Suppose I have a hard disk with data I don't want to expose to a third party. The warranty period for that disk still lasts. Now the disk starts malfunctioning.
I can't use a disk wiping program on a malfunctioning disk - it just wouldn't work. If I run any destructive action on the disk - burn it, open and scratch it, smash it, whatever similar - the retailer will refuse to exchange the disk saying that the destructive actions void warranty.
How can I destroy sensitive data on a failed disk without voiding warranty?
I would ask, what is the value of the data on the disk?
If it's more than the cost of a new disk, then my preference would be to destroy the faulty disk and buy a new one. You could spend a lot of time trying to get the disk working long enough that you could do a proper erase, but is it worth it? And do you know that it's definitely worked? What if there were some bad sectors that you weren't able to erase properly and still contain some data, even if damaged.
With the cost of hard drives today, if your data's valuable then buying a new disk is not a big expense.
You could ... degauss it. I mean, it's already broken ...
You just need to find a significantly large electromagnet.
Just explain to your vendor that the disk failed but that you cannot return it due to sensitive data. Many vendors, especially vendors with business customers, will accept that without asking.
If they don't, offer a signed, written statement declaring that the disk failed. If that still doesn't satisfy them, write off the loss and consider buying the next disk from a vendor with a sensible warranty policy.
Dell e.g. even has this as an explicit option:
Dell: Keep Your Hard Drive
If the data is so sensitive, you can afford to buy another disk and scrap this one, otherwise look for a specialist in HDD data recovery and ask them what they can do about your problem, as they'll probably know how to handle your request.
I'm based in Norway, and we degauss failed drives using equipment from Ibas. Dell, HP and IBM all accept the destroyed media as return for warranty replacements.
Many disk failures are attributed to the disk firmware predictive error checking flagging the disk as bad. Unless there is a head crash or physical problem the data is still accessible. You are correct to make the assumption that the disk might months later show up on ebay.
If this is a SATA disk, consider using the disk's firmware level secure wipe function. It's been included on all SATA disk firmware since 2001.
http://blogs.zdnet.com/storage/?p=129
UCSD’s CMRR to the rescue The University of California at San Diego hosts the Center for Magnetic Recording Research. Dr. Gordon Hughes of CMRR helped develop the Secure Erase standard.
Download his Freeware Secure Erase Utility, read the ReadMe file and you’re good to go.
To use it you’ll need to know how to create a DOS boot disk - in XP you can do it with the “Format” option after you right-click the floppy icon in My Computer.
You may have to dink with the bios on a desktop PC to get it to work properly. Most motherboard manufacturers have blocked the function because of course it is dangerous. They typically do this by locking the drive access during post, you can get around this with the right bios settings and waiting to connect the SATA data cable until after post is completed.
You could build your own electromagnet. Get an iron nail, wrap copper wire around it (the more wraps the better) and connect the ends to the positive and negative leads on your battery (9 volt, 12 volt, etc). However, again this method most likely won't work. Firstly, it's an unchanging current and secondly the strength of this magnetic field pales in comparison to the field emanating from the read-write head hovering microns above the platters surface.
To really erase a disk you will need a strong fluctuating field, slowly diminishing its intensity. You could probably achieve this by wrapping the drive itself in a few hundred turns of wire, and then connect that to an auto-transformer, plugged into AC power, and start it up at some high voltage and then run the voltage slowly down to zero. That would probably be enough to ensure saturation, and then complete elimination of data as you diminish the field and randomize the platters from inside to out.
That being said, with the relatively low cost of storage these days the simplest way of ensuring that your data is destroyed is to physically destroy the media storing the data. A good drill is cheaper and faster than the suggestions above. Which is more fun is a matter of opinion.
If you have sensitive data on the disks then you probably want it encrypted anyway. Physical attacks on your infrastructure (thieves, police who raid your machine by mistake then lose the disk, simple human error) are potential risks to be considered. Then you can hand over the disks untouched and intact. Even more so if the disk is also part of a raid set as they don't get anything useful to even try brute force attacks (without having the whole set, which would be true for RMAs I hope).
I have had failed disks respond when removed from the machine and placed into a external case.
Was this disk the main disk? I have found that when a HDD goes I can usually pull stuff off of it if I put it in another machine as a slave drive and get what I can (or use a live CD). You might be able to run some sort of drive wipe this way. When the OS is running off a failing disk it's nearly impossible to do this.