Re: Quick Survey: How do you "dispose" of outbound hard drives??

[Eric Jernigan <eric.jernigan () PCC EDU>]

Something to keep in mind about DoD 5220-22M: It is obsolete, just like that
OS-2 warp server sitting under that desk in the HVAC systems office. Back in
my secret squirrel days in the Air Force, We never used that standard (circa
1998). Our process was to turn in our drives to a central (secure) location
who in turn used a combination of high power (forget the gauss level)
degaussing, followed by physical destruction of the platters to nearly dust.
I guess currently according to one of my old contacts- THAT's not quite
enough.

It may be a labor pain and a half to recover an overwritten drive but the
info on the disc may be worth taking to a recovery shop, especially a "no
questions asked recovery shop" to pull data from the drive.

I still support Secure Erase myself. For users who are comfortable with it,
I recommend encrypting the disc (via true crypt/ bit locker), then deleting
as well as destroying the recovery disc. 

Eric Jernigan
Information Security Manager, 
Technology Solution Services
Portland Community College
PO Box 19000
Portland OR 97280-0990
503-977-4896
Eric.jernigan () pcc edu
http://www.pcc.edu/resources/tss/info-security/
________________________________________
NOTICE: This email message is for the sole use of the intended recipient(s)
and may contain sensitive or privileged information as well as information
covered by the Privacy Act, FERPA, HIPAA, and/or other laws. It is being
e-mailed as the most practical method of transacting business. As such, it
must be safeguarded. Any unauthorized review, use, disclosure or
distribution is prohibited unless permission is obtained from the original
sender. 
_______________________________________


-----Original Message-----
From: Valdis Kletnieks [mailto:Valdis.Kletnieks () VT EDU] 
Sent: Tuesday, September 28, 2010 11:32 AM
Subject: Re: Quick Survey: How do you "dispose" of outbound hard drives??

On Tue, 28 Sep 2010 08:54:53 CDT, "Doty, Timothy T." said:

> Still, for anyone using DBAN it is IMO worth considering wiping with 
> the ATA secure erase command where possible. The drive I wiped had 
> ~3600 reallocated sectors (and was still "good" according to SMART) 
> which represents ~1.8MB of data DBAN would not have erased.

Something to keep in mind is that usually a drive won't reallocate a sector
unless it encounters a write error - which means that physical block
probably has a physical defect, and almost certainly will return a read
error due to the aborted (and now short) write - and that's *if* you can
convince the drive to read from the previous location of a reallocated
block.  As a result, those blocks are not going to be uncovered by any sort
of normal user-level snooping on the drive - in fact, it's going to take
some heavy duty diagnostics simply to convince the drive to try to read the
old block and not the reallocated location. (On most drives, it will be a
challenge to even get the list of relocated blocks - SMART data usually only
includes the total number of reallocated blocks).

Still, I guess some sites might have "people will take apparently zero'ed
disk drives and send them off to data recovery shops at $2K+ a pop hoping
that something valuable will be recoverable off the relocated blocks that
probably have physical defects which will prohibit recovery".

For the record - the wording in DOD 5220-22M regarding sanitizing drives:

"Non-Removable Rigid Disks" or hard drives must be sanitized for reuse by
overwriting all addressable locations with a character, its complement, then
a random character and verify."

Remapped blocks are no longer addressable locations, and thus aren't
covered.
If the DoD isn't worried about national secrets leaking out on the bad
blocks, I'm not going to lose sleep over it either...