Drive Erasure Tool

  • SpinRite v6.1 is Released!
    Guest:
    That's right. SpinRite v6.1 is finished and released. For the full story, please see this page in the "Pre-Release Announcements & Feedback" forum.
    /Steve.
  • Be sure to checkout “Tips & Tricks”
    Dear Guest Visitor → Once you register and log-in:

    This forum does not automatically send notices of new content. So if, for example, you would like to be notified by mail when Steve posts an update to his blog (or of any other specific activity anywhere else), you need to tell the system what to “Watch” for you. Please checkout the “Tips & Tricks” page for details about that... and other tips!

    /Steve.
  • Announcing “BootAble” – GRC's New Boot-Testing Freeware
    Please see the BootAble page at GRC for the whole story.
  • BootAble – FreeDOS boot testing freeware

    To obtain direct, low-level access to a system's mass storage drives, SpinRite runs under a GRC-customized version of FreeDOS which has been modified to add compatibility with all file systems. In order to run SpinRite it must first be possible to boot FreeDOS.

    GRC's “BootAble” freeware allows anyone to easily create BIOS-bootable media in order to workout and confirm the details of getting a machine to boot FreeDOS through a BIOS. Once the means of doing that has been determined, the media created by SpinRite can be booted and run in the same way.

    The participants here, who have taken the time to share their knowledge and experience, their successes and some frustrations with booting their computers into FreeDOS, have created a valuable knowledgebase which will benefit everyone who follows.

    You may click on the image to the right to obtain your own copy of BootAble. Then use the knowledge and experience documented here to boot your computer(s) into FreeDOS. And please do not hesitate to ask questions – nowhere else can better answers be found.

    (You may permanently close this reminder with the 'X' in the upper right.)


a viewer

Well-known member
Sep 30, 2020
85
27
Considering the lighting fast speed of SR 6.1, I thought of an idea that could be useful. I know that reading isn't the same as writing, but I'm sure it still would be faster than most. Either as a separate tool (since it might be dangerous within SR), or an option to securely erase a drive. This is a slow process since you need to overwrite all the sectors. I have a bunch of older drives since I don't recall what they have. However, at one time or another these had data, I wouldn't want to share.
 
overwrite all the sectors
@a viewer I'm assuming you mean data destruction or data erasure. This is something I've researched. I think it would be too dangerous to have data erasure bundled with a data recovery product in the same software. However, some of SR tech might be useful as an adjunct product. Here are the options I know of at this time mostly for Windows 7.

Assuming the drives work and assuming you have a pc, interface, and OS to talk to them:

a) You can look at Secure Erase (I think) which is a function built into the IDE interface. Some drives operate in an always encrypted manner. The BIOS or modern equivalent provides the unlock code. Secure erase just randomizes the code without telling the PC or user. All data is instantly unusable. Plausible questions are, did it do it and is the encryption reliable.

b) Something like Darik's boot and nuke will overwrite all data accessible to the drive's interface. There are variations on this that operate to military standards, overwrite multiple times, etc. This won't erase reallocated sectors which are no longer accessible to the interface. It also won't erase spare sectors or overprovisioning. This type of thing is slow, as you mentioned. But, at least you know what you can erase is erased.

c) You could use something like DD (I think) in Linux to create some big gibberish binary files of different sizes. Erase all the partitions on the drive to be destroyed then make one large partition. Copy enough big gibberish files to the drive to be destroyed to use up all the space. For the small amount left, use Sysinternals Secure Delete to eat up the rest. This is a bit dated, but the concept is valid.

If you need Military Grade erasure, look for, and pay for, something or some service to do that.

Assuming the drives don't work or you don't have a PC, interface, or OS to talk to them:

Then, you have to, literally, get physical.

Drives with rotating platters, especially GLASS platters, are particularly vulnerable to hammers, smacks on concrete, drills, drill presses, etc. Solid state drives are vulnerable to such things, but much less so, as a piece of memory chip of 1 square millimeter can still contain lots of data if somebody REALLY wanted it. For this level of destruction, you need to look to drive shredding services, which literally turn the drive into electronic sand. There are many of these. Iron Mountain is a name I've run across.

You probably already know this, but, you definitely don't want to, or someone to, give your drives or PC's to Goodwill etc. with the data intact.

Hope this helps.

May your bits be stable and your interfaces be fast. :cool: Ron
 
Last edited:
  • Like
Reactions: Duckpaddle
Considering the lighting fast speed of SR 6.1, I thought of an idea that could be useful. I know that reading isn't the same as writing, but I'm sure it still would be faster than most. Either as a separate tool (since it might be dangerous within SR), or an option to securely erase a drive
This tool is called Beyond Recall. It does not exist yet. It will require all the "heavy lifting" currently being developed for SpinRite 6.x and 7.x. So, until a whole lot more SpinRite development is done, BR will remain wishful thinking.

Way back in 2013, during the IDE driver development for SpinRite 6.1, there was discussion in the SpinRite development NG re whether to make BR a stand alone tool or a part of SR. The overwhelming consensus was to make BR a stand alone tool to avoid an inexperienced user inadvertently nuking a drive when attempting data recovery. And so it will be - eventually.
 
especially GLASS platters, are particularly vulnerable to hammers
lol I was thinking of something less drastic, and where you to reuse the drive


It will require all the "heavy lifting" currently being developed for SpinRite 6.x and 7.x
Good to hear it was something already considered. The way Steve describes the work on 6.1, it should make it very fast. The biggest issue with utilities like these, is that you need to write all blocks even the empty ones. So traditional tools take ages

Thanks
 
I've yet to run or really look into it's details, but VeraWipe may be worth looking into. On occasion I have simply encrypted a whole drive with Veracrypt not bothering to record the password since the data was never to be recovered. I believe the latter will leave some sectors intact. If the drive is to be trashed I usually open it up, recover the extremely strong magnets (be careful with those magnets they are stronger than you might imagine) and destroy the platters.
 
I've yet to run or really look into it's details, but VeraWipe may be worth looking into. On occasion I have simply encrypted a whole drive with Veracrypt not bothering to record the password since the data was never to be recovered. I believe the latter will leave some sectors intact. If the drive is to be trashed I usually open it up, recover the extremely strong magnets (be careful with those magnets they are stronger than you might imagine) and destroy the platters.
I have a few magic effects that use rare earth magnets. It is amazing how strong they are.
 
If the drive is for re-use (either to store for later or give away/sell) then I'll use a secure erase tool. This can take many hours / days depending on the size of the drive.

If the drive is for scrap then I have used several far more rapid and fun techniques:

1. I'll drill several 10mm holes through the tin cover and platters till I hit rock bottom. I'll then remove and thoroughly destroy the controller board. This is my quick and dirty method if pressed for time and I know there is nothing sensitive on there. Good for drives with encrypted volumes, encrypted files or commercial programs.

2. I'll dismantle it. Cover off, actuator off, platters out. I'll then wipe the platters randomly with a rare earth magnet or the strong magnets used on the actuator / voice coil assembly. Then I'll bend and "ding" them (NOTE! If in doubt wear safety glasses and they may be glass platters!)

With 2. I sometimes keep a platter in a CD case as they make excellent inspection mirrors :)
 
@a viewer I'm assuming you mean data destruction or data erasure. This is something I've researched. I think it would be too dangerous to have data erasure bundled with a data recovery product in the same software. However, some of SR tech might be useful as an adjunct product. Here are the options I know of at this time mostly for Windows 7.

Assuming the drives work and assuming you have a pc, interface, and OS to talk to them:

a) You can look at Secure Erase (I think) which is a function built into the IDE interface. Some drives operate in an always encrypted manner. The BIOS or modern equivalent provides the unlock code. Secure erase just randomizes the code without telling the PC or user. All data is instantly unusable. Plausible questions are, did it do it and is the encryption reliable.

b) Something like Darik's boot and nuke will overwrite all data accessible to the drive's interface. There are variations on this that operate to military standards, overwrite multiple times, etc. This won't erase reallocated sectors which are no longer accessible to the interface. It also won't erase spare sectors or overprovisioning. This type of thing is slow, as you mentioned. But, at least you know what you can erase is erased.

c) You could use something like DD (I think) in Linux to create some big gibberish binary files of different sizes. Erase all the partitions on the drive to be destroyed then make one large partition. Copy enough big gibberish files to the drive to be destroyed to use up all the space. For the small amount left, use Sysinternals Secure Delete to eat up the rest. This is a bit dated, but the concept is valid.

If you need Military Grade erasure, look for, and pay for, something or some service to do that.

Assuming the drives don't work or you don't have a PC, interface, or OS to talk to them:

Then, you have to, literally, get physical.

Drives with rotating platters, especially GLASS platters, are particularly vulnerable to hammers, smacks on concrete, drills, drill presses, etc. Solid state drives are vulnerable to such things, but much less so, as a piece of memory chip of 1 square millimeter can still contain lots of data if somebody REALLY wanted it. For this level of destruction, you need to look to drive shredding services, which literally turn the drive into electronic sand. There are many of these. Iron Mountain is a name I've run across.

You probably already know this, but, you definitely don't want to, or someone to, give your drives or PC's to Goodwill etc. with the data intact.

Hope this helps.

May your bits be stable and your interfaces be fast. :cool: Ron

You don't need to create files to use dd. Find the name of the raw drive (such as 'sda') and use dd if=/dev/random of=/dev/sda bs=4M or dd if=/dev/zero of=/dev/sda bs=4M depending on whether you want pseudorandom bits or zeroes. For companies it's better to just use a dedicated tool though as it has multiple sanitization options like NIST 800-88. We use Active Killdisk as our corporate compliance requires destruction certificates.
 
@Clev You've got a good point about DD syntax. However, I've always found Linux's drive naming system to be confusing and intimidating. I find it's perfect willingness to erase your system drive, etc. even more so. So, just for me personally, if I were doing this, I'd put the drive to be destroyed on my Windows machine, check 5 times that I'm looking at the one to be sent to a black hole and not my system drive, change the volume name to "destroy" or something, make sure my system drive still says "Windows", THEN go about the destruction process. Also, if you are destroying something that is a clone of your system drive for example, it can still be a real challenge to determine which drive Windows is actually running on. Windows won't let you erase the system drive, but you could severely damage it if you wrongly select it for destruction. But, yes, Linux commands have many and varied command options you can use.

May your bits be stable and your interfaces be fast. :cool: Ron
 
@a viewer I'm assuming you mean data destruction or data erasure. This is something I've researched. I think it would be too dangerous to have data erasure bundled with a data recovery product in the same software. However, some of SR tech might be useful as an adjunct product. Here are the options I know of at this time mostly for Windows 7.

Assuming the drives work and assuming you have a pc, interface, and OS to talk to them:

a) You can look at Secure Erase (I think) which is a function built into the IDE interface. Some drives operate in an always encrypted manner. The BIOS or modern equivalent provides the unlock code. Secure erase just randomizes the code without telling the PC or user. All data is instantly unusable. Plausible questions are, did it do it and is the encryption reliable.

b) Something like Darik's boot and nuke will overwrite all data accessible to the drive's interface. There are variations on this that operate to military standards, overwrite multiple times, etc. This won't erase reallocated sectors which are no longer accessible to the interface. It also won't erase spare sectors or overprovisioning. This type of thing is slow, as you mentioned. But, at least you know what you can erase is erased.

c) You could use something like DD (I think) in Linux to create some big gibberish binary files of different sizes. Erase all the partitions on the drive to be destroyed then make one large partition. Copy enough big gibberish files to the drive to be destroyed to use up all the space. For the small amount left, use Sysinternals Secure Delete to eat up the rest. This is a bit dated, but the concept is valid.

If you need Military Grade erasure, look for, and pay for, something or some service to do that.

Assuming the drives don't work or you don't have a PC, interface, or OS to talk to them:

Then, you have to, literally, get physical.

Drives with rotating platters, especially GLASS platters, are particularly vulnerable to hammers, smacks on concrete, drills, drill presses, etc. Solid state drives are vulnerable to such things, but much less so, as a piece of memory chip of 1 square millimeter can still contain lots of data if somebody REALLY wanted it. For this level of destruction, you need to look to drive shredding services, which literally turn the drive into electronic sand. There are many of these. Iron Mountain is a name I've run across.

You probably already know this, but, you definitely don't want to, or someone to, give your drives or PC's to Goodwill etc. with the data intact.

Hope this helps.

May your bits be stable and your interfaces be fast. :cool: Ron
Thanks for sharing your research
 
  • Like
Reactions: rfrazier
Only secure way is (apart from total annihilation of the drive) is the built in enhanced secure erase. Zero fillers that rely on LBA addressing can not reach space outside LBA user space directly. SSD's, SMR hard drives may store significant amounts of data outside LBA user space.
 
may store significant amounts of data outside LBA user space.
I know you don't mean it this way @DiskTuna but that phrasing may imply that the drive is somehow intentionally storing user's data in a place the user can't access it. Of course what is really happening is that that data was once accessible to the user, but the disk has mapping technology, and when it updates the data, it may set aside the previous data into a place not currently mapped into user accessible space.
 
Yes, if we take SMR drives for example, it's not uncommon 60 GB media cache is outside LBA user space. SSD's are of course over provisioned, may have SLC NAND that acts as cache, I am not 100% certain but it's reasonable to assume this is outside LBA user space. These areas you can not specifically 'nuke' using something like DBAN. I must add that the ordinary user using any of the available file recovery tools won't be able to recover anything. So if you for example plan on selling a drive it's probably sufficient.

If you'd keep going and do multiple passes you probably will eventually wipe everything but it will take time, while an enhanced secure erase on a self encrypting SSD can be done in a matter of seconds.
 
Only secure way is (apart from total annihilation of the drive) is the built in enhanced secure erase.
Assuming the firmware works correctly for that function. Sometimes it doesn't. How often? Who knows.

If you'd keep going and do multiple passes you probably will eventually wipe everything but it will take time, while an enhanced secure erase on a self encrypting SSD can be done in a matter of seconds.
If you turn off over provisionng (if possible) completely, and I mean completely, fill the drive including the MFT and whatever SDELETE from Sysinternals does, I'd think you'd get almost all the user accessible stuff but not reallocated sectors. Don't know for sure. Maybe have SR flip the bits a few times. You might also crash the drive's firmware because it likes to have housekeeping space.

Here's a question. Say you do use the enhanced secure erase. (This may not be so applicable to individuals.) You say, Ah Ha, the data's gone. Your legal department says "prove it". How would you do that after you reconnect the drive to an interface and reinitialize it again?

May your bits be stable and your interfaces be fast. :cool: Ron