Data destruction (with DBAN)

Recent legislation has caused the American healthcare industry to change the way it handles information.  This has radiated into the IT realm in a variety of ways – network security, physical (facility) security, background checks, et cetera.  In my particular job role, I am responsible to make sure that our data never leaves our property.  Or more specifically, that our property never leaves the facility with data on it.  In other words, I clean computers prior to disposal. 

There are a variety of methods of destroying data, both digital and physical.  My personal favorite would be heating the hard drive platters past the Curie point (the point at which the metal is no longer capable of maintaining a magnetic charge).  However, your average IT facility does not have the means to make this happen.  Another method is degaussing – to oversimplify, degaussing is magnetizing the entire disk, causing all the bits to flip the same direction and erasing all data.  Encryption can also be used – not to destroy the data, but to make it effectively inaccessible.

These are proven methods which are indeed used, but they do have drawbacks – they can be expensive and can require special equipment.  Most often, they are services performed by third parties (with the exception of encryption).

Our company used to sell our old hardware to a vendor, who would certify the data destruction and then resell the equipment.  This is a handy solution, but due to our office’s remote location and some other recent changes, we are now wiping the disks ourselves with one of the most common methods – the software wipe.

Software wiping is most often done using a boot CD.  I use a Linux-based tool called DBAN (Darik’s Boot And Nuke), which I will talk more about later.

Even within the field of software-based data destruction, there are a variety of methods and algorithms, some (such as the Gutmann wipe) taking a very long time, but considered very secure.  Many people have strong opinions on this issue.  Our company currently requires at least the US Department of Defense (DoD) 3-pass method.  The method writes 3 passes of random data over the entire drive.

For this kind of wipe, I recommend DBAN, as mentioned earlier.  DBAN allows for unattended wiping of all drives on a system (or the drives of your choice), and it has proven very easy to use when used on physically healthy disks.  For damaged disks, you may be better off sending it to a data destruction company, in my opinion.

DBAN supports a variety of the standard methods, including Gutmann, DoD (3-pass or 7-pass), and others.  The standard DBAN is open source software and is distributed free of charge.  There is an enterprise version available which supports wiping over a network and wiping of multiple computers simultaneously.  Both versions, since they run from CD, are platform independent.  DBAN will wipe IDE, SATA, and SCSI drives.

Explore posts in the same categories: IT, Linux, Product Reviews

Tags: , , , , , , , , , ,

You can comment below, or link to this permanent URL from your own site.

4 Comments on “Data destruction (with DBAN)”

  1. mrosedale Says:

    This is an excellent tool, and was on my radar to right an article on :-). I would recommend that anyone reinstalling Windows (or Linux, but especially Windows) use DBAN 1 pass first. I have actually run into problems with Windows installations if I do a format without the wipe. So I am a firm believer.

    At the U of I they took data even more serious requiring 10 passes. It was crazy and a time sync. I am not convinced that 10 wipes does much more than 3 (did you see the 45 pass option on DBAN). One note is that there are no guarantees with a software wipe. It is *possible* though not likely. Someone would have to have an extreme knowledge and a lot of time on their hand to recover the data. That said did you read about the company that recovered data from the Columbia crash? These hard drives barely survive reentry from space (most of the shuttle was vaporized) and they were able to recover like 1/3 of the data. Crazy!

  2. mrosedale Says:

    Oh and for you mac people out there Mac has it built in to the install CD. If you boot from the OS X disk you can wipe the drive before you install. It is part of disk utility.

  3. bfpower Says:

    That’s something I didn’t mention specifically but it’s a good point. Software wipes really only make it thatm uch more difficult to retrieve the data – so difficult that it’s just not worth the expense and time. Software wiping is referred to as “clearing” the disk – this is not the same as “sanitizing” the disk. Sanitizing can only be done via physical methods such as degaussing. However, this is not a DIY process and requires specialized equipment and knowledge, so most people choose clearing over sanitization.

  4. ref: DBan: We’ve been using EBan and DBan for nearly 5 years now on any computer that doesn’t need a corporate destruction process. It’s a top notch piece of software and far easier to use than the competition. However, as with any binary wipes, there’s always some traceability left behind. For the paranoid, I suggest a screwdriver and sandpaper on the platters. It’s the safest solution, short of shredding or a blast furnace.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: