Date: Fri, 11 Oct 2024 10:34:10 -0500 From: robert@rrbrussell.com To: questions@freebsd.org Subject: Re: How to zero a failing disk drive before disposal? Message-ID: <746da1d5-72f8-42fc-917b-f4de0e4d98f9@app.fastmail.com> In-Reply-To: <2544410a-8a99-4b2e-a194-c8326a2e0ddd@heuristicsystems.com.au> References: <5117.1728561469@segfault.tristatelogic.com> <2544410a-8a99-4b2e-a194-c8326a2e0ddd@heuristicsystems.com.au>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 10, 2024, at 21:42, Dewayne Geraghty wrote: > A good question Ronald. I worked for a provider of services for the=20 > statutory care of children (eg removed from parents). There are=20 > significant penalties for certain types of information loss. We=20 > bench-drilled the hard-disks before sending them (out of our chain of=20 > custody) to a furnace. Admittedly this is an extreme case and for the=20 > reasons already stated in this thread, there was no other way to ensur= e,=20 > say a name and location, were not available. > > And yes, all machines have full disk encryption (FDE). > I agree with securing the data, but drilling is not thorough enough to s= top recovery and marks the drive as a high value target. You are basical= ly betting that microscopic magnetic domain scanning will not improve fa= ster than the areal storage density of the drives you throw away. Not a = bet I want to take personally. > > For personal devices we overwrite the device multiple times, though I'= m=20 > interested in what a "ATA Secure Erase" does to a healthy storage devi= ce=20 > and whether all sectors are touched? ATA Secure Erase is a firmware level overwrite and reread of all physica= l drive sectors. I have seen the drive=E2=80=99s bad sector count increa= sed by this process. It takes slightly longer than a simple dd if=3D/dev= /zero of=3Ddrive. I don=E2=80=99t suggest filling a drive entirely with zeros or ones. Tho= se writes can be =E2=80=9Coptimized=E2=80=9D out by the firmware. It mig= ht set a bit flag in the sector header instead of performing the full wr= ite. They don=E2=80=99t complete faster, they just aren=E2=80=99t guaran= teed to actually overwrite the old data. The why has to do with a very l= ong side tangent about how MFM encodings with error correction work. If you want to overwrite use anything except for a string of all ones or= zeros.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?746da1d5-72f8-42fc-917b-f4de0e4d98f9>