What are my options for disposing of sensitive data on a lot of hard drives?

MaestroDT
MaestroDT used Ask the Experts™
on
Alright, we have about 10 old laptops and 10 old desktops here at my company. Most of them are SO old it isn't even worth repairing them... I mean we're talking like absolutely huge, boat anchor laptops. All of the hard drives in the computers have sensitive personal or company information on them. I want to get rid of the computers but securely handle the drives.

What are my options? I have a program called Eraser that writes drives, but it takes so long to do that I don't think it is worth my time to take weeks writing 0s over these worthless computers. I originally was just going to take the hard drives out and eBay them as spare parts as $1 auctions, but now I'm left with what to do with the hard drives.

I know there are places you can take drives to have them destroyed, but I don't know of any. Also, how secure are these and how much do they cost? Does anyone have any particular place in mind?

What are my other options? Obviously since these computers are so worthless, I'd like to keep the option on the cheap side.

Thanks!
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Hi, if its only 20 drives, I would suggest finding a bored younger service desk employee, and giving him a hammer! Or you could get him to disassemble the drives and remove the disks inside and destroy these with sharp metal implements, that's the way we have always handled old drives, plus it gives those with a destructive nature something to do while answering the phones!

M@
Commented:
I know we have used this company for document/hard drive destruction for quite some time.
http://www.ironmountain.com/shredding/shredding-services.html 
One option can be which i also used for some of my old machines,was that take out the hardrives from the laptops, and open them for practice purpose,, and its cannot be reassembled :)..... The same way you will have some experience one disk parts also all units will no more be to put together.

How to Generate Services Revenue the Easiest Way

This Tuesday! Learn key insights about modern cyber protection services & gain practical strategies to skyrocket business:

- What it takes to build a cloud service portfolio
- How to determine which services will help your unique business grow
- Various use-cases and examples

EirmanChief Operations Manager
Commented:
Go to a small steel engineering company and get them to drill holes through the disks under your supervision. Should take about 30 minutes for 20 disks.

Or you could drill one hole and emerse them in acid.
Gary CaseRetired
Most Valuable Expert 2013
Top Expert 2009
Commented:
Physical destruction -- as suggested numerous ways above -- is the simplest and least expensive way to do what you want.

If, however, you want to keep the drives functional, a software-based multi-pass DOD-5220.22 M  compliant erasing utilty is the least-expensive approach; but as you've already noted these take a long time to run, since they have to completely write the disk several times. I presume your "Eraser" utility is one of these. Note that you can connect several drives at once to a PC -- dependent only on how many IDE/SATA ports you have available (or USB bridge devices) -- and run multiple instances of your erasing utility.

The fastest way to erase a drive without physical destruction is with a degausser; but these are very expensive and certainly not cost-effective for the very small quantities you have. The good ones are several thousand dollars. A few examples: http://www.degausser.us/Degauss/hd.htm

Gary CaseRetired
Most Valuable Expert 2013
Top Expert 2009

Commented:
... just in case you need a better utility than the "Eraser" program you have, I've used Active KillDisk to do this, and it works very well  (and can erase multiple drives at once).
http://www.killdisk.com/

You may also have some drives that aren't functioning ==> for those your only option is physical destruction if you want to be sure the data isn't recoverable.
   
I would suggest using some sort of physical destruction rather than a utility. You can use a degausser if you have access to one which uses magnets to wipe the drives. This is used to rid old drives of classified data. Or the best (easiest) solution is to use a drill to destroy the hard drive. Check out this link for more information.

http://www.popularmechanics.com/technology/how-to/computer-security/4212242

Author

Commented:
I think Eraser works fine. I've used an older of KillDisk before... when you say it can handle multiple drives at once, do you mean concurrently writing across all of them or just handling one after the other but in the same batch job? I'm trying to get some money for some USB to IDE adapters, but I don't think it will happen because nobody really wants to spend any money on this.

JD... I just feel the need to point out that providing links to articles as "more information" that are more basic than my original question or anyone's comments really isn't helpful... but thanks anyway.

Now, my main question regarding physical destruction of the drives is likelihood of pulling any pieces of data off of it. This stuff isn't quite classified military material, but it is sensitive government data... if I drill 4 holes through the platter, isn't there still a chance someone can pick up the platters, do some crazy amount of work and recover the data that was written in between the holes?

The reason I like overwriting programs (or degaussers, which are way too expensive for this project) is that they go bit by bit and overwrite every piece of information as many times as I tell it too... unfortunately this takes forever.
Gary CaseRetired
Most Valuable Expert 2013
Top Expert 2009

Commented:
It will work on multiple drives at once.    I suspect you can do the same thing with Eraser -- perhaps by just starting multiple instances -- but I don't know that for sure.

The answer to your question r.e. recovering data if you physically destroy the platter is Yes, it can still be recovered IF someone has the resources and are willing to spend the time to do the recovery.   As long as the media exists -- even if there are holes in it and/or it's been shattered, the data is still on the remnants and can ... at great expense in $$ and time ... be recovered.     Remember that NASA recovered most of the data from the hard drives in the Space Shuttle Columbia after that disaster -- they were badly broken;  burned; and in multiple pieces;  but with enough work and the right equipment it can be done.     HOWEVER ... you do have to assess the likelihood that your data would be considered important enough that someone would be willing to spend the hundreds of thousands of dollars it would take to do that recovery :-)

... but it's certainly true that you'll be much more secure if you do a DOD 5220.220M compliant erasure of the disks -- whether or not you then physically destroy them doesn't really matter.
>as many times as I tell it too

Three times is plenty.  Unfortunately, does not work on defective/damaged drives.  I use dban for fully functioning disks.

For disks that can't make it through dban, I disassemble, remove the platters, then drill them.

As good measure, the magnets _inside_ the drive that keep the arms perfectly balanced are some of the most powerful magnets you'll ever get your hands on in a cheap consumer product.  Once you remove the bolts holding the assembly together, you've got a budget magnetizer right there.  Just clap the magnets onto the drilled platters.  Make sure your fingers are out of the way...or you will break skin and draw blood.  (Wear gloves and goggles.)

If you have a bench vise, you can also bend the platters.  Impossible to get them back into any usable shape.  Or a grinder, aviation snips...but it depends on if you can take the drives to a suitable location.  Most offices don't have this stuff sitting around...nor will your co-workers appreciate the noise and dust.
Gary CaseRetired
Most Valuable Expert 2013
Top Expert 2009

Commented:
I agree three passes is adequate -- that's what DOD 5220.220M requires (albeit with a specific sequence of writes).    However, self-proclaimed "Professional Paranoid"  Dr. Peter Gutmann has shown that data can still be recovered after this process ... and he recommends an arbitrary additional number of passes  (the "Gutmann method" is a 35-pass erasure !!! ... which he himself says is unnecessary).  [http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html ]

I'd simply do 3-passes with Eraser and consider everything fine.    If you want to physically destroy the disks, this inexpensive kit is what Peter Gutmann recommends:
http://www.diskstroyer.com/

Important epilogue to this often-referenced paper:

....For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do. As the paper says, "A good scrubbing with random data will do about as well as can be expected". This was true in 1996, and is still true now.

Author

Commented:
How much do hard drive/data destruction services generally cost? I'm asking this question to those that have used them before... because every webpage I find of a company that offers this service only has a "Contact us for quote" line... which leads me to believe it is expensive.
^ that's generally because they want contract work.  I searched a few, and the effort needed for account setup, documentation, etc., they didn't even want to touch onesy-twosy things like I had.  It's not necessarily expensive in volume.  But for one drive, nobody would pay $100-150.

The costs are going to depend on the standards used for transporting, documentation, and reporting.  That's why "contact us".  Big difference between rolling a truck to pick up one drive and bulk-shipping 50 of them with your own carrier, insurance, and shipping container.
Top Expert 2014

Commented:
The platters may well be made out of glass rather than metal, doesn't take much of a whack to get them to make a nice tinkling sound. Or try this - http://www.youtube.com/watch?v=xe8fOCWL2sU
Personally i recommend that open each HDD and have a hammer to destroy the plates, because in any case laptop HDD plates are not wider than 2.5 inches or may be 3.5, instead of spending alot of money and making the people aware of that you have very important data,just get them destroyed your self. No one is going to take those plates and spend huge amount to get them together, NASA issue was different , their HDD plates are not like laptop HDD plates and those worth spending enough amount to get them assembled.
Everything has been said multiple times so I just want to add some additional information:

1. It is an URBAN LEGEND, that someone has to write MULTIPLE times 0 or some other pattern to a drive, so that the data can not be reconstructed. Yes, all those programs that write 3, 7 or more times something to your drive are just wasting your time since all of them are based on this theory that is an urban legend. There has been released a scientific essay about this recently, if someone is interested he will surely find something in the net about it. To summarize it with a few words: YES there is something like a magnetic "halo" so in theory it would be possible to find traces of the old data beneath the new data. But even with the most brilliant tools and scientists on a whole hard disk it might be possible to recover a byte or two, not more. With no means anybody on this world can recover whole files or usable fragments of it. The summary said that a one-pass overwrite is perfectly enough for anybody, even for extremely sensitive data!

2. If you want to avoid in the future the need to overwrite disks: Encrypt your data, e.g. with truecrypt.org. You can then hand out those disks to anybody without overwriting them, because without the password the data is not accessable.
Gary CaseRetired
Most Valuable Expert 2013
Top Expert 2009

Commented:
It is absolutely NOT an "urban legend" that data can be recovered after writing a single pass of zeros to a drive.    It DOES take some sophisticated equipment, but I've been in laboratories that do exactly that -- in fact one of the teaching "tools" used in training engineers who do some of this sophisticated data recovery is to take a drive full of data and write zeroes to the entire drive ... then recover the data.    The success rate after a single pass of zeros is well over 90%.     That's why the DOD erasure standards require 3 passes ==> and use a very specific pattern to ensure every bit has been toggled at least twice, with random bytes written on the 3rd pass.    This does indeed make it virtually impossible to recover the data ... not impossible, but with a dramatically lower likelihood of success.
Well, even old slow machines make excellent "thin clients" via Remote Deskop client to a Citrix, MS Terminal Services, Linux Terminal Services or TSPlus server, like say a training class.  Ditto letting IT students take apart machines.
It's the summer, sounds like a good summer employee project for a couple of days anyway.
Here's a recent thread mentioning many of the data wiping tools, some are free http://www.experts-exchange.com/Software/System_Utilities/Security/Q_26311146.html#a33154972

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial