I am thinking of giving one of my older laptops away, can anyone suggest a free tool which can securely wipe the entire harddrive clean. Thus far I have been suggested DBAN. Any others? Will Heidi Eraser work in a situation like this or does it only delete files? Also will a DOD wipe suffice or should I go for a Gutmann wipe? Thanks.

Referring to your other thread... Giving away an infected laptop (http://www.wilderssecurity.com/showthread.php?t=254402), you probably should determine whether the system has a recovery partition or not. You should be able to see this under Control Panel>Administrative Tools>Computer Management>Disk Management. That will tell you whether a simple whole device or partition wipe is desired.

DBAN is for a physical device, as is HDD Wipe Tool (http://hddguru.com/content/en/software/2006.04.13-HDD-Wipe-Tool/) at HDD Guru, or Disk Wipe (http://www.diskwipe.org/). If you simply want to erase files, Heidi is probably your best bet, but since that will be the system drive, I assume you'd want to slave it to another PC. At least if I understand what your trying to do (whole device wipe if no recovery partition, everything but the recovery partition if one exists).

One overwrite is enough. You don't need DOD/etc.

Blue

Unless you are giving away the laptop to NSA, a single zero pass should be more than enough :). As for the tool, I am also recommending DBAN.

CopyWipe is another suggestion:

http://www.terabyteunlimited.com/copywipe.php

DBAN + DOD 1 wipe

Gutmann wipe will take forever.

-{ Quote: "Unless you are giving away the laptop to NSA, a single zero pass should be more than enough :). As for the tool, I am also recommending DBAN." }-

Regarding the NSA, I have it on good authority that for drives less than 500 GB, a triple Gutmann should be sufficient (i.e. 105 passes). For drives greater than 500 GB, because of their increased aerial densities, a double Gutmann (sprinkled with some holy water and garlic) should be sufficient. But, who knows, these guys progress so quickly. A quadruple Gutmann may be required in the coming years. :P ;D

D-Ban will do just fine. It's all I use. For any normal system, one pass is plenty. If by some change you have files that would interest the NSA or CIA, you can use a few more passes or erase those individually before wiping the drive. Since no one really knows the extent of their recovery abilities, there's no way to know if more passes will make any difference. Other than taking more time, there's no disadvantage to using additional passes.

Use D-BAN if you like spending lots of time wiping, 13 hours!

I would suggest HDDErase, if you meet a few requirements:
Want to wipe the HPA (it's where a recovery partition is located).
Have Intel CPU (required by the software).
HDD is connected to a primary channel (IDE or SATA).

Benefits:
10 Minutes per 100gb to wipe (average).
Is equivalent to physical destruction!
If HDD has built in encryption, then it supports Enhanced Secure Erase (320gb in 3 seconds) fast Fast FAST! Complete before you have a chance to stir the sugar into your coffee ( or tea for Loyalists).

HDDErase is a program that access a chip on your HDD that wipes the hard drive.
This means your HDD already has a wiping program built in at the hardware level.

Some interesting info:
-{ Quote: "Modern hard disks pose a unique problem for media sanitizing because of the large amount of hidden and reserved storage. A typical 1-gigabyte hard disk may have as much as 400 megabytes of additional storage; some of this storage is used for media testing and bad-block remapping, but much of it is unused during normal operations. With special software, you can access this reserved storage area; you could even install "hard disk viruses" that can reprogram a hard disk controller, take over the computer's peripheral bus, and transfer data between two devices, or feed faulty data to the host computer. For these reasons, hard disks must be sanitized with special software that is specially written for each particular disk drive's model number and revision level." }-
Web security, Privacy and Commerce
By Simson Garfinkel, Gene Spafford (http://books.google.com/books?id=W9GvRmi9ZF4C&pg=PA386&lpg=PA386&dq=bad+blocks+sanitization+reserved&source=web&ots=oGq8mbnx9I&sig=nJZXpK1UCRjiWqmjmjP4bOUGgaI&hl=en&sa=X&oi=book_result&resnum=10&ct=result)
40% of the size of a drive for badblock remapping?
Does that mean that for a 100gb drive there is an additional 40gb for remapping?

Hi guys,

Thanks for all your responses. Anyway I checked my computer per Blue Zannetti's suggestions and I found no recovery partition. I also tried to access it via the steps suggested on the manufacturers support page and failed to access it. Does anyone know where i could a free, safe and secure download of windows XP? Hopefully I can activate it with the product key of my current install of XP.

Searching:

What algorithm does HDDErase use to securely erase the drives? DOD? Gutman wipe?

Also the issue of hidden reserved storage shouldnt matter since HDDErase will erase the entirsty of the drive includiing any and all hidden partitions right?

Out of curiosity will the hidden reserve storage areas be known to/accessible to the admin under normal circumstances? Are there any software that can enable one to uncover/access this area and whatever it may contain?

Thanks in advance.

-{ Quote: "The three block writes of DoD 5220 plus verify can take far longer than the secure erase command. CMRR test times were up to days but the drive normal Secure Erase can complete in 30-45 minutes.

CMRR has established minimum mandatory properties of an Enhanced Secure Erasure algorithm which provide erasure security equivalent to most implementations of physical destruction and in a much shorter time. CMRR specifies a minimum of two random data writes of all physical user sectors (including reassigned sectors), where each write is offset off- track opposite to the other by at least 10% of the track pitch.

Overwritten data left in track edges is normally unreadable magnetic noise, but the offtrack writes makes any possible coherent data in the track edges unrecoverable. Note that only drive internal technology is able to accomplish an offtrack Secure Erase. There is no standardized “write offtrack” command for any software utility to use." }-
Secure Erase Algorithm (http://docs.google.com/gview?a=v&q=cache:IqTCvrSTGyYJ:cmrr.ucsd.edu/people/Hughes/CmrrSecureEraseProtocols.pdf+secure+erase+algorithm+cmrr&hl=en&gl=us&sig=AFQjCNHWihfpZVY73RU0Axt1I7tZ-ZWOqg)

HPA is not accessible from OS without special software. I haven't searched for any of these softwares, so I don't know much about them.

-{ Quote: "Regarding the NSA, I have it on good authority that for drives less than 500 GB, a triple Gutmann should be sufficient (i.e. 105 passes). For drives greater than 500 GB, because of their increased aerial densities, a double Gutmann (sprinkled with some holy water and garlic) should be sufficient. But, who knows, these guys progress so quickly. A quadruple Gutmann may be required in the coming years. :P ;D" }-

Do you care to provide proof or techniques from which the NSA can retrieve data that has been overwritten once with zeroes? I have seen experiments done with electron microscopes and the researchers were *not* able to recover anything.

To the OP: It should be said that another good "wiping" technique is to encrypt the whole drive with AES-256 and a 63 character random password. It is much faster than wiping the thing and will be just as secure (if not more so).

-{ Quote: "Do you care to provide proof or techniques from which the NSA can retrieve data that has been overwritten once with zeroes? I have seen experiments done with electron microscopes and the researchers were *not* able to recover anything." }-
I was kidding. I don't believe that something overwritten once can be recovered. I've probably said that a hundred times. No one ever listens. That being said, having a triple Gutmann become standard would amuse me.

-{ Quote: "To the OP: It should be said that another good "wiping" technique is to encrypt the whole drive with AES-256 and a 63 character random password. It is much faster than wiping the thing and will be just as secure (if not more so)." }-

I use TrueCrypt if I need to wipe something. Then I overwrite the header for good measure.

-{ Quote: "That being said, having a triple Gutmann become standard would amuse me." }-I think that if we look hard enough..., an in-depth discussion on the advantages of a prime number multiple of Gutmann passes (lovingly termed the Prime Gutmann...) will be found somewhere.... :)

Blue

-{ Quote: "Secure Erase Algorithm (http://docs.google.com/gview?a=v&q=cache:IqTCvrSTGyYJ:cmrr.ucsd.edu/people/Hughes/CmrrSecureEraseProtocols.pdf+secure+erase+algorithm+cmrr&hl=en&gl=us&sig=AFQjCNHWihfpZVY73RU0Axt1I7tZ-ZWOqg)

HPA is not accessible from OS without special software. I haven't searched for any of these softwares, so I don't know much about them." }-
But HDDerase will erase the HPA and all other hidden partitions as well right?

-{ Quote: "Do you care to provide proof or techniques from which the NSA can retrieve data that has been overwritten once with zeroes? I have seen experiments done with electron microscopes and the researchers were *not* able to recover anything.

To the OP: It should be said that another good "wiping" technique is to encrypt the whole drive with AES-256 and a 63 character random password. It is much faster than wiping the thing and will be just as secure (if not more so)." }-
I want the drive to be used after wiping, I assume I wont be able to do this if I use encryption? Thanks.

-{ Quote: "I want the drive to be used after wiping, I assume I wont be able to do this if I use encryption? Thanks." }-

Of course you will. TrueCrypt does the exact same thing as wiping software (literally). It simply overwrites every sector with pseudorandom data. Then you can install your OS over that (to destroy the encrypted volume). All good OTFE software should also function as wiping software. However, I don't believe HPA and DCO hidden sectors can be overwritten by these programs. But if you were the original owner of this hard drive, you should know if these exist.

-{ Quote: "But HDDerase will erase the HPA and all other hidden partitions as well right?" }-

Yes, HDDErase can secure delete HPA/DCO partitons:
http://cmrr.ucsd.edu/people/Hughes/HDDEraseReadMe.txt

Certain manufactures have some machines set up to not allow access to HPA & DCO. You can try and use this http://www.jetico.com/wiping-bcwipe-total-wipe-out/ 30 day full functioning, burn the ISO or make a bootable USB, this program will tell you whether or not you can gain access to the HPA or DCO areas of your HD if they exist. If not you'll have to try another method, but I think this is easiest if you can't get HDD erase to run.

When you run HDDErase, via UBCD or your own boot disk, if an HPA is present (Extended LBA) it will ask if you would like to wipe that also.
It does not just wipe it, but gives you the option to.

Alternatively, on Linux, hdparm can access the security erase chip, as long as there is not a BIOS freeze lock. (With hdparm, my 250GB drive takes about 88 minutes.)

If there is a BIOS freeze lock, implemented to prevent malicious wiping, only thing to do is to place HDD into another PC for wiping that does not use a BIOS freeze lock for Secure Erase Function.

I do know about softs to manipulate HPA's, though not how to use the HPA as storage:

An alternative solution, Seatools v1.09; It offers the ability to reset Max Native Address Size. If an HPA is present Seatools will state Drive Size =xxxx Native Size =YYYY, difference from x to y is the hidden partition. Reset to Native Max and then wipe.

If you read a lot of posts about wiping, you will notice a lot of conflicting or confusing points of view about the best method or software. The amount of conflicting or confusing points inspired me to find real answers instead of garden fertilizer.

quote Searching HPA is not accessible from OS without special software. I haven't searched for any of these softwares, so I don't know much about them.

Then.....I do know about softs to manipulate HPA's, though not how to use the HPA as storage:

An alternative solution, Seatools v1.09; It offers the ability to reset Max Native Address Size. If an HPA is present Seatools will state Drive Size =xxxx Native Size =YYYY, difference from x to y is the hidden partition. Reset to Native Max and then wipe.

If you read a lot of posts about wiping, you will notice a lot of conflicting or confusing points of view about the best method or software. The amount of conflicting or confusing points inspired me to find real answers instead of garden fertilizer.

LOL good work mate you really sound like an expert. ;D

Under 40 years old is Brain Fade, over 40 years old and it is Mentalpause. :D

Rather than edit the post I chose to correct by reposting.
Hopefully I did not conflict or confuse anybody.

Speaking of waffling, could you pass the syrup, blueberry please.

use ccleaner and tuneup utilities...

afaik, this whole "rewrite your hdd 10.000 with random pattern" is a ridiculous hoax. Just ask the experts of a data recovery center.