• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 351
  • Last Modified:

dban data destruction

how secure is that tool? is there a way data still can be restored in any way? or is there an even better tool? im also thinking to purchase a degausser. is that a better idea?
0
DukewillNukem
Asked:
DukewillNukem
  • 3
  • 2
  • 2
  • +2
3 Solutions
 
rindiCommented:
DBAN is the best OpenSource and free tool available, but there is no guarantee that data can't be restored (although I haven't heard of any case where this was possible). If you need guarantees then you must use commercial products, like those from Blancco:

http://www.blancco.com/uk/frontpage/

A degausser on the other hand is pretty useless. Hard disks are very well protected against magnetic fields from outside, you'd need a very large degausser for it to be of any use at all. Besides, if it were of any use, it would make the hard-disk unusable after that. So it would make more sense to use a metal shredder to get of your disks.
0
 
Norm DickinsonGuruCommented:
I have had great luck with what I feel is the best tool on the market for data destruction and free space wiping. I use Active@KillDisk by Lsoft, which has a free version and a professional version. You can find them at http://www.killdisk.com/ and they offer a large number of protocols to wipe / kill disks using various patterns and repetitions.

Unless you have a very high volume of hard drives a degauser will not be a good answer, and they are quite expensive. You can create a boot disk with Active@KillDisk and wipe out multiple hard drives in one boot. It is very efficient.
0
 
DukewillNukemAuthor Commented:
thx for the proposals. i also have to make sure that RAID disks cannot be restored. how likely is it,that this could be achieved?can a RAID disk be restored?
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
rindiCommented:
That depends on what RAID type the disk originally was part of. If it was a member of a RAID 1 array, chances are good that data can be recovered from it, provided you haven't used something like DBAN on it. If it was part of a striped type of RAID array, like RAID 5 or 0 etc, Chances are low (assuming that you only have access to that 1 disk of the previous array), and you could then even omit using any tool to clean of the data from the disks. You'd just have to make sure they are sold separately to different buyers, so the chances are practically nil that anyone enough disks of the origiinal array to be able to extract any useful data.
0
 
Norm DickinsonGuruCommented:
Erasure can often be a requirement of compliance with various regulations, including HIPAA or PCI, so even if the chances are slim it is still a good idea and possibly mandated, depending upon the type of organization and what was being stored on the array. KillDisk has the ability to fully erase arrays of several types. Here is a good article on LUN arrays, for example: http://www.killdisk.com/blog-text1.htm. Aside from the legal aspect, company policy may dictate the approach - or if not, maybe it should.
0
 
gheistCommented:
once you rewrite data with rubbish it becomes costly to restore what was there before.

say you zero the disks with simple unix dd (0$ cost, couple of hours time)

some puts raid disk in a PC and reads RAID metadata from last sector - not a big loss, but he knows which other disks to pick from dumpster to get complete data.

some technician may unlock host protected disk area and read all "relocated" aka BAD sectors during lifetime of disk (usually in order of 1000 sectors)

some secret agents have magnetic microscope and will get all your 1x overwritten data by dismantling disk
0
 
Rich RumbleSecurity SamuraiCommented:
Modern HDD's are not like the ones we used to have, where you actually provisioned the drive, these days they are already initialized and the (low-level)layout is set in stone. The only thing we provide is the format of the filesystem. If you degauss a drive it will not operate ever again, because you will wipe the low-level-format, again low-level-formatting is not possible on modern drives. If you want to resell the drives, wipe them once. If you want to destroy them hire a HDD destruction service, most backup services like Iron-Mountain, Veritas and many others have trucks they can bring on-site and you watch as the drive is eaten and shredded.

in a previous EE question we outlined how 1 - 3 wipes are all you need to ensure a drive is wiped on modern (last 10 years)
http://www.experts-exchange.com/Security/Digital_Forensics/Q_28389040.html#a39932873
https://www.anti-forensics.com/disk-wiping-one-pass-is-enough-part-2-this-time-with-screenshots/
One pass is enough, just try it, use any "Undelete" utility, send the HDD to On-track, they won't recover a drive that has been truly overwritten.
-rich
0
 
Norm DickinsonGuruCommented:
One pass is enough, but why not run the simple three pass to ease the minds of those who do not fully understand. The bonus feature I really like about KillDisk is the ability to print a certificate of data destruction for each drive, giving you something to keep on file as evidence that the drive was in fact overwritten.
0
 
gheistCommented:
Note about SSD-s - rewriting with zeroes de-allocates block, so data is still there on flash chips, you need to write something that at least looks random
0
 
Rich RumbleSecurity SamuraiCommented:
Degaussing wouldn't work on an SSD btw, ssd's are not magnetic. 1-3 passes should be more than enough to remove any data from a ANY modern HDD. Raid-information holds no OS data, it's only pointers to how the OS data is stored, the only thing you can recover from raid is where the stripes were.
-rich
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

  • 3
  • 2
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now