I'm looking for a quick, simple, and effective way to erase the hard drives of computers that my company will be getting rid of (donation to charity, most likely). Ideally, I would like a single-purpose bootable utility CD that upon booting, finds all attached hard drives and performs an "NSA grade" disk erasure.
Is anyone aware of such a utility (even one not quite as automated as what I've described)?
DBAN:
dban, Darik's "boot and nuke" bootable cd will do this. It takes a while, but that is because it really makes sure everything get erased when you use the longer format options.
Keep in mind 'sure' and 'fast' are opposing forces with something like DBAN. The faster the wipe, the easier it will be to recover the data.
Other Options:
If you have a lot of drives, you might consider looking at 3rd party vendors that provide this service, lots of companies that shred paper will do this service as well (for tapes and hard drives). If this is something you are going to be doing a lot in the future, you might want to buy a degausser. Both the 3rd party vendor and the degausser options will destroy the drives for future use, but you could still donate the rest of the hardware.
dd if=/dev/zero of=/dev/hda
Seriously, I don't know any way of getting rid of data faster or easier. There's even a challenge for data recovery companies to restore anything that has been erased with dd. Nobody has been able to do it.
Best part: the drive is usable afterwords. I've used DoD spec'd erasing programs that actually didnt work(the system was bootable afterwords). dd, and no boot. plus dd is faster.
It take a bit to learn how to use dd. but I've used it for data recovery on failing hard drives(think if=/dev/hda of=/dev/sda) and it has worked wonders. Don't know how it works, and don't care, it's awesome.
If you are decommissioning the drives physically, Bustadrive is good choice.
(source: pcpro.co.uk)
Center for Magnetic Recording Research:
From the Q & A doc:
Secure erase has been approved by the U.S. National Institute for Standards and Technology (NIST), Computer Security Center . In general data erasure techniques when used alone are approved by NIST for lower security sanitization (less than secret) since the data can be recovered at least in theory.
Warning: Issuing any of the following commands can result in permanent data loss.
The SUSE blog suggests these commands:
Seconding dban. "NSA" level wipes take 6-8+ hours to fully write to the drive the required number of times. Simply writing over the entire disk once will make it safe from anyone who lacks specialized and costly tooks to manually read the data from the drive.
If a disk uses 0's and 1's to hold data, imagine writing everything to 0 makes those 1's into 0.2's. A special tool can read that 0.2 and recognize it used to be a 1.
Wiping it fully twice (all 0's, then all 1's) is sufficient to make a recovery extremely expensive and require even more time and specialized tools.
Damn ! I need at least 10 rep to post more than 2 links. So I converted the links to code. Anyway, here goes -
Why I wanted to do a "full erase" - malware infection.
I quickly glanced at most of the answers and did ctrl +f HPA, then DCO. I saw that the answers don't mention one crucial aspect - removing data from "secret areas" in your HDD such as HPA (Host Protected Area) and DCO (Device Configuration Overlay).
I am no expert, rather an average user,but I have gained some knowledge on the internet. These areas matter in two cases -
Software of any kind (malware) can be hidden in the HPA and DCO areas. If you don't wipe these areas too, and the (sophisticated) malware has infected them, chances are that your infection will return after a "full erase" and reinstall of (windows) OS. A forensics guy, might want to see if a criminal has hidden secret data in these areas.
DBAN does NOT wipe the HPA and DCO -
http://www.dban.org/node/35
DBAN suggests other paid solutions for these purposes, by its partner Blancco -
http://www.dban.org/node/34
Btw, Blancco advertises on DBAN software.
HDDErase by CMRR has HPA and DCO removal feature, but its an old project which was not supported/continued after 2007 or so.
http://cmrr.ucsd.edu/people/Hughes/documents/HDDEraseReadMe.txt
BC Wipe Total wipeout is a $50 tool that clearly mentions its ability to wipe DCO and HPA. Its OS independent i think.
http://www.jetico.com/products/personal-privacy/bcwipe-total-wipeout/
See features.
Hdparm is a free linux based solution. I am using it right now, in the hopes of wiping my HPA and DCO, as per this tutorial -
https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase
Companion docs for hdparm tutorial -
http://tinyapps.org/docs/wipe_drives_hdparm.html#n3
manual for hdparm -
http://linux.die.net/man/8/hdparm
BUT, this approach is full of challenges. My system threw up problems in many steps of the above tutorial. To solve all those problems, I had to read more and each step becomes like 5-6 sub-steps. So, its not as easy as following 10 steps and being done with it. I am seriously considering throwing away my old hdd and getting a new one. I have wasted..no spent 2 days so far.
Btw, if you want to run linux (ubuntu distro) with minimum hassle, then get it free off their website and install it on a usb flash drive (at least 4GB) and boot off that flash drive. Once you see ubuntu, then open your browser and download the .deb file for hdparm. Open it with ubuntu software center to install it. Now you can invoke hdparm via terminal. I do this method of installation instead, because sudo apt-get install command fails for me for some strange reason.
To get an idea of how much I have suffered thus far, see my profile or check out the question at -
https://serverfault.com/questions/537336/how-do-i-erase-a-harddrive-100-including-hpa-and-dco-areas
HTH anyone who is stuck and irritated by this problem.
I use thermite. Of course it's a little hard to donate them to charity, but they sure are thoroughly unreadable.
Thermite is definitely fast, and secure in the data sense. It is not exactly easy to work with.
Your other option is a big magnet, it's fast too. You don't need to get fancy with degaussing, waving a strong magnet can ruin sufficient data, including the error correction bits.
You don't need thermite or nitro, just take the drives apart and take the platters out (and keep the voice coil magnets from the head positioning assembly, they're super-strong rare-earth magnets, very useful), and break them. Just taking the platters off the spindles will make it impossible for almost anyone to read them (I've read different things about whether it's possible for anyone to get the platters re-aligned), and if you break the platters into a few pieces, that should be it. I guess you could still thermite the platters if you're really worried...
dban is the proper tool to use if you are planning on using the drive for some other application or donating it to another party or selling it.
If you want it to be fast and completely unambiguously safe, nothing beats thermite. Somewhat slower but less likely to surprise your neighbors is a drill. Again, you won't be reusing the results anywhere so charity donations are out the window after the drill or thermite...
Oh for [goodness] sake, if you want to erase the data securely use autonuke at the command prompt in DBAN. If you want to physically get rid of the thing just throw it into the [friendly] fireplace, or fill up the sink and submerge it in water. Or get a hammer and bash the little nutter to bits. The easiest solution is, of course, the water. But then again you must consider, how highly do you think of yourself to think anyone's after your petty [friendly] data?
Hammer 'em and forget about donating. A number of charities don't accept computer equipment anymore because they've gotten non-working gear dumped on them. A lot of computer gear is hazardous and shouldn't just be thrown in a dumpster. Charities get saddled with disposal costs, so they just say no to PC gear.
@Kyle Brandt, the idea is to hammer them so the platters inside shatter into tiny bits and dust. That is impossible to read.
How about just filling the drive with many meaningless huge files?
A batch file --> 1000 Copies of a random .vob DVD file. Sequential filenames.
And thén a simple quick format.
