hello
Does any one know a good Drive scrubbing prog ? Any open source ?
One friend told me about - DriveScrubber claims " meets and exceeds U.S. Department of Defense standards to protect from the latest and greatest recovery and forensic techniques. "
Another bud, says, "forget it, only way to fully prevent a drive from having data recovered is smashing it with hammer"
Although the latter, sounds fun., want to save some $, and use a prog to scrubb drive.
Any info is appreciated in this area.
Regards,
SitRep
How about Darik's Boot And Nuke ?
I've used it before (Though not tested it properly, seems to work ok)
http//
Eraser originally by Sami Tolvanen, is still does a decent job with quite a variety of methods to erase.
Any info is appreciated in this area.
What kind of drives are you talking about? ATA? SCSI? Scrub to whal level of security? What should it at least cost for the enemy to recrate the disk contents?
If the drives are ATA, Google for 'ATA Disk Secure Erase' – ATA drives have built-in commands that allow security erase to a level ordinary sector-overwriting software cannot reach, as they include remapped sectors etc. Look for material by Gordon Hughes of the San Diego Center for Magnetic Record Research.
As I understand it, the old DoD standard was
a character
the reverse of that character
random sequence
I've recently heard and not been able to verify that now they are saying you can just zero once for low security, or for higher security, you have to destroy the drive (with a degausser).
I'd appreciate anyone able to confirm with a reference that this is true.
If this is the case, then simply dd the whole drive with input from /dev/zero, and then CRC hash the drive to achieve a zero result with all sectors read.
The Department of Defense does not allow for the overwriting of data on rigid HDDs in order for the drives to be deemed sanitized. That was an old paper (Manual 5220.22), and it was phased out roughly 2 years ago.
For software based solutions, I use Eraser 5 (eraser.sourceforge.net). You can use EnCase if you have it (thought I would recommend Eraser before EnCase).
For a "hardware" approach, your friend is quite right. A Torx T-6, Phillips-head, and a good hammer are your best friends. Best of all, you can use the feromagnet within the HDD case to run over the platters.
Eraser is free.
)
Hi,
You could try
http//
It will use the (firmware)on the HDD to erase your disk.
I've got it from YouTube - Scott Moulton, 10 Things About Hard Drives Part 2/6
http//
The top ten things about hard drives you didn't know. This was recorded at Shmoocon 2009. Hard drives and data recovery that most people do not know.
Gtz,
Alex
We developed an own solution with a nice and simple GUI. Anyone who is interested in it may write me to get the package (for Debian and Debian-based OS like Ubuntu, Knoppix,…) vogu00 at gmail point com.
According to
From Page 16
Purging information is a media sanitization process that protects the confidentiality of information against a laboratory attack. For some media, clearing media would not suffice for purging. However, for ATA disk drives manufactured after 2001 (over 15 GB) the terms clearing and purging have converged.
A laboratory attack would involve a threat with the resources and knowledge to use nonstandard systems to conduct data recovery attempts on media outside their normal operating environment. This type of attack involves using signal processing equipment and specially trained personnel.
Executing the firmware Secure Erase command (for ATA drives only) and degaussing are examples of acceptable methods for purging. Degaussing of any hard drive assembly usually destroys the drive as the firmware that manages the device is also destroyed.
For my organization I have written a simple shell script that can be used with any *nix OS with HDPARM installed(e.g. CAINE) It displays information about the drive to be wiped (MFG, Model, Serial) and subsequently executes the in-drive secure erase command, and at the termination of that command it writes a declaration of sanitization(including the MFG, Model, Serial, Date/Time of completion) to the drive beginning at the first writeable sector, then echos the content of the drive to the terminal thus displaying the declaration.
One thing to note about the secure erase command and the ATA security options in general is that most production machines(e.g. Dell, HP, etc) issue a security freeze on boot via the BIOS that prevents any higher level OS from interacting with the security feature set. This security freeze is at the drive level and power must be removed/restored to the drive for the security freeze to be released.
Below is the shell script I use, note that it defaults to /dev/sdb and requires you to type 'wipe' at a prompt for it to actually issue the command, this behavior can be changed with a few simple modifications. This script could be expanded to pipe the declaration written to the drive to a label printer giving you a way of marking the drives so they are easily distinguishable as having been purged.
#!/bin/bash
# Title SecureErase.sh
# Version v1.3
# Author Mark R. Doering E-Mail mark@intervex.net
# Last Modification 07-15-09
#Set variable for our temp file.
hddinfo=/tmp/hddinfo.tmp
#Clear display and ask for drive path and assign to $dev
clear
echo "Please Enter Device to Wipe(/dev/sdb)"&& read dev
#Set $dev to /dev/sdb if nothing is defined by user
if [ -z "$dev" ]
then
dev=/dev/sdb
fi
#Gather info about $dev in our temp file.
hdparm -I $dev>$hddinfo
#Clear display and output some parsed results from our temp file.
clear
echo "Device Info For" $dev
grep Model\ Number $hddinfo
grep Serial\ Number $hddinfo
grep Firmware\ Revision $hddinfo
echo "Estimated Time To Wipe" && grep SECURITY\ ERASE\ UNIT. $hddinfo
echo
echo "To Erase Drive Enter 'wipe' and press [Enter]"&& read wipe
clear
if [ "$wipe" = "wipe" ]
then
echo "In-Drive Secure Erase started on";date
#Set the master password on $dev to a predefined password.
sudo hdparm --security-set-pass PWD $dev >/dev/nul
#Execute the in-drive secure erase command on $dev
sudo hdparm --security-erase PWD $dev
#Write a log of the wipe to the cleared media
wlog=/tmp/hddwipelog.tmp
echo "This Device">$wlog
grep Model\ Number $hddinfo>>$wlog
grep Serial\ Number $hddinfo>>$wlog
grep Firmware\ Revision $hddinfo>>$wlog
echo "Was Successfully purged in compliance with NIST SP800-88 on">>$wlog
date>>$wlog
cat $wlog>$dev
clear
head --lines=6 $dev
fi
exit 0
If anyone sees any room for improvement to this script or wish to share any modifications to it, please let me know. I have found this script to be indispensable and it has found a home on the desktop of my CAINE live USB key as one of my most oft-used scripts. Feel free to use it as you see fit, but if you would like to distribute it or re-post it, I ask that you please contact me first and do not alter the header information.
Kill Disk
Boot and Nuke