DBAN or Windows\DOS CD, which is better for wiping?

I've been using DBAN to wipe PCs. This can often take over an hour. Recently someone pointed out that as an alternative, I could just boot from a Windows CD (or a DOS boot disk) and delete or format the partition. These methods just take about 1 or 2 minutes. It seems to me that these methods are not only quicker but also more secure than DBAN and all those other 3rd party tools for secure wiping PCs (because DBAN doesn't actually delete the partitions, does it?).
     Is this true or am I missing something?
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Sean JacksonInformation Security AnalystCommented:
If you're looking to wipe a drive, I don't think you want to write partitions at all, do you?

DBAN is doing multiple passes, and formatting the partition isn't going to write over the disk with all the blank data, it's just going to reorganize it.

Should a good forensic agent get a hold of your recently reformatted drives, they'd be able to pull data off of it, and quite easily.  Should that agent get a hold of a DBANed drive, they'd have a much harder time doing so, if they could at all.

Repartition the drives when you are taking it out of one machine in the environment, just to use it again in another.  If you're going to take a drive out and leave it on a shelf, or donate it, or throw it away, DBAN it.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Sean JacksonInformation Security AnalystCommented:
One more thing -- I'm surprised it's taking "over an hour".  I've set up wiping stations where all I did was DBAN drives.  I'd start it, and come back the next day to see if it was done yet.  Sometimes they'd take 6 hours, sometimes 10.  Sometimes 18.  Sometimes 32.
Dave BaldwinFixer of ProblemsCommented:
The Windows quick format does not erase any data but the directory tables.  Everything else is still there and can be recovered.
Top Threats of Q1 & How to Defend Against Them

WEBINAR: Join WatchGuard CTO and our Threat Research Team on Aug. 2nd to hear the findings from our Q1 Internet Security Report! Learn more about the top threats detected in the first quarter and how you can defend your business against them!

Gary CaseRetiredCommented:
Not only does a quick format not erase any data; but a full format doesn't either.   It still just writes the directory tables -- the other thing it does that a quick format doesn't is read every sector to ensure it's all readable (and marks off any defective ones).

DBAN writes data to EVERY sector so the previous data is no longer accessible.    It is FAR more secure than a reformat of the partitions.    Note that with the right (expensive) forensic equipment, this data can sometimes still be recovered if it's only overwritten with a single pass -- that's why DBAN offers more secure wipe options.    The DoD certified wipe makes it virtually impossible to recover the data from the disk ... but will take FAR longer than just an hour or two.
Schuyler DorseyCommented:
You could check the settings you are using for DBAN; I believe you can select how many passes to do.

The current NIST standard is only a single pass. There are THEORIES on recovering data after a single pass but it has never been demonstrated/proven*

*with the exception where there are possibly failing sectors and the wiping software skips these sectors. But multiple passes does not necessarily fix this problem.

As others suggested, certainly do NOT use the Windows option.
btanExec ConsultantCommented:
Good reference on the user testing it out on the formatting and use of Erasr and DBAN.

What makes a Quick Format quick is that it doesn’t delete all data on the disk. Instead, a Quick Format writes a new file table onto the drive. The new file table doesn’t have any information about the data that was on the disk before the format. So, for most purposes, the disk is now “blank.”

Until new data is written onto the disk, the old data will still be accessible via programs like R-Studio, Recuva, or TestDisk.

Like a Quick Format, a full format overwrites the file table with a new one. But it also writes zeros onto the entire disk or partition. For this reason, it’ll take much longer than a Quick Format. None of the old files that were on the disk before the format show up. There is some meta data on the disk, but this was recently written during the format.

Note: In Windows XP, a full format does not overwrite the disk with zeros. Instead, it overwrites the file table and checks the disk for bad sectors. To do a full format as described above, you’ll need Windows Vista or later. Use of SSD is also another challenge to really "clean" up as it  don't erase all the stored physical data.

Is a Full Format Secure Enough? Maybe doing a full format in Windows Vista or later is secure enough for most personal users. If you have government secrets or sensitive customer data on your hard drive, you’ll want to do a more thorough job of obfuscating your data. Allegedly, there are ways to recover parts of data that has been overwritten, but it requires a true data recovery pro and some expensive equipment.

You should also be aware that, due to the way the firmware on drives work, there are some sectors that can’t be deleted through normal means. For example, when a sector is corrupted, the drive marks it as bad and stops allowing access to it—even to wipe it. In addition to bad sectors and reserved sectors (which are used when sectors go bad), most hard drives have recovery partitions on them or separate data partitions on them. These won’t always show up in Windows Explorer, so they may not get wiped by a full format.

DBAN will wipe the drive and overwrite it with random data. By default, it wipes the drive and writes over it three times (DoD short), but it also supports several other secure wipe methods.
Gary CaseRetiredCommented:
" ... There are THEORIES on recovering data after a single pass but it has never been demonstrated/proven "  ==>  Not at all true.   Entire disks that have been subjected to a single write pass of all zeroes have been completely recovered with relatively simple forensic equipment.    You won't do it with a simple disk controller, but it's not electronically difficult ... just needs a few thousand dollars worth of good forensic equipment.    It's a bit more difficult if the single pass of writes was of random data, but it's still possible to recover a significant portion of the previous information.

But it gets FAR harder with multiple write passes -- I think it's safe to say it's effectively impossible with the DoD-approved 3-pass method, although some use methods as extreme as Dr. Gutmann's 35-pass technique !!      Modern PRML recorded disks require fewer passes than the older MFM drives, but regardless of the recording technology, 3-passes of random writes is definitely plenty.
btanExec ConsultantCommented:
indeed though some research stated one pass is alright but officially back to security policy mandate at the the Enterprise which normally back to best practice or reference to NIST which stated the DoD multiple 3 passes - overall we want to make it harder and not any easier for deterence or work effort. Of course, we need to be savvy on the wear out factor if the storage is going to be reuse and factor that in built controller mechanism having wear out  preventive measure that may not totally clean up or wipe out as expected. I hope it did not complicate the discussion but in short formatting is not good as secure wipe or erasure. Erase and wipe with pass will be ideal
Schuyler DorseyCommented:
"Basically the change in track density and the related changes in the storage medium have created a situation where the acts of clearing and purging the media have converged. That is, for ATA disk drives manufactured after 2001 (over 15 GB) clearing by overwriting the media once is adequate to protect the media from both keyboard and laboratory attack." - NIST Special Publication 800-88 Section 2.3 (p. 6)

"Secure erase does a single on-track erasure of the data on the disk drive. The U.S. National Security Agency published an Information Assurance Approval of single pass overwrite, after technical testing at CMRR showed that multiple on-track overwrite passes gave no additional erasure." - Center for Magnetic Recording Research

I would also be interesting in anyone providing ANY information any anyone recovering data from a hard drive after a single pass wipe. Dr. Guttman provided the theory on the possibility of recovering data by using magnetism to make the best guess that the last position.. but I haven't seen/read anything on it ever being practically used. Or any other method.

Breadtan is correct in that we don't want to make it any easier. Given today's research, a single pass should be enough.. but the risk management is up to you. If you have a hard drive which contains social security numbers and/or credit card numbers and if you would feel more comfortable or have a security policy requiring more passes, go for it. But it will take time.
john8217Author Commented:
Wow! I learned a lot from this discussion. Thanks to all of you for your input.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows OS

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.