Re: [Fed-Talk] SECURITY ERASE UNIT and friends.
Re: [Fed-Talk] SECURITY ERASE UNIT and friends.
- Subject: Re: [Fed-Talk] SECURITY ERASE UNIT and friends.
- From: Allan Marcus <email@hidden>
- Date: Tue, 21 Apr 2009 11:46:14 -0600
I've done a fair amount of research on this. I assume you want the
'Secure Erase' mentioned in NIST 800-88? I don't think there is
anything out there that can do it on a Mac. The best I can come up
with the the Drive Erazer <http://www.wiebetech.com/products/Drive_eRazer.php
>, which is under $200 with the SATA adapter. I've also looked into
the Digital Shredder <http://www.deadondemand.com/products/digitalshredder/
>, but it is very expensive (over 10K).
For those of us in DOE, a simple drive erase is no longer sufficient
to purge or clear a drive for unclassified reuse. I'm not talking
about taking a classified drive and making it unclassified; I'm
talking about talking an unclassified drive and reusing it for a
different unclassified purpose. NIST 800-88 discusses a Secure Erase
command found in the firmware of modern ATA and SATA drives that is
sufficient to purge or clear a drive. The main thing is dealing with
bad sectors; the erase process has to ensure that bad sectors are
erased. The Secure Erase commands seems to meet this need.
HDDERASE was developed under an NSA contract at the Center for
Magnetic Media Research in San Diego that has expired, so I don't
think the software is being developed or supported anymore.
The only other product I have found that might work is DBAN (and EBAN,
which is the commercial version of DBAN). I believe that DBAN will
simply fail if it discovers a bad sector that cannot be allocated and
erased. I have had no luck in getting DBAN to work on a Mac. I have
spoken to the developer and the might include Secure Erase in DBAN/
EBAN, but we would need to become a paid customer. They also haven't
done verymuch testing with DBAN on Macs.
Apple secure erase doesn't account for bad sectors. If your agency
requires that bad sectors also be erased, Disk Utility isn't good
enough IMHO.
One work around that we are considering proposing to our DAA is to
allow us to use an overwrite method like Disk Utility, then check the
hard drive for bad sectors using something like smartd (MacPorts) or
Smart Utility 2.0 <http://www.volitans-software.com/products.php>. If
the drive reports no bad sectors (this would be from the SMART data,
not a surface scan), then we would be assured that all data on the
drive was destroyed. One issue with this is we need to understand
better what SMART reports in the "Reallocated_Sector_Ct" attribute. We
need to understand if Reallocated_Sector_Ct means what I think it
means; which is how many sectors are currently marked as bad and have
been reallocated.
I'm also not sure how to erase any sectors that the drive is holding
back to allocate to sectors that might go bad. I think that's why we
would need to use DBAN or Secure Erase.
---
Thanks,
Allan Marcus
505-667-5666
On Apr 16, 2009, at 10:29 PM, Robert Nicholson wrote:
Has anybody found any tool that runs under OSX that allows this to
be run on the internal SATA drive?
What about say a Linux Boot CD with hdparam?
HDDERASE or HDAT2?
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden