Solved

dban data destruction

Posted on 2014-03-21
10
333 Views
Last Modified: 2014-03-27
how secure is that tool? is there a way data still can be restored in any way? or is there an even better tool? im also thinking to purchase a degausser. is that a better idea?
0
Comment
Question by:DukewillNukem
  • 3
  • 2
  • 2
  • +2
10 Comments
 
LVL 87

Accepted Solution

by:
rindi earned 167 total points
Comment Utility
DBAN is the best OpenSource and free tool available, but there is no guarantee that data can't be restored (although I haven't heard of any case where this was possible). If you need guarantees then you must use commercial products, like those from Blancco:

http://www.blancco.com/uk/frontpage/

A degausser on the other hand is pretty useless. Hard disks are very well protected against magnetic fields from outside, you'd need a very large degausser for it to be of any use at all. Besides, if it were of any use, it would make the hard-disk unusable after that. So it would make more sense to use a metal shredder to get of your disks.
0
 
LVL 13

Assisted Solution

by:Norm Dickinson
Norm Dickinson earned 166 total points
Comment Utility
I have had great luck with what I feel is the best tool on the market for data destruction and free space wiping. I use Active@KillDisk by Lsoft, which has a free version and a professional version. You can find them at http://www.killdisk.com/ and they offer a large number of protocols to wipe / kill disks using various patterns and repetitions.

Unless you have a very high volume of hard drives a degauser will not be a good answer, and they are quite expensive. You can create a boot disk with Active@KillDisk and wipe out multiple hard drives in one boot. It is very efficient.
0
 

Author Comment

by:DukewillNukem
Comment Utility
thx for the proposals. i also have to make sure that RAID disks cannot be restored. how likely is it,that this could be achieved?can a RAID disk be restored?
0
 
LVL 87

Expert Comment

by:rindi
Comment Utility
That depends on what RAID type the disk originally was part of. If it was a member of a RAID 1 array, chances are good that data can be recovered from it, provided you haven't used something like DBAN on it. If it was part of a striped type of RAID array, like RAID 5 or 0 etc, Chances are low (assuming that you only have access to that 1 disk of the previous array), and you could then even omit using any tool to clean of the data from the disks. You'd just have to make sure they are sold separately to different buyers, so the chances are practically nil that anyone enough disks of the origiinal array to be able to extract any useful data.
0
 
LVL 13

Expert Comment

by:Norm Dickinson
Comment Utility
Erasure can often be a requirement of compliance with various regulations, including HIPAA or PCI, so even if the chances are slim it is still a good idea and possibly mandated, depending upon the type of organization and what was being stored on the array. KillDisk has the ability to fully erase arrays of several types. Here is a good article on LUN arrays, for example: http://www.killdisk.com/blog-text1.htm. Aside from the legal aspect, company policy may dictate the approach - or if not, maybe it should.
0
Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

 
LVL 61

Expert Comment

by:gheist
Comment Utility
once you rewrite data with rubbish it becomes costly to restore what was there before.

say you zero the disks with simple unix dd (0$ cost, couple of hours time)

some puts raid disk in a PC and reads RAID metadata from last sector - not a big loss, but he knows which other disks to pick from dumpster to get complete data.

some technician may unlock host protected disk area and read all "relocated" aka BAD sectors during lifetime of disk (usually in order of 1000 sectors)

some secret agents have magnetic microscope and will get all your 1x overwritten data by dismantling disk
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 167 total points
Comment Utility
Modern HDD's are not like the ones we used to have, where you actually provisioned the drive, these days they are already initialized and the (low-level)layout is set in stone. The only thing we provide is the format of the filesystem. If you degauss a drive it will not operate ever again, because you will wipe the low-level-format, again low-level-formatting is not possible on modern drives. If you want to resell the drives, wipe them once. If you want to destroy them hire a HDD destruction service, most backup services like Iron-Mountain, Veritas and many others have trucks they can bring on-site and you watch as the drive is eaten and shredded.

in a previous EE question we outlined how 1 - 3 wipes are all you need to ensure a drive is wiped on modern (last 10 years)
http://www.experts-exchange.com/Security/Digital_Forensics/Q_28389040.html#a39932873
https://www.anti-forensics.com/disk-wiping-one-pass-is-enough-part-2-this-time-with-screenshots/
One pass is enough, just try it, use any "Undelete" utility, send the HDD to On-track, they won't recover a drive that has been truly overwritten.
-rich
0
 
LVL 13

Expert Comment

by:Norm Dickinson
Comment Utility
One pass is enough, but why not run the simple three pass to ease the minds of those who do not fully understand. The bonus feature I really like about KillDisk is the ability to print a certificate of data destruction for each drive, giving you something to keep on file as evidence that the drive was in fact overwritten.
0
 
LVL 61

Expert Comment

by:gheist
Comment Utility
Note about SSD-s - rewriting with zeroes de-allocates block, so data is still there on flash chips, you need to write something that at least looks random
0
 
LVL 38

Expert Comment

by:Rich Rumble
Comment Utility
Degaussing wouldn't work on an SSD btw, ssd's are not magnetic. 1-3 passes should be more than enough to remove any data from a ANY modern HDD. Raid-information holds no OS data, it's only pointers to how the OS data is stored, the only thing you can recover from raid is where the stripes were.
-rich
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Article by: btan
Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now