This topic has been archived, and won't accept reply postings.
I haven't yet destroyed the hard drive from my old pc. I was thinking about various ways of doing it such as a sledge hammer; drilling holes in it. Then I thought, why not a twelve bore cartridge?
Anyone tried it?
Anyone tried it?
In reply to mypyrex:
Level of destruction required depends on the adversary you need to protect against. Mere criminals and governments would be defeated by disk shredding software that writes noise over the disk a few times.
Breaking the platters may actually be weaker than this unless you grind them to powder, as there could be a lot of information stored on fairly small fragments. Having said that, a serious effort from serious people would be needed.
Of course to defend against the magic space pixies of the NSA the best bet is probably to heat the disk above its curie temperature and keep it there for a while. Thermite would probably be a good option, as would a nuclear explosion or dropping it into the sun.
Level of destruction required depends on the adversary you need to protect against. Mere criminals and governments would be defeated by disk shredding software that writes noise over the disk a few times.
Breaking the platters may actually be weaker than this unless you grind them to powder, as there could be a lot of information stored on fairly small fragments. Having said that, a serious effort from serious people would be needed.
Of course to defend against the magic space pixies of the NSA the best bet is probably to heat the disk above its curie temperature and keep it there for a while. Thermite would probably be a good option, as would a nuclear explosion or dropping it into the sun.
9
In reply to davidbeynon:
I then thought "a twelve bore cartridge followed by placing it in a metal container subsequently filled with concrete and labelled with a HazChem or radioactive warning sticker
I then thought "a twelve bore cartridge followed by placing it in a metal container subsequently filled with concrete and labelled with a HazChem or radioactive warning sticker
1
In reply to mypyrex:
Well, getting data back from a broken disk is hard but not impossible. You are talking about months of work with a forensics team and insanely expensive microscopes.
A few overwrites seems to be enough to destroy data as far as current retrieval tech is concerned so doing that first seems like a sensible idea no matter what you have in mind next.
Well, getting data back from a broken disk is hard but not impossible. You are talking about months of work with a forensics team and insanely expensive microscopes.
A few overwrites seems to be enough to destroy data as far as current retrieval tech is concerned so doing that first seems like a sensible idea no matter what you have in mind next.
1
In reply to mypyrex:
Darik's Boot and Nuke is the answer... It's free and won't run the risk of you shooting your foot off.
Darik's Boot and Nuke is the answer... It's free and won't run the risk of you shooting your foot off.
3
In reply to mypyrex: I'm fascinated to think what could be on your hard drive that you think would be remotely interesting to anyone else.
5
1
15
3
4
In reply to wilkie14c:
Wasn't that what Gary Glitter did?
> Send it to PC World for repair and it'll be professionally destroyed for you >
Wasn't that what Gary Glitter did?
2
In reply to mypyrex: Yep, I don't suppose my snuff movies, scenes of extreme sado-masochistic sex, bestiality and details of terrorist plots to blow up places are of any interest other than to a few similarly minded weirdos.
1
2
In reply to mypyrex:
God know how many laws you would be transgressing here if it isn't genuine bona-fide hazardous material. Remember that the law has no sense of humour whatsoever
> labelled with a HazChem or radioactive warning sticker
God know how many laws you would be transgressing here if it isn't genuine bona-fide hazardous material. Remember that the law has no sense of humour whatsoever
In reply to mypyrex:
In a previous job we used to have to DBAN/degausse and then shred hard disks, but real world applications, if the PC still works, DBAN it, if not, drop it in a bucket of salt water or remove the platter and rub it with sand paper.
The platters can make lovely coasters
In a previous job we used to have to DBAN/degausse and then shred hard disks, but real world applications, if the PC still works, DBAN it, if not, drop it in a bucket of salt water or remove the platter and rub it with sand paper.
The platters can make lovely coasters
In reply to mypyrex:
If you have never looked inside of one, then take it apart just for fun: the insides are very pretty. You'll probably need Torx drivers.
Then, to destroy the discs, choose any weapon you like. Use eye protection.
As to destroying the data: a once over pass writing zeroes to every block is quite sufficient. There have been scare stories about low-level recovery of data (e.g. google for Guttman's paper) but there is no evidence that anybody on the planet has ever actually been able to do anything like that in any significant way. My professional opinion is that it's FUD - and that tools like Darik's Boot and Nuke are a waste of time.
If you have never looked inside of one, then take it apart just for fun: the insides are very pretty. You'll probably need Torx drivers.
Then, to destroy the discs, choose any weapon you like. Use eye protection.
As to destroying the data: a once over pass writing zeroes to every block is quite sufficient. There have been scare stories about low-level recovery of data (e.g. google for Guttman's paper) but there is no evidence that anybody on the planet has ever actually been able to do anything like that in any significant way. My professional opinion is that it's FUD - and that tools like Darik's Boot and Nuke are a waste of time.
In reply to Rob Parsons:
>. My professional opinion is that it's FUD - and that tools like Darik's Boot and Nuke are a waste of time.
If you actually wanted to steal data it would be much easier to plant a trojan in a disk wiping program than go round collecting old disks.
>. My professional opinion is that it's FUD - and that tools like Darik's Boot and Nuke are a waste of time.
If you actually wanted to steal data it would be much easier to plant a trojan in a disk wiping program than go round collecting old disks.
In reply to Rob Parsons:
But they do it on TV spy and detective thrillers all the time!
Are you saying that's not true?
My personal approach is write zeros if I have time and the drive works and then to open the case and do ghastly things to the platters. For small drives (i.e laptops) these are quite fragile and break into a zillion pieces. For larger drives the are metal and you can do pretty unpleasant things with a hammer, a screwdriver and a pair of pliers.
They are rather pretty inside. It's very cathartic to do all the destructive stuff if you are having a bad day.
> There have been scare stories about low-level recovery of data (e.g. google for Guttman's paper) but there is no evidence that anybody on the planet has ever actually been able to do anything like that in any significant way.
But they do it on TV spy and detective thrillers all the time!
Are you saying that's not true?
My personal approach is write zeros if I have time and the drive works and then to open the case and do ghastly things to the platters. For small drives (i.e laptops) these are quite fragile and break into a zillion pieces. For larger drives the are metal and you can do pretty unpleasant things with a hammer, a screwdriver and a pair of pliers.
They are rather pretty inside. It's very cathartic to do all the destructive stuff if you are having a bad day.
In reply to Rob Parsons:
I believe it has been demoed on a case by case basis. So if you have managed to piss off a three letter agency you might want to think about. Although that said if agency was interested they would probably have just broken into your house a few months back and cloned the drive whilst planting bugs anyway.
> there is no evidence that anybody on the planet has ever actually been able to do anything like that in any significant way.
I believe it has been demoed on a case by case basis. So if you have managed to piss off a three letter agency you might want to think about. Although that said if agency was interested they would probably have just broken into your house a few months back and cloned the drive whilst planting bugs anyway.
In reply to mypyrex:
Yes it works really well. I test TV Set top boxes for a living. and we have to destroy all the prototypes when we finish. (as they have security access to everything!)
so we do actually take these clay pigeon shooting!
really satisfying if it's been a frustrating project
Yes it works really well. I test TV Set top boxes for a living. and we have to destroy all the prototypes when we finish. (as they have security access to everything!)
so we do actually take these clay pigeon shooting!
really satisfying if it's been a frustrating project
1
In reply to mypyrex:
Just unscrew the case, take it apart, salvage the rather strong magnet inside, and beat the shit, out of the guts of it with a hammer ( if you are paranoid )..and forget about it
Just unscrew the case, take it apart, salvage the rather strong magnet inside, and beat the shit, out of the guts of it with a hammer ( if you are paranoid )..and forget about it
In reply to KevinD:
I don't think so - but if you have any references, I'm very interested to hear more.
The Guttman-style scare stories rely on probabilistic analysis using very sophisticated hardware tools. So, maybe you can successfully recover the odd bit (though you won't be *sure* you've done it) - but, recovering any significant amount of data? I don't believe it.
However I have had these same arguments with others. My standard response is to offer big money to anybody who can recover something useful - say, the root record of the /etc/shadow file - on a disc which I have overwritten with zeroes. Nobody's ever shown any interest in taking me up on any such offer.
> I believe it has been demoed on a case by case basis.
I don't think so - but if you have any references, I'm very interested to hear more.
The Guttman-style scare stories rely on probabilistic analysis using very sophisticated hardware tools. So, maybe you can successfully recover the odd bit (though you won't be *sure* you've done it) - but, recovering any significant amount of data? I don't believe it.
However I have had these same arguments with others. My standard response is to offer big money to anybody who can recover something useful - say, the root record of the /etc/shadow file - on a disc which I have overwritten with zeroes. Nobody's ever shown any interest in taking me up on any such offer.
Post edited at 23:10
In reply to Rob Exile Ward:
I'm fascinated to think what could be on your hard drive that you think would be remotely interesting to anyone else.
mypyrex does have a mrs num num fixation, so I dread to think what might be on there!
I'm fascinated to think what could be on your hard drive that you think would be remotely interesting to anyone else.
mypyrex does have a mrs num num fixation, so I dread to think what might be on there!
5
In reply to Rob Parsons:
Not really a useful test. Since I dont think anyone is claiming its going to be doable by the average person so unless your acquaintances include some specialist university researchers or some secret squirrel types the answer is going to be no.
> I don't think so - but if you have any references, I'm very interested to hear more.
I will see if i can pull them up. Its not a subject I am exactly overly fussed about for the reasons already give,> Nobody's ever shown any interest in taking me up on any such offer.
Not really a useful test. Since I dont think anyone is claiming its going to be doable by the average person so unless your acquaintances include some specialist university researchers or some secret squirrel types the answer is going to be no.
In reply to KevinD:
Ok thanks.
Noted, thanks. And I agree: even it were possible, it's such a sophisticated and specialised attack that it's an irrelevant threat to 'normal' users.
> I will see if i can pull them up.
Ok thanks.
> Not really a useful test. Since I dont think anyone is claiming its going to be doable by the average person so unless your acquaintances include some specialist university researchers or some secret squirrel types the answer is going to be no.
Noted, thanks. And I agree: even it were possible, it's such a sophisticated and specialised attack that it's an irrelevant threat to 'normal' users.
In reply to mypyrex:
I'm not worried about my bank details but I'd be a bit concerned about folks getting to know about the extent of my GILF dildo squirt fetish.
I'm not worried about my bank details but I'd be a bit concerned about folks getting to know about the extent of my GILF dildo squirt fetish.
In reply to Rob Parsons:
Yup. If you are a normal user and someone with that anywhere near that sort of capability is interested in you then you are screwed anyway. Since plenty of other options available for a suitably equipped and funded attacker.
Say for your example of challenging anyone. If someone made that challenge to me in person and it was worth enough I would be waiting a couple of weeks until I could quietly clone the likely trial drives (make up some bollocks about it degrading over time and bobs your uncle) before taking the bet.
> Noted, thanks. And I agree: even it were possible, it's such a sophisticated and specialised attack that it's an irrelevant threat to 'normal' users.
Yup. If you are a normal user and someone with that anywhere near that sort of capability is interested in you then you are screwed anyway. Since plenty of other options available for a suitably equipped and funded attacker.
Say for your example of challenging anyone. If someone made that challenge to me in person and it was worth enough I would be waiting a couple of weeks until I could quietly clone the likely trial drives (make up some bollocks about it degrading over time and bobs your uncle) before taking the bet.
In reply to mypyrex:
why not reuse it in your new pc?
just install it and then format as a new drive.
you'll have loads of space and some where to backup important stuff
Davey
why not reuse it in your new pc?
just install it and then format as a new drive.
you'll have loads of space and some where to backup important stuff
Davey
2
In reply to mypyrex:
Now that you've advertised your intent to destroy it, you can expect to be tazered any time soon and to wake up somewhere unfamiliar wearing a second-hand baby-gro while a silhouette tells you that you've been a very naughty boy. "Feed 'im to the piggies, Errol"
Personally, I take them apart out of curiosity, smash the platters about a bit and throw each one away individually. I can't see minion getting Arch Villain too excited about a piece of a damaged hard drive he found whilst scavenging in landfill. All that effort to read it just to find you've got a slice of obsolete PowerPoint.
Now that you've advertised your intent to destroy it, you can expect to be tazered any time soon and to wake up somewhere unfamiliar wearing a second-hand baby-gro while a silhouette tells you that you've been a very naughty boy. "Feed 'im to the piggies, Errol"
Personally, I take them apart out of curiosity, smash the platters about a bit and throw each one away individually. I can't see minion getting Arch Villain too excited about a piece of a damaged hard drive he found whilst scavenging in landfill. All that effort to read it just to find you've got a slice of obsolete PowerPoint.
1
In reply to Rob Parsons:
>The Guttman-style scare stories rely on probabilistic analysis using very sophisticated hardware tools. So, maybe you can successfully recover the odd bit (though you won't be *sure* you've done it) - but, recovering any significant amount of data? I don't believe it.
What I have heard is similar to what you have written above.
Some of the magnetic domains on the stepper track (the one that guides the heads), get magnetised when you write data. As data is encoded with error correction, the recovery of that data is easier than if it didn't have have a CRC. Scanning electron microscopes are needed to detect this. Which means the adversary only needs access to kit a reasonable university may have kicking about.
However... Not all disks will bleed data. As data densities have increased, the accuracy needed to write the data has increased as well. You cannot be certain when any bleed data was written. So it could be years or days old.
In a previous role, I used Dban followed by a pillar drill. Any adversary would have to be very well funded. They would probably opt for the far cheaper, quicker and more accurate option of bunging someone a few grand in a brown envelope.
Disk platters make surprisingly good wind chimes.
>The Guttman-style scare stories rely on probabilistic analysis using very sophisticated hardware tools. So, maybe you can successfully recover the odd bit (though you won't be *sure* you've done it) - but, recovering any significant amount of data? I don't believe it.
What I have heard is similar to what you have written above.
Some of the magnetic domains on the stepper track (the one that guides the heads), get magnetised when you write data. As data is encoded with error correction, the recovery of that data is easier than if it didn't have have a CRC. Scanning electron microscopes are needed to detect this. Which means the adversary only needs access to kit a reasonable university may have kicking about.
However... Not all disks will bleed data. As data densities have increased, the accuracy needed to write the data has increased as well. You cannot be certain when any bleed data was written. So it could be years or days old.
In a previous role, I used Dban followed by a pillar drill. Any adversary would have to be very well funded. They would probably opt for the far cheaper, quicker and more accurate option of bunging someone a few grand in a brown envelope.
Disk platters make surprisingly good wind chimes.
In reply to Rob Exile Ward:
I think it depends how much you are worth. The data is mainly useless, but the cache of internet activity etc is much more useful. And you might not be the end target. In your network of friends there is likely someone who would be gullible to a fraud where the fraudster passed themselves off as you.
I was pretty surprised at home much attention the officers of Channel 4's series Hunted spent profiling their targets on social media. And the way to capture those that were caught was nearly always through a friend making a mistake rather than the actual target.
> I'm fascinated to think what could be on your hard drive that you think would be remotely interesting to anyone else.
I think it depends how much you are worth. The data is mainly useless, but the cache of internet activity etc is much more useful. And you might not be the end target. In your network of friends there is likely someone who would be gullible to a fraud where the fraudster passed themselves off as you.
I was pretty surprised at home much attention the officers of Channel 4's series Hunted spent profiling their targets on social media. And the way to capture those that were caught was nearly always through a friend making a mistake rather than the actual target.
This topic has been archived, and won't accept reply postings.
Elsewhere on the site
Loading Notifications...