How do you recommend destroying sensitive information on a hard drive? I've used DBAN in the past, is that good enough?
SnapOverflow
How do you recommend destroying sensitive information on a hard drive? I've used DBAN in the past, is that good enough?
DBAN is just fine. Here's the dirty little secret--any program that overwrites every byte of the drive will have wiped everything permanently. You don't need to do multiple passes with different write patterns, etc.
Don't believe me? See the standing challenge to prove that a drive overwritten with 0s once can be recovered. Nobody seems willing to take up the challenge. http://16systems.com/zero.php
Anything that does a single overwrite of a hard drive is fine, including DBAN.
Some people say you have to do multiple overwrites with random data and specific patterns. This may have been true in the days of floppy disk drives (remember them?) where the area of magnetic media per byte was big enough to not get completely overwritten, but modern hard drives are much too densely packed with data for this to happen. But don't take my word for it - read this article about trying to recover overwritten data using an electron microscope.
Other options include the wipe utility, or a simple
These methods all work fine for overwriting entire hard drives or partitions. However be aware that overwriting single files can lead to some data being left elsewhere on the hard drive, particularly with journaling file systems such as ext3 and NTFS. They write bits of data to disk outside the file, so small amounts of data can escape the current file being overwritten. Also, if the partition has been defragmented since the file was first written then the original file may still exist on the hard drive.
I have used PGP 8.0's wipe tool with success.
Don't ever physically destroy the hardware before wiping the data with software, forensics can retrieve parts of a destroyed hard drive.
physically destroy the platters - it's the only way to be sure ;-)
I always use DBAN and then use a beltsander to the platters. Paranoid sure but i know that not even the NSA/MIT/CALTECH and all the computer geeks in Russia/China combined could recover the data! If your paraniod and want to ensure your data is never EVER EVER recovered even if aliens get ahold of it then DBAN/Beltsander it :o)
It depends on how sensitive your data is. If you arn't the CIA or NSA, then DBAN is fine.
Yes, DBAN even at it's lowest setting is way more than enough.
http://www.dban.org/
I use a hammer or sledge.
You should use the procedure set down in your organization's security policy.
When it comes to security, technical advice (such as you receive here) is only half the question. You also have to be able to justify your actions to an auditor. And auditors aren't so concerned with the results of your actions, but that you followed the appropriate procedures as set down in the appropriate policy. The auditor's job it make sure that some cowboy (or cowgirl) doesn't just go around doing whatever they think is right, without oversight or justification.
Of course, your organization's security policy comes from somewhere; when you're wondering what is an appropriate method to securely wipe sensitive data to put into your security policy, you'll find a number of suggestions in the other responses to this question. :-)
DBAN works great. However, one of the challenges that I run into in how to securely erase a hard drive that has failed, but is part of a RAID set.
I normally have to return the hard drive back to Dell, and they would not take kindly to receiving a drive with a hole drilled in it. Furthermore, it's hard to run DBAN on just a single drive within a RAID set prior to removing the drive from service. Assuming that the drive is still functional.
How do others handle this situation?