Saturday, August 1, 2009

Need to sell/swap/throw/RMA/give away your hard disk? Sanitize it first!

Six months after my first NAS capacity upgrade, I finally managed to upgrade the capacity of the second hard drive in my NAS to 1.5TB as well. I had actually wanted to do this since the Western Digital launched the Caviar Green model for this size but stock was hard to come by.

Replacing the old 500GB hard drive with the new 1.5TB one in the NAS is easy enough, especially given my last experience. What to do with the old drive became a problem. In the first upgrade, I re-purposed the old disk as an external backup drive for my folks by housing it in a USB HDD casing. 500GB for a pair of old folks who ain't really into digital content is more than enough hence I figured giving them a second external backup drive will probably be a waste. I won't be needing it too since my storage needs are served by my NAS. As such, I decided to sell it away on my favorite online marketplace.

Now if the item I'm selling is an MP3 player, a CPU or any other components for that matter, I wouldn't think twice about just placing an ad in the forum the very day I decide to sell it. However, this being a device that stores content, and more specifically sensitive personal content (Other than personal pictures and videos, I digitize and store all my paper documents such as bills and statements), I figured I better sanitize it first to avoid subsequent misuse of my personal information. Call me paranoid but hey, better safe than sorry right?

In terms of how to sanitize the disk, there is no safer way than to physically destroy it either by incinerating it or smashing it into pieces. However, that obviously isn't going to work if you plan to sell the disk away.

The next best option is to run some software that will securely delete all your data from the drive. A couple of tools that I know of and have tried personally are:
  1. Darik's Boot and Nuke (DBAN) - a popular, open-source, linux-based self-contained boot disk that wipes any attached hard disks it detects. Incorporates a few wiping techniques such as Gutmann, DoD 5220-22.M standard, and zero/PRNG fill.

  2. Eraser - a Windows based utility that implements most of the techniques in DBAN.

  3. SDelete - a Windows based utility that uses core Windows APIs for its operations. Note that this utility can perform secure deletion of individual files/folders instead of the entire hard disk.

  4. HDDErase - a DOS based utility that relies on the hard disk firmware internal erase functions rather than block writes. Works only with newer hard disks (manufactured after 2001) since the erase function was not part of the ATA specification before that.
My current favorite is number (4) HDDErase. The key reason being that the secure erase is done at the lowest level possible ensuring that the operation is comprehensive (i.e. it also erases certain sectors not accessible by applications) and effective (i.e. it does not depend on assumptions on how the Operating System as well as the underlying physical hard disks perform read/write operations).

The minor grievance I have on this solution is that the software has to run in a true DOS environment (the command prompt window in Windows does not qualify) and the developer has not included a bootable ISO image as a release option.

Having said that, you can download UBCD which is a bootable CD/USB image containing HDDErase and a whole lot of other PC diagnostics tools. Note that its about 100MB in size hence its really an overkill if all you want is HDDErase (which weighs in at less than 1MB!).

For me, I used BootFlashDOS which is a simple executable (i.e. no install required!) that formats your USB stick and create a bootable DOS environment. Note that you will need a Windows XP or 2003 server host to run the executable though.

[EDIT: found an alternative way of creating a boot CD that do not require Windows XP or 2003 server. Check it out here.]

No comments: