How do you recommend destroying sensitive information on a hard drive? I've used DBAN [1] in the past, is that good enough?
DBAN is just fine. Here's the dirty little secret--any program that overwrites every byte of the drive will have wiped everything permanently. You don't need to do multiple passes with different write patterns, etc.
Don't believe me? See the standing challenge to prove that a drive overwritten with 0s once can be recovered. Nobody seems willing to take up the challenge. http://16systems.com/zero.php
Anything that does a single overwrite of a hard drive is fine, including DBAN [1].
Some people say you have to do multiple overwrites with random data and specific patterns. This may have been true in the days of floppy disk drives (remember them?) where the area of magnetic media per byte was big enough to not get completely overwritten, but modern hard drives are much too densely packed with data for this to happen. But don't take my word for it - read this article about trying to recover overwritten data using an electron microscope [2].
Other options include the wipe utility, or a simple
# dd if=/dev/zero of=/dev/sda
These methods all work fine for overwriting entire hard drives or partitions. However be aware that overwriting single files can lead to some data being left elsewhere on the hard drive, particularly with journaling file systems [3] such as ext3 and NTFS. They write bits of data to disk outside the file, so small amounts of data can escape the current file being overwritten. Also, if the partition has been defragmented since the file was first written then the original file may still exist on the hard drive.
[1] http://www.dban.org/I have used PGP 8.0's wipe tool with success.
Don't ever physically destroy the hardware before wiping the data with software, forensics can retrieve parts of a destroyed hard drive.
physically destroy the platters - it's the only way to be sure ;-)
It depends on how sensitive your data is. If you arn't the CIA or NSA, then DBAN [1] is fine.
[1] http://www.dban.org/I use a hammer or sledge.
I always use DBAN and then use a beltsander to the platters. Paranoid sure but i know that not even the NSA/MIT/CALTECH and all the computer geeks in Russia/China combined could recover the data! If your paraniod and want to ensure your data is never EVER EVER recovered even if aliens get ahold of it then DBAN/Beltsander it :o)
You should use the procedure set down in your organization's security policy.
When it comes to security, technical advice (such as you receive here) is only half the question. You also have to be able to justify your actions to an auditor. And auditors aren't so concerned with the results of your actions, but that you followed the appropriate procedures as set down in the appropriate policy. The auditor's job it make sure that some cowboy (or cowgirl) doesn't just go around doing whatever they think is right, without oversight or justification.
Of course, your organization's security policy comes from somewhere; when you're wondering what is an appropriate method to securely wipe sensitive data to put into your security policy, you'll find a number of suggestions in the other responses to this question. :-)
DBAN works great. However, one of the challenges that I run into in how to securely erase a hard drive that has failed, but is part of a RAID set.
I normally have to return the hard drive back to Dell, and they would not take kindly to receiving a drive with a hole drilled in it. Furthermore, it's hard to run DBAN on just a single drive within a RAID set prior to removing the drive from service. Assuming that the drive is still functional.
How do others handle this situation?
i take a drill with a 3/8" bit and drill 4 holes through the drive ... making sure to hit the platters. steve gibson of http://www.grc.com gave the advice of drilling holes in the drive on one of his podcasts a while back.
-don
Use something like DBAN. Then physically destroy the drive by smashing it into little pieces with a sledgehammer. The US Marine Corps back in the late 80s/early 90s came up with this solution while my father was still in. You may throw in a more modern technique of degaussing your HD before the physical destruction step.
I have seen a talk from a professor who teaches forensics where one assignment is for his students to recover data from drives that have been "destroyed" by smashing, drilling, or magnetic erasing. He said the only sure way to destroy data is to use a belt grinder to turn the platters into metal shavings.
I can't believe no one has recommended sdelete.exe from sysinternals. Is it really not that good at clearing out certain bits of the drives or something?
Have a look at this similar question [1], where I posted the following answer.
Here is a list of options for Windows, Mac and Unix.
[1] https://serverfault.com/questions/5024/wipedrive-utilityHeidi.ie's Eraser [1] is the best windows tool I've used for this with respect to a hard drive that's still in use. You can wipe an individual file, an entire drive, the empty space on a drive, or securely move a file or directory. It provides a variety of overwrite/paranoia levels and integrates seamlessly into the windows right-click context menu.
[1] http://www.heidi.ie/For a good free solution, use the 'shred' command from Knoppix [1] . It allows you to run the command from a computer that you are discarding without needing to remove the drive first.
Boot the knoppix CD.
sudo shred -n 2 -z -v /dev/hda1
Where n is the number of randomized overwrite passes.
I also have a USB to IDE/SATA adapter that lets me hang the drive as external off the PC for cases where I want to erase a drive removed from service. Disconnect the internal PC drive for safety.
[1] http://www.knoppix.net/Secure against whom? The US government requires -destruction- of the data. You can choose between sandblasting the platters or heating them past the Curie point in a kiln. (Most people heat past melting to demonstrate due diligence).
Otherwise, overwriting with /dev/zero will stop any attacker who does not have tremendous resources. The "DOD erase" of multiple iterations overwriting with differing data is silly.
Some work has been done on using scanning electron microscopes to detect residual magnetic flux on hard drives. The origin of the 'seven passes with random data' notion is that this would make the flux lost in the noise from the overwritten random patterns.
In theory the SEM methods work but they are very slow - if you're really keen to destroy the data on a disk wipe it with any disk erase utility first and then physically destroy the drive. If you're feeling really keen take the drive apart, remove the platters and run them over a bulk eraser.