I guess the point of this thing is being easy to use for employees, the time is not really a concern if you have other work to do anyway. The USB dock thing looks like something they just slapped there since people may want to check what's on a drive they found before wiping it. So performance is not really key.
The "erase by overwriting" method is completely redundant for any HDD implementing ATA SECURE ERASE. Not only is SE the fastest method to wipe data (limited only by the drive controller, not the interface) it wiped sectors in the G-list that a normal wipe would miss. This includes DBAN and other redundant multi-overwrite methods. Multiple overwrites have been entirely unnecessary since the invention of the GMR head well over two decades ago.
Expand please? I have never even heard of ATA secure erase but it sounds interesting. How does this make overwriting redundant? since the data on the platters does need to be erased
Exactly. Secure erase on SSD just marks all blocks as empty, so factory default but the data is really still there. Absent proof of no physical way to access these blocks and read their data you really do need to overwrite at least once and take the hit to longevity ;-)
Apparently you didn't read the article either (or anywhere else it has been written). Securely erasing an SSD usually consists of the drive throwing away the encryption key it has used for storing your data. The data is still there, but noone can read them.
The keyword here is "usually". Imagine you are the one responsible for secure deletion of information: would you blindly believe that "drive should do it properly and not leave the old key somewhere" or would you double-check? The answer is obvious.
Considering that this is being done by tech literate organizations. I think they would have verified the whole "No way to restore the drive!" that they are pushing.
i guess he should of not used the word "usually" if the drive uses AES encryption (SED drive) then all the drive has to do is reset the key when Secure erase is done (this is why it can take upto 1-2 hours to wipe none encryption HDD drive) and all data is lost and if that is not enough it also commands the Trim all parts of the flash so all NAND is clean all parts of the SSD will come back with 00000000 (unlike a HDD there is a chance to recover data but if its a self encryption HDD/SSD drive then there is no data recovery once ATA Secure erase has been used)
if ATA secure erase takes more than 2 minutes on a Self encrypting drive(HDD or SSD), the drive it self is not encrypted as SED drives should just reset the keys and all data has gone puff (full TRIM on all parts of the flash is also performed as well to bring the drive to a complete clean and max performance state)
on SSDs even none SED drives a secure erase should only take 30 seconds - 2 minutes as all it has to do is command reset the pages and TRIM the whole drive witch is a very fast task
I had a pile of SCSI and ATA and some earlier SATA drives to a place to have them recycled, they told me it's $250 and better off just smashing them with a hammer- I shook my head at that advice and just left them sitting in the garage, even when formatting them they still have bits of data that people can retrieve and it's not worth paying $250 to recycle them.
I just take them apart when not busy and use the platters for decoration and other things. I'm sure someone somewhere can still get info from it if they really wanted too but I'm sure there are easier ways to get the info they are looking for.
This is already built in. You choose the paper option and attach a large metal garbage can to print out into. When you need to erase you just burn it at night out in the parking lot. It provides heat for the hobos and in the morning you pour water in as the second erase cycle. Then you mulch that into your grass and flower beds and observe it 24/7 with security cameras just to be sure.
I built one of these for OCZ UK (which at the time was Oxford Semiconductors) in 2005 using the OXUF931S. The BOM would have been far less than this. No DDR. No Xilinx chip. I2C eInk display. Just a USB->SATA bridge running custom firmware. While very useful here at work, when I suggested selling them I was told there was no market for them. I cannot imagine anything has changed.
The article got me thinking about a software solution. Looks like there are lots of utilities for "secure erase" but not all claim to be "certified." Anyone have experience with software solutions?
Killdisk was used at my last job as a tech for a very large data hosting company. We used KD on most servers and servers considered to house high business impact data was physically destroyed using a shredder. During large decommission projects I would cry at the site of watching thousands of 300gb SAS drives being tossed into the chipper.
It depends on what you mean. When using the ATA Secure Erase mode, the dock is most definitely issuing the correct commands. What the drive does with that command is up to the drive, not the dock. Reading out the contents of the drive and checking that every byte is zero is not sufficient to verify that the drive's Secure Erase procedure actually got rid of all the data securely, because you can't read what's in spare area or remapped sectors without opening up the drive. I didn't do a full run and verification of the single-pass write zeros erase, but I did confirm that it was spending the time actually writing zeroes to the drive.
Seems like a waste to me. If you need to be in the business of securely erasing drives, you're going to buy a multi-bay dock to get this done. My old IT company had several 8 and 16 bay duplicators/erasers on hand to process large amount of drives.
If you're doing it for personal use, well, there's much cheaper ways to do this. I don't see a market for this device.
Wow, this is great! I've got one in my cart right now. I've wanted something like this for YEARS.
Guess I'll plan to run the secure erase first on anything I'm getting rid of, then run the best-mode overwrite for the hell of it.
I don't really care about the performance, as long as it's doing its job. Just thrilled if I can have something simple like this to take care of such an annoying job...and I don't even need it near a computer, can plug it in anywhere with a spare outlet and let the thing run!
Was just about to write pretty much the same thing.
You've got to really, really, really make sure this thing is in the correct mode, because otherwise you suddenly have a lot more free space than you thought. ;-)
Looks a handy tool for erasing small numbers of hard drives. Would be keen to understand what independent testing has been carried out to ensure all data is eradicated and whether this item has gained, or intends to gain, accreditations and government approval.
Interesting product, but really expensive. You could build a great drive wiping station for $100 bucks, one that could wipe 4+ drives simultaneously. All you need is a semi-modern motherboard with a few SATA ports, a USB flash drive to boot Derik's Boot and Nuke, and a cozy case lined with rubber to set the drives on or a case with tool-less drive insert/ejection. Boot and Nuke can be scripted to run autonomously so you wouldn't need a keyboard/mouse/monitor, just turn the PC on with drives attached, wait for the flash drive access light to stop blinking and press 1-5 to run scripts 1-5 which you define. It can output a log to serial\parallel port, or write a recurring log to a network share or the USB flash drive itself. I setup a station years ago that printed a report to a networked printer by just outputting the log to an IP address, and the printer would pick it up as a PCL job,
This is just 3x more expensive than it should be. If it did 2-4 drives simultaneously, had eSATA, working USB 3.0 UASP, more custom configurations/scripting and perhaps a built in thermal label printer, $300 would be justified. But as it is, it's just a glorified (and crippled) $30 drive dock.
I'm not sure that Darik's boot and nuke is sufficient, though. Most hard drives (all hard drives made after about 2001) implement the ata secure erase feature in firmware (it's part of the ata spec). So a simple hdparm command will do what you need to securely erase any HDD. Note that the "overwrite n times with alternating 0's and 1's" method isn't really any more helpful today as it was in the past. Even a single full overwrite buys you only a barely better than 50% chance of getting the value of the given bit. Plus with the density of data HDDs today, it's very nearly impossible to even read a drive without its read head.
As for SSD, that's probably more complex, but the "sanitize" command should be sufficient. It passes nist sp800-88, at least.
I see a Seagate HDD was used in the test. Don't Seagate drives have a history of destroying themselves (albeit at usually the most inopportune time) making this a moot exercise... ;-)
I think the market they are seeking to fill is obviously a niche one and the price is appropriate. All the suggestions here of it being cheaper to setup something that could do more drives, or faster, or "better" somehow miss the point that this product is aimed at something like a small-medium sized professional/business office (Doctor, lawyer, accountant, etc) where they don't have a permanent IT person, they have staff with computer skills which are minimal beyond their work applications, and they need or are required to deal with privacy related issues upon decommissioning old computer HDs. This product is perfect for that: it looks simple to use, is stand alone, and time really isn't an issue since th staff person just walks away and does her/his work. The print out is great too if used as a way to have a record of the job being done for auditing purposes. $300 price tag is something businesses like that won't even blink at. It's not that expensive and it can be expensed.
Hi, I would have liked to see a few words about build quality... I was looking for an eSATA dual-dock, and came across StarTech and some other brands, but all of them had lots of bad reviews complaining about unreliable connections, etc. thanks!
If you really wanted to make sure no one could ever read a drive, wouldn't it be better to drill a few holes through the drive and toss it into the nearest body of water? I've heard a few .45 caliber slugs thru the drive also makes it unreadable, but that is awfully non-PC.
We’ve updated our terms. By continuing to use the site and/or by logging into your account, you agree to the Site’s updated Terms of Use and Privacy Policy.
38 Comments
Back to Article
Murloc - Tuesday, February 16, 2016 - link
I guess the point of this thing is being easy to use for employees, the time is not really a concern if you have other work to do anyway.The USB dock thing looks like something they just slapped there since people may want to check what's on a drive they found before wiping it. So performance is not really key.
edzieba - Tuesday, February 16, 2016 - link
The "erase by overwriting" method is completely redundant for any HDD implementing ATA SECURE ERASE. Not only is SE the fastest method to wipe data (limited only by the drive controller, not the interface) it wiped sectors in the G-list that a normal wipe would miss. This includes DBAN and other redundant multi-overwrite methods. Multiple overwrites have been entirely unnecessary since the invention of the GMR head well over two decades ago.Babar Javied - Tuesday, February 16, 2016 - link
Expand please?I have never even heard of ATA secure erase but it sounds interesting. How does this make overwriting redundant? since the data on the platters does need to be erased
joex4444 - Tuesday, February 16, 2016 - link
It's a little surprising you've never heard of it since it was mentioned in the 3rd paragraph of the article, albeit quickly.Guspaz - Tuesday, February 16, 2016 - link
This assumes that you trust the drive's secure erase implementation. Following up the secure erase with a single overwrite is probably sufficient.Azethoth - Wednesday, February 17, 2016 - link
Exactly. Secure erase on SSD just marks all blocks as empty, so factory default but the data is really still there. Absent proof of no physical way to access these blocks and read their data you really do need to overwrite at least once and take the hit to longevity ;-)azrael- - Thursday, February 18, 2016 - link
Apparently you didn't read the article either (or anywhere else it has been written). Securely erasing an SSD usually consists of the drive throwing away the encryption key it has used for storing your data. The data is still there, but noone can read them.Senti - Friday, February 19, 2016 - link
The keyword here is "usually". Imagine you are the one responsible for secure deletion of information: would you blindly believe that "drive should do it properly and not leave the old key somewhere" or would you double-check? The answer is obvious.Lerianis - Saturday, February 20, 2016 - link
Considering that this is being done by tech literate organizations. I think they would have verified the whole "No way to restore the drive!" that they are pushing.leexgx - Saturday, February 20, 2016 - link
i guess he should of not used the word "usually"if the drive uses AES encryption (SED drive) then all the drive has to do is reset the key when Secure erase is done (this is why it can take upto 1-2 hours to wipe none encryption HDD drive) and all data is lost and if that is not enough it also commands the Trim all parts of the flash so all NAND is clean all parts of the SSD will come back with 00000000 (unlike a HDD there is a chance to recover data but if its a self encryption HDD/SSD drive then there is no data recovery once ATA Secure erase has been used)
if ATA secure erase takes more than 2 minutes on a Self encrypting drive(HDD or SSD), the drive it self is not encrypted as SED drives should just reset the keys and all data has gone puff (full TRIM on all parts of the flash is also performed as well to bring the drive to a complete clean and max performance state)
on SSDs even none SED drives a secure erase should only take 30 seconds - 2 minutes as all it has to do is command reset the pages and TRIM the whole drive witch is a very fast task
Teknobug - Tuesday, February 16, 2016 - link
I had a pile of SCSI and ATA and some earlier SATA drives to a place to have them recycled, they told me it's $250 and better off just smashing them with a hammer- I shook my head at that advice and just left them sitting in the garage, even when formatting them they still have bits of data that people can retrieve and it's not worth paying $250 to recycle them.Camikazi - Tuesday, February 16, 2016 - link
I just take them apart when not busy and use the platters for decoration and other things. I'm sure someone somewhere can still get info from it if they really wanted too but I'm sure there are easier ways to get the info they are looking for.Beany2013 - Tuesday, February 16, 2016 - link
3.5" platters make excellently coasters for mugs.Horribly slippery and slidey, but very pretty.
Murloc - Wednesday, February 17, 2016 - link
do you really have secret data on them that is worth at least hundreds of dollars in work?duartix - Tuesday, February 16, 2016 - link
Do they sell a secure eraser to securely erase the secure eraser's log of secure erases?BrokenCrayons - Tuesday, February 16, 2016 - link
And if they do, what happens when you need to securely erase the secure eraser log eraser?Azethoth - Wednesday, February 17, 2016 - link
This is already built in. You choose the paper option and attach a large metal garbage can to print out into. When you need to erase you just burn it at night out in the parking lot. It provides heat for the hobos and in the morning you pour water in as the second erase cycle. Then you mulch that into your grass and flower beds and observe it 24/7 with security cameras just to be sure.a1exh - Tuesday, February 16, 2016 - link
I built one of these for OCZ UK (which at the time was Oxford Semiconductors) in 2005 using the OXUF931S. The BOM would have been far less than this. No DDR. No Xilinx chip. I2C eInk display. Just a USB->SATA bridge running custom firmware. While very useful here at work, when I suggested selling them I was told there was no market for them. I cannot imagine anything has changed.jardows2 - Tuesday, February 16, 2016 - link
The article got me thinking about a software solution. Looks like there are lots of utilities for "secure erase" but not all claim to be "certified." Anyone have experience with software solutions?Holliday75 - Tuesday, February 16, 2016 - link
Killdisk was used at my last job as a tech for a very large data hosting company. We used KD on most servers and servers considered to house high business impact data was physically destroyed using a shredder. During large decommission projects I would cry at the site of watching thousands of 300gb SAS drives being tossed into the chipper.buhusky - Tuesday, February 16, 2016 - link
I'm sorry, did I miss the part where you verified it securely erased everything or did you just take it at its word?Billy Tallis - Tuesday, February 16, 2016 - link
It depends on what you mean. When using the ATA Secure Erase mode, the dock is most definitely issuing the correct commands. What the drive does with that command is up to the drive, not the dock. Reading out the contents of the drive and checking that every byte is zero is not sufficient to verify that the drive's Secure Erase procedure actually got rid of all the data securely, because you can't read what's in spare area or remapped sectors without opening up the drive. I didn't do a full run and verification of the single-pass write zeros erase, but I did confirm that it was spending the time actually writing zeroes to the drive.Avalon - Tuesday, February 16, 2016 - link
Seems like a waste to me. If you need to be in the business of securely erasing drives, you're going to buy a multi-bay dock to get this done. My old IT company had several 8 and 16 bay duplicators/erasers on hand to process large amount of drives.If you're doing it for personal use, well, there's much cheaper ways to do this. I don't see a market for this device.
Wolfpup - Tuesday, February 16, 2016 - link
Wow, this is great! I've got one in my cart right now. I've wanted something like this for YEARS.Guess I'll plan to run the secure erase first on anything I'm getting rid of, then run the best-mode overwrite for the hell of it.
I don't really care about the performance, as long as it's doing its job. Just thrilled if I can have something simple like this to take care of such an annoying job...and I don't even need it near a computer, can plug it in anywhere with a spare outlet and let the thing run!
extide - Tuesday, February 16, 2016 - link
Page covering pop up ad!http://images.teraknor.net/popup-ad.png
xrror - Tuesday, February 16, 2016 - link
Am I the only one cackling madly at the disaster potential for this device?"oops, I guess it was in the wrong mode"
azrael- - Thursday, February 18, 2016 - link
Was just about to write pretty much the same thing.You've got to really, really, really make sure this thing is in the correct mode, because otherwise you suddenly have a lot more free space than you thought. ;-)
xrror - Friday, February 26, 2016 - link
hehe... 100% compression! ;pboozed - Tuesday, February 16, 2016 - link
Probably cheaper than buying a Mac and running Adobe CC on it too.DataMD - Wednesday, February 17, 2016 - link
Looks a handy tool for erasing small numbers of hard drives. Would be keen to understand what independent testing has been carried out to ensure all data is eradicated and whether this item has gained, or intends to gain, accreditations and government approval.Samus - Wednesday, February 17, 2016 - link
Interesting product, but really expensive. You could build a great drive wiping station for $100 bucks, one that could wipe 4+ drives simultaneously. All you need is a semi-modern motherboard with a few SATA ports, a USB flash drive to boot Derik's Boot and Nuke, and a cozy case lined with rubber to set the drives on or a case with tool-less drive insert/ejection. Boot and Nuke can be scripted to run autonomously so you wouldn't need a keyboard/mouse/monitor, just turn the PC on with drives attached, wait for the flash drive access light to stop blinking and press 1-5 to run scripts 1-5 which you define. It can output a log to serial\parallel port, or write a recurring log to a network share or the USB flash drive itself. I setup a station years ago that printed a report to a networked printer by just outputting the log to an IP address, and the printer would pick it up as a PCL job,This is just 3x more expensive than it should be. If it did 2-4 drives simultaneously, had eSATA, working USB 3.0 UASP, more custom configurations/scripting and perhaps a built in thermal label printer, $300 would be justified. But as it is, it's just a glorified (and crippled) $30 drive dock.
erple2 - Sunday, February 28, 2016 - link
I'm not sure that Darik's boot and nuke is sufficient, though. Most hard drives (all hard drives made after about 2001) implement the ata secure erase feature in firmware (it's part of the ata spec). So a simple hdparm command will do what you need to securely erase any HDD. Note that the "overwrite n times with alternating 0's and 1's" method isn't really any more helpful today as it was in the past. Even a single full overwrite buys you only a barely better than 50% chance of getting the value of the given bit. Plus with the density of data HDDs today, it's very nearly impossible to even read a drive without its read head.As for SSD, that's probably more complex, but the "sanitize" command should be sufficient. It passes nist sp800-88, at least.
azrael- - Thursday, February 18, 2016 - link
I see a Seagate HDD was used in the test. Don't Seagate drives have a history of destroying themselves (albeit at usually the most inopportune time) making this a moot exercise... ;-)Senti - Friday, February 19, 2016 - link
Seagate drive is another insurance that data is really destroyed.scaryhalo - Saturday, February 20, 2016 - link
Coffee and Doughnut on screen, large grin on face, strange look from fellow commuters! You sir, are chuckle master today :)Reginaldpeebottom - Thursday, February 18, 2016 - link
I think the market they are seeking to fill is obviously a niche one and the price is appropriate. All the suggestions here of it being cheaper to setup something that could do more drives, or faster, or "better" somehow miss the point that this product is aimed at something like a small-medium sized professional/business office (Doctor, lawyer, accountant, etc) where they don't have a permanent IT person, they have staff with computer skills which are minimal beyond their work applications, and they need or are required to deal with privacy related issues upon decommissioning old computer HDs. This product is perfect for that: it looks simple to use, is stand alone, and time really isn't an issue since th staff person just walks away and does her/his work. The print out is great too if used as a way to have a record of the job being done for auditing purposes. $300 price tag is something businesses like that won't even blink at. It's not that expensive and it can be expensed.bobbozzo - Sunday, February 21, 2016 - link
Hi, I would have liked to see a few words about build quality...I was looking for an eSATA dual-dock, and came across StarTech and some other brands, but all of them had lots of bad reviews complaining about unreliable connections, etc.
thanks!
Sam Snead - Saturday, March 12, 2016 - link
If you really wanted to make sure no one could ever read a drive, wouldn't it be better to drill a few holes through the drive and toss it into the nearest body of water? I've heard a few .45 caliber slugs thru the drive also makes it unreadable, but that is awfully non-PC.