Need UNATTENDED secure-delete of HDD

Discussion in 'Hardware' started by zapp, May 8, 2012.

  1. zapp

    zapp Staff Sergeant

    gang - this should not be hard but for googling, the terms are so common that I get no happiness... what I need is something like DBAN [it may BE dban for all I can gather] that can boot and immediately Secure-Delete [overwrite, render unrecoverable] all drives with ZERO human intervention. I read tantalizing things like "autonuke" option switches.... which requires a human.... which requires a kbd, pointing device, monitor, multiple power outlets.... See what I mean? I need to throw in a cd/dvd, hit the power button, and leave... slam the door behind me.

    any suggestions?
     
  2. Colemanguy

    Colemanguy MajorGeek

    nevermind
     
  3. foogoo

    foogoo Major "foogoo" Geek

    You could try Active KillDisk, it has a commandline option, so you can script it to do your bidding.
    I'd create a floppy with KillDisk, put my script in there and make sure it works, then if need be make an image and create a bootable CD from it.
    I know they have used KillDisk around my company, but I like DBAN, it always seems to be able to detect the drive / controllers in my systems.
     
  4. foogoo

    foogoo Major "foogoo" Geek

    Also you can extract DBAN and edit the syslinux.cfg (floppy) or isolinux.cfg (from ISO file) file as instructed in the file

    # Set this option to zero if you wish to skip the boot prompt.
    PROMPT 1

    # This label will be started if you just push enter at the boot prompt, or if
    # you set the PROMPT option above to zero.
    DEFAULT dban

    Which looks like you change prompt to 0 then maybe default dban --autonuke
    I'll have to give this a test and let you know.
     
  5. hrlow2

    hrlow2 MajorGeek

    Would have to ensure that "Boot from CD" is enabled.
    If I had a suspicious mind, this sounds like the way to get back at an ex. or somebody.
     
  6. foogoo

    foogoo Major "foogoo" Geek

    If he wanted to erase one machine or even two, he has to sit there and boot them and why not just go through the menu? what does that take a few seconds? He said he doesn't want to use multiple keyboards, sounds malicious?
    If you've ever worked in the real world there are times that you need to wipe several PC at a time, in my case leased PCs being returned and a scripted eraser would help because you don't need a KB or mouse. So yes I am activly look for a fix for all of 'us'.
     
  7. foogoo

    foogoo Major "foogoo" Geek

    BTW.. this works editing isolinux.cfg to read

    # Set this option to zero if you wish to skip the boot prompt.
    PROMPT 0

    # This label will be started if you just push enter at the boot prompt, or if
    # you set the PROMPT option above to zero.
    DEFAULT autonuke

    If you don't want autonuke, I'd say any of the 'labels' from further down the file could be used like quick or dod & so on.

    Tools I used: notepad++ (Darik said to use notepad) and WinISO to extract the files and boot image and to recreate modded iso. Darik has some pointers for do this, you can't just edit the file in the ISO according to him.

    Totally automatic!!! Thanks Zapp for posing this question, I have thought about it but never really pursued it.

    Remember with great power comes great responsibilty... and make a BIG WARNING label on this disk, or to quote Bender "Well, we're boned"
     
    Last edited: May 9, 2012
  8. zapp

    zapp Staff Sergeant

    I do consulting for small biz. I have used several tools to securely delete data, my fave being 'secure delete'
    I am helping shutter an office, with the principle doing away with some old stuff in the process and I picked up a cpq proliant server - ancient boat anchor ML330e, win2k on a ... can you believe ... 20gb drive.
    why would I want to charge them to break open the server, pull the drive, lash it to a test mule, and hand-secure-erase the data when I could shove in a disc and leave? so I started rummaging around my usual haunts thinking surely a bunch of IT shops have come up with this tool I describe, but I found nada. I find that unnatural - its out there, but the commonality of terms I'm using in the googling defeats precision.

    I appreciate the tip on editing for DBAN - I had assumed I would end up there. now the decision: do I charge these folks for my time or consider it a necessary tool in my toolbag that will get used again? ....
    This SHOULD HAVE been a 5 minute job: google up an ISO, burn it, shove it in, done.

    thanks folks
    Z
     
  9. foogoo

    foogoo Major "foogoo" Geek

    For your time? What about mine? Where do I send the bill?
    I consider the ability to use this free tool in the manner I want to, a debt that should be paid to Darik, but they don't accept donations.
    Plus now we have a tool for the bag we may need again.

    Here is 'my' autonuke disk
    http://www.mediafire.com/download.php?vg7d7n4a87ayueq
    ****caution this disk gives no prompts and will erase your hard drive*****
    I am not responsible for your misunderstanding or misuse of this disk.
     
  10. zapp

    zapp Staff Sergeant

    foogoo I shall be the first to nominate you to the MGeeks Hall of Royalty!:wave

    and for those cynics who in future dire need find this thread, I can verify that the iso is spamware/malware free!

    In deference to those here who rightly expressed reservations about such, I will say, with objections so noted, this item needs to be aired cautiously in the better nerd forums around the globe. Especially in this time when desktop/server markets are in convulsive death throes and peeps are concerned about real/permanent destruction of the data on those paperweights formerly know as hard drives.

    You're right about Darik... not only should he/they have a donation link, but an "award for the longest running popular beta in history" link

     
  11. foogoo

    foogoo Major "foogoo" Geek

    Funny considering this will erase your hard drive :p
     
  12. zapp

    zapp Staff Sergeant

    I was about to post images of it doing its awful thing... but then, that would be beneath the dignity of the intent, no??
    [but I do have the pics.... its at about 3% at the moment, and I am so impressed that the SCSI subsystem did not faze the execution.]
    I feel almost voyeuristic even hooking up the monitor.... but I just HAD to see:major
     
  13. foogoo

    foogoo Major "foogoo" Geek

    Yes, you need to at least check that it is running. As good as that disk is, I have had systems where it would not boot, it had a kernel panic or something happen. I tested that disk in VM player, just as far as it booted and went straight to erasing the drive.
    The only other thing, will it do multiple drives? Did you have that situation?
    I didn't see any options for drive selection, like you do in manual mode.
     
  14. Colemanguy

    Colemanguy MajorGeek

    So your hooking up a monitor then to verify it is indeed wiping, why not hook just a keyboard up as well? I dont understand how you save time not just doing that in the beginning, clicking a few buttons and starting the wipe. Unless you can see the video saying it is wiping, how do you know that it was done and that the data is gone?
     
  15. zapp

    zapp Staff Sergeant

    this one was single drive - since it went through a fairly extended scanning period looking for multiple controller types I ASSUME it would have picked up all devices. but, untested.

    my reason for checking the monitor is obvious: never used it before [heck, this was Alpha, right?].
    If you were in a higher production environment, a laborer [low wage] could return to the floor where you dropped this bomb on multiple desktops, for example, and walked - the helper would simply look at the screen 'Finished'.
    Darik put a nice finale' message on there.
    If you had a rackfull of these you'd probably have a monitor switch if you wanted to verify.

    Thanks again Foo
     
  16. foogoo

    foogoo Major "foogoo" Geek

    I had several of the DBAN burned but once it boots up and starts wiping you can remove the disk and go on..by the time I'd get one going, the next would be ready for me to manually make my selections... no more.
    Why should one hook up a KB (mouse is not really used) just to type autonuke, wait a few seconds, hit space to select the drive, then f10 to start?
    When I do my end of lease swaps I have them setup like pictured. Having DBAN auto start makes it a bit faster.
    Maybe we will not see eye to eye on this, you don't see any value in this, others do. It's a niche CD, eh? He wanted a tool (and I did) and now we have it.

    Gloozit, what did you think this CD was supposed to do? self destruct? teleport to the next PC? Yes, you can put it on a USB ($5 bucks) or CD, or multiple CDs, which cost like $100 each, right? Try a couple of cents each. This CD is for work it is to securely erase your hard disk, if that is too much work, toss it in the trash and hope no one gets the info and comes back on you.
     

    Attached Files:

  17. zapp

    zapp Staff Sergeant

    foo you may know the answer to this: in a larger production shop, when a bunch of desktops are decommissioned is it typical to simply vector all that to a sub for "securely deleting" the data, or inhouse? and I would imagine in LEO and Medical, at least, the rules are peculiar to the trade.... certainly it is in high security i.e. pentagon, cia, et al.

    I know of no reliable "bulk" method of securing hard drives, unless it would be vaporizing them in a plasma oven :-D
     
  18. foogoo

    foogoo Major "foogoo" Geek

    I don't know, I just zero drives in systems that are going to be returned and I'm guessing resold as refurbished by the leasor. I don't really do that many drives, just every few months.
    But I'd say if you want something done right, do it yourself.
    But here is a secure "deletion" tool
    http://www.edrsolutions.com/
     
  19. hrlow2

    hrlow2 MajorGeek

    My method of securing data. rem700.jpg
     
  20. zapp

    zapp Staff Sergeant

    bet that would do it!
    i checked a buddy who runs a mid-sized shop that does deal with sensitive data: he says he has a bulk tool that works with later drives, not older [no specifics... txt limit] and puts a wage guy on a drill press for the olders.

    that unit is only $9500.... breakeven point at, say, 200 drives? and can do by hand if the lights go out... not bad at all.
    those forensic guys though will tell you that any strip of magnetic media they find might just yield the clue :p

     
  21. collinsl

    collinsl MajorGeek

    I believe another method used by companies who deal solely in data destruction is an industrial shredder: http://www.youtube.com/watch?v=sQYPCPB1g3o

    And, as a moderator, I would like to thank the community for being cautious. Security is everyone's business ;)
     
  22. foogoo

    foogoo Major "foogoo" Geek

    Most 'modern' PCs are set to boot CD first since floppies are not as popular as they once were. If they aren't I usually have to set them to since I have to use a ghost boot cd or Bart PE (w/ ghost) to load the initial images in my environment.

    I have a server with 6 drives going back soon and I'll post if it does all drives at once, we know it will do a single.
     

MajorGeeks.Com Menu

Downloads All In One Tweaks \ Android \ Anti-Malware \ Anti-Virus \ Appearance \ Backup \ Browsers \ CD\DVD\Blu-Ray \ Covert Ops \ Drive Utilities \ Drivers \ Graphics \ Internet Tools \ Multimedia \ Networking \ Office Tools \ PC Games \ System Tools \ Mac/Apple/Ipad Downloads

Other News: Top Downloads \ News (Tech) \ Off Base (Other Websites News) \ Way Off Base (Offbeat Stories and Pics)

Social: Facebook \ YouTube \ Twitter \ Tumblr \ Pintrest \ RSS Feeds