Securely erasing those old drives

A while back, I wrote a post entitled Spring Cleaning old electronics (AKA Crap).  In this article, I focused on what to do about cleaning out old phones, tablets and other devices, including methods to wipe them clean of sensitive information.  Though this post is a year and half old, the information contained is still relevant.

intdrive2For this post, I thought that I’d focus on the issue of old disk and thumb drives.   In any given household, I suspect there are several old drives that are being kept around due to the sensitive information on them.  What to do?  BTW: This discussion applies to thumb drives (or memory sticks) as well as mechanical disk drives.  They share the same methods of storing and accessing data.

A number of years ago, the only method for the average Windows user to securely erase data would be to destroy the disk.  I knew one guy who would use old disks for target practice, while I’ve been known to take a sledge hammer to a drive.  What a waste and believe it or not, not as secure as one would hope.  Fortunately, there are easy-to-use tools to securely erase those old drives and I mean securely.

Doesn’t just deleting the data or reformatting the disk erase the data?

Though the data seems to disappear, in reality, the data may still be available to someone who knows how to get to it.  The reason is in the structure of data that reside on drives.   A filesystem is structured a lot like your local public library.  Books (files and directories) are stored on shelves, but due to the shear volume, the only reliable method to find a given book  is by looking up the book in a card catalog (filesystem index).  When you delete a file or directory, the system removes the entry in the index.  However, the data remains on the disk until space is needed for another file or directory.  Unless the disk is space constrained, the data might remain for a very long time.  When a disk is reformatted, the standard method is to erase and recreate a new, empty index.  Again, the underlying data remains.

There are tools available to allow someone to browse and recover data from the  disk fragments, regardless of the type of filesystem that resides on the disk.  Additionally, even disks that have been damaged (like with a sledge hammer) can yield many of its secrets to a highly skilled forensic examiner.

Are there services that do this?

Yes, there are companies that you can hire to securely erase disks.  For businesses with large storage arrays, most of the companies providing the storage also provide services for destroying the data on disks.   This is usually done by a technique called degaussing, which involves passing the disk over a very powerful magnet, which effectively scrambles the bits.    Consumers can also find companies that will securely erase a drive.  However, doing it yourself is so easy AND you don’t have to hand over your sensitive drive to a third party (which to my way of thinking is a very good thing).

OK, I want to do it myself, how?

First, you’ll need to decide how paranoid you are, which has a lot to do with how sensitive the data currently is and how you plan to use the disk post-erasure:

  • Fast secure erase — In this solution (which isn’t all that fast), data (usually zeros) is written over the entire drive before reformatting the disk back into a file system.  This effectively removes the ability to recover data by most, if not all forensic tools.  This solution is fine if you plan to hold on to and reuse the drive and/or if you don’t have very sensitive data on the drive (defined as no social security numbers, banking information, etc.).
  • Thorough secure erase — In this solution, multiple passes are made across the drive (usually 3) writing different data across the disk before reformatting the disk.  What this provides over the “Fast” solution is to remove the “echo” data, which is the tendency of the magnetic surface of the media to display characteristics that might be readable in a lab by a highly skilled forensic expert using tools like an electron microscope.  There is some controversy about the viability of being able to effectively reconstructing this data, but though the erase takes longer, there is no harm in this level of protection, except for thumb drives (see note below).  This is what I recommend for mechanical drives.
  • Paranoid Secure erase — This is the same as the previous one, except it will overwrite data many more times (7 on the Mac).  This is overkill for no discernible benefit except to ease paranoid thoughts. 🙂

A couple  notes before discussing how to do this:

  • For thumb drives, I’d recommend using the fast secure erase only.   This is due to the fact that each time you write to the drive, you reduce its life.  If you plan to throw away the drive, then you can be a little more secure.
  • Secure erasing will destroy all data on the drive, including the OS you might be running on.  This means that if you securely erase a “C:” drive in Windows, you’ll need to reinstall.   For a system drive, I’d recommend removing it and mounting it in another computer before erasing the drive.
  • Secure erasing takes time depending on the level of paranoia.  A three-pass secure erase on my Macbook Pro takes roughly 9 hours for a 300 GB drive.  Be sure that you’re not running on battery, since a non-controlled stop in the middle of the process can cause unrecoverable disk corruption.
  • Like everything in tech, there are no absolutes.  There is one area that isn’t addressed with this method: bad disk sectors.  All mechanical drives come with spare disk sectors that the drive’s firmware can use if it detects an unreliable sector.  Once the firmware replaces the bad sector with a fresh one, the bad sector is permanently unavailable for use.  Data could exist that a highly trained forensic expert might be able to recover.  However, it will only be a small file fragment and highly unlikely to be of value.  I include this for completeness only.
  • Finally, encrypting your entire drive is a method to make this easy if you want to securely erase it.  You simply need reformat the drive since the underlying data is effectively scrambled.  This is a topic for a future post.

As usual, the tools available are OS dependent.  For the Mac, the Disk Utility app is included with MacOS and has the ability built-in to securely erase a drive.  Mount the drive you want to securely erase, start up the app (it resides in the Utility folder within the Application folder).   Focus on the drive to be erased and click on the “Erase” tab, then the “Security Options” button.   Move the slide to the level required (3-pass shown):

Screen Shot 2013-12-16 at 10.34.21 AM

Then click “OK” and “Erase”.  The app will allow you to reformat the drive for MacOS or Windows (which is important for thumb drives).

For Windows 7 or 8, you’ll need to download a third party tool.  Microsoft makes the following recommendation (see option B) on tools.  They also offer several levels of paranoia, to choose from.

One final gizmo that you might want to invest in.  As mentioned, sometimes you need to remove a disk and mount it on another computer.  For a desktop or tower computer, this can be done by opening the computer you’re using and installing the disk.  This is a pain and will not work if you’re running on a laptop.  However, there is a device called DriveWire by Apricorn.  It allows you to hook up most any type of internal disk to the USB port and only costs $39.  It comes with a power supply and adapter that looks like this:

drivewire

=

2 Comments

    Trackbacks

    1. Your technical New Year’s resolutions | The Family HelpDesk
    2. Cleaning out the Cobwebs – Groundhog edition | The Family HelpDesk

    Leave a Reply

    Fill in your details below or click an icon to log in:

    WordPress.com Logo

    You are commenting using your WordPress.com account. Log Out / Change )

    Twitter picture

    You are commenting using your Twitter account. Log Out / Change )

    Facebook photo

    You are commenting using your Facebook account. Log Out / Change )

    Google+ photo

    You are commenting using your Google+ account. Log Out / Change )

    Connecting to %s

    %d bloggers like this: