When you want to get rid of old computers, hard disks, or other media, how do you ensure that you don't give away your data as well ? Some theoretical considerations are addressed here. 1 question remains to be solved : can I do it myself ?
More precisely : just how long will it take to securely erase a serious number of disks (say 100 decommissioned computers from the company I work for ...), how secure is it - or : can the data be recovered ? And how do I go about it ? Depending on the outcome of these questions : wouldn't it be better to let someone else do it , i.e. hire a specialized firm to do my data destruction for me ?.
First of all : get DBAN and create DBAN boot disks or CDs.
This is just a matter of booting the PC of the DBAN disk, and start the Hard Disk Wipe.
For multiple PC's, you'd need multiple DBAN disks (floppy disk, bootable CD, bootable USB media) or boot off a disk image on the network. Cloning floppy disks or usb sticks with Linux dd command is a fast, easy and scriptable way to multiply DBAN boot media.
If the decommissioned PC's are in storage, you'd need to set them all up again. This needs to be calculated into the time/effort equation.
Given that your average PC has 2 IDE controllers, each capable of holding 2 disks, you can do 4 disks in one go. With SCSI, it could be more, because scsi disks can be daisy-chained (up to 8 per channel). So we can open up an old PC, attach 4 (IDE) hard disks, an run DBAN of a floppy or a USB stick. Tip : set the BIOS to 'Autodetect Hard Drives'.
This saves us the time (and space, power outlets, extension chords, monitors, keyboards, ...) needed for setting up each old PC. But it requires taking out the hard disks from the PC's and attaching them to the dedicated DBAN machine, and possible reinstalling them if we want to sell or donate the old machines.
MAYBE TODO : time both wiping a disk in place and setting up for multiple disks in a dedicated wiping machine, and see what's faster ?
In any case, this won't make the actual data wiping any faster : DBAN Will erase 1 disk at the time. However, EBAN - Enterprise Boot And Nuke, the commercial version of DBAN, has network booting and reporting, overwrites multiple drives simultaneously, has better server equipment compatibility, and captures serial numbers for compliance with SarBox, HIPAA, and FISMA.
Overwriting a disk to secure erase data on it is time consuming - and the more secure it needs to be, the more passes you'll need - in general. There are several 'overwriting algorithms' or combinations thereof. We first test with 1 PRNG pass, i.e. once overwriting the disk completely, to which DBAN will add a final past of blanking (writing all 0's) the disk and verifying. This takes about 25 minutes for a 1 GB disk with 2 FAT32 partitions.
For data recovery, we first try ZAR - Zero Assumption Recovery. I've had very good experiences with using ZAR in the past, recovering data from a disk that had been repartitioned and reformatted several times, with FAT, NTFS and ext2fs file systems. ZAR appeared capable of discovering even the older partition tables and recover files from whatever it could read on the disk. It is also relatively cheap, and rather easy to use while the advanced options allow for some educated guesses where simple straightforward recovery fails.
Still, ZAR was unable to recover anything from the disk that head undergone the 1 PRNG + 1 blanking pass from dban : obviously, there was not enough information left for ZAR to even attempt to recreate anything resembling a partition table, let alone a file system, not even a single file. So far, so good.
Then I had a quick look around for other data recovery techniques. Lots of articles suggest running a Linux Live CD (eg Knoppix) to be able to access a crashed system and rescue the files, but clearly that only works if there is a file system left for Knoppix (or Linux) to mount. Not on a DBAN-ed disk !
However, this article in The Linux Journal illustrates a data recovery session using a collection of Linux disk tools - mainly dd to read the disk and piping the output through several other tools to analyze and interpret it and rebuild the partition table from the results. Pretty much how I imagine ZAR works from seeing what it does and what kind of questions it asks in 'Advanced' mode ...
So what would dd tell us about this disk ? absolutely nothing : dd only sees zero's.
gparted ~: dd if=/dev/hda bs=512 | od -x 0000000 0000 0000 0000 0000 0000
Other Linux data recovery tools (testdisk, photorec, cat | grep, ...) also find no traces of any partitions, filesystem or files on a DBAN'd disk.
Apparently, dban is able of destroying data on a disk in such a manner that it can not be recovered by software tools. This claim is also made in the DBAN Support forum. And that was with just one PRNG pass. The DBAN help in the program suggests 4 to 8 passes (medium to high security) for the PRNG method, while the program also offers advanced algorithms such as those used by the Canadian Mounted Police or the US Department of Defense. Not too crappy.
The only feasible way of recovering any information from a disk would then by by magnetic probe. While we regard bits as 0 or 1, the magnetic information on a disk is not necessarily 0 or 1 : a bit that used to be 1 but is overwritten by a 0 may be 'more magnetic' than a 'real 0' - and by measuring these differences and interpreting them correctly, one could be able to reconstruct at least some parts of the disk. This becomes harder as the disk is overwritten multiple times and with random patterns. Magnetic probes and the software to reconstruct information out of the results of the probe is said to be extremely expensive, and the process extremely time consuming. Compare this to trying to reconstruct a book that went through a paper shredder. There are firms who specialize in data recovery so you wouldn't necessarily have to buy the equipment. You'd have to pay the firm in stead. They charge heavily for this type of work, so it would only be worth it if the disks presumably contain something of greater value than the costs of recovering the data.
The disks in question contained 1 or more FAT 32 or NTFS partitions. To test dban, I attached the disks to an old Pentium 2 133 Mhz pc. The limiting factor during the tests appeared to be disk I/O so the CPU speed and RAM size don't matter. During the test, CPU load was 20-30 % most of the time, sometimes raising to 50-60% and only occasionally showing over 100%, making the CPU the limiting factor - but only during the blanking/verification pass.
A 1 GB wipe, 1 pass, took about 25 minutes. A 2.5 GB wipe, 4 passes, took 1 hour and 45 minutes. Given that dban adds 1 pass (blanking & verification) at the end of the PRNG write pass(es), we can calculate the time needed to erase a given volume : 12 to 18 minutes per GB per pass, counting real passes (eg add 1 for blanking). With disk I/O being the bottleneck, newer (faster) disks may get erased faster.
For 100 computers with 6GB disks, we would need something between 240 and 360 hours for '1 pass' data destruction. That's 30 to 45 man-days, not counting the time to set things up or move disks to a dedicated dban machine. I guess that means you either opt for DBAN's Enterprise solution (based on network boot), organize physical destruction of the disks, leave it to a specialized firm, or try to set up a network boot sollutyion yourself.
setting up a DBAN boot server will allow you to :