June 15th, 2007

How to REALLY erase a hard drive - Update

Posted by Robin Harris @ 11:11 am

Categories: Disk drives, Security

Tags: ATA, Secure, Hard Drive, Password, Disk, DOS, User Password, Robin Harris

A new version of HDerase.exe has been released
Go direct to UCSD’s Center for Magnetic Recording Research website to download version 3.2.

HDerase.exe accesses an ATA disk drive’s internal Secure Erase commands to wipe a disk clean. Merely deleting a file doesn’t delete your data: the data is still on the disk and can be recovered by anyone with a few readily available tools. Credit card numbers, passwords, emails, medical info, anything on your hard disk is liable to be recovered.

What is Secure Erase?
Secure Erase is built into all ATA-compliant disks drives since 2001. This functionality is recognized by the US Government’s National Institute of Standards and Technologies (NIST) as equivalent to magnetically wiping a drive (degaussing) or physically destroying it. NIST also rates the secure erase commands as more secure than external host-based drive wiping utilities such as Boot and Nuke. Secure Erase complies with HIPAA, Personal Information Protection and Electronic Documents Act (PIPEDA), the Gramm-Leach-Bliley Act (GLBA), and California Senate Bill 1386 for data destruction.

There is no data recovery after running HDerase.exe!
Don’t mess with it if you don’t know what to do with a blank drive.

HDerase.exe is for techies
If you aren’t comfortable working at the DOS command line, formatting disks and installing software, HDerase.exe is not for you. Find someone who is familiar to set it up and train you if you have a lot of disks to erase.

From the readme:

HDDerase.exe is a DOS-based utility that securely erases “sanitizes” all data on ATA hard disk drives in Intel architecture computers (PCs). It offers the option to run the drive internal secure erase command, security erase unit, based on the ATA specification by the T13 technical committee. To run the utility make a floppy, recordable CD-R, or USB DOS bootable disk; then copy HDDerase.exe to the bootable media. Reboot the computer with the floppy, CD-R, or USB inserted, and type “hdderase” at the system DOS prompt. Make sure to set the correct priority boot order in the system BIOS, such as first boot floppy, CD-R, or USB depending on which media is used to run HDDerase.exe. HDDerase.exe must be run from an actual DOS environment and not a Window based DOS command prompt environment.

HDerase.exe improvements
A partial list from the revision history:

• HDDerase sets user password as “idrive” before performing (enhanced) secure erase. HDDerase also attempts to unlock drive with passwords from previous versions.
• If selected drive is locked with a non-HDDerase password the user is given the option to: 1) unlock with user password, 2) unlock with master password (if high security), 3) secure erase with user password, 4) secure erase with master password, 5) enhanced secure erase with user password (if supported), 6) enhanced secure erase with master password (if supported). If option 3, 4, 5 or 6 is selected any possible HPA and/or DCO areas will not be reset.
• If the system BIOS executes a “security freeze lock” command upon drive detection HDDerase attempts to bypass this. A hard reboot is required if the attempt is successful. Afterwards HDDerase should be run once more and the drive should not be in a frozen state. HDDerase will not attempt to bypass if a Host Protected Area is set. NOTE: This internal method may not work on all drives (MAXTOR drives for sure) and the FAQ should be checked for other methods to bypass the BIOS freeze lock.

The Storage Bits take
Given all the stories about data recovered from used computers you’d think people would be a little more paranoid. UCSD’s CMRR is doing good work here. I’d like to see a version for Mac users. Any takers?

Learn more about Secure Erase at How to REALLY erase a hard drive.

Comments welcome.