DukewillNukem
asked on
dban data destruction
how secure is that tool? is there a way data still can be restored in any way? or is there an even better tool? im also thinking to purchase a degausser. is that a better idea?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
That depends on what RAID type the disk originally was part of. If it was a member of a RAID 1 array, chances are good that data can be recovered from it, provided you haven't used something like DBAN on it. If it was part of a striped type of RAID array, like RAID 5 or 0 etc, Chances are low (assuming that you only have access to that 1 disk of the previous array), and you could then even omit using any tool to clean of the data from the disks. You'd just have to make sure they are sold separately to different buyers, so the chances are practically nil that anyone enough disks of the origiinal array to be able to extract any useful data.
Erasure can often be a requirement of compliance with various regulations, including HIPAA or PCI, so even if the chances are slim it is still a good idea and possibly mandated, depending upon the type of organization and what was being stored on the array. KillDisk has the ability to fully erase arrays of several types. Here is a good article on LUN arrays, for example: http://www.killdisk.com/blog-text1.htm. Aside from the legal aspect, company policy may dictate the approach - or if not, maybe it should.
once you rewrite data with rubbish it becomes costly to restore what was there before.
say you zero the disks with simple unix dd (0$ cost, couple of hours time)
some puts raid disk in a PC and reads RAID metadata from last sector - not a big loss, but he knows which other disks to pick from dumpster to get complete data.
some technician may unlock host protected disk area and read all "relocated" aka BAD sectors during lifetime of disk (usually in order of 1000 sectors)
some secret agents have magnetic microscope and will get all your 1x overwritten data by dismantling disk
say you zero the disks with simple unix dd (0$ cost, couple of hours time)
some puts raid disk in a PC and reads RAID metadata from last sector - not a big loss, but he knows which other disks to pick from dumpster to get complete data.
some technician may unlock host protected disk area and read all "relocated" aka BAD sectors during lifetime of disk (usually in order of 1000 sectors)
some secret agents have magnetic microscope and will get all your 1x overwritten data by dismantling disk
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
One pass is enough, but why not run the simple three pass to ease the minds of those who do not fully understand. The bonus feature I really like about KillDisk is the ability to print a certificate of data destruction for each drive, giving you something to keep on file as evidence that the drive was in fact overwritten.
Note about SSD-s - rewriting with zeroes de-allocates block, so data is still there on flash chips, you need to write something that at least looks random
Degaussing wouldn't work on an SSD btw, ssd's are not magnetic. 1-3 passes should be more than enough to remove any data from a ANY modern HDD. Raid-information holds no OS data, it's only pointers to how the OS data is stored, the only thing you can recover from raid is where the stripes were.
-rich
-rich
ASKER