Solved

DBAN or Windows\DOS CD, which is better for wiping?

Posted on 2014-07-28
10
504 Views
Last Modified: 2014-07-31
I've been using DBAN to wipe PCs. This can often take over an hour. Recently someone pointed out that as an alternative, I could just boot from a Windows CD (or a DOS boot disk) and delete or format the partition. These methods just take about 1 or 2 minutes. It seems to me that these methods are not only quicker but also more secure than DBAN and all those other 3rd party tools for secure wiping PCs (because DBAN doesn't actually delete the partitions, does it?).
     Is this true or am I missing something?
0
Comment
Question by:john8217
  • 2
  • 2
  • 2
  • +3
10 Comments
 
LVL 5

Accepted Solution

by:
Sean Jackson earned 50 total points
Comment Utility
If you're looking to wipe a drive, I don't think you want to write partitions at all, do you?

DBAN is doing multiple passes, and formatting the partition isn't going to write over the disk with all the blank data, it's just going to reorganize it.

Should a good forensic agent get a hold of your recently reformatted drives, they'd be able to pull data off of it, and quite easily.  Should that agent get a hold of a DBANed drive, they'd have a much harder time doing so, if they could at all.

Repartition the drives when you are taking it out of one machine in the environment, just to use it again in another.  If you're going to take a drive out and leave it on a shelf, or donate it, or throw it away, DBAN it.
0
 
LVL 5

Expert Comment

by:Sean Jackson
Comment Utility
One more thing -- I'm surprised it's taking "over an hour".  I've set up wiping stations where all I did was DBAN drives.  I'd start it, and come back the next day to see if it was done yet.  Sometimes they'd take 6 hours, sometimes 10.  Sometimes 18.  Sometimes 32.
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 50 total points
Comment Utility
The Windows quick format does not erase any data but the directory tables.  Everything else is still there and can be recovered.
0
 
LVL 70

Assisted Solution

by:garycase
garycase earned 50 total points
Comment Utility
Not only does a quick format not erase any data; but a full format doesn't either.   It still just writes the directory tables -- the other thing it does that a quick format doesn't is read every sector to ensure it's all readable (and marks off any defective ones).

DBAN writes data to EVERY sector so the previous data is no longer accessible.    It is FAR more secure than a reformat of the partitions.    Note that with the right (expensive) forensic equipment, this data can sometimes still be recovered if it's only overwritten with a single pass -- that's why DBAN offers more secure wipe options.    The DoD certified wipe makes it virtually impossible to recover the data from the disk ... but will take FAR longer than just an hour or two.
0
 
LVL 10

Assisted Solution

by:Schuyler Dorsey
Schuyler Dorsey earned 50 total points
Comment Utility
You could check the settings you are using for DBAN; I believe you can select how many passes to do.

The current NIST standard is only a single pass. There are THEORIES on recovering data after a single pass but it has never been demonstrated/proven*

*with the exception where there are possibly failing sectors and the wiping software skips these sectors. But multiple passes does not necessarily fix this problem.

As others suggested, certainly do NOT use the Windows option.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 61

Assisted Solution

by:btan
btan earned 50 total points
Comment Utility
Good reference on the user testing it out on the formatting and use of Erasr and DBAN.
http://www.groovypost.com/howto/4-ways-secure-format-hard-disk-drive/

What makes a Quick Format quick is that it doesn’t delete all data on the disk. Instead, a Quick Format writes a new file table onto the drive. The new file table doesn’t have any information about the data that was on the disk before the format. So, for most purposes, the disk is now “blank.”

Until new data is written onto the disk, the old data will still be accessible via programs like R-Studio, Recuva, or TestDisk.

Like a Quick Format, a full format overwrites the file table with a new one. But it also writes zeros onto the entire disk or partition. For this reason, it’ll take much longer than a Quick Format. None of the old files that were on the disk before the format show up. There is some meta data on the disk, but this was recently written during the format.

Note: In Windows XP, a full format does not overwrite the disk with zeros. Instead, it overwrites the file table and checks the disk for bad sectors. To do a full format as described above, you’ll need Windows Vista or later. Use of SSD is also another challenge to really "clean" up as it  don't erase all the stored physical data.

Is a Full Format Secure Enough? Maybe doing a full format in Windows Vista or later is secure enough for most personal users. If you have government secrets or sensitive customer data on your hard drive, you’ll want to do a more thorough job of obfuscating your data. Allegedly, there are ways to recover parts of data that has been overwritten, but it requires a true data recovery pro and some expensive equipment.

You should also be aware that, due to the way the firmware on drives work, there are some sectors that can’t be deleted through normal means. For example, when a sector is corrupted, the drive marks it as bad and stops allowing access to it—even to wipe it. In addition to bad sectors and reserved sectors (which are used when sectors go bad), most hard drives have recovery partitions on them or separate data partitions on them. These won’t always show up in Windows Explorer, so they may not get wiped by a full format.

DBAN will wipe the drive and overwrite it with random data. By default, it wipes the drive and writes over it three times (DoD short), but it also supports several other secure wipe methods.
0
 
LVL 70

Expert Comment

by:garycase
Comment Utility
" ... There are THEORIES on recovering data after a single pass but it has never been demonstrated/proven "  ==>  Not at all true.   Entire disks that have been subjected to a single write pass of all zeroes have been completely recovered with relatively simple forensic equipment.    You won't do it with a simple disk controller, but it's not electronically difficult ... just needs a few thousand dollars worth of good forensic equipment.    It's a bit more difficult if the single pass of writes was of random data, but it's still possible to recover a significant portion of the previous information.

But it gets FAR harder with multiple write passes -- I think it's safe to say it's effectively impossible with the DoD-approved 3-pass method, although some use methods as extreme as Dr. Gutmann's 35-pass technique !!      Modern PRML recorded disks require fewer passes than the older MFM drives, but regardless of the recording technology, 3-passes of random writes is definitely plenty.
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
indeed though some research stated one pass is alright but officially back to security policy mandate at the the Enterprise which normally back to best practice or reference to NIST which stated the DoD multiple 3 passes - overall we want to make it harder and not any easier for deterence or work effort. Of course, we need to be savvy on the wear out factor if the storage is going to be reuse and factor that in built controller mechanism having wear out  preventive measure that may not totally clean up or wipe out as expected. I hope it did not complicate the discussion but in short formatting is not good as secure wipe or erasure. Erase and wipe with pass will be ideal
0
 
LVL 10

Expert Comment

by:Schuyler Dorsey
Comment Utility
"Basically the change in track density and the related changes in the storage medium have created a situation where the acts of clearing and purging the media have converged. That is, for ATA disk drives manufactured after 2001 (over 15 GB) clearing by overwriting the media once is adequate to protect the media from both keyboard and laboratory attack." - NIST Special Publication 800-88 Section 2.3 (p. 6)

"Secure erase does a single on-track erasure of the data on the disk drive. The U.S. National Security Agency published an Information Assurance Approval of single pass overwrite, after technical testing at CMRR showed that multiple on-track overwrite passes gave no additional erasure." - Center for Magnetic Recording Research

I would also be interesting in anyone providing ANY information any anyone recovering data from a hard drive after a single pass wipe. Dr. Guttman provided the theory on the possibility of recovering data by using magnetism to make the best guess that the last position.. but I haven't seen/read anything on it ever being practically used. Or any other method.

Breadtan is correct in that we don't want to make it any easier. Given today's research, a single pass should be enough.. but the risk management is up to you. If you have a hard drive which contains social security numbers and/or credit card numbers and if you would feel more comfortable or have a security policy requiring more passes, go for it. But it will take time.
0
 

Author Closing Comment

by:john8217
Comment Utility
Wow! I learned a lot from this discussion. Thanks to all of you for your input.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

If you get continual lockouts after changing your Active Directory password, there are several possible reasons.  Two of the most common are using other devices to access your email and stored passwords in the credential manager of windows.
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
This video demonstrates basic masking and how to edit the mask to reveal the desired image.
XMind Plus helps organize all details/aspects of any project from large to small in an orderly and concise manner. If you are working on a complex project, use this micro tutorial to show you how to make a basic flow chart. The software is free when…

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now