49

I have an old hard disk (Maxtor 250Gb) from about 3 years ago that started giving errors and now sits in a draw in my desk. It has some confidential data on it but it's unlikely that it can be read because the disk started to go bad. However, before I dispose of it I want to make sure that the data can't be recovered by destroying the disk.

What is the best way to destroy the disk such that the data can't be read? (I live in Arizona and was thinking of leaving it in the yard when we have those 125 F days...?)

What is the best way to dispose of the disk after it's destroyed? (I believe that it's environmentally unsound to chuck it in the trash.)

HopelessN00b
  • 53,385
  • 32
  • 133
  • 208
Guy
  • 1,798
  • 4
  • 21
  • 28
  • 4
    Not sure if anybody's interested but here's a blog post on how I finally destroyed my hard disk and broke a drill bit in the process: http://guyellisrocks.com/hardware/destroying-a-hard-disk/ – Guy Dec 01 '09 at 16:57
  • I've found a 4 lb sledge and an oak chopping block to be really effective. Remove the circuit board, give it enough smacks to burst the cover and make sure the platters are well mangled. Turn it in to your local metal recyclers scrap barrel. – Fiasco Labs Dec 10 '11 at 22:36

23 Answers23

48

If you are looking for standard procedures and reliable methods, you could read the Guidelines for Media Sanitization (PDF) of the National Institute of Standards and Technology.

For any given medium, there are three basic methods:

  • Clear
  • Purge
  • Physical Destruction

For hard drives they recommend:

Clear:

Overwrite media by using agency-approved and validated overwriting technologies/methods/tools.

Physical Destruction:

  • Disintegrate
  • Shred
  • Pulverize
  • Incinerate: incinerate hard disk drives by burning the hard disk drives in a licensed incinerator.

Purge:

  1. Purge using Secure Erase. The Secure Erase software can be downloaded from the University of California, San Diego (UCSD) CMRR site.
  2. Purge hard disk drives by either purging the hard disk drive in an NSA/CSS-approved automatic degausser or by disassembling the hard disk drive and purging the enclosed platters with an NSA/CSS-approved degaussing wand.
  3. Purge media by using agency-approved and validated purge technologies/tools.

Recommendations for flash media (SSDs) are similar, except that degaussing solid state drives is not a viable way to purge them as the data is not stored on magnetic platters.

Pang
  • 273
  • 3
  • 8
splattne
  • 28,348
  • 19
  • 97
  • 147
  • Good answer. Sometimes you can't use the clear method because the drive is not functional, which forces you to either destroy it or degauss it. If the drive works you could do both, just to make sure. We destroyed top secret paper on the aircraft carrier by first shredding it for short term storage, then when we had enough it was incinerated, then the ashes mixed with salt water (mostly to cool it off) and then chucked it over the side (deep sea), just to be sure it was destroyed. – Bratch Jun 09 '09 at 18:52
  • Most hard drives are manually self-erasing. Disassemble down to pulling the platters out, remove the head drive coil magnet and carefully slip the field keeper plate off. You have a really intense magnet that will do a pretty good job of wiping the platters. I have one from a 7 disk spindle that I use as a media eraser, haven't had any tape readable after having its poles waved around them. – Fiasco Labs Dec 10 '11 at 22:31
19

Thermite is the Ultimate Solution. (To both data erasure and many other problems)

womble
  • 95,029
  • 29
  • 173
  • 228
13

It shouldn't be that hard to expose the platter after peeling back the various stickers covered in dire warnings. Once exposed, you have a choice of fun methods. Bending it even a little would make spinning it under a head impractical, so that is probably a good place to start. A ball peen hammer could be used to make a nice texture, or just apply a belt sander. Wear eye protection, naturally.

Pragmatically, unless you are holding national secrets, just scoring the platter with a scratch awl really ought to be sufficient to make it well beyond anything but the NSA's capability. If you are really worried, score both radially and in spiral.

Hand the wreckage (or at least the bits you don't hang up as a trophy) over to an E-Waste recycler and they will do something appropriate with it.

RBerteig
  • 651
  • 1
  • 5
  • 13
  • 2
    Just in case anyone decides to try any of this, remember that some platters are made of glass. – tomfanning Jun 09 '09 at 13:43
  • Many recent platters I have exposed were made of glass, or some ceramic material, good tip. – Bratch Jun 09 '09 at 18:54
  • Glass platters should be easy to destroy, just make sure not to cut yourself. – David Thornley Jun 09 '09 at 20:10
  • 1
    _Pragmatically, unless you are holding national secrets_ Why bother looking up stale data when you can do a targeted attack with the latest Acrobat 0-day exploit on any executive in the business and be instantly tapped into real time business operations, plans, research data and CAD drawings. Most of us aren't worth the effort and expense of hiring a lab with an electron microscope and often the extreme disk destruction promoters are suffering from delusions of grandeur. So the scratch awl it is! – Fiasco Labs Dec 10 '11 at 22:44
6

See if your company already employs a bonded security firm for shredding documents. I use ours for shredding reports, digital media, old backup tapes, and hard disks. IIRC, it costs two bucks per hard disk, and they grind 'em to powder. No fuss, no bother, no eco-issues.

  • Thats a good recommendation. I need to see if our shredding company offers this, after a DBAN nuke I would be more than satisfied that the hard disks where unrecoverable. – steve.lippert Jun 09 '09 at 16:16
  • The Shredding company we use for paper reports will do Hard Drives for $5 apiece. I haven't had them do one, mostly because my help desk tech wants to watch the drive go through the shredder, and they won't agree. – BillN Jun 09 '09 at 18:52
6

A combination of really strong magnets and a sledgehammer is really the only way. In that order.

Wayne Koorts
  • 1,811
  • 1
  • 16
  • 21
  • I don't have either - unfortunately - but thanks for the suggestion. – Guy May 04 '09 at 06:39
  • 5
    The strong magnets are included inside the drive. – Scott May 04 '09 at 15:58
  • 3
    Technically a sledgehammer might not do the trick unless you pulverize it to dust. The current density of hard drives is such that even a small piece of platter could conceivably be recovered - though perhaps not practically depending on the value of the data. Might need to melt it down. Also, degaussing must be very, very thorough, your average degauss machine might only hit it a few times with alternating fields, but modern disks used very high coercivity material for the higher density called for, and it's harder to change well enough that one can't detect residual previous state. – Adam Davis May 04 '09 at 16:19
  • Almost any magnet you'd be able to get hold of won't do anything - if the magnet is strong enough to do something - you've already spent more money than melting it in a furnace. – Xerxes May 30 '09 at 15:12
5

One quick and easy way, recommended by Steve Gibson, is drill a hole through the hard drive making sure you drill through all the platters.

Tony
  • 548
  • 1
  • 4
  • 7
4

I've used DBAN extensively.

Darik's Boot And Nuke creates a bootable CD/floppy. You boot to it, and, after it picks up your hard drives, you can select as many drives as you want and then the method of destruction (we usually 9 or more passes of random 1s and 0s).

Simply overwriting 0 0 0 0 over and over can still leave data recognizable.

hellimat
  • 129
  • 2
  • +1 for DBAN. I have used it on lots of drives over the years. – steve.lippert Jun 09 '09 at 16:15
  • -1 Sorry, but zeroing a drive has been extensively studied now and found sufficient that data recovery services have no hope of recovering usable data. Ancient (<15GB) drives *may* have such problems, but even then, no. – Chris S Jun 03 '13 at 17:17
4

Physical destruction of a drive is tricky business. There are many companies that deal specifically in the field of data destruction, so if you are doing any kind of mass you may want to at least look at their price list. If you contract, make sure the company is properly bonded/insured, and provides audit trails for each destroyed item. In the worst case scenario that your information does get out, you want the document in hand that says your contractor properly destroyed the item in question. Then, at least, you can transfer the liability.

When it comes to drive destruction you typically see one of two main fields:

  1. Disk Degaussing
  2. Physical Destruction

Degaussing

Degaussing used to be the norm, but I am not such a big fan. On the plus side it is fast, you'll normally just dump the disks on a conveyor belt and watch them get fed through the device. The problem is auditability. Since the circuitry is rendered wobbly, you won't be able to do a spot check of the drives and verify that the data is gone. It is possible, with some level of probability unknown to me, that data could still exist on the platters. Retrieving the data would, without question, be difficult, but the fact still remains that you cannot demonstrate the data is actually gone. As such, most companies now will actually be doing physical destruction.

Physical Destruction

At the low end, say a small box of drives at a time, you'll have hard drive crushers. They're often pneumatic presses that deform the platters beyond useful recognition. At the risk of supporting a specific product, I have personally used this product from eDR. It works well, and is very cathartic.

At a larger scale, say dozens or hundreds of disks, you'll find large industrial shredders. They operate just like a paper shredder, but are designed to process much stiffer equipment. The mangled bits of metal that are left over are barely identifiable as hard drives.

At an even larger scale you can start looking at incinerators that will melt the drives down to unidentifiable lumps of slag. Since most electronics can produce some rather scary fumes and airborne particulates, I would not recommend doing this on you own. No, this is not a good use of your chiminea.

Manual Dis-assembly

If you are dealing with one or two drives at a time, then simple dis-assembly might be sufficient. Most drives these days are largely held together with torx screws, and will come apart with varying levels of difficulty. Simply remove the top cover, remove the platters from the central spindle. Taking a pocket knife, nail file, screwdriver, whatever, have fun scoring both surfaces of each platter. Then dispose of the materials appropriately. I cannot speak to how recoverable the data is afterwards, but it is probably sufficient. The biggest thing to keep in mind is that while most desktop hard drive platters are metal, some are glass. The glass ones shatter quite extravagantly.

You should also take care of removing and destroying the memory chips on the board because of cache memory and (with "hybrid" drives) of NAND chips containing up to 4GB of cached data. A good way to do that is to wrap the board in linen or another coarse cloth and hammer it, that should keep broken parts from flying everywhere.

Additional Considerations

Before you decide on a destruction method, make sure to identify what kind of data is stored on each device and treat it appropriately. There may be regulatory or legal requirements for information disposal depending on what data is stored on the disk. While NIST does not define which sanitization methods to use for data types, in section 5 of NIST SP800-88 they do define 3 methods, clear, purge, and destroy.

Since NIST is not making any assumption of data classification level they give recommendations for all three noting that for ATA drives manufactured after 2001 clearing and purging have converged.

All that being said, performing a single pass zero wipe is probably sufficient for your purposes. Modern research indicates that modern hard drives are largely immune to the "magnetic memory" problem we used to see on magnetic tape. I would never bother doing anything more on a household drive unless the drive itself was exhibiting failures.

Scott Pack
  • 14,717
  • 10
  • 51
  • 83
3

Basically if it still works, use some utility, that overwrites each sector of the disk at least 10 times. Easily done for example with dd.

As for disposing of it, it's basically iron and it's alloys. Just throw it into metal recycling container.

vartec
  • 6,137
  • 2
  • 32
  • 49
3

My company owns a hard drive degausser for just this purpose, nicknamed the "shredder". They get nuked before disposal of old server or PC hardware.

spoulson
  • 2,173
  • 5
  • 22
  • 30
2

Related:

Besides of that I would go with a big hammer...

sth
  • 250
  • 3
  • 15
2

The quick and dirty way is to unscrew the casing, remove the magnets (as these can be fun) score the platter you can see and fill with sand and shake.

Not 100% unrecoverable but practically close enough unless there are state secrets on it.

Mark Nold
  • 285
  • 3
  • 9
2

Sledgehammer+backyard fire=win

Chopper3
  • 100,240
  • 9
  • 106
  • 238
1

With GNU shred and a very heavy hammer.

Juliano
  • 5,402
  • 27
  • 28
1

Drill 3 holes in the hard drive. Proved to make the drive irrecoverable.

Alakdae
  • 1,213
  • 8
  • 21
1

Use DBAN. It's extremely powerful, conforms to several standards for data removal (including Department of Defense requirements), and runs from a boot media. It's also freely available.

Furthermore, if you require certification regarding these standards, they offer an enterprise (non free) version which includes this.

I implemented this as SOP at both IBM and Emerging Health Information Technology, not to mention in the financial sector.

Rym
  • 539
  • 1
  • 4
  • 10
1

The NATO guidelines on the destruction of magnetic data-holders is that the medium should be dismantled as far as possible and the magnetic layer should be either shredded with snippets of less then 0.25 by 0.25 millimeter, pulverized, melted or dissolved.

In practice we took the lint out of backup tapes and put that into a shredder (work the same with floppy disks) and the snippets was treated to an acid bath by a specialised company.

Hard disk was another matter, we took the platters out and sanded it down till we had bare metal. We used a belt sander for that, that does the job very quickly. The platters (and the read/write head - talk about paranoid) where then escorted to a specialized recycle company and melted down.

Although degaussers are also certified by our local friendly security agency, they still use the above method internally (well it is a while back so they may have changed there methods).

BTW, the dust of the harddisks make a rather decent thermite :-)

1

First you perform one of the options listed in splattne's answer and then you turn the drive into an approved electronic waste facility. Don't throw it in the trash, bury it in the yard, deep six it, or anything else. I have a bucket of them in the garage that have been sanitized and are awaiting drop off at the next free e-waste recycling event, along with some CRT monitors. If they only accept "whole" computer cases, then open one up and fill it with the sanitized drives, they never look inside.

Of course I have heard that some of this stuff winds up in shipping containers destined for a poor African country where kids throw it into piles of burning tires and collect the slag metal after all the plastic has burned away, and then they sell it for ten cents a pound. Hopefully this other end of the "recycling" process will improve someday.

Bratch
  • 432
  • 4
  • 12
1

I once worked at a Medical Device Manufacturer who sold PCMCIA Hard-drives for storage of ECG data. Occassionally a defective drive would come back with patient data. We found that if you slapped the drive down hard enough on a work bench, the glass platters would shatter with a satisfying crash, and if you opened the case, the platter came out as a powder. Our compliance department decided that this would meet HIPAA requirements.

BillN
  • 1,503
  • 1
  • 13
  • 30
0

For the drives that spin up and can be addressed, use the following command to "zero" out the drive:

dd if=/dev/zero of=/dev/harddrive bs=1M

If you're really paranoid, do it 8 times, but to my knowledge, no one has ever recovered from one without pulling the platters and examining them microscopically. There's actually been an ongoing challenge since 2008: http://16systems.com/zero.php

If the drives DON'T spin up, 5 or 6 good wacks with a hammer will take care of the platters.

Matt Simmons
  • 20,218
  • 10
  • 67
  • 114
0

the ultimate boot cd (UBCD) has many wiping tools that are good and easy/fast to use :)

otherwise you can open the drive and clean the platters with windex haha

Magnetic_dud
  • 1,034
  • 2
  • 15
  • 28
0

When decommissioning clusters of machines in the past we have used a gas powered nailgun through the drives, making sure to catch the platters.

Perhaps not the most environmentally friendly option. But it is satisfying and you can get through quite a few at a time.

Dan Carley
  • 25,189
  • 5
  • 52
  • 70
0

Throw it in a volcano. You have those in your neighbourhood, right ?

Or an oven ... just like grandma's cookies ... let it burn at maximum for half an hour (should melt everything but metal).

Rook
  • 671
  • 6
  • 15