methinks this report was sponsored by a HDD manufacturer .....

0
0
Thumb Down

Solution to the wrong problem

If it is so important to delete particular data from your old hard-drive, was it ever safe to have put it on it in the first place?

0
0

dd. Or acid.

What's wrong with dd, you may ask? Though it will totally and entirely destroy your data in no time and for free (and is installed on pretty much any box worth that name), it's no fun. I say, 10N acetic acid, then potent electromagnet, then shotgun, then thermite. Then axe. And sledgehammer. And blender. Only way to be sure (at least that's what I told the missus).

Of course anyone able to recover data after a pass with dd would also be able to recover it after the funnier procedure.

0
0
Silver badge
Black Helicopters

Wimps!

Yeah thermite is fun, but if its home made, you have to be very careful.

I also like to use the hard drive as a target.

A 7mm Rem Mag round through the drive definitely gets the job done. As to shrapnel, not really a problem when shooting 100+ yrds away.

Yes, its lots of fun and yes it takes some skill to hit these smaller drives at that distance.

0
0

Which? are idiots

They obviously used some simple file deletion tool rather than actually wiping the drive.

Any complete drive wipe prevents software-only solutions, but possibly not hook-up-a-sensor-to-the-drive-circuitry-and-read-off-the-analogue-value-of-each-bit solutions

3 pass random fill will pretty much prevent that, and possibly prevent magnetic force microscopy (which may or may not be actually used by intelligence agencies, but certainly isn't used by identity thieves#

This is sufficient for drives you're passing on. For ones that are going in the bin anyway, I suppose hitting them with a hammer AS WELL can't hurt, but physical damage certainly isn't as effective as a proper wipe. (For people saying that newer drives are glass and shatter easily, people mostly throw away older drives). I only attack drives which have failed so badly I can't boot my computer up with them connected

0
0

Physical destruction is good

Drives should definitely be physically destroyed when the destruction of the data is critical. Not because it's more efficient than dd, but because there's nothing more similar to a dd-ed drive than a non-dd-ed one. At least, after a good hammering, you do know.

0
0
Bronze badge
Black Helicopters

Starting at the wrong end

OK, so the theory is that whatever is first written on a hard disk can be read even if random gibbering is superimposed. So ... when you first get the disk, fill it up with random gibbering. Or with jpgsof Jacqui Smith, if that floats your boat. Then use it for your oh-so-secret data and do another overwrite when you've finished. The best the Bad Men will be able to recover is the initial randomness or pictures of the Wacky One, which may be offensive but aren't illegal.

0
0

disk DNA

Today we got this piece, one of many hard disk scare stories.

Yesterday we got a new 'we can clone the dodo' story.

Both cloning the dodo and recovering data after overwriting are roughly* of the same difficulty and cost.

Why do we not get articles from Which? suggesting we take our dead pets to the nearest biological research establishment and ask how much they charge to clone a new one?

*OK, within an order of magnitude or three. But with these odds the difference isn't significant.

0
0

DoD secure deletion?

Isn't the DoD level of data deletion simply to leave it in a train/taxi/restaurant though?

I had some data here earlier. Now it's gone. Woohoo!

Steve.

0
0
Silver badge
Black Helicopters

@David Hayes

Throw it in a BlendTec? Now that's a thought.

And A J Stiles, while it is possible, given sufficient resources, to attempt to recover data that has been overwritten even multiple times, it is not only time consuming but NOT GUARANTEED. But in the realm of secrets, you may not need the whole secret to deduce what's missing. Or the secret may reside on a part of disk the controller skips because it thinks it's bad, and so on. Like I said, at the state level, the only safe method of ensuring the destruction of sensitive data (and the hamnmer doesn't suffice here--state-level adversaries may have the time and resources to analyze fragments or even recover the pieces) is extreme-temperature consumption either though a high-temperature incinerator (what I mentioned) or by coating in burning thermite or the like (what someone else mentioned).

0
0
Anonymous Coward

@ frymaster

"but physical damage certainly isn't as effective as a proper wipe"

eh? sorry I'd take an angle grinder to the platters any day over a software erase tool. in fact do both

0
0
Flame

a Pyromaniacs solution....

I like the following prescription for destroying old Data on Hard drives:

Purchase aluminium powder off EBAY

Purchase Iron oxide powder off EBAY

Mix together in equal amounts

Place Hard drive on concrete surface or old Bricks - at least 3 meters from anything flammable

pour aluminium and iron oxide mixture in a pile on old hard drive

stick a couple of sparklers in the top

Light sparklers and stand well back....

Enjoy!

Not as satisfying as hitting with a hammer but still quite fun to watch anyway

0
0
Joke

Novel approach

If you have access to a good centrifuge, you can spin the disk clean. The ones are ever so slightly heavier than the zeros, so after a while they all sink to one end. It's very difficult for an adversary to reconstruct the data after that.

Joke alert, just in case.

0
0
Boffin

2.5MB drive (1970s) .ne. 200GB drive (2000s)

Some contributors here ought to get a clue or STFU.

I haven't noticed anyone here pointing out that the advice re multi-pass erases might well have been relevant to drives from the 1970s but is irrelevant to recent drives. Back in the 1970s you could get a few MB on a disk drive that filled the whole width of a 19" rack, and given the right kit and a following wind you did have a bit of a chance of reading data that had allegedly been overwritten. One popular tactic was to position the read head so that it was slightly off track center, and hope that the resulting signal revealed something about what had previously been there. Multipass overwriting reduced the chances of that kind of tactic revealing anything useful.

Drives these days fit hundreds of GB in a 3" diameter platter using entirely different recording technology and aren't vulnerable to the same data recovery exploits. Go read about (for example) PRML, where the miracle is that you can read the data at all, and there's no way you could read data on a given track once it had been overwritten, and not much chance you could meaningfully reconstruct a chunk of an identifiable file from a few fragments of disk surface.

0
0
Boffin

Cordless Drill/Power Screwdriver & Deck Screw

The most effective and dramatic demonstration of "wiping" a disk of confidential information I ever saw was when one one of our technical support people used a cordless drill to drive a deck screw completely through the case and platters of a disk drive being retired.

Given that it would have taken something like 18 hours to write/rewrite the drive (using "dd"), as well as the staff time it would have taken to install the drive and then remove it afterwords (about an hour), it was cheaper for our organization to simply scrap the drive than send it out through channels for re-use.

It was astonishing to see how fast the deck screw burrowed its way through the case.

0
0
Boffin

Safety first people!

My god! Someone think of the children!

If you use a software package to destroy your data, you could expose yourself to severe injury if a mulberry-enraged bull elephant runs through your room while you are running the software! Or lightining could strike you through the keyboard! Or you could be hit by falling space debris! Or the LHC could suddenly come on line and create a strangelet chunk that will destroy the universe! Or God may exist and the Second Coming will occur! Or someone could switch off 'The Matrix' and we all vanish! Or....

Oh, Fur Fock's Sake, EYE DAMAGE? Wear eye protection: SOLVED!

Icon - safety glasses. Heard of 'em?

0
0

Short of nuking it from orbit

Chuck it in a furnace.

PS. I like the idea of full disk encryption too! If everyone did this, there'd be no more shrieking whichs.

0
0
Silver badge
Alert

Re: Pyromaniacs Solution

Sorry, a sparkler WON'T start a thermite mixture. I know this from personal experience. Of course for those of you who desire to use this method, a simple road flare, or gunpowder WILL (again from personal experience) start a thermite mixture.

Pyrotechnics are fun!

Yes, I did try this at home. I also did it in chemistry class (over 40 years ago) and it was quite a sight to burn a divot in the chemistry lab table (with the teacher starting the process!).

0
0

@Doug Glass

"If you need absolute assurance the data is gone forever, this method will do that"

Actually, this might work in about half of cases, but a lot of the desktop-type drives I take apart still use aluminium platters so hitting them with a hammer would still leave plenty to recover. Even smashing a glass platter would probably leave enough fragments so that a forensic data recovery team could recover some of your data.

Despite Which's claim (with little knowledge or investigation), a series of wipes/writes will destroy your data enough to make it practically impossible for the would-be data thieves to get to. The only ways to be absolutely sure would be to either grind your platter back into dust or melt it, both of which would pretty much guarantee to leave no readable trace of data.

0
0

Wiping software

Wiping software honestly is horribly ineffective against some of the more advanced recovery programs such as FTK (Forensic ToolKit). I've seen disks wiped with DoD-certified wiping routines get overwritten 25 times and still get recovered by FTK. I don't imagine DBAN would do any better. Fact of the matter is, the only way to ensure it's not coming back is physical destruction. Even basic software like GetDataBack NTFS can often recover several layers down.

Consider this very-real scenario: you sell your computer or give it to someone. They suffer a data disaster. Either their partition gets corrupted, gets deleted, or gets reformatted, and they need their data back. So they buy some fairly inexpensive data recovery software to get their stuff back. This software recovers not only their own data, but YOUR data which was buried a few layers deep. Now they have access to all sorts of things about you that they shouldn't have.

For reasons above, I will never sell or give away a hard disk. My old hard disks go in storage in case I need to recover something off of them or use them in another build, and at the end of their useful life are physically destroyed through any of various means. If I am giving a system as a gift, I will purchase a virgin hard disk and configure it. It also gives me the peace of mind knowing that they have a reliable drive.

0
0
Thumb Up

Sledge Hammer

I just knew the comments just had to be good on this one. A sledge hammer plus goggles must be the best bang per buck for the vast majority of people who dont have sufficient IT skills to know if any software command really did achieve what they want. Also briefly satisfying.

0
0
Thumb Down

@ Charles

Prove it. No handwaving or weasel words. Show me some evidence of data being recovered from a modern hard disk drive after even just one overwrite. You can't, because it's never been done -- and it never will be.

The laws of physics say that data overwritten once is unrecoverable with the unmodified drive, and twice is unrecoverable with any fancy analogue electronics hooked up to the drive. (The graph of magnetic field vs current applied is a hysteresis loop, so there might be a difference between a 1 that was always a 1 and a 1 that used to be a 0 before; but a digital device deliberately uses the closed ends of the loop anyway, and is designed not to be able to see the difference. Two overwrites with complementary data ensure the drive is filled with 1s that used to be 0s and 0s that used to be 1s, so even using fancy analogue electronics won't tell you anything. And the shape of the loop means you can't see anything more than one overwrite ago.) Magnetic force microscopy, if you've actually studied the papers, is so technically unfeasible as to be a non-threat.

If The Authorities do indeed have methods of recovering data that has been overwritten multiple times, then they're ultimately getting it from somewhere other than the overwritten drive -- which nonetheless constitutes a useful blind to divert attention from the *real* "data recovery" methods employed.

You're also dead wrong about high-temperature incineration. You need only demagnetise it, either with a strong alternating field (the BBC used Weircliffe machines on their audio and video tapes) or by heating it to its Curie point.

But it's still overkill, and you're still depriving someone of a useful instrument.

0
0
Coat

Terminator 2

Throw the HDD that you want to discard in a pit of molten steel.

100% guaranteed to demagnetize the HDD, plus you get to recycle all the metal in it. The flash ram will burst into flames, so no problems either.

My coat fell in the pit too, can I borrow yours?

0
0
Flame

Thermite?

I'm not sure whether thermite's up to the job; I notice from an IT documentary series I've been watching that it's best practice to *first remove* the control chip *before* burning a Terminator's body with thermite. That suggests to me that it's considered insufficient to destroy the really important bits.

(A boot heel is apparently the better option.)

0
0
Thumb Up

I suggest that we resolve this debate here:

http://www.theboxotruth.com/

0
0
Jay
Alert

SMASH!

Last time I had to get rid of some disks I got busy with a sledgehammer, and made damn sure that the round shiney bits were no longer round or shiney. I was wearing eye protection too, so ner!

0
0

@Richard Neill

Analogue? well - there's this thing in magnetics called "Hysteresis" which - 30 years ago, I was told it translated as "Lagging Behind". I.e., there's only two states in magnetic material. The hysteresis relates to the curve shape as it moves from 1-->0 or vice versa.

So, check my first post in the thread about the "Toilet Pan Pebbledash Splatter Special"

Now, that's a Lagging Behind even the BOFH would be proud of!

[Wikipedia confirms:

The term derives from an ancient Greek word ὑστέρησις, meaning "deficiency", or "lagging behind"]

0
0
Joke

The only safe way...

1) Use DBAN

2) Destroy with hammer

3) Bury remains in a remote location

0
0
Jon
Boffin

THERMITE!!!

That is all.

0
0
Paris Hilton

More Firepower Needed

All you gun-happy yanks are just making me jealous (Glock 26, 7mm Rem Mag etc.)

My .22 air rifle just can't seem get the required penetration, and I'm too scared of ricochets to try my crossbow.

Damn you Britain and your draconian firearm control laws!

Paris, because apparently she doesn't get penetrated either.

0
0
Anonymous Coward

Recycling

When I saw the original article on the BBC site I knew it wouldn't be long before it was being hammered on here. Pun intended.

It looks like they've updated it since the original with advice from someone sensible from ZDNet.

My favourite bit is "It must be done with caution because those smithereens contain environmentally harmful materials so they should be recycled - for instance at the vendor from whom a new hard drive is purchased."

I'd love to see someone unloading a bag of hard drive smithereens onto the counter of their local PC World saying "recycle this lot will you please".

0
0

Destroy the platters for complete privacy

You know, it depends on who you want to keep the data from. There are data forensic experts who can read through several layers of "destruction" done using various programs. The only way to be absolutely sure that no one can ever recover any date from a drive is to destroy the platters. That's simply a fact. Of course if you're just trying to hide from a casual user without access to a lab, software destruction will probably work.

0
0
pSy

Read through several layers of destruction?

That's just nonsense. What is implied here is that there are several layers of magnetism to each physical bit on a platter. Of course we know this is not possible. Each bit, like any magnet in the known universe has just a north and a south pole. If the state of that bit and all other bits that relate to it are changed then it's simply impossible to to know what state or states it has ever been in.

It's not mystical 'layers' that are exploited but the physical (as opposed to logical) storage characteristics with their error detection and correction technologies (amongst other aspects). Decent erasure software is of course aware of these methods and also exploits them in such a way that there will be no going back.

Applying a proper erasure method to the contents of a hard disk is just as effective as physical destruction but of course retains the functionality of the hard disk. This is what should be encouraged and it would be a fine thing indeed to find such functionality built into operating systems, or maybe even the hard disks themselves, right from the start.

0
0
Thumb Up

A problem avoided is a problem solved

Jesus H. Corbett. There’s so much conflicting advice here that most people won’t know what to think.

But here’s the ultimate solution for future reference.

When you buy your next computer, get one with a solid state drive (SSD). Then use TrueCrypt’s full disk encryption (FDE) to secure it (using a strong password of course).

When the time comes to dispose of the computer/drive, simply destroy/forget the password.

0
0
Anonymous Coward

And the most hillarious troll is....

Mike for his glorious:

"Wiping software honestly is horribly ineffective against some of the more advanced recovery programs such as FTK (Forensic ToolKit). I've seen disks wiped with DoD-certified wiping routines get overwritten 25 times and still get recovered by FTK. I don't imagine DBAN would do any better. Fact of the matter is, the only way to ensure it's not coming back is physical destruction. Even basic software like GetDataBack NTFS can often recover several layers down.

Consider this very-real scenario: you sell your computer or give it to someone. They suffer a data disaster. Either their partition gets corrupted, gets deleted, or gets reformatted, and they need their data back. So they buy some fairly inexpensive data recovery software to get their stuff back. This software recovers not only their own data, but YOUR data which was buried a few layers deep. Now they have access to all sorts of things about you that they shouldn't have."

It's all good, nothing to discard here! Every sentence is a pile of steaming bullcrap. Nice one. I would add that the only way to REALLY destroy the data is to melt the whole computer, powercord included. Never know which kind of personal data can remain stuck in all those wires.

0
0
Stop

Re: Anonymous Coward

"It's all good, nothing to discard here! Every sentence is a pile of steaming bullcrap. Nice one. I would add that the only way to REALLY destroy the data is to melt the whole computer, powercord included. Never know which kind of personal data can remain stuck in all those wires."

And you accuse me of being a troll? Do YOU have a degree in Information Systems Security? I do. I've worked with all the software I mentioned. It's very real. I've recovered data from disks that were wiped above and beyond the recommended number of passes with government-approved wiping schemes. Don't believe me? Dig up a demo copy of FTK (they're out there) and try it. See how you feel about data security then when you get it ALL back. Fact is, you may be able to wipe a disk with software enough times so that you cannot recover the data, but on modern hard drives this would take several days and it is far faster and far safer to just destroy the drive. Do YOU want to risk it, particularly with the cheap prices of hard drives nowadays?

0
0
Thumb Down

Strewth, where's a scientist when you need one

Isn't there any hard scientific information out there?

Either you can't recover a sausage after only a casual over-write with zeros OR you can recover everything even after over-writing repeatedly with specially-selected data for weeks.

So that's settled then.

You know what's really sad? There isn't a shred of evidence (published papers or even, err, Wikipedia articles) cited by either side. You can't decide issues like this by debate folks! You need hard evidence.

Anyone know of any? If not, I suggest someone should set up a lab and get some. Maybe that's what Which? should have done. Given what we spend on securing our data, you'd think we'd know what we were doing, but it seems not.

I can hardly believe it.

0
0
Alien

yet ive got the best method...

give your hard drive to that NASA astronaut whose got "butter fingers" and tell her take a look

at your hard drive !. Bingo, lost in space.

0
0

smash it

Do not get carried away. Its not a bad suggestion hammering it. Just put a wrag over to cover debre. Only people to gain is the wipe industry.

0
0

http://sourceforge.net/projects/dban/

I know that if you are a private citizen, DBAN was the only really safe economical way to go:

http://sourceforge.net/projects/dban/

http://www.dban.org/node/40

It seems that actually using the 'teh google' is too much for people, much less actually reading instructions, technical data, and knowing what you are doing while doing it.

This seems to prove that Darwin is right. Give grenades to people and see how many pull the pin, and then throw the pin instead of the nade.

To succeed in this world, you have to be smarter than the tools you are using.

0
0
Happy

I Dont think I Care

if some hard working geek gets information off an old hard drive of mine.

They would die of boredom .

0
0

Best Practices for the Destruction of Digital Data

As we can see from this thread, there are many different opinions about what is the best means to eliminate legacy data. Yet, none cite any active standard or recognized best practice, and all are subjective to what the writer has experienced. So, why are there such varying views on the best practice for the destruction of Digital data? This is due to the mass of confusing guidance out in the wild. Between potentially biased vendor claims, outdated standards, often half baked and potentially dangerous personal opinions, it is clear that there is a general misunderstanding about the proper means to assure that data is properly purged,

So, how does one determine what are the true best practices for Data Destruction? This is not as simple as it may seem. With a lack of common criteria, many look to reference reliable guidance that is published by an authoritative source that presents practice pertinent to the users specific needs. Although this may sound pretty straight forward, it in not always as simple as it appears.

Considering the often referenced US DoD 5220M guidance, the methods prescribed are out dated, and if anyone bothers to read the 2006 amendment, it will be noted that the DoD refers readers to build their policies on information provided by the National institute for Standards and Technology, in their special report 800-88. SP800-88 is a good start for those looking to define their sanitization policy. As a document containing guidance from government, private and academic sources, The information presented arms the reader with qualified reference for the establishment of data sanitization specific to the users own environment.

Like cars or food, no one method can be deemed the right way to sanitize data. What I mean by this is that depending on the nature of the contents of the users drive, and their regulatory obligations to protect this data, the means to handle a device can vary from simply repurposing the device within a department, the use of clear based overwrite software, or the need to purge on site and physically destroy the drive using technology that reduces the media surface to particulate no larger than 1/250th of an inch. It is entirely subjective to the data classification and determining the method necessary to sanitize data of that specific security level.

Looking at the common techniques available we can see that there are 3 levels of sanitization (as referenced by the NIST) these being CLEAR, PURGE and DESTROY. Each having different levels of effectiveness and handling issues.

CLEAR is typically conducted by overwriting the data storage regions of the drive with sequences of obfuscating data. This can be patterns of like or random data, or many passes with varying patterns, as is prescribed in DoD5220. As a Clear technology, the contents of the drive ARE subject to recovery by laboratory or forensic effort. Likewise, as software is often incapable of accessing Protected Service Areas (PSA) of the drive, information will be often left in the Host Protected Area, and in G-List sectors.

PURGE based technologies include Secure Erase and Degaussing. Degaussing is hte practice of exposing the media surface to sufficient levels of magnetic energy to achieve coercion of the individual data bits. This practice although effective when properly conducted does have a few concerns. Specifically, the fact that as drives increase in capacity, the energy required for effective coercion increases. As such, the means to degauss a current production high capacity drive will require a device upward of $50,000 USD that may not be best suited for use in a common office. Add to this the fact that this is a connectionless technology, and that the electromechanical components are often deactivated before the media surface is effectively sanitized, and the means to validate proper sanitization becomes a very complicated and costly process. Effectively, the operator of the degausser should be trained and aware of hte capabilities of the machine, so that only devices that the degausser can effectively purge are processed.

Secure Erase is a standards based purge technology that is embedded in all ATA compliant devices produced from 2001 onward. Developed at the University of California San Diego's Center for Magnetic Recording Research in conjunction with 6 major drive manufacturers, and with the guidance of the NSA, SE is a command based process that purges data from all storage regions of hte media surface including PSA information (HPA, G-LIST and DCO). This technology is the most effective means to purge data from a drive short of physical destruction. As an added bonus, the device is reusable at the end of the process. Recognized by most governments as an effective data purge technology, and the need to find green alternatives to eWaste production the use of SE is becoming a more popular option for most.

SE is not without issues, As a command based process, many BIOS and system vendors have inhibited SE from being communicated to the drive. This is as a cautionary measure to assure that no malware or virus code invokes SE and eliminates the users data in the blink of an eye. Accordingly, due to these concerns, the commercial application of SE as software has not become a reality. Accordingly, the most effective means to launch SE is through the use of purpose built appliances such as that manufactured by Ensconce Data Technology of Portsmouth New Hampshire (www.deadondemand.com ). In an appliance model, SE is not limited by host incompatibilities, and the SE process is assured to purge all media surface data storage regions. Currently, the EDT Digital Shredder is contracted for procurement (on standing offer) by Canadian Federal Government clients for the next 3 years; and is in use by a wide range of government, banking and enterprise clients worldwide.

PHYSICAL DESTRUCTION seems like a quick and easy means to assure data loss, but like the other technologies, it has it's share of issues as well. Aside from the potential for personal harm when doing it yourself, professionally contracted services need to be evaluated as well. In environments where high level classified data is handled, often the sanitization policy will dictate that the device is processed using a means that assures that the data will not be recovered ever, by any means. Sounds simple... well perhaps not..... if the device is to be shredded, the media surface must be ground to a screen size of no larger than 1/250th of an inch. This is a diameter slightly smaller than a complete data block, the smallest recoverable particle of data. Smeltering at a proper facility will surely accomplish this, but not all contractors offer such services.

As effective physical destruction is not readily available at most offices, contracted services for off-site destruction are often engaged. However, handing off unprotected storage hardware to a contractor, or their carrier poses a very significant liability for the owner of the data. The potential for the loss of the storage asset in the hands of a third party should be a very serious concern. Should a device go missing from a delivery, it will be the asset owner making the mandatory disclosure, not the carrier of the contractor... How often does this occur? More often than might be expected. One need only go to attrition.org and download their DLDOS database for a current list of third party and owner based data loss events.

For a current list of physical destruction recommendations ranging from relaibel to half baked, one need only go to youtube and search on the topic. The array of schemes presented is astounding.

Now a bit about me, I am a partner at Converge Net, a Canadian service provider that specializes in the delivery of secure efficient distributed networks. Our clients range from large enterprise to government. In an effort to aid our clients in establishing reliable security policy I had collected all available guidance from academic, gov, and industry sources and with the collaboration of a variety of industry experts, I had co-authored a guide titled 'The Best Practices for the Destruction of Digital Data' along with Dr. Gordon Hughes of the UCSD CMRR. This 55 page guide includes references to current and valid practice, and provides the concepts and references necessary for the development and justification of effective sanitization practice by security professionals, using practice that is suitable for specific security levels.

I welcome anyone interested in this guide to contact me at ryk@converge-net.com for a personal copy at no cost. Likewise, presentations on The paper are available on request.

Sorry for the wordy post.... I am just passionate about the topic.

0
0
Flame

Don't bleat - it works

Bleat all you like fanbois

A 4 inch masonry nail through the platters works just fine.

A technique I have used for some time, simple and effective.

We are not talking government secrets hers, putting the bits into two separate bins collected at different times makes it not worth the while of the non-secret agent to bother.

0
0
Flame

Serious question!!! Again!!!!

Nobody's answered yet...

I'm totally serious! An induction stove works by creating a powerful electromagnetic field; is that field strong enough to wipe a hard drive?

Does anybody know? Anybody???

0
0

Induction Question

Well let's consider how and induction cook top works.... The Induction cooktop is essentially an incomplete magnetic coil, where by placing a pan with a base with iron content will complete the coil, and create heat.

The important consideration here is that the component that completes the circuit must be of sufficienf diameter and composition to effectively complete the inductive pathes. The cook top would most likely sense the completion of the

path and apply sufficient energy to heat the pan. leaving the cook top energized at full power without the presence of a pan would most likely not occur.

As a hard drive Head Disk Assembly, and platters are not iron, then it would stand to reason that placing a drive on an inductive cooktop will not accomplish much.

If the amount of energy that is required to degauss a recent production hard drive requires greater than 6,000 Oerstead, and as much as 11,000 for drives above 750 Gb, and that degaussers of this energy level are very costly, and not recommended for

in office use, then it would be doubtful that a cooktop would produce the same energy levels.

IMHO.

0
0
Thumb Up

Bucket-O-pool water

Take HDD, drill hole into case or remove any flaps to expose inside.

Take bucket and fill with salty pool water

Immerse HDD in said bucket, watch for bubbles

Season to taste with more pool salt

Add half cup of pool acid and stir gently

Leave stand for 1-2 weeks

Dispose of thoughtfully.

Easy

0
0
Happy

@ Ryk Edelstein

Very Informative, thanks!

But a hammer or thermite, still a lot more fun.

0
0

Page:

This topic is closed for new posts.

Forums

Biting the hand that feeds IT © 1998–2018