Solved

Wipe Hard Drive

Posted on 2014-03-14
17
1,099 Views
Last Modified: 2014-03-20
i am using DBAN to wipe hard drives with 7 rounds, is there anything faster out there
0
Comment
Question by:NxJNY
  • 5
  • 4
  • 3
  • +3
17 Comments
 
LVL 15

Expert Comment

by:ZabagaR
Comment Utility
I use Eraser but can't compare speed because I don't know DBAN.

http://sourceforge.net/projects/eraser/
0
 
LVL 2

Author Comment

by:NxJNY
Comment Utility
how long does it take to wipe a Hard drive? also the size of the hard drive
0
 
LVL 5

Expert Comment

by:ChopOMatic
Comment Utility
The fix to your speed problem is to wipe with one pass instead of seven. Data is GONE after being overwritten once. GONE.
0
 
LVL 2

Author Comment

by:NxJNY
Comment Utility
because of PCI compliance we need to wipe 7 times...
0
 
LVL 15

Assisted Solution

by:ZabagaR
ZabagaR earned 167 total points
Comment Utility
I don't sit and watch the drive wipe....I set it then come back later so I could only guess.

Unless you try it yourself, you won't be able to compare software products.

I am wiping laptops.

If anybody else gives you readings for wipe speed, you'd have to take into consideration the differences between your hardware and theirs.  System bus speed, disk type, disk speed (4200, 5400 and 7200rpm, 10K, 15K), buffer size, etc... you wouldn't be comparing apples to apples.

You should download & wipe a disk and time it.
0
 
LVL 61

Accepted Solution

by:
btan earned 167 total points
Comment Utility
HDDErase is ine but you can check out Blancco

http://www.blancco.com/us/benefits/fastest-erasure-process/

but good to know the DBAN folks has below to say:

A) usual reasons for DBAN being slow are:

Bad hardware. DBAN will degrade to PIO mode after a DMA fault and try to finish the wipe. The estimated runtime will get very large very quickly in this case.

Old drivers. Try the latest posted beta or pre-release if the target computer was manufactured in the last six months.

DBAN is alway 20% slower than a similar product. You are comparing DBAN against a similar product that cheats on the DoD implementation by "randomly" choosing the null byte on the final character pass..

B) DBAN fully uses all I/O capacity on most computers. There is no way to reduce wipe time and still fully wipe the media. Similar products may appear to run faster than DBAN because they silently fail at BIOS addressing limits, or because they just do a firmware lock. You can purchase a database of performance statistics from us to plan your consulting job.
0
 
LVL 5

Assisted Solution

by:ChopOMatic
ChopOMatic earned 166 total points
Comment Utility
Gotcha on the PCI compliance requirement. Sheer silliness to require it, but it is what it is.

You've gotten some good comments already. Wiping speed is of course always gonna be dependent upon the hardware in play. If you have a lot of drives to wipe on a regular basis, I'd strongly consider a dedicated hardware wiper. They're simple to use and will get you the fastest wipes possible.

http://voomtech.com/content/drivewiper-3

http://bit.ly/1grHVDH

If you also have the need to clone or image drives, you can get a unit that will do both.
0
 
LVL 10

Expert Comment

by:Schuyler Dorsey
Comment Utility
1. A software doing ONE wipe on a drive certainly does NOT completely wipe it. Data can still be recovered.

2. I would run SpinRite on the drive before wiping it 7 times if you have the time. This helps to ensure more sectors are wiped as DBAN and other programs can often skip sectors. You may also look into wiping software that does NOT skip bad sectors as those are often over-looked.

3. Copy-Wipe has decent wiping speeds but I am not sure if there is a 7 pass option.
0
Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

 
LVL 5

Expert Comment

by:ChopOMatic
Comment Utility
If you think one-pass overwritten data can be recovered, you should certainly jump all over the reward that's out there for anyone who can do it. I forget the amount; it's either $10,000 or $50,000 that has gone unclaimed for years. I forget it because it's irrelevant. It's irrelevant because it can't be done, which is of course why the reward was offered.

Reality:  This is the tech equivalent of an old wives' tale, and nothing more. Once data is overwritten, be it once or a thousand times, it's gone. Forever. Period.
0
 
LVL 10

Expert Comment

by:Schuyler Dorsey
Comment Utility
I'm not trying to start a debate is it is irrevelant to the OP but I'm telling you as a certified forensics investigator that data can often be recovered from a single zero pass wiped drive.

Now, not ALL data can be recovered. That is for sure. However, it is often that SOME data can be recovered. The main problem stems from the fact that most data-wiping software can and WILL skip sectors on the hard drive (ESPECIALLY sectors that were flagged by the hard drive as failing).

Data recovery software can look at the sectors flagged as failed and recover the data which still resides in those sectors. Running a data wipe with more than one pass helps to ensure that sectors it skips (disregarding ones flagged as bad at the lowest level).

Granted, not a lot of data will be recovered from these sectors most of the time. But when dealing with PCI, you are storing credit card related data so it doesn't take many bytes to equal a breach.
0
 
LVL 5

Expert Comment

by:ChopOMatic
Comment Utility
Okay, that's a different issue if we're talking about data that was never actually overwritten, and we don't disagree at all on that. My next question would be whether multiple passes actually address this issue at all, or if once a sector is flagged bad, it's ignored on all subsequent passes, as well. This can of course vary from software to software, but I'd be curious to know which, if any, of the widely available packages address it.

OP, please pardon this off-topic Debate O'Geeks. Some of us just can't help ourselves.
0
 
LVL 10

Expert Comment

by:Schuyler Dorsey
Comment Utility
Lol yeah.. leave it to the true geeks to talk about this late on a Saturday night.

To my knowledge, it depends on whether or not the sectors were flagged as bad at the hardware level or the software level. And I believe that when the wiping software attempts to wipe a sector (but that sector wasn't flagged as bad) but cannot write to it, it skips to the next sector. One the subsequent passes, it may be able to write to that sector successfully.

This is why I recommended running SpinRite before hand.. it helps to prevent the software level skips.

As far as sectors flagged as bad at the hardware level, I think it depends on the wiping software. I have read that enterprise grade wiping software has an option that can attempt to overwrite those drives. But I have never run across that software.
0
 
LVL 10

Expert Comment

by:Schuyler Dorsey
Comment Utility
The difficult/frustrating part is when you read up on a lot of data recovery methods.. a lot of it is still theoretical. :(
0
 
LVL 5

Expert Comment

by:ChopOMatic
Comment Utility
Gotcha. And yes, I like the SpinRite suggestion. :)
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
doing faster is ideal but not at "compromising" the no of round, as spoken by the experts here it all summed up to "it depends" on factor of the sector state, wiping effectiveness, (probably algorithm), state of data to write over etc...Doing via the s/w would still be slower ... maybe eventually if this is a regular affairs and having "many" of such target HDD, then worth investing in h/w erase type...or even "Soho" type...e.g. Drive eRazer Ultra (1:1) or scaling up with Aleratec 1:5 HDD Cruiser.
0
 
LVL 38

Expert Comment

by:Rich Rumble
Comment Utility
Technically, PCI is a worldwide standard, and there is no consenus on an "industry standard" or "secure wipe". In the US, QSA's often point to NIST 800-88, but that's a US standard, and not "the" industry standard. Even so 800-88 has 3 media sanitizations methods, clear (wiping), purge and destruction.

I know of no rule in PCI that states that 7 times is needed, and it's not stated in 800-88, that publicaion actually says HDD's created after 2001 can be over-writen once:
(page 6 aka page 14)

2.3 Trends in Data Storage Media
Computing technologies change rapidly. Users want more powerful but compact devices. New technologies constantly increase processing speed and storage capacity, while decreasing the device size in order to satisfy this demand. These technologies may require new clearing and purging techniques.
Advancing technology has created a situation that has altered previously held best practices regarding magnetic disk type storage media. Basically the change in track density and the related changes in the storage medium have created a situation where the acts of clearing and purging the media have converged. That is, for ATA disk drives manufactured after 2001 (over 15 GB) clearing by overwriting the media once is adequate to protect the media from both keyboard and laboratory attack.
Wikipedia lists several standards here: http://en.wikipedia.org/wiki/Data_erasure#Standards Only Bruce Schneier's says 7 times.

You should wipe 3 times to exceed what is considered the standard of 1-2 times. Windows Cipher.exe can do this, all ones, all zeros and then random 0's and 1's. It does not overwrite the MBR, but that does not contain vital or sensitive data.
Ask your QSA to give you the industry standard paper on wiping, he/she won't have it.

Wiping takes time on Gb and Tb sized drives, there is no way to do it quickly and be thorough. It takes 32hrs to wipe a 500Gb ATA drive 3 times, a HDD that spins as 7200 RPM. Faster spin drives will wipe faster.
-rich
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
Another good reference is the CMRR best practice paper stating also the performance and NIST 800-88 reconfirmed the effectiveness of a one-pass overwrite.

http://cmrr.ucsd.edu/people/Hughes/documents/DataSanitizationTutorial.pdf

Disk drive Secure Erase is a drive command defined in the ANSI ATA and SCSI disk drive interface specifications, which runs inside drive hardware. It completes in about 1/8 the time of 5220 block erasure.

But NIST 800-88 also cautioned about new data security challenges posed by emerging media storage devices.  

“For storage devices containing Legacy Magnetic media, a single overwrite pass with a fixed pattern such as 0s typically prevents recovery of data even if state of the art laboratory techniques are applied to attempt to retrieve the data. . . . Users who have become accustomed to relying upon overwrite techniques on magnetic media and who have continued to apply these techniques as media types evolved (such as to flash-based devices) may be exposing their data to increased risk of unintentional disclosure. Although the host interface (e.g. ATA or SCSI) may be the same (or very similar) across devices with varying underlying media types, it is critical that the sanitization techniques are carefully matched to the media.

(p. 14, http://csrc.nist.gov/publications/drafts/800-88-rev1/sp800_88_r1_draft.pdf)
0

Featured Post

IT, Stop Being Called Into Every Meeting

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Are you one of those front-line IT Service Desk staff fielding calls, replying to emails, all-the-while working to resolve end-user technological nightmares? I am! That's why I have put together this brief overview of tools and techniques I use in o…
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This video demonstrates how to create an example email signature rule for a department in a company using CodeTwo Exchange Rules. The signature will be inserted beneath users' latest emails in conversations and will be displayed in users' Sent Items…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now