Returning failed HDs with data......safe?
Moderators: NeilBlanchard, Ralf Hutter, sthayashi, Lawrence Lee
-
- *Lifetime Patron*
- Posts: 5316
- Joined: Sat Jan 18, 2003 2:19 pm
- Location: St Louis (county) Missouri USA
Returning failed HDs with data......safe?
I had a run of bad luck...lost two WD drives. For some unknown reason both motors failed. I had to exchange them......one to BestBuy, the other to Sam's Club. Anyway, I asked at Sam's what was done with the old drives, which had data on it which I might not want seen by anybody. The personal didn't really know, and just said they were sent back to the mfg......no special security. BestBuy said returned HDs were kept locked up, and disabled by drilling a hole through the things, before being sent back. That made me feel somewhat better. Anybody know something about this subject?
-
- SPCR Reviewer
- Posts: 1115
- Joined: Fri Mar 04, 2005 9:07 pm
- Location: Vancouver
-
- *Lifetime Patron*
- Posts: 1464
- Joined: Mon Dec 29, 2003 2:51 am
- Location: Elk Grove, CA
- Contact:
As a Best Buy employee, let me clarify that they do *NOT* drill holes to ensure data security. Why would they, because that is the same as destroying the product. What I have seen happen (I work in PCHO Sales) is that it gets marked to be shipped out. It is sent off back to the vendor I believe, which would be WD in this scenario. I have never seen any HDDs come back from our service center to be sold again. Just to let you know though, if you return it without saying it is defective it is just put back on the floor.
Well, it does have downsides - there can be a performance hit (usually small admittedly), encryption on the fly introduces another layer of file system complication (potential unreliability), and unless you're very careful about backing up the relevant keys you can easily end up losing the critical stuff you're trying to hide.Mr Evil wrote:This is a good reason to always encrypt sensitive data. In fact it's not a bad idea to just encrypt everything.
But yes, I'd never let a drive with unencrypted sensitive data out of my sight. Just because you're paranoid doesn't mean they're not out to get you...
I'd keep the HDD and eat the loss. Unless I know with absolute certainty there is no sensitive information on the drive, I'm not gonna bother RMAing it. I don't mind if they find "embarrasing" stuff, but financial information etc... no thanks.
I can just see some tech savvy Best Buy employee taking home a few "broken" drives to try some recovery tools on... Or a dumpster diver with malicious intent etc...
I can just see some tech savvy Best Buy employee taking home a few "broken" drives to try some recovery tools on... Or a dumpster diver with malicious intent etc...
In the UK several people have been jailed after taking their PC to be repaired.
The repairers spend their time looking at images stored on the PC (more fun than actually working), when they find something particularly disgusting they report it to the police.
You should assume that your HD contents will be read
The repairers spend their time looking at images stored on the PC (more fun than actually working), when they find something particularly disgusting they report it to the police.
You should assume that your HD contents will be read
-
- *Lifetime Patron*
- Posts: 5316
- Joined: Sat Jan 18, 2003 2:19 pm
- Location: St Louis (county) Missouri USA
Well I returned both drives......like I said the motors on both drives were non-working. And I doubt many people would be able or even willing to attempt repairs, enough to actually read anything. I tried everything I knew about to get the things to spin....no luck. I even tried freezing them for a while......thought it might free up a stuck bearing. Nope...
I never had a dead drive in 15.5 years of PC ownership. But the few (really) old ones I stopped using and didn't sell either, I hammered and threw away. On the drives I sold / gave away, I had the data deleted, then filled the drive with rubbish data, deleted again and reformatted. Considering that I'm writing software for security printing, it doesn't seem too much caution.
Keep it
I'm with Moogles, keep it. In this day and age you can't be too careful. And even $70-90 bucks won't seem like much if you have identity theft problems later. I just signed up for Google's Picasa and it went all through my hard drives and got the pictures grouped into Picasa. I have had this info on various hard drives for years. I was amazed at the old images and pictures that were buried somewhere in my hard drives. I mean, nothing that would get me arrested, but pictures of old stereo equipment and girlfriends that I thought I had deleted years ago. I guess a guy should upload or otherwise save his important stuff and then reformat periodically.
Re: Keep it
Because that will keep them private and confidentialGreg F. wrote:I just signed up for Google's Picasa and it went all through my hard drives and got the pictures grouped into Picasa.
"I guess a guy should upload or otherwise save his important stuff and then reformat periodically."
Deleting isn't enough. Reformat isn't enough. They don't overwrite anything. Former only removes references to file from FAT or equivalent file table, reformat simply overwrites that FAT: files itself remain intact somewhere on the disk surface and can be recovered with software use only.
You'll have to overwrite each sector. Either delete every file and fill the HDD with non-confidential data to the very brim. Of course any leftover space would remain intact, but it's unlikely those few kilobytes were the ones containing sensitive information, or use low-level access to write zeroes to all the sectors. Latter one unsures all sectors (even FAT, MBR, file system logs, back-up MBR, etc.) are erased. Of course filling with zeroes makes it "all too easy" to recover bit by checking residual magnetisation of magnetic grains, but even that kind of "simple" data recovery should be useless with software. You'd have to tap to R/W heads and read the voltage as HDD's purpose is to find the most likely current bit, not to recover old bits prior to overwriting. In fact HDDs are designed to make it hard to recover them. Data recovery centers can still do it, but at a cost higher than just software recovery.
Recovery of data from bad sectors that are not yet reallocated is possible to do with software, just read the data as many times as needed until CRC matches (brute force) or read the data multiple times (ignoring CRC) and find the most common value for each bit.
Reallocated sectors are put aside and cannot be read through HDDs logics. Bad sectors that aren't overwritten or which data isn't readable through brute force should not be reallocated, so reallocation itself doesn't cause data loss but overwrite does (as it's merely a signal to HDD logic that old contents aren't worth recovering. So, there's usually no need to access bad sectors when recovering data for your own purpose... but for malice purposes (corporate espionage, data forensics), maybe. Because of this, HDDs with bad sectors aren't completely safe with zero fill (or much better: multiple random bit overpasses) to overwrite accessable LBA. For homeuse, I'd say, the likelyhood for presense sensitive data on those bad sectors is extremely unlikely, not to mention that recovering them is difficult to do.
But accessible LBA should always be overwritten with something, preferably random bits and 3+ overpasses (but usually a single zero fill overpass would suffice for simple household PC HDDs). After that, I'd say it's pretty much safe to give the HDD to anyone: buyer, retailer, police, RMA.
HDDs with frozen spindles have all data perfectly intact. And cause may be a spindle motor driver chip, i.e change of PCB or resoldering a new chip to old PCB can fix the HDD if there's no further damage to other ICs (much damage is caused by bad voltage regulator on HDDs PCB and this could cause physical damage to numerous other components on the PCB). But I don't think retailers would attempt to fix it themselves just out of curiousity. And RMA is safe, they never plug the HDDs to a normal PC to browse it's contents or to find if it's working: they have very specific low-level programs to access the HDD and end-result of recertified HDD is a HDD that is completely erased of previous content.
If however retailer handled the replacements themselves, the contents on the HDD is more of a concern. Retailers don't have special equipment so they would probably refer to "check if it's OK and trash if it's not policy". Meaning they could browse through the contents. They probably would consider a frozen spindle a hopeless case though...
In short: trust manufacturer's recertification, but don't trust every retailer that they'd honor the same, strict warranty policies...
Deleting isn't enough. Reformat isn't enough. They don't overwrite anything. Former only removes references to file from FAT or equivalent file table, reformat simply overwrites that FAT: files itself remain intact somewhere on the disk surface and can be recovered with software use only.
You'll have to overwrite each sector. Either delete every file and fill the HDD with non-confidential data to the very brim. Of course any leftover space would remain intact, but it's unlikely those few kilobytes were the ones containing sensitive information, or use low-level access to write zeroes to all the sectors. Latter one unsures all sectors (even FAT, MBR, file system logs, back-up MBR, etc.) are erased. Of course filling with zeroes makes it "all too easy" to recover bit by checking residual magnetisation of magnetic grains, but even that kind of "simple" data recovery should be useless with software. You'd have to tap to R/W heads and read the voltage as HDD's purpose is to find the most likely current bit, not to recover old bits prior to overwriting. In fact HDDs are designed to make it hard to recover them. Data recovery centers can still do it, but at a cost higher than just software recovery.
Recovery of data from bad sectors that are not yet reallocated is possible to do with software, just read the data as many times as needed until CRC matches (brute force) or read the data multiple times (ignoring CRC) and find the most common value for each bit.
Reallocated sectors are put aside and cannot be read through HDDs logics. Bad sectors that aren't overwritten or which data isn't readable through brute force should not be reallocated, so reallocation itself doesn't cause data loss but overwrite does (as it's merely a signal to HDD logic that old contents aren't worth recovering. So, there's usually no need to access bad sectors when recovering data for your own purpose... but for malice purposes (corporate espionage, data forensics), maybe. Because of this, HDDs with bad sectors aren't completely safe with zero fill (or much better: multiple random bit overpasses) to overwrite accessable LBA. For homeuse, I'd say, the likelyhood for presense sensitive data on those bad sectors is extremely unlikely, not to mention that recovering them is difficult to do.
But accessible LBA should always be overwritten with something, preferably random bits and 3+ overpasses (but usually a single zero fill overpass would suffice for simple household PC HDDs). After that, I'd say it's pretty much safe to give the HDD to anyone: buyer, retailer, police, RMA.
HDDs with frozen spindles have all data perfectly intact. And cause may be a spindle motor driver chip, i.e change of PCB or resoldering a new chip to old PCB can fix the HDD if there's no further damage to other ICs (much damage is caused by bad voltage regulator on HDDs PCB and this could cause physical damage to numerous other components on the PCB). But I don't think retailers would attempt to fix it themselves just out of curiousity. And RMA is safe, they never plug the HDDs to a normal PC to browse it's contents or to find if it's working: they have very specific low-level programs to access the HDD and end-result of recertified HDD is a HDD that is completely erased of previous content.
If however retailer handled the replacements themselves, the contents on the HDD is more of a concern. Retailers don't have special equipment so they would probably refer to "check if it's OK and trash if it's not policy". Meaning they could browse through the contents. They probably would consider a frozen spindle a hopeless case though...
In short: trust manufacturer's recertification, but don't trust every retailer that they'd honor the same, strict warranty policies...
-
- *Lifetime Patron*
- Posts: 5316
- Joined: Sat Jan 18, 2003 2:19 pm
- Location: St Louis (county) Missouri USA
Apparently the different BestBuy stores handle returned drives different from one another. I asked at another store how they handle returned drives. It depends.....if the drive is usable, they format/erase the data using some special program. The guy showed me one drive being erased. If the drive is completely n/g, they will take it apart in front of you, and destroy the platters. Some stores drill holes......you have to ask for that however. Anyway.....just hope your brand-new drive doesn't conk out.
-
- *Lifetime Patron*
- Posts: 2000
- Joined: Tue May 15, 2007 1:39 am
- Location: Finland
Sorry to hear about your drives. Keep an eye on SMART and temperatures by chance?
Also, in case you want to overwrite a working HDD to erase data, I recommend Darik's Boot and Nuke. Easy to use, surefire operation.
Also, in case you want to overwrite a working HDD to erase data, I recommend Darik's Boot and Nuke. Easy to use, surefire operation.
-
- *Lifetime Patron*
- Posts: 5316
- Joined: Sat Jan 18, 2003 2:19 pm
- Location: St Louis (county) Missouri USA
It wasn't a temp problem. It was either a surge from the PSU that took out both drives at the same time at start-up......or the SATA PCI card somehow did the trick. I stopped using the PCI card, and the new SATA drive is attached to the MB connector, and working ok. If it craps out, I'll blame the PSU. The drives were running below 35C.
-
- *Lifetime Patron*
- Posts: 2000
- Joined: Tue May 15, 2007 1:39 am
- Location: Finland
-
- *Lifetime Patron*
- Posts: 1288
- Joined: Sat Oct 25, 2003 3:21 pm
- Location: 15143, USA
- Contact: