I’ve recently finished work on a forthcoming book about phishing attacks entitled Cyberheist, and have also updated my CISSP Study Guide and Computer Forensics JumpStart titles in the past three months. If there’s one lesson I’ve absorbed into the marrow of my bones as a result of these projects, it’s that unleashing old disk drives to others is an invitation to security disasters. That’s because a competent forensics analysis of a disk drive — even one that’s been erased and reformatted — can turn up all kinds of interesting remnants of its former contents for anybody who has the right tools and knows how to use them.
Thus, when I found myself in the situation of needing to recycle some old disk drives that “the boss” (my wife, Dina) told me needed to get themselves gone from our house, I turned to the Internet to find a usable drive wipe utility that would perform an acceptable drive wipe on some drives that never had financial or other sensitive information written to them (those I would crush or incinerate). After a few false starts that showed me that you really have to try out a drive wipe utility for yourself to see if it does what you want it to (wipe an entire drive clean, in my case), I settled on the free version of a tool named Active@ KillDisk to do the job (the free version does a one-pass erase only, the $49.95 Windows and $59.95 Suite versions support 17 different standard drive-wipe algorithms). The drives in question contained photos, music files, and archives of books and other writing projects, so I wasn’t overly worried about accidential disclosure anyway. Users with more sensitive data should probably take the “crush or incinerate” route, or purchase a commercial drive wipe tool that does multiple erase passes (the DoD recommends a minimum of seven “erase and write random data pattern” passes over a drive to consider it “clean for re-use” — they also recommend “crush or incinerate” for proper drive disposal too, BTW).
Here’s what the GUI for the program looks like:
I mounted my old drives into USB enclosures, plugged them into a laptop USB port, fired off the program and let it chunk all night to wipe each of the two 3.5″ PATA drives I’m taking to Goodwill this coming weekend. Safe enough for non-sensitive data, and easy enough to use, though very time consuming (22 hours for a 200 GB drive, and 29 hours for a 300 GB drive). Check it out!