How to forensically secure erasing hybrid drives like Apple Fusion Drive or e.g. Seagate FireCuda?
The problem is how to do it non-unnecessary shorten the lifetime of such drives.
Jaclaz, ready to help?
1) Check if the specific drive suppors the ATA SecureErase protocol.
then either
2) If yes run/initiate it.
3) Verify the checksum of the disk is allzero, see
https://www.forensicfocus.com/Forums/viewtopic/t=16208/
or
2) If no, dd all zeroes to it
3) Verify the checksum of the disk
jaclaz
Grazie! Follow-up question. What if we by a weekly basis want to wipe these drives for security?What can we do to not shorten their lifecycle? We fear that weekly wiping brings us more new problems.
Is weekly wiping on a 'high gently' approach possible?
What is the most 'gently' way to wipe?
Well when you ZERO-FILL it using any App. such as this http//
its actually WRITING Zero Pattern and filling it with that.
Now depends on the HDD Brand (WD, Seagate….) those have a lifetime may vary from type to another and sometimes from the same Brand (WD Green, WD Blue…)
There is NO Gentle way of doing it..
I use NEW Drives for DeepSpar Imaging (DDI4) almost everyday Wiping it with the tool i mentioned, been doing so for Years and i can tell you now that 99% of those drives are still in good shape n healthy.
Its all about the drives you are choosing thats all
Thank you, will check-it-out. We work on a new non-malware-check but fast wiping and SCCM-process to reach a status of 100% clean start and soon re-wipe approach (Hacked-Wiped-SCCM rolling process).
By implementing realtime homomorphic encryption and rolling data value analysis triage (Fast Gold-out) we improve security. 1day patching obviously.
You are welcome.
Usually i do similar tasks with VM`s and One click step back and have a fresh start again.
faster than starting from scratch again.
wink
Well, for one thing wiping (single 00 pass) a whole hard disk has the "advantage" (when compared to normal, daily read/write use of a hard disk) to produce uniform wear, each single sector is written, so unlike in normal operation where a given set of sectors corresponding - say (Windows example) - to one of the files backing the Registry is written hundreds, thousands, millions times and while another set of sectors corresponding to - still say - the BOOTMGR is NEVER written/overwritten after install.
What in my experience might constitute a problem is that the wiping amounts to have the disk continuously working (writing and reading) for hours, which is not what a "normal" system activities is, so what I personally recommend is to always take care of the heat, using a dedicated fan to keep the disk cool.
But no, you won't sensibly decrease the disk drive lifetime wiping it once a week.
jaclaz