IT Guy
asked on
Wipe Hard Drive
i am using DBAN to wipe hard drives with 7 rounds, is there anything faster out there
ASKER
how long does it take to wipe a Hard drive? also the size of the hard drive
The fix to your speed problem is to wipe with one pass instead of seven. Data is GONE after being overwritten once. GONE.
ASKER
because of PCI compliance we need to wipe 7 times...
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
1. A software doing ONE wipe on a drive certainly does NOT completely wipe it. Data can still be recovered.
2. I would run SpinRite on the drive before wiping it 7 times if you have the time. This helps to ensure more sectors are wiped as DBAN and other programs can often skip sectors. You may also look into wiping software that does NOT skip bad sectors as those are often over-looked.
3. Copy-Wipe has decent wiping speeds but I am not sure if there is a 7 pass option.
2. I would run SpinRite on the drive before wiping it 7 times if you have the time. This helps to ensure more sectors are wiped as DBAN and other programs can often skip sectors. You may also look into wiping software that does NOT skip bad sectors as those are often over-looked.
3. Copy-Wipe has decent wiping speeds but I am not sure if there is a 7 pass option.
If you think one-pass overwritten data can be recovered, you should certainly jump all over the reward that's out there for anyone who can do it. I forget the amount; it's either $10,000 or $50,000 that has gone unclaimed for years. I forget it because it's irrelevant. It's irrelevant because it can't be done, which is of course why the reward was offered.
Reality: This is the tech equivalent of an old wives' tale, and nothing more. Once data is overwritten, be it once or a thousand times, it's gone. Forever. Period.
Reality: This is the tech equivalent of an old wives' tale, and nothing more. Once data is overwritten, be it once or a thousand times, it's gone. Forever. Period.
I'm not trying to start a debate is it is irrevelant to the OP but I'm telling you as a certified forensics investigator that data can often be recovered from a single zero pass wiped drive.
Now, not ALL data can be recovered. That is for sure. However, it is often that SOME data can be recovered. The main problem stems from the fact that most data-wiping software can and WILL skip sectors on the hard drive (ESPECIALLY sectors that were flagged by the hard drive as failing).
Data recovery software can look at the sectors flagged as failed and recover the data which still resides in those sectors. Running a data wipe with more than one pass helps to ensure that sectors it skips (disregarding ones flagged as bad at the lowest level).
Granted, not a lot of data will be recovered from these sectors most of the time. But when dealing with PCI, you are storing credit card related data so it doesn't take many bytes to equal a breach.
Now, not ALL data can be recovered. That is for sure. However, it is often that SOME data can be recovered. The main problem stems from the fact that most data-wiping software can and WILL skip sectors on the hard drive (ESPECIALLY sectors that were flagged by the hard drive as failing).
Data recovery software can look at the sectors flagged as failed and recover the data which still resides in those sectors. Running a data wipe with more than one pass helps to ensure that sectors it skips (disregarding ones flagged as bad at the lowest level).
Granted, not a lot of data will be recovered from these sectors most of the time. But when dealing with PCI, you are storing credit card related data so it doesn't take many bytes to equal a breach.
Okay, that's a different issue if we're talking about data that was never actually overwritten, and we don't disagree at all on that. My next question would be whether multiple passes actually address this issue at all, or if once a sector is flagged bad, it's ignored on all subsequent passes, as well. This can of course vary from software to software, but I'd be curious to know which, if any, of the widely available packages address it.
OP, please pardon this off-topic Debate O'Geeks. Some of us just can't help ourselves.
OP, please pardon this off-topic Debate O'Geeks. Some of us just can't help ourselves.
Lol yeah.. leave it to the true geeks to talk about this late on a Saturday night.
To my knowledge, it depends on whether or not the sectors were flagged as bad at the hardware level or the software level. And I believe that when the wiping software attempts to wipe a sector (but that sector wasn't flagged as bad) but cannot write to it, it skips to the next sector. One the subsequent passes, it may be able to write to that sector successfully.
This is why I recommended running SpinRite before hand.. it helps to prevent the software level skips.
As far as sectors flagged as bad at the hardware level, I think it depends on the wiping software. I have read that enterprise grade wiping software has an option that can attempt to overwrite those drives. But I have never run across that software.
To my knowledge, it depends on whether or not the sectors were flagged as bad at the hardware level or the software level. And I believe that when the wiping software attempts to wipe a sector (but that sector wasn't flagged as bad) but cannot write to it, it skips to the next sector. One the subsequent passes, it may be able to write to that sector successfully.
This is why I recommended running SpinRite before hand.. it helps to prevent the software level skips.
As far as sectors flagged as bad at the hardware level, I think it depends on the wiping software. I have read that enterprise grade wiping software has an option that can attempt to overwrite those drives. But I have never run across that software.
The difficult/frustrating part is when you read up on a lot of data recovery methods.. a lot of it is still theoretical. :(
Gotcha. And yes, I like the SpinRite suggestion. :)
doing faster is ideal but not at "compromising" the no of round, as spoken by the experts here it all summed up to "it depends" on factor of the sector state, wiping effectiveness, (probably algorithm), state of data to write over etc...Doing via the s/w would still be slower ... maybe eventually if this is a regular affairs and having "many" of such target HDD, then worth investing in h/w erase type...or even "Soho" type...e.g. Drive eRazer Ultra (1:1) or scaling up with Aleratec 1:5 HDD Cruiser.
Technically, PCI is a worldwide standard, and there is no consenus on an "industry standard" or "secure wipe". In the US, QSA's often point to NIST 800-88, but that's a US standard, and not "the" industry standard. Even so 800-88 has 3 media sanitizations methods, clear (wiping), purge and destruction.
I know of no rule in PCI that states that 7 times is needed, and it's not stated in 800-88, that publicaion actually says HDD's created after 2001 can be over-writen once:
(page 6 aka page 14)
You should wipe 3 times to exceed what is considered the standard of 1-2 times. Windows Cipher.exe can do this, all ones, all zeros and then random 0's and 1's. It does not overwrite the MBR, but that does not contain vital or sensitive data.
Ask your QSA to give you the industry standard paper on wiping, he/she won't have it.
Wiping takes time on Gb and Tb sized drives, there is no way to do it quickly and be thorough. It takes 32hrs to wipe a 500Gb ATA drive 3 times, a HDD that spins as 7200 RPM. Faster spin drives will wipe faster.
-rich
I know of no rule in PCI that states that 7 times is needed, and it's not stated in 800-88, that publicaion actually says HDD's created after 2001 can be over-writen once:
(page 6 aka page 14)
Wikipedia lists several standards here: http://en.wikipedia.org/wiki/Data_erasure#Standards Only Bruce Schneier's says 7 times.
2.3 Trends in Data Storage Media
Computing technologies change rapidly. Users want more powerful but compact devices. New technologies constantly increase processing speed and storage capacity, while decreasing the device size in order to satisfy this demand. These technologies may require new clearing and purging techniques.
Advancing technology has created a situation that has altered previously held best practices regarding magnetic disk type storage media. Basically the change in track density and the related changes in the storage medium have created a situation where the acts of clearing and purging the media have converged. That is, for ATA disk drives manufactured after 2001 (over 15 GB) clearing by overwriting the media once is adequate to protect the media from both keyboard and laboratory attack.
You should wipe 3 times to exceed what is considered the standard of 1-2 times. Windows Cipher.exe can do this, all ones, all zeros and then random 0's and 1's. It does not overwrite the MBR, but that does not contain vital or sensitive data.
Ask your QSA to give you the industry standard paper on wiping, he/she won't have it.
Wiping takes time on Gb and Tb sized drives, there is no way to do it quickly and be thorough. It takes 32hrs to wipe a 500Gb ATA drive 3 times, a HDD that spins as 7200 RPM. Faster spin drives will wipe faster.
-rich
Another good reference is the CMRR best practice paper stating also the performance and NIST 800-88 reconfirmed the effectiveness of a one-pass overwrite.
http://cmrr.ucsd.edu/people/Hughes/documents/DataSanitizationTutorial.pdf
Disk drive Secure Erase is a drive command defined in the ANSI ATA and SCSI disk drive interface specifications, which runs inside drive hardware. It completes in about 1/8 the time of 5220 block erasure.
But NIST 800-88 also cautioned about new data security challenges posed by emerging media storage devices.
“For storage devices containing Legacy Magnetic media, a single overwrite pass with a fixed pattern such as 0s typically prevents recovery of data even if state of the art laboratory techniques are applied to attempt to retrieve the data. . . . Users who have become accustomed to relying upon overwrite techniques on magnetic media and who have continued to apply these techniques as media types evolved (such as to flash-based devices) may be exposing their data to increased risk of unintentional disclosure. Although the host interface (e.g. ATA or SCSI) may be the same (or very similar) across devices with varying underlying media types, it is critical that the sanitization techniques are carefully matched to the media.
(p. 14, http://csrc.nist.gov/publications/drafts/800-88-rev1/sp800_88_r1_draft.pdf)
http://cmrr.ucsd.edu/people/Hughes/documents/DataSanitizationTutorial.pdf
Disk drive Secure Erase is a drive command defined in the ANSI ATA and SCSI disk drive interface specifications, which runs inside drive hardware. It completes in about 1/8 the time of 5220 block erasure.
But NIST 800-88 also cautioned about new data security challenges posed by emerging media storage devices.
“For storage devices containing Legacy Magnetic media, a single overwrite pass with a fixed pattern such as 0s typically prevents recovery of data even if state of the art laboratory techniques are applied to attempt to retrieve the data. . . . Users who have become accustomed to relying upon overwrite techniques on magnetic media and who have continued to apply these techniques as media types evolved (such as to flash-based devices) may be exposing their data to increased risk of unintentional disclosure. Although the host interface (e.g. ATA or SCSI) may be the same (or very similar) across devices with varying underlying media types, it is critical that the sanitization techniques are carefully matched to the media.
(p. 14, http://csrc.nist.gov/publications/drafts/800-88-rev1/sp800_88_r1_draft.pdf)
http://sourceforge.net/projects/eraser/