SPCR

I've been thinking of selling my 120WD for a samsung sp1614n. Are there any precautions I must take before selling my 120WD. I don't mean backing up my data, but rather getting rid of any trace of it on the drive. I certainly don't want anybody else having access to my data.

Is a format enough for keeping "files recovery programs" away? Or must I do something else?

Any suggestion on this matter is welcomed. Thank you.

Personally I dont feel formatting a Hard Drive is enough, there are programs that can restore data from previously formatted drives.

You should find a secure delete utility to erase the free space on your Hard Disk.

Maybe you could find one on download.com or majorgeeks.com

I think there's a low level formating, and also you delete the partitions too. I am about to sell my 80Gb WD drive and I was also thinking of a plan how to delete my stuff from the drive, so it can't be restored.

Go to cnet/zdnet, your favorite shareware software download site.

Download a program called "Eraser".

Delete the entire harddrive, format it via windows if you wish.
Run eraser, and choose the erase method you want to spend the time doing.

Basically, it writes pseudo-random data over all blank space on the harddrive. You can choose the number of passes (1 through 35 if I remember right). I think DOD specifications say something like 5-7 times is unreadable without fancy equipment.

Be aware though, you're basically writing 120 gigs x 35 times to your HDD, its a long (overnight plus some) process.

Some of the WD drive utitilies include a function to write 0's to the drive. This should wipe out everything.

Another vote for Eraser:

http://www.heidi.ie/eraser/

It's Free/Open Source. Used it just last week to wipe a hard disk I sold on eBay. The single-pass overwrite of psuedorandom data should be adequate.

Incidentally, has the idea occured to anyone else that there are people out there who buy HDs en masse, glean data off those that haven't been properly erased, then sell them? Never heard of an actual case of this, but given the general ignorance people have of computer security, I sometimes wonder...

man you guys are pretty paranoid..

do you really think someone would try to unformat your hd and rifle through your old stuff?!? anyway why care if they find old porn or something, as long as you're not silly enough to have all your credit card numbers in a txt file or something

fmah wrote:Some of the WD drive utitilies include a function to write 0's to the drive. This should wipe out everything.

Writing zeroes is not enough to securely erase the data from a harddrive. Instead alternating patterns should be written. The website for Eraser links to a paper about this.

Linux has the badblocks tool which includes an extensive write/read testmode. It works by writing several bitpatterns to each block, reading them and comparing. Besides making sure that the drive is operational it should be sufficient as a secure erasing tool. Be warned however, I've run this mode once on a drive. It takes the whole night

yermolovd wrote:I think there's a low level formating, and also you delete the partitions too.

You shouldn't worry about partitions. Deleting a partition is really just removing the entry from the partition table. This means a deleted partition can be returned as long as nothing is written over it by examining the disk. There are tools to do it.

Instead you should worry about overwriting every block on the drive. This is what the security erasing programs do. In fact I've noticed that most drives seem to have a security erase function in their firmware. I assume you can trigger it with some software from the manufacturer. I can't really say how well this security erasure feature has been implemented though.

One worrying example from Germany. An IT security firm wanted to find out how well removal of sensitive data works in German firms. So they bought 100 second-hand harddisks from several sources (some were firms that are supposed to clean the drives for resell). From about 80 (can't remember exact number) they were able to extract data. From 60 they were able to reconstruct almost everything.

The lesson from this ? - Don't trust anyone to take care of security for you. Do it yourself.

get a linux live-cd and run this in the shell: where XXX is something like hd[a-z] (first ide device. sd[a-z] for sata and scsi-disks. You have now over-written the entire disk with random stuff 10 times. It should do it for the paranoid.

I agree that you should wipe/overwrite the data on your HDD before you get rid of it. I've been using both DBAN and AutoClave for a few years now. They both work great for me.

wim - yea, it might sound all paranoid
But sometimes is better be paranois that sorry later

I mean - come on, this is mostly not a kiddie computer And you have probably lot's of your sensitive data, passwords, cookies from bank www access and perhaps even creditcards in files...
...then you definitively SHOULD worry about that someone migth overlook your porn collection and take a closer look at stuff, you never want anytone to see

The best passwords was never broken. They are leeched from machines

I have taken the route of never selling a hard drive. Instead I use them when I build my parents new computer or I take them into the yard and introduce them (only the really old ones, had a 4gb HD that fell into this cat.) to Mr. Sledgehammer. Usually 6-8 wacks with a 15lb sledge does the trick

If I ever did sell a hard drive I would without a doubt use some of the mentioned programs to wipe it clean.

thanx guys, I will certainly try some of the programs mentioned here.

Wim
Yeah it may sound like paranoia, but it is justified. All the info and cookies stored on the computer are important: I go on ebay, use paypal and banking. If I was unlucky enough to have these info stolen from me... o'the headache...

if there aren't too many "sensitive" files and you know where they are you could just use "file shredder":

http://www.gregorybraun.com/Shredder.html

it uses the "NSA file erasure algorithm". then format normally. would save a lot of time. (just remember to turn off "log all operations to a disk file" - it writes the names of all the files you deleted in a text file - might be something sensitive in the filename)

Ralf Hutter wrote:I agree that you should wipe/overwrite the data on your HDD before you get rid of it. I've been using both DBAN and AutoClave for a few years now. They both work great for me.

Another vote for Autoclave based on personal experience. And another vote for not selling any HDD that has not been wiped by something along the lines of Autoclave/Eraser. (But I work in banking and hear lots of identity theft stories, so I get a little data-security paranoid. )

Hehe, I hope my class-mate will not attempt to restore my data, altough I will use one of the utils mentioned above.

Just to add my 2 cents, here is a vote for badblocks on linux. This way you can get a report on which part of the drive might have problems before selling it also. I was going to try to sell a collection of 8MB smartmedia cards I have, and used this on each card to blank them, and then formated each card, so I knew they would be blank before selling. But I found that no one wants an 8MB card anymore so it didn't matter.

But there are a few famous stories of people getting in touble by not formatting the hard drive. I believe there was one case of a guy that was bombing Planned Parenthood for advocating abortion, and they found edvidence from a computer he sold. There were also some pornagraphy cases I believe.

Taking a few hours to write various paterns of data over each block on the disk is probably a good idea. Although writing truely random paterns more than twice is probably a little paranoid, I mean the NSA is probably not going to be going over your drive.

The only good eraser is a grinding wheel.

I purchased a package of software from Acronis: http://www.acronis.com/products/powerutilities/

It is $60 US, but includes several useful tools for migrating to a new drive. One is "Drive Clenser" that will erase everything on the old drive using your choice of security algorithms for overwriting (one pass with all zeros is enough unless you are truly paranoid). Another is "Migrate Easy" that will image your old hard drive onto a new one so that you do not have to reinstall the operating system.

Another option I did once was to reformat the hd then reinstall windows and isntall any games you got or just load something, I dunno, like quickbooks, then copy it over and over until you nearly fill the drive.

Thus you have reformated and then rewrote to the hard drive to invalidate a hackers dream.