Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Quick Survey: How do you "dispose" of outbound hard drives??

From: David Auclair <d.auclair () UTORONTO CA>
Date: Tue, 28 Sep 2010 15:32:35 -0400
FYI, DoD 5220-22M has been deprecated... They now require physical destruction of disks.

Regards,
David Auclair
Information Security Group
Information and Technology Services
University of Toronto



-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On
Behalf Of Valdis Kletnieks
Sent: Tuesday, September 28, 2010 2:32 PM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: Re: Quick Survey: How do you "dispose" of outbound hard drives??

On Tue, 28 Sep 2010 08:54:53 CDT, "Doty, Timothy T." said:


Still, for anyone using DBAN it is IMO worth considering wiping with
the ATA secure erase command where possible. The drive I wiped had
~3600 reallocated sectors (and was still "good" according to SMART)
which represents ~1.8MB of data DBAN would not have erased.


Something to keep in mind is that usually a drive won't reallocate a sector unless it encounters a
write error - which means that physical block probably has a physical defect, and almost certainly
will return a read error due to the aborted (and now short) write - and that's *if* you can convince
the drive to read from the previous location of a reallocated block.  As a result, those blocks are
not going to be uncovered by any sort of normal user-level snooping on the drive - in fact, it's going
to take some heavy duty diagnostics simply to convince the drive to try to read the old block and not
the reallocated location. (On most drives, it will be a challenge to even get the list of relocated
blocks - SMART data usually only includes the total number of reallocated blocks).

Still, I guess some sites might have "people will take apparently zero'ed disk drives and send them
off to data recovery shops at $2K+ a pop hoping that something valuable will be recoverable off the
relocated blocks that probably have physical defects which will prohibit recovery".

For the record - the wording in DOD 5220-22M regarding sanitizing drives:

"Non-Removable Rigid Disks" or hard drives must be sanitized for reuse by overwriting all addressable
locations with a character, its complement, then a random character and verify."

Remapped blocks are no longer addressable locations, and thus aren't covered.
If the DoD isn't worried about national secrets leaking out on the bad blocks, I'm not going to lose
sleep over it either...
Previous By Date Next
Previous By Thread Next

Current thread: