How to securely erase data from hard drives

So basically, there's no way to wipe a drive except to "nuke it from orbit". Sounds like EM, degaussing, fire, water, etc. are all useless if you really need the data destroyed. Other than the sandblasting, and what average person has access to that?
 
So basically, there's no way to wipe a drive except to "nuke it from orbit". Sounds like EM, degaussing, fire, water, etc. are all useless if you really need the data destroyed. Other than the sandblasting, and what average person has access to that?
I'm willing to be proven wrong on this one but no one's recovering the contents of an encrypted drive that was wiped with DBAN. Physical destruction just feels good and is another layer of cheap (free if DIY) insurance.
 
I'm willing to be proven wrong on this one but no one's recovering the contents of an encrypted drive that was wiped with DBAN. Physical destruction just feels good and is another layer of cheap (free if DIY) insurance.
Looked it up. Good for in the computer. I have old hard drives that "went bad" and were removed by a shop, still kicking around.
 
So basically, there's no way to wipe a drive except to "nuke it from orbit". Sounds like EM, degaussing, fire, water, etc. are all useless if you really need the data destroyed. Other than the sandblasting, and what average person has access to that?
Fire absolutely does work, just need to get the actual storage media hot enough. Just scorching the casing and calling it good is insufficient.

With modern laptop hard drives and SSD/M.2, the storage media is brittle (glass platters, flash chips), susceptible to a hammer and anvil.


LUKS for linux (which I'm 99% sure isn't backdoored) has been around since 2004, and BitLocker (which I'm 100% sure IS backdoored) is easy to use and one of the only MS products that works the way it's supposed to.
For most threat models, the question isn't how many backdoors there are (assume N>0) but whether your adversary has access to the backdoor.

If you have drives that have sensitive data on them, the data should never be cleartext unless you're running some system that doesn't have native support for encryption.
There are (expensive) workarounds to data-at-rest for such systems, such as Seagate's Self-Encrypting hard drives which, once unlocked, make the encryption transparent to the operating system, but if the drive ever loses power, data is inaccessible until unlocked (e.g. by booting a USB stick). Personally, I've only ever seen hardware encryption at enterprises which had already suffered at least one significant breach, though I suppose the truly paranoid might have had measures in place and I had no need to know.
 
I'm willing to be proven wrong on this one but no one's recovering the contents of an encrypted drive that was wiped with DBAN. Physical destruction just feels good and is another layer of cheap (free if DIY) insurance.

When you wipe a bit, think of it as being mostly wiped, that the write head rewrites the center 95% of the data, and on either side of this center track lives a 'ditch'. You can change the angle and position of the read head (or just use an electron microscope) to pick up the artifact layer. This is why if you're going to wipe a drive you do it at least 3 times.

This is one of the nice features of SSDs. You're storing the data on a switch that's up or down. There's no forensic information to go on.

 
This is one of the nice features of SSDs. You're storing the data on a switch that's up or down. There's no forensic information to go on.
There are techniques to recover prior states from NAND flash which has been overwritten. The linked paper is just what is public, no telling what a nation-state level adversary's capabilities are.

Even without worrying about unpublished techniques, SSDs and flash-based storage devices have their own downsides, they effectively hide a significant portion of the actual storage space from the host as part of how they handle spare cells and wear leveling. When part of a block is detected as having bit errors, it is marked as bad, un-mapped, and a spare cell is swapped in, leaving the original "corrupted" block with its data out of reach of any software which attempts to overwrite the drive.

Some SSDs have built-in hardware encryption, ensuring that cleartext is never written to flash. These will generally offer a "purge keys" command which blanks out the encryption key, ensuring that even non-mapped cells are unrecoverable as cleartext, as well as a "Cryptographic Secure Erase with Flash Erase" which not only resets the keys, but overwrites all cells, mapped or otherwise.
 
Will this work for the ultra-thin hard drives...?

1630180187056.png
 
So basically, there's no way to wipe a drive except to "nuke it from orbit". Sounds like EM, degaussing, fire, water, etc. are all useless if you really need the data destroyed. Other than the sandblasting, and what average person has access to that?
Open drive, put platter on a high friction surface (rubber mat) and go to town using a belt sander, flip over and repeat. Do this for each platter. You need to sand off the oxide recording medium.

Again, this is extreme, and you're probably not the target of an entity that would need such a level of destruction.
There are (expensive) workarounds to data-at-rest for such systems, such as Seagate's Self-Encrypting hard drives which, once unlocked, make the encryption transparent to the operating system, but if the drive ever loses power, data is inaccessible until unlocked (e.g. by booting a USB stick). Personally, I've only ever seen hardware encryption at enterprises which had already suffered at least one significant breach, though I suppose the truly paranoid might have had measures in place and I had no need to know.
My $EMPLOYER routinely ships large quantities of client data and we are required, by policy, to use hardware encrypted HDDs like the Seagate. We’ve never been breached (that I am aware of) but I don’t want to be part of the chain or responsibility that leads to us showing up above the fold on the front page of the WSJ, so …
 
Thermite is easy to make. ;)
Besides thermite, everyone knows 50BMG is always the answer. Well, unless you have access to a 20mm (or larger) cannon. ;)
 
Even my Mac has full disk encryption.

Before I swap out a drive I can make a 4096 bit password.

Can that be thwarted?
 
This used to be the most overused graphic ever.
hard-drive-head-gap2.jpg

Except I can't find any of the originals,
so it's apparently the most copied graphic ever.


cast.jpg
that actually works, as magnetic materials erase themselves above the "Curie Temperature"
i just use a drill press.
 
Thermite is easy to make. ;)
Besides thermite, everyone knows 50BMG is always the answer. Well, unless you have access to a 20mm (or larger) cannon. ;)
i was sawing thru a bunch of aluminum bar stock, and letting the aluminum dust just land on the floor. Then after it was a few inches high, i realized what i was creating. o_O
 
Last edited:
Even my Mac has full disk encryption.

Before I swap out a drive I can make a 4096 bit password.

Can that be thwarted?
Some branches of the US government think so. Whether this is concern over a backdoor or foreign nation computing power I don't know.
My wife has worked on projects where hard drives (and sometimes other equipment) are collected at project completion and shredded.
 
Way back when I was a system admin at a hospital we would contract with Iron Mountain to come to our data center 2x times a year. They would send a grinder truck and we would carry out the crates of failed hard drives and they would shred them inside the truck while under video surveillance to ensure proper custody until destruction occurs.
I prefer the 30.06 method myself.
 
So basically, there's no way to wipe a drive except to "nuke it from orbit". Sounds like EM, degaussing, fire, water, etc. are all useless if you really need the data destroyed. Other than the sandblasting, and what average person has access to that?
DBAN works pretty good for wiping hard drives (NWipe is a fork of this and is also pretty good). Physical destruction is best solution, but it's kind of impractical. Unless the NSA is checking your hard drives, nobody is getting your data back from a DBAN wipe.
 
This thread is a good reminder for me to get rid of about 5 hardrives I have sitting in a cabinet. Going to see how a 5.7 from a P90 works just out of curiosity. But will bring along the FAL to make sure the data goes off into the great big data dump in the sky.
 
When I worked for a data protection company, we just used a big old degausser. The NSA actually has a list of acceptable products for degaussing (i.e. erasing) magnetic tapes and HDDs:


Of course these suckers are expensive, running in the $20K range. You can’t use your everyday “super strong” Neodymium magnets. If you’re really paranoid you can buy kits that include a degausser and a shredder, but just degaussing with an approved unit will satisfy the NSA.
 
Of course these suckers are expensive, running in the $20K range. You can’t use your everyday “super strong” Neodymium magnets. If you’re really paranoid you can buy kits that include a degausser and a shredder, but just degaussing with an approved unit will satisfy the NSA.
With all modern hard drives, running them through an effective degausser renders the drive completely unusable, so you may as well shred it your now-worthless degaussed drives.
 
Last edited:
The best way to securely erase data from hard drives is to never write the data in cleartext in the first place, and always store the decryption key elsewhere.

Forget the key, and the data is gone.

That said, the high energy methods are a lot more fun.
Yup, and with SSD becoming common place, probably the most straightforward. Of course shooting afterward for fun works too
 
With all modern hard drives, running them through an effective degausser renders the drive completely unusable, so you may as well shred it.
Don’t know about now, but when I was working the NSA recommended degaussing over shredding. Since the pieces of a shredded drive still continue information, give enough time and money you can theoretically rebuild it. What you really need to do to destroy it mechanically is to grind it up almost into a powder. Degaussing is a heck of a lot quieter, much more amenable to the office environment. It’s also cheaper, since an industrial grade HDD shredder will cost closer to $30K. We weren’t trying to preserve the drive, just destroy it in the cheapest and most office friendly manner. Now if you really want to be paranoid you can degauss it then shred it:).
 
kevin_nh said:
With all modern hard drives, running them through an effective degausser renders the drive completely unusable, so you may as well shred it your now-worthless degaussed drives.
Don’t know about now, but when I was working the NSA recommended degaussing over shredding. Since the pieces of a shredded drive still continue information, give enough time and money you can theoretically rebuild it. What you really need to do to destroy it mechanically is to grind it up almost into a powder. Degaussing is a heck of a lot quieter, much more amenable to the office environment. It’s also cheaper, since an industrial grade HDD shredder will cost closer to $30K. We weren’t trying to preserve the drive, just destroy it in the cheapest and most office friendly manner. Now if you really want to be paranoid you can degauss it then shred it:).
I fixed what I was trying to say.

Many vendors now have an extra line-item on the maintenance contract: "drive retention" -- allows keeping the old drive in customer possession on any RMA or service call for a failed SSD or spinning rust drive.
 
Back
Top Bottom