Secure Erase SSHD /...
 
Notifications
Clear all

Secure Erase SSHD / Fusion Drives

7 Posts
3 Users
0 Likes
1,331 Views
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
Topic starter
 

How to forensically secure erasing hybrid drives like Apple Fusion Drive or e.g. Seagate FireCuda?
The problem is how to do it non-unnecessary shorten the lifetime of such drives.

Jaclaz, ready to help?

 
Posted : 02/02/2018 11:28 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

1) Check if the specific drive suppors the ATA SecureErase protocol.
then either
2) If yes run/initiate it.
3) Verify the checksum of the disk is allzero, see
https://www.forensicfocus.com/Forums/viewtopic/t=16208/
or
2) If no, dd all zeroes to it
3) Verify the checksum of the disk

jaclaz

 
Posted : 02/02/2018 3:20 pm
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
Topic starter
 

Grazie! Follow-up question. What if we by a weekly basis want to wipe these drives for security?What can we do to not shorten their lifecycle? We fear that weekly wiping brings us more new problems.

Is weekly wiping on a 'high gently' approach possible?

What is the most 'gently' way to wipe?

 
Posted : 03/02/2018 3:11 am
(@einstein9)
Posts: 50
Trusted Member
 

Well when you ZERO-FILL it using any App. such as this http//hddguru.com/software/HDD-LLF-Low-Level-Format-Tool/

its actually WRITING Zero Pattern and filling it with that.

Now depends on the HDD Brand (WD, Seagate….) those have a lifetime may vary from type to another and sometimes from the same Brand (WD Green, WD Blue…)

There is NO Gentle way of doing it..

I use NEW Drives for DeepSpar Imaging (DDI4) almost everyday Wiping it with the tool i mentioned, been doing so for Years and i can tell you now that 99% of those drives are still in good shape n healthy.

Its all about the drives you are choosing thats all

 
Posted : 03/02/2018 9:08 am
RolfGutmann
(@rolfgutmann)
Posts: 1185
Noble Member
Topic starter
 

Thank you, will check-it-out. We work on a new non-malware-check but fast wiping and SCCM-process to reach a status of 100% clean start and soon re-wipe approach (Hacked-Wiped-SCCM rolling process).

By implementing realtime homomorphic encryption and rolling data value analysis triage (Fast Gold-out) we improve security. 1day patching obviously.

 
Posted : 03/02/2018 5:18 pm
(@einstein9)
Posts: 50
Trusted Member
 

You are welcome.

Usually i do similar tasks with VM`s and One click step back and have a fresh start again.
faster than starting from scratch again.

wink

 
Posted : 04/02/2018 8:19 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Well, for one thing wiping (single 00 pass) a whole hard disk has the "advantage" (when compared to normal, daily read/write use of a hard disk) to produce uniform wear, each single sector is written, so unlike in normal operation where a given set of sectors corresponding - say (Windows example) - to one of the files backing the Registry is written hundreds, thousands, millions times and while another set of sectors corresponding to - still say - the BOOTMGR is NEVER written/overwritten after install.

What in my experience might constitute a problem is that the wiping amounts to have the disk continuously working (writing and reading) for hours, which is not what a "normal" system activities is, so what I personally recommend is to always take care of the heat, using a dedicated fan to keep the disk cool.

But no, you won't sensibly decrease the disk drive lifetime wiping it once a week.

jaclaz

 
Posted : 04/02/2018 12:37 pm
Share: