Date: Fri, 15 Nov 2024 12:36:56 +0000 From: Frank Leonhardt <freebsd-doc@fjl.co.uk> To: FreeBSD questions mailing list <freebsd-questions@freebsd.org> Subject: Re: How to zero a failing disk drive before disposal? Message-ID: <6296286326ddb19458de6631f8560dd8@fjl.co.uk>
next in thread | raw e-mail | index | archive | help
--=_871f1156143d15dd1c8b2ec9f92492f0 Content-Transfer-Encoding: 7bit Content-Type: text/plain; charset=US-ASCII; format=flowed On 2024-10-10 12:57, Ronald F. Guilmette wrote: > Any suggestions? If worse comes to worse I guess I will end up writing > my own tiny > little C program to just write 4KB blocks to a designated output file > while ignoring > all output errors, but I don't want to reinvent the wheel if somebody > else already > created something I can use in this context. > > Suggestions welcome. I spent many years dealing with forensics and disk drives, as well as writing about the technology in 1980s and 1990s. My take is this: If you want to pretty much guarantee nothing can be recovered, drilling a hole through the platters is the easiest way. Getting data off the undamaged cylinders once you've done that requires serious money and expensive equipment. If you want to go further, take the top off and bend the platters. After that you'll need an electron microscope and a lot of time to get anything back. Don't bother with a software erase alone. Modern drives lie to the OS. They'll almost certainly have data on blocks they'll pretend don't exist as they're presenting a "perfect disk" to the OS, but data on such blocks can be read it other ways by transferring the platters out. This was all true until Flash-EPROM appeared in hybrid drives. If you've got one of these, drill through the flash chips on the controller (again, Flash-EPROM presents as perfect so bad hidden blocks may contain useful data). If you're not sure which chips contain flash, drill-them all. I'm aware defense erasure standards go further than this, but I regard them as over-paranoid unless the data is of interest to a nation state with an unlimited budget and plenty of time. As to erasing old hard disks for re-use, the same applies. Don't rely on a software erase if it matters that someone could retrieve fragments. However, if you've been encrypting sensitive data (as you should), all they'd get is impossible to decrypt fragments - no problem. -- ------ 25-Sept-24 My apologies to everyone who I appear to have ignored for the last few years. A procmail script was misfiling some replies to Questions to the wrong folder. --=_871f1156143d15dd1c8b2ec9f92492f0 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset=UTF-8 <html><head><meta http-equiv=3D"Content-Type" content=3D"text/html; charset= =3DUTF-8" /></head><body style=3D'font-size: 10pt; font-family: Verdana,Gen= eva,sans-serif'> <p><span style=3D"font-size: 12px; font-family: monospace; background-color= : #ffffff;">On 2024-10-10 12:57, Ronald F. Guilmette wrote:</span></p> <blockquote style=3D"color: #0000ff; font-size: 12px; font-family: monospac= e; background-color: #f6f6f6;">Any suggestions? If worse comes to wor= se I guess I will end up writing my own tiny<br />little C program to just = write 4KB blocks to a designated output file while ignoring<br />all output= errors, but I don't want to reinvent the wheel if somebody else already<br= />created something I can use in this context.<br /><br />Suggestions welc= ome.</blockquote> <p><br style=3D"font-size: 12px; font-family: monospace; background-color: = #ffffff;" /><span style=3D"font-size: 12px; font-family: monospace; backgro= und-color: #ffffff;">I spent many years dealing with forensics and disk dri= ves, as well as writing about the technology in 1980s and 1990s. My take is= this:</span><br style=3D"font-size: 12px; font-family: monospace; backgrou= nd-color: #ffffff;" /><br style=3D"font-size: 12px; font-family: monospace;= background-color: #ffffff;" /><span style=3D"font-size: 12px; font-family:= monospace; background-color: #ffffff;">If you want to pretty much guarante= e nothing can be recovered, drilling a hole through the platters is the eas= iest way. Getting data off the undamaged cylinders once you've done that re= quires serious money and expensive equipment. If you want to go further, ta= ke the top off and bend the platters. After that you'll need an electron mi= croscope and a lot of time to get anything back.</span><br style=3D"font-si= ze: 12px; font-family: monospace; background-color: #ffffff;" /><br style= =3D"font-size: 12px; font-family: monospace; background-color: #ffffff;" />= <span style=3D"font-size: 12px; font-family: monospace; background-color: #= ffffff;">Don't bother with a software erase alone. Modern drives lie to the= OS. They'll almost certainly have data on blocks they'll pretend don't exi= st as they're presenting a "perfect disk" to the OS, but data on such block= s can be read it other ways by transferring the platters out.</span><br sty= le=3D"font-size: 12px; font-family: monospace; background-color: #ffffff;" = /><br style=3D"font-size: 12px; font-family: monospace; background-color: #= ffffff;" /><span style=3D"font-size: 12px; font-family: monospace; backgrou= nd-color: #ffffff;">This was all true until Flash-EPROM appeared in hybrid = drives. If you've got one of these, drill through the flash chips on the co= ntroller (again, Flash-EPROM presents as perfect so bad hidden blocks may c= ontain useful data). If you're not sure which chips contain flash, drill-th= em all.</span><br style=3D"font-size: 12px; font-family: monospace; backgro= und-color: #ffffff;" /><br style=3D"font-size: 12px; font-family: monospace= ; background-color: #ffffff;" /><span style=3D"font-size: 12px; font-family= : monospace; background-color: #ffffff;">I'm aware defense erasure standard= s go further than this, but I regard them as over-paranoid unless the data = is of interest to a nation state with an unlimited budget and plenty of tim= e.</span><br style=3D"font-size: 12px; font-family: monospace; background-c= olor: #ffffff;" /><br style=3D"font-size: 12px; font-family: monospace; bac= kground-color: #ffffff;" /><span style=3D"font-size: 12px; font-family: mon= ospace; background-color: #ffffff;">As to erasing old hard disks for re-use= , the same applies. Don't rely on a software erase if it matters that someo= ne could retrieve fragments. However, if you've been encrypting sensitive d= ata (as you should), all they'd get is impossible to decrypt fragments - no= problem.</span></p> <div id=3D"signature">-- <br /> <div class=3D"pre" style=3D"margin: 0; padding: 0; font-family: monospace">= ------<br />25-Sept-24 My apologies to everyone who I appear to have ignore= d for the last few years. A procmail script was misfiling some replies to Q= uestions to the wrong folder.</div> </div> </body></html> --=_871f1156143d15dd1c8b2ec9f92492f0--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6296286326ddb19458de6631f8560dd8>