precautions i must take before selling old hard drive?

The forum for non-component-related silent pc discussions.

Moderators: NeilBlanchard, Ralf Hutter, sthayashi, Lawrence Lee

Post Reply
samwc912
Posts: 54
Joined: Sun Dec 14, 2003 10:43 pm

precautions i must take before selling old hard drive?

Post by samwc912 » Sat Jun 05, 2004 9:38 pm

I've been thinking of selling my 120WD for a samsung sp1614n. Are there any precautions I must take before selling my 120WD. I don't mean backing up my data, but rather getting rid of any trace of it on the drive. I certainly don't want anybody else having access to my data.

Is a format enough for keeping "files recovery programs" away? Or must I do something else?

Any suggestion on this matter is welcomed. Thank you.

Dirge
Posts: 111
Joined: Sun Apr 11, 2004 8:55 pm
Location: New Zealand

Post by Dirge » Sat Jun 05, 2004 10:01 pm

Personally I dont feel formatting a Hard Drive is enough, there are programs that can restore data from previously formatted drives.

You should find a secure delete utility to erase the free space on your Hard Disk.

Maybe you could find one on download.com or majorgeeks.com

yermolovd
Posts: 61
Joined: Wed Dec 24, 2003 7:13 pm
Location: Kitchener, ON, Canada
Contact:

Post by yermolovd » Sat Jun 05, 2004 10:14 pm

I think there's a low level formating, and also you delete the partitions too. I am about to sell my 80Gb WD drive and I was also thinking of a plan how to delete my stuff from the drive, so it can't be restored.

Cerestes
Posts: 24
Joined: Thu Apr 29, 2004 11:34 am
Location: Seattle

Post by Cerestes » Sat Jun 05, 2004 10:28 pm

Go to cnet/zdnet, your favorite shareware software download site.

Download a program called "Eraser".

Delete the entire harddrive, format it via windows if you wish.
Run eraser, and choose the erase method you want to spend the time doing.

Basically, it writes pseudo-random data over all blank space on the harddrive. You can choose the number of passes (1 through 35 if I remember right). I think DOD specifications say something like 5-7 times is unreadable without fancy equipment.

Be aware though, you're basically writing 120 gigs x 35 times to your HDD, its a long (overnight plus some) process.

fmah
Friend of SPCR
Posts: 399
Joined: Fri Mar 28, 2003 9:32 pm
Location: San Diego, CA

Post by fmah » Sat Jun 05, 2004 10:29 pm

Some of the WD drive utitilies include a function to write 0's to the drive. This should wipe out everything.

sneaker
Posts: 133
Joined: Tue Dec 24, 2002 8:37 pm
Location: Australia

Post by sneaker » Sat Jun 05, 2004 11:21 pm

Another vote for Eraser:

http://www.heidi.ie/eraser/

It's Free/Open Source. Used it just last week to wipe a hard disk I sold on eBay. The single-pass overwrite of psuedorandom data should be adequate.

Incidentally, has the idea occured to anyone else that there are people out there who buy HDs en masse, glean data off those that haven't been properly erased, then sell them? Never heard of an actual case of this, but given the general ignorance people have of computer security, I sometimes wonder...

wim
Posts: 777
Joined: Wed Apr 28, 2004 5:16 am
Location: canberra, australia

Post by wim » Sun Jun 06, 2004 12:21 am

man you guys are pretty paranoid..

do you really think someone would try to unformat your hd and rifle through your old stuff?!? anyway why care if they find old porn or something, as long as you're not silly enough to have all your credit card numbers in a txt file or something :lol:

kesv
Posts: 300
Joined: Fri Nov 07, 2003 8:44 am

Post by kesv » Sun Jun 06, 2004 3:51 am

fmah wrote:Some of the WD drive utitilies include a function to write 0's to the drive. This should wipe out everything.
Writing zeroes is not enough to securely erase the data from a harddrive. Instead alternating patterns should be written. The website for Eraser links to a paper about this.

Linux has the badblocks tool which includes an extensive write/read testmode. It works by writing several bitpatterns to each block, reading them and comparing. Besides making sure that the drive is operational it should be sufficient as a secure erasing tool. Be warned however, I've run this mode once on a drive. It takes the whole night :)

kesv
Posts: 300
Joined: Fri Nov 07, 2003 8:44 am

Post by kesv » Sun Jun 06, 2004 4:04 am

yermolovd wrote:I think there's a low level formating, and also you delete the partitions too.
You shouldn't worry about partitions. Deleting a partition is really just removing the entry from the partition table. This means a deleted partition can be returned as long as nothing is written over it by examining the disk. There are tools to do it.

Instead you should worry about overwriting every block on the drive. This is what the security erasing programs do. In fact I've noticed that most drives seem to have a security erase function in their firmware. I assume you can trigger it with some software from the manufacturer. I can't really say how well this security erasure feature has been implemented though.

One worrying example from Germany. An IT security firm wanted to find out how well removal of sensitive data works in German firms. So they bought 100 second-hand harddisks from several sources (some were firms that are supposed to clean the drives for resell). From about 80 (can't remember exact number) they were able to extract data. From 60 they were able to reconstruct almost everything.

The lesson from this ? - Don't trust anyone to take care of security for you. Do it yourself.

samuelt
Posts: 14
Joined: Tue Dec 02, 2003 5:40 am
Location: Sweden

Post by samuelt » Sun Jun 06, 2004 4:42 am

get a linux live-cd and run this in the shell:

Code: Select all

for i in `seq 10`; do echo "round $i..." && cat /dev/random > /dev/XXX; done
where XXX is something like hd[a-z] (first ide device. sd[a-z] for sata and scsi-disks. You have now over-written the entire disk with random stuff 10 times. It should do it for the paranoid.

Ralf Hutter
SPCR Reviewer
Posts: 8636
Joined: Sat Nov 23, 2002 6:33 am
Location: Sunny SoCal

Post by Ralf Hutter » Sun Jun 06, 2004 4:55 am

I agree that you should wipe/overwrite the data on your HDD before you get rid of it. I've been using both DBAN and AutoClave for a few years now. They both work great for me.

trodas
Posts: 509
Joined: Sun Dec 14, 2003 6:21 am
Location: Czech republic
Contact:

Post by trodas » Sun Jun 06, 2004 7:47 am

wim - yea, it might sound all paranoid :wink:
But sometimes is better be paranois that sorry later :lol:

I mean - come on, this is mostly not a kiddie computer :wink: And you have probably lot's of your sensitive data, passwords, cookies from bank www access and perhaps even creditcards in files...
...then you definitively SHOULD worry about that someone migth overlook your porn collection and take a closer look at stuff, you never want anytone to see :?

The best passwords was never broken. They are leeched from machines :wink:

Sardaan
Posts: 42
Joined: Mon Apr 12, 2004 6:12 pm

Post by Sardaan » Sun Jun 06, 2004 9:04 am

I have taken the route of never selling a hard drive. Instead I use them when I build my parents new computer or I take them into the yard and introduce them (only the really old ones, had a 4gb HD that fell into this cat.) to Mr. Sledgehammer. Usually 6-8 wacks with a 15lb sledge does the trick :-)

If I ever did sell a hard drive I would without a doubt use some of the mentioned programs to wipe it clean.

samwc912
Posts: 54
Joined: Sun Dec 14, 2003 10:43 pm

Post by samwc912 » Sun Jun 06, 2004 6:24 pm

thanx guys, I will certainly try some of the programs mentioned here.

Wim
Yeah it may sound like paranoia, but it is justified. All the info and cookies stored on the computer are important: I go on ebay, use paypal and banking. If I was unlucky enough to have these info stolen from me... o'the headache...

azmo
Posts: 16
Joined: Mon Jun 07, 2004 1:21 am

Post by azmo » Wed Jun 09, 2004 1:35 am

if there aren't too many "sensitive" files and you know where they are you could just use "file shredder":

http://www.gregorybraun.com/Shredder.html

it uses the "NSA file erasure algorithm". then format normally. would save a lot of time. (just remember to turn off "log all operations to a disk file" - it writes the names of all the files you deleted in a text file - might be something sensitive in the filename)

aphonos
*Lifetime Patron*
Posts: 954
Joined: Thu Jan 30, 2003 1:28 pm
Location: Tennessee, USA

Post by aphonos » Wed Jun 09, 2004 9:52 pm

Ralf Hutter wrote:I agree that you should wipe/overwrite the data on your HDD before you get rid of it. I've been using both DBAN and AutoClave for a few years now. They both work great for me.
Another vote for Autoclave based on personal experience. And another vote for not selling any HDD that has not been wiped by something along the lines of Autoclave/Eraser. (But I work in banking and hear lots of identity theft stories, so I get a little data-security paranoid. :roll:)

yermolovd
Posts: 61
Joined: Wed Dec 24, 2003 7:13 pm
Location: Kitchener, ON, Canada
Contact:

Post by yermolovd » Thu Jun 10, 2004 12:13 pm

Hehe, I hope my class-mate will not attempt to restore my data, altough I will use one of the utils mentioned above.

douglas
Posts: 56
Joined: Sat Aug 02, 2003 9:03 am
Location: Mountain View, CA

Post by douglas » Thu Jun 10, 2004 12:59 pm

Just to add my 2 cents, here is a vote for badblocks on linux. This way you can get a report on which part of the drive might have problems before selling it also. I was going to try to sell a collection of 8MB smartmedia cards I have, and used this on each card to blank them, and then formated each card, so I knew they would be blank before selling. But I found that no one wants an 8MB card anymore so it didn't matter.

But there are a few famous stories of people getting in touble by not formatting the hard drive. I believe there was one case of a guy that was bombing Planned Parenthood for advocating abortion, and they found edvidence from a computer he sold. There were also some pornagraphy cases I believe.

Taking a few hours to write various paterns of data over each block on the disk is probably a good idea. Although writing truely random paterns more than twice is probably a little paranoid, I mean the NSA is probably not going to be going over your drive.

canthearyou
Posts: 153
Joined: Mon Oct 27, 2003 5:35 pm
Location: Arlington, Virginia
Contact:

Post by canthearyou » Thu Jun 10, 2004 10:53 pm

The only good eraser is a grinding wheel.

m_yates
Posts: 45
Joined: Mon Mar 01, 2004 8:32 am

Post by m_yates » Fri Jun 11, 2004 4:35 am

I purchased a package of software from Acronis: http://www.acronis.com/products/powerutilities/

It is $60 US, but includes several useful tools for migrating to a new drive. One is "Drive Clenser" that will erase everything on the old drive using your choice of security algorithms for overwriting (one pass with all zeros is enough unless you are truly paranoid). Another is "Migrate Easy" that will image your old hard drive onto a new one so that you do not have to reinstall the operating system.

frosty
Posts: 636
Joined: Fri Jun 06, 2003 9:40 am
Location: USA

Post by frosty » Fri Jun 11, 2004 6:40 am

Another option I did once was to reformat the hd then reinstall windows and isntall any games you got or just load something, I dunno, like quickbooks, then copy it over and over until you nearly fill the drive.

Thus you have reformated and then rewrote to the hard drive to invalidate a hackers dream.

Post Reply