Just getting started sterilizing time

A few questions
- What is your definition of "forensically wipe"?
- What is the interface between your exam machine and the drive?
- What tool are you using to "forensically wipe" the drive?

And finally, what is the purpose, or your goal in wiping the drive?

I would also add "what is your idea of forever?"

If you are using something like 'Eraser' and have it set to 3 passes, well you are writing data to every single sector of the hard drive 3 times…..overkill, a single pass will generally suffice.

i think my dc3dd wipe of a 2tb drive takes about 3-4 hours, but id have to check specifically

Thanks for all the responses. Maybe its just normal. I guess I will have to just keep a stock of wiped media on the shelf to save time.

The drive is connected directly to my machine via SATA interface. I have used several program, FTK ver. 4, Win Hex, Paladin ver 5 and all seem to take about 5-7 hours to wipe.

Just for the record, using the ATA internal Safe Erase command, the wiping will be as fast and as safe as it can be. (independent from bus speed/processor/RAM/etc.).

Depending on the actual device, you may get away with the DOS based cmrr program (included in the UBCD) or you might need to use hdparm (preferrably under Linux, but also under windows it is doable).

Basically you give to the processor on the disk a "special" command and from then afterwards everything is done "internally" on the disk (there are not zillions on 00's travelling through the cable).

Some considerations/links/etc. are given here
http//www.forensicfocus.com/Forums/viewtopic/t=10808/
and here
http//www.forensicfocus.com/Forums/viewtopic/t=8577
and in the linked to thread
http//reboot.pro/topic/13601-software-to-wipe-a-systemdrive-from-windows/

jaclaz

5-7 hours for what size drive?

That does seem long for a 2TB drive, as previously mentioned I'd expect 3-4 hours for a 2TB drive from most tools.

Or you could not bother with the wipe at all (unless it's required for studies or something) and rely on your knowledge of the imaging process and file systems to explain why there is no way old data could have "infected" the current case )

The drive is connected directly to my machine via SATA interface.

In addition to the comments made by others, two points to bear in mind

[1] The bandwidth of the interface. The Wikipedia page here is a useful reminder of bandwidths for various common (and not-so-common) interfaces. You'll see that the bandwidth for SATA II is 300MB/s; for SATA III the bandwidth is 600MB/s. On that basis, the best you could expect would be to make a single pass of a 1.5TB (1,572,864MB) in about 1.5 hours on SATA II or about half that time on SATA III.

HOWEVER

[2] I'm not aware of any commonly-used mechanical SATA hard drives that could sustain sequential write speeds of anywhere near the bandwidths of either SATA II or SATA III. As the chart here shows, even the better drives can only sustain around 150MB/s and some manage less than 100MB/s. At 100MB/s it would take over 4 hours to make a single pass of a 1.5TB drive.

If you've got an SSD drive then you could achieve faster rates perhaps 400-500MB/s for the better ones. However, passing a Secure Erase command is a much better option for SSDs.