Solved

dban data destruction

Posted on 2014-03-21
10
338 Views
Last Modified: 2014-03-27
how secure is that tool? is there a way data still can be restored in any way? or is there an even better tool? im also thinking to purchase a degausser. is that a better idea?
0
Comment
Question by:DukewillNukem
  • 3
  • 2
  • 2
  • +2
10 Comments
 
LVL 88

Accepted Solution

by:
rindi earned 167 total points
ID: 39944822
DBAN is the best OpenSource and free tool available, but there is no guarantee that data can't be restored (although I haven't heard of any case where this was possible). If you need guarantees then you must use commercial products, like those from Blancco:

http://www.blancco.com/uk/frontpage/

A degausser on the other hand is pretty useless. Hard disks are very well protected against magnetic fields from outside, you'd need a very large degausser for it to be of any use at all. Besides, if it were of any use, it would make the hard-disk unusable after that. So it would make more sense to use a metal shredder to get of your disks.
0
 
LVL 13

Assisted Solution

by:Norm Dickinson
Norm Dickinson earned 166 total points
ID: 39944899
I have had great luck with what I feel is the best tool on the market for data destruction and free space wiping. I use Active@KillDisk by Lsoft, which has a free version and a professional version. You can find them at http://www.killdisk.com/ and they offer a large number of protocols to wipe / kill disks using various patterns and repetitions.

Unless you have a very high volume of hard drives a degauser will not be a good answer, and they are quite expensive. You can create a boot disk with Active@KillDisk and wipe out multiple hard drives in one boot. It is very efficient.
0
 

Author Comment

by:DukewillNukem
ID: 39944925
thx for the proposals. i also have to make sure that RAID disks cannot be restored. how likely is it,that this could be achieved?can a RAID disk be restored?
0
 
LVL 88

Expert Comment

by:rindi
ID: 39944962
That depends on what RAID type the disk originally was part of. If it was a member of a RAID 1 array, chances are good that data can be recovered from it, provided you haven't used something like DBAN on it. If it was part of a striped type of RAID array, like RAID 5 or 0 etc, Chances are low (assuming that you only have access to that 1 disk of the previous array), and you could then even omit using any tool to clean of the data from the disks. You'd just have to make sure they are sold separately to different buyers, so the chances are practically nil that anyone enough disks of the origiinal array to be able to extract any useful data.
0
 
LVL 13

Expert Comment

by:Norm Dickinson
ID: 39945018
Erasure can often be a requirement of compliance with various regulations, including HIPAA or PCI, so even if the chances are slim it is still a good idea and possibly mandated, depending upon the type of organization and what was being stored on the array. KillDisk has the ability to fully erase arrays of several types. Here is a good article on LUN arrays, for example: http://www.killdisk.com/blog-text1.htm. Aside from the legal aspect, company policy may dictate the approach - or if not, maybe it should.
0
Save on storage to protect fatherhood memories

You're the dad who has everything. This Father's Day, make sure your family memories are protected. My Passport Ultra has automatic backup and password protection to keep your cherished photos and videos safe. With up to 3TB, you have plenty of room to hold the adventures ahead.

 
LVL 61

Expert Comment

by:gheist
ID: 39945019
once you rewrite data with rubbish it becomes costly to restore what was there before.

say you zero the disks with simple unix dd (0$ cost, couple of hours time)

some puts raid disk in a PC and reads RAID metadata from last sector - not a big loss, but he knows which other disks to pick from dumpster to get complete data.

some technician may unlock host protected disk area and read all "relocated" aka BAD sectors during lifetime of disk (usually in order of 1000 sectors)

some secret agents have magnetic microscope and will get all your 1x overwritten data by dismantling disk
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 167 total points
ID: 39945167
Modern HDD's are not like the ones we used to have, where you actually provisioned the drive, these days they are already initialized and the (low-level)layout is set in stone. The only thing we provide is the format of the filesystem. If you degauss a drive it will not operate ever again, because you will wipe the low-level-format, again low-level-formatting is not possible on modern drives. If you want to resell the drives, wipe them once. If you want to destroy them hire a HDD destruction service, most backup services like Iron-Mountain, Veritas and many others have trucks they can bring on-site and you watch as the drive is eaten and shredded.

in a previous EE question we outlined how 1 - 3 wipes are all you need to ensure a drive is wiped on modern (last 10 years)
http://www.experts-exchange.com/Security/Digital_Forensics/Q_28389040.html#a39932873
https://www.anti-forensics.com/disk-wiping-one-pass-is-enough-part-2-this-time-with-screenshots/
One pass is enough, just try it, use any "Undelete" utility, send the HDD to On-track, they won't recover a drive that has been truly overwritten.
-rich
0
 
LVL 13

Expert Comment

by:Norm Dickinson
ID: 39945194
One pass is enough, but why not run the simple three pass to ease the minds of those who do not fully understand. The bonus feature I really like about KillDisk is the ability to print a certificate of data destruction for each drive, giving you something to keep on file as evidence that the drive was in fact overwritten.
0
 
LVL 61

Expert Comment

by:gheist
ID: 39945317
Note about SSD-s - rewriting with zeroes de-allocates block, so data is still there on flash chips, you need to write something that at least looks random
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39945594
Degaussing wouldn't work on an SSD btw, ssd's are not magnetic. 1-3 passes should be more than enough to remove any data from a ANY modern HDD. Raid-information holds no OS data, it's only pointers to how the OS data is stored, the only thing you can recover from raid is where the stripes were.
-rich
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
An overview of HIPAA and guidance on this topic that Experts Exchange members can offer.
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

23 Experts available now in Live!

Get 1:1 Help Now