Whenever I wish to sell on of a hard disc, I *always* do a secure
overwrite using a variety of software tools, such as DBAN (Darik's Boot
'n' Nuke)and it gets securely erased to DoD standards..... before it
leaves my hands..... So my personal and financial data does not get
exploited by ne-er do wells....

I had 2 off 40 GB and 2 off 500 GB hard discs that either had the click
of death or was not "present" in the BIOS attached drives autodetection
list.

So Using DBAN was clearly out of the question on any of these 4 drives
and I could't even sell them on for spares or repair as it still had my
digital data on it.

The last time I had to securely destroy a disk, it had glass platters
coated in a magnetic metal oxide. They were *easy* to destroy, with a
lump hammer!

So today I set to work with these 4 failed drives which are 7,200 rpm
versions

Got my battery powered screwdriver and remmoved all the Torx screws
including those under the stickers.

PCBs was successfully removed from all 4 drives and tossed into WEEE bin

The metal Lids was also successfully removed after breaking the hermetic
seal from all four and tossed into WEEE bin.

The torx screws were removed for the read/write heads on swinging arms
and removed..... and tossed into WEEE bin.

Then the spindle annular rings have 6 torx screws, which are
successfully removed and tossed into WEEE bin....

I then remove the platters and I end up with 10 platters (3 form two
drives and 2 from 2 drives)

I then try and smash them with a hammer. just put a dint into the
surface so clearly not glass.

I then get the chop saw out with a metal cutting blade... Blunted the
brand new blade.

I then get the HSS drill bit set out and the pillar drill..... The HSS
drilsl won't touch it......

Then I the favoured uk.d-i-y nuclear option... a grinder!

I take the platters to my bench grinder..... the grinding wheels are
blunted and you can see streaks of metal embedded in the discs from the
platters.....

I didn't have a professional grade degausser unit so that was not an
option open to me.....

So I think long and hard about what other methods are open to me to
securely destroy the platters....

I then fill up the garage sink with water after putting the sink plug in.

I use a pair of mole grips to hold the disc platter by the edge and
light my MAPP blowtorch...

I apply the blue flame to platter and then finally manage to melt the
platter and watch molten droplets of metal drop off into the sinkful of
water...

Rinse and repeat 9 more times....

1 empty bottle of MAPP gas later, the metal granules are now in the WEEE
bin!

RESULT!

SH wrote:
[snip silly attempts to destroy a disk]

Really, why bother. Unless you're a known millionaire then no one
cares what's on your hard disks.

--
Chris Green
·

Chris Green wrote:
SH wrote:
[snip silly attempts to destroy a disk]

Really, why bother. Unless you're a known millionaire then no one
cares what's on your hard disks.

People seem to get huge satisfaction out of destroying hard drives, for some
reason.

It isn't necessary. As soon as you've opened the lid it's a £1K+++ repair
job, and nobody is going to bother with that unless they have a really good
reason to spend the money.

Secondly, if the drive is broken so you can't get at it, likely nobody else
can either without spending that sort of money on it.

Theo

Theo wrote:

Chris Green wrote:
SH wrote:
[snip silly attempts to destroy a disk]

Really, why bother. Unless you're a known millionaire then no one
cares what's on your hard disks.

People seem to get huge satisfaction out of destroying hard drives, for some
reason.

I just remove the lovely and very useful Neodymium Magnets and throw the rest in the recycle bin

-

On 15 Apr 2021 at 23:44:32 BST, " wrote:

Theo wrote:

Chris Green wrote:
SH wrote:
[snip silly attempts to destroy a disk]

Really, why bother. Unless you're a known millionaire then no one
cares what's on your hard disks.

People seem to get huge satisfaction out of destroying hard drives, for some
reason.

I just remove the lovely and very useful Neodymium Magnets and throw the rest
in the recycle bin


+1 - one of life's pleasures :-)

--
Cheers, Rob

In article ,
Theo wrote:
Chris Green wrote:
SH wrote: [snip silly attempts to destroy a
disk]

Really, why bother. Unless you're a known millionaire then no one
cares what's on your hard disks.

People seem to get huge satisfaction out of destroying hard drives, for
some reason.

It isn't necessary. As soon as you've opened the lid it's a £1K+++
repair job, and nobody is going to bother with that unless they have a
really good reason to spend the money.

Secondly, if the drive is broken so you can't get at it, likely nobody
else can either without spending that sort of money on it.

Theo

Quite. Those CSI TV progs have a lot to answer for. ;-)

--
*The colder the X-ray table, the more of your body is required on it *

Dave Plowman London SW
To e-mail, change noise into sound.

On 15/04/2021 21:17, Chris Green wrote:
SH wrote:
[snip silly attempts to destroy a disk]

Really, why bother. Unless you're a known millionaire then no one
cares what's on your hard disks.

Or just lose it somewhere nobody will ever find it.
TW

On 15/04/2021 21:17, Chris Green wrote:
SH wrote:
[snip silly attempts to destroy a disk]

Really, why bother. Unless you're a known millionaire then no one
cares what's on your hard disks.



Thats really quite a very naieve position to take:

1. Many browsers now "offer" to save your name, address, phone numbers
and even usernames and passwords for all your web accounts. So its
clearly stored somewhere on that disc

2. Your email client will have a PST file containing *all* your emails,
email addresses, email contents etc.

3. Online banking, online pensions etc whose web site addresses all in
the web browser history at least so its easy to work out who you have a
bankign relationship with

4. Your own personal data on that disc like DoB, Nat Ins No, Name and
address means a fraudster cam commit fraud in your "name" like loans,
credit cards or SIM swap fraud or even empy your bank account(s)

Need I go on?

On 16/04/2021 08:49, SH wrote:
On 15/04/2021 21:17, Chris Green wrote:
SH wrote:
[snip silly attempts to destroy a disk]

Really, why bother.Â* Unless you're a known millionaire then no one
cares what's on your hard disks.



Thats really quite a very naieve position to take:

1. Many browsers now "offer" to save your name, address, phone numbers
and even usernames and passwords for all your web accounts. So its
clearly stored somewhere on that disc

2. Your email client will have a PST file containing *all* your emails,
email addresses, email contents etc.

3. Online banking, online pensions etc whose web site addresses all in
the web browser history at least so its easy to work out who you have a
bankign relationship with

4. Your own personal data on that disc like DoB, Nat Ins No, Name and
address means a fraudster cam commit fraud in your "name" like loans,
credit cards or SIM swap fraud or even empy your bank account(s)

Need I go on?


Plus once an attacker has your details, they can make themselves *far*
more convincing when they phone you and say Hello Mr/Mrs/Miss XXXXX, I'm
from (high Street bank), we've detected suspiscious acitivity on your
bank account number XXYYZZ, we see its a joint account with youe spouse,
Mr/mrs XXXX and we see you have a pension plan with Pension provider
from the direct debits etc etc......

On 16/04/2021 09:01, SH wrote:

Plus once an attacker has your details, they can make themselves *far*
more convincing when they phone you and say Hello Mr/Mrs/Miss XXXXX, I'm
from (high Street bank), we've detected suspiscious acitivity on your
bank account number XXYYZZ, we see its a joint account with youe spouse,
Mr/mrs XXXX and we see you have a pension plan with Pension provider
from the direct debits etc etc......

I see you use Windows*. "They" probably already have your data.






Just joking....


--
Adrian C

Adrian Caspersz wrote:
On 16/04/2021 09:01, SH wrote:

Plus once an attacker has your details, they can make themselves *far*
more convincing when they phone you and say Hello Mr/Mrs/Miss XXXXX,
I'm from (high Street bank), we've detected suspiscious acitivity on
your bank account number XXYYZZ, we see its a joint account with youe
spouse, Mr/mrs XXXX and we see you have a pension plan with Pension
provider from the direct debits etc etc......

I see you use Windows*. "They" probably already have your data.

Just joking....

The biggest exposure with Windows users, is them not
knowing that the "format" command, does not overwrite
the data clusters on the disk. After a "format",
the buyer of your disk can use Photorec to dig up
the data. And that's precisely what some connoisseurs
of used disks have reported doing for fun - they're not
interested in your data, they check this so they can make
fun of how stoopid you are. "I found his email files"

To erase a Windows disk, you can (administrator command prompt)

diskpart
list disks
select disk 2
clean all # writes 0x00 over entire disk drive
exit

On a large drive, that could take three hours.
When the buyer runs Photorec, they won't find anything.

*******

You can verify drive contents with a hex editor like this one.
On a zeroed drive, you can quickly scroll through and check.

https://mh-nexus.de/en/hxd/

None of this helps with broken drives of course.

Paul

"Tim Streater" wrote in message
...
On 16 Apr 2021 at 09:08:55 BST, Adrian Caspersz
wrote:

On 16/04/2021 09:01, SH wrote:
Plus once an attacker has your details, they can make themselves *far*
more convincing when they phone you and say Hello Mr/Mrs/Miss XXXXX, I'm
from (high Street bank), we've detected suspiscious acitivity on your
bank account number XXYYZZ, we see its a joint account with youe spouse,
Mr/mrs XXXX and we see you have a pension plan with Pension provider
from the direct debits etc etc......

I see you use Windows*. "They" probably already have your data.

Just joking....

If they're using Windows its essentially a certainty.

Bull**** it is, no one has mine.

On Friday, 16 April 2021 at 08:50:03 UTC+1, SH wrote:
On 15/04/2021 21:17, Chris Green wrote:
SH wrote:
[snip silly attempts to destroy a disk]

Really, why bother. Unless you're a known millionaire then no one
cares what's on your hard disks.

Thats really quite a very naieve position to take:

1. Many browsers now "offer" to save your name, address, phone numbers
and even usernames and passwords for all your web accounts. So its
clearly stored somewhere on that disc

2. Your email client will have a PST file containing *all* your emails,
email addresses, email contents etc.

3. Online banking, online pensions etc whose web site addresses all in
the web browser history at least so its easy to work out who you have a
bankign relationship with

4. Your own personal data on that disc like DoB, Nat Ins No, Name and
address means a fraudster cam commit fraud in your "name" like loans,
credit cards or SIM swap fraud or even empy your bank account(s)

Need I go on?


Many of us have not one single .pst file. (I have one - which is an file last written in 2012! I think I might have used it to recover something or other.)

Many, many of us let people know which banks we have relationships with every time we use a credit or debit card. Or each time a postie delivers a letter from one of them (albeit very few these days, for me). Or we throw out envelopes and letters as waste paper.

Having been involved in getting drives recovered, even being able to access the data at all in a failed drive it pretty lucky. After going through even a fraction of the steps discussed in this thread, it would reach the miracle level.

Many, many of us let people know which banks we have relationships with every time we use a credit or debit card. Or each time a postie delivers a letter from one of them (albeit very few these days, for me). Or we throw out envelopes and letters as waste paper.

I actually snip out the address labels from post and parcels and it is
then stored in the fire bucket and used to start fires with in the
woodburner.... the rest of the packaging then goes into the recycling

All paper correspondence also ends up as firestarter material for the
woodburner.

Some papers seme to come with a finish of some description that makes it
a challenge to actually light and get burning.... a MAPP blowlamp soon
sorts that out :-)

"SH" wrote in message
...

Many, many of us let people know which banks we have relationships with
every time we use a credit or debit card. Or each time a postie delivers
a letter from one of them (albeit very few these days, for me). Or we
throw out envelopes and letters as waste paper.

I actually snip out the address labels from post and parcels and it is
then stored in the fire bucket and used to start fires with in the
woodburner.... the rest of the packaging then goes into the recycling

All paper correspondence also ends up as firestarter material for the
woodburner.

Mindlessly paranoid, but then we knew that already.

Some papers seme to come with a finish of some description that makes it a
challenge to actually light and get burning.... a MAPP blowlamp soon sorts
that out :-)

On 16/04/2021 12:33, Tim Streater wrote:
On 16 Apr 2021 at 09:26:50 BST, polygonum_on_google
wrote:

On Friday, 16 April 2021 at 08:50:03 UTC+1, SH wrote:

2. Your email client will have a PST file containing *all* your emails,
email addresses, email contents etc.

Many of us have not one single .pst file. (I have one - which is an file last written in 2012! I think I might have used it to recover something or other.)

What is a .pst file?



whenever you create/send or recieve an email and all your email folders
all get backed up to a *.pst file.

The idea being that you can export the *.pst file from older/to be
scrapped or to be formatted & reinstalled machine.

Then you import the *.pst file a new/reformatted & reinstalled machine
so your new set up then has all teh emails and folders etc

SH wrote:

Tim Streater wrote:

What is a .pst file?

whenever you create/send or recieve an email and all your email folders
all get backed up to a *.pst file.

Only by Microsoft Outlook (the full-fat Office version, not the Express
version)

And nowadays more people probably use a .ost file instead

for Thunderbird the equivalent is a .msf file

SH wrote:
On 16/04/2021 12:33, Tim Streater wrote:
On 16 Apr 2021 at 09:26:50 BST, polygonum_on_google
wrote:

On Friday, 16 April 2021 at 08:50:03 UTC+1, SH wrote:

2. Your email client will have a PST file containing *all* your emails,
email addresses, email contents etc.

Many of us have not one single .pst file. (I have one - which is an
file last written in 2012! I think I might have used it to recover something
or other.)

What is a .pst file?



whenever you create/send or recieve an email and all your email folders
all get backed up to a *.pst file.

Well, depends on your mail program, mine certainly doesn't create
*.pst files! :-)

--
Chris Green
·

Tim Streater wrote:
On 16 Apr 2021 at 09:26:50 BST, polygonum_on_google
wrote:

On Friday, 16 April 2021 at 08:50:03 UTC+1, SH wrote:

2. Your email client will have a PST file containing *all* your emails,
email addresses, email contents etc.
Many of us have not one single .pst file. (I have one - which is an file last written in 2012! I think I might have used it to recover something or other.)

What is a .pst file?


https://en.wikipedia.org/wiki/Personal_Storage_Table

"The .pst file format is supported by several
Microsoft client applications, including... Microsoft Outlook"

"Outlook 2002 and earlier use ANSI (extended ASCII with a codepage)
encoding. This format has a maximum size of 2 GB (2^31 bytes) and
does not support unicode.

From Outlook 2003 and onward, the new standard format for .pst
is Unicode (UTF-16 little-endian), with 64-bit pointers. The
limit became 20 GB for Outlook 2003-2007, and increased to
50 GB from Outlook 2010.
"

It's an awful kind of storage container. It's possible it
holds multiple mailboxes.

libpst - a little too low level maybe

https://www.five-ten-sg.com/libpst/rn01re06.html

Example of contents:

"The default folders within a pst-file for a POP3 account are;

Inbox
Drafts
Outbox
Sent Items
Deleted Items
Junk Email
Search Folders
RSS Feeds
Calendar
Contacts
Suggested Contacts (Outlook 2010 only)
Tasks
Notes
Journal
"

Paul

SH wrote:
On 15/04/2021 21:17, Chris Green wrote:
SH wrote:
[snip silly attempts to destroy a disk]

Really, why bother. Unless you're a known millionaire then no one
cares what's on your hard disks.



Thats really quite a very naieve position to take:

1. Many browsers now "offer" to save your name, address, phone numbers
and even usernames and passwords for all your web accounts. So its
clearly stored somewhere on that disc

I don't store any personal informaition in my browser.

2. Your email client will have a PST file containing *all* your emails,
email addresses, email contents etc.

So what, what's interesting in my E-Mails?


3. Online banking, online pensions etc whose web site addresses all in
the web browser history at least so its easy to work out who you have a
bankign relationship with

No they're not. I have to tell anyone who pays me money "who you have a
bankign relationship with" anyway.


4. Your own personal data on that disc like DoB, Nat Ins No, Name and
address means a fraudster cam commit fraud in your "name" like loans,
credit cards or SIM swap fraud or even empy your bank account(s)

They're encrypted.


.... and it *still* won't be worth anyone spending a lot of money
searching for information on lots of disks on the offchance they'll
find something useful somewhere.


Can anyone show us real evidence that there are people out there
searching through old hard disks looking for this sort of data?


--
Chris Green
·

On 16/04/2021 09:35, Chris Green wrote:
SH wrote:
On 15/04/2021 21:17, Chris Green wrote:
SH wrote:
[snip silly attempts to destroy a disk]

Really, why bother. Unless you're a known millionaire then no one
cares what's on your hard disks.



Thats really quite a very naieve position to take:

1. Many browsers now "offer" to save your name, address, phone numbers
and even usernames and passwords for all your web accounts. So its
clearly stored somewhere on that disc

I don't store any personal informaition in my browser.

2. Your email client will have a PST file containing *all* your emails,
email addresses, email contents etc.

So what, what's interesting in my E-Mails?


3. Online banking, online pensions etc whose web site addresses all in
the web browser history at least so its easy to work out who you have a
bankign relationship with

No they're not. I have to tell anyone who pays me money "who you have a
bankign relationship with" anyway.


4. Your own personal data on that disc like DoB, Nat Ins No, Name and
address means a fraudster cam commit fraud in your "name" like loans,
credit cards or SIM swap fraud or even empy your bank account(s)

They're encrypted.


... and it *still* won't be worth anyone spending a lot of money
searching for information on lots of disks on the offchance they'll
find something useful somewhere.


Can anyone show us real evidence that there are people out there
searching through old hard disks looking for this sort of data?




https://uhra.herts.ac.uk/bitstream/h...pdf?sequence=1

Although it is focused at memory cards, the same principles applies to
HDDs....

On 16/04/2021 09:54, SH wrote:
On 16/04/2021 09:35, Chris Green wrote:
SH wrote:
On 15/04/2021 21:17, Chris Green wrote:
SH wrote:
[snip silly attempts to destroy a disk]

Really, why bother.Â* Unless you're a known millionaire then no one
cares what's on your hard disks.



Thats really quite a very naieve position to take:

1. Many browsers now "offer" to save your name, address, phone numbers
and even usernames and passwords for all your web accounts. So its
clearly stored somewhere on that disc

I don't store any personal informaition in my browser.

2. Your email client will have a PST file containing *all* your emails,
email addresses, email contents etc.

So what, what's interesting in my E-Mails?


3. Online banking, online pensions etc whose web site addresses all in
the web browser history at least so its easy to work out who you have a
bankign relationship with

No they're not.Â* I have to tell anyone who pays me money "who you have a
bankign relationship with" anyway.


4. Your own personal data on that disc like DoB, Nat Ins No, Name and
address means a fraudster cam commit fraud in your "name" like loans,
credit cards or SIM swap fraud or even empy your bank account(s)

They're encrypted.


... and it *still* won't be worth anyone spending a lot of money
searching for information on lots of disks on the offchance they'll
find something useful somewhere.


Can anyone show us real evidence that there are people out there
searching through old hard disks looking for this sort of data?




https://uhra.herts.ac.uk/bitstream/h...pdf?sequence=1


Although it is focused at memory cards, the same principles applies to
HDDs....

and this one too.....:

https://www.comparitech.com/blog/inf...y-stick-study/

"SH" wrote in message
...
On 16/04/2021 09:35, Chris Green wrote:
SH wrote:
On 15/04/2021 21:17, Chris Green wrote:
SH wrote:
[snip silly attempts to destroy a disk]

Really, why bother. Unless you're a known millionaire then no one
cares what's on your hard disks.



Thats really quite a very naieve position to take:

1. Many browsers now "offer" to save your name, address, phone numbers
and even usernames and passwords for all your web accounts. So its
clearly stored somewhere on that disc

I don't store any personal informaition in my browser.

2. Your email client will have a PST file containing *all* your emails,
email addresses, email contents etc.

So what, what's interesting in my E-Mails?


3. Online banking, online pensions etc whose web site addresses all in
the web browser history at least so its easy to work out who you have a
bankign relationship with

No they're not. I have to tell anyone who pays me money "who you have a
bankign relationship with" anyway.


4. Your own personal data on that disc like DoB, Nat Ins No, Name and
address means a fraudster cam commit fraud in your "name" like loans,
credit cards or SIM swap fraud or even empy your bank account(s)

They're encrypted.


... and it *still* won't be worth anyone spending a lot of money
searching for information on lots of disks on the offchance they'll
find something useful somewhere.


Can anyone show us real evidence that there are people out there
searching through old hard disks looking for this sort of data?




https://uhra.herts.ac.uk/bitstream/h...pdf?sequence=1

Although it is focused at memory cards, the same principles applies to
HDDs....

Nope, because recovery is quite different.

SH wrote:

Can anyone show us real evidence that there are people out there
searching through old hard disks looking for this sort of data?


https://uhra.herts.ac.uk/bitstream/h...pdf?sequence=1



Although it is focused at memory cards, the same principles applies to
HDDs....

That's not evidence of people actually digging around for old data
it's just evidence that it's there and that people don't erase it.

.... and memory cards are rather different from hard disks. Even so
the paper says that some of the cards were 'faulty' and that they
couldn't thus get at the data, this is the case we're dealing with
regarding hard disks.

--
Chris Green
·

SH wrote:
On 15/04/2021 21:17, Chris Green wrote:
SH wrote:
[snip silly attempts to destroy a disk]

Really, why bother. Unless you're a known millionaire then no one
cares what's on your hard disks.



Thats really quite a very naieve position to take:

Those kind of drive-by data slurping are fair arguments to *wipe* a HDD.
But if it's broken, by definition nobody can read it, which means a
miscreant can't read it either. They would have to spend time and money
fixing it, which unless you're a high value target is not going to be worth
it. If you did any kind of physical dismantling (taking the lid off,
unscrewing the platters) that cost goes up by orders of magnitude.

Need I go on?

The solution to all of this is full disc encryption. Without the password
the disc is full of random noise. If you are concerned about the disc
falling into the wrong hands (on a laptop, or at disposal time) then FDE
will protect against that. SSDs typically do FDE 'for free' - the raw flash
is encrypted, and a 'secure erase' is simply deleting the key from inside
the controller.

No angle grinders needed.

Theo

The solution to all of this is full disc encryption. Without the password
the disc is full of random noise.

Yes, Windows comes with Bitlocker. I am curious to know what the CPU
overhead is for decrypting on the fly the encrypted data on said drive?


If you are concerned about the disc
falling into the wrong hands (on a laptop, or at disposal time) then FDE
will protect against that.

Is Bitlocker considered to be a FDE?


SSDs typically do FDE 'for free' - the raw flash
is encrypted, and a 'secure erase' is simply deleting the key from inside
the controller.

Thats interesting to know, why is FDE used on SSDs? I don't see it
advertised as a feature on the advertising blurb so it gives one the
impression that one needs to deploy FDE....

Deleting the key is not the same thing as securely erasing the key with
an overwrite so my question is can the "deleted" key be recovered?

Also SSD's use wear levelling so an overwrite may end up on a physically
different location on the flash NAND chips?


No angle grinders needed.

Theo

SH wrote:
The solution to all of this is full disc encryption. Without the password
the disc is full of random noise.

Yes, Windows comes with Bitlocker. I am curious to know what the CPU
overhead is for decrypting on the fly the encrypted data on said drive?

That will depend on your hardware (does it have AES instructions, does the
drive handle encryption).

Is Bitlocker considered to be a FDE?

Yes.

Thats interesting to know, why is FDE used on SSDs? I don't see it
advertised as a feature on the advertising blurb so it gives one the
impression that one needs to deploy FDE....

It's an 'enterprisey' feature but I don't know whether it's standard on
every SSD. It's pretty minimal overhead to do in the controller so I don't
see why not.

However it's a slightly different use case to Bitlocker et al. Bitlocker
protects user data, while drive encryption protects the drive. For example
you might want to keep an unencrypted recovery partition so you can restore
the machine if you forget the password - with drive encryption you can't do
that unless it allows you to mark off that partition as unencrypted.

Deleting the key is not the same thing as securely erasing the key with
an overwrite so my question is can the "deleted" key be recovered?

No, in the firmware a delete is a delete. It will be overwritten with
zeroes, end of story. You might be able to dig out some faint traces with
an electron microscope, but that's serious paranoia (and million dollar)
time.

Also SSD's use wear levelling so an overwrite may end up on a physically
different location on the flash NAND chips?

Drive encryption/Secure Erase is handled in the drive firmware, and I would
be very surprised if the firmware was dumb enough not to take account of the
wear levelling the firmware itself is doing.

Theo

SH wrote

The solution to all of this is full disc encryption. Without the
password the disc is full of random noise.

Yes, Windows comes with Bitlocker. I am curious to know what the CPU
overhead is for decrypting on the fly the encrypted data on said drive?

Not enough to matter with the stuff you
dont want anyone else to be able to see.

If you are concerned about the disc falling into the wrong hands (on a
laptop, or at disposal time) then FDE will protect against that.

Is Bitlocker considered to be a FDE?

SSDs typically do FDE 'for free' - the raw flash
is encrypted, and a 'secure erase' is simply deleting the key from inside
the controller.

Thats interesting to know, why is FDE used on SSDs? I don't see it
advertised as a feature on the advertising blurb so it gives one the
impression that one needs to deploy FDE....

You dont see it advertised with laptops either but very few dont have it.

Deleting the key is not the same thing as securely erasing the key with an
overwrite so my question is can the "deleted" key be recovered?

It isnt anything stored anywhere.

Also SSD's use wear levelling so an overwrite may end up on a physically
different location on the flash NAND chips?

Not if you overwrite everything.

No angle grinders needed.

On 15/04/2021 20:02, SH wrote:
Whenever I wish to sell on of a hard disc, I *always* do a secure
overwrite using a variety of software tools, such as DBAN (Darik's Boot
'n' Nuke)and it gets securely erased to DoD standards..... before it
leaves my hands..... So my personal and financial data does not get
exploited by ne-er do wells....

I had 2 off 40 GB and 2 off 500 GB hard discs that either had the click
of death or was not "present" in the BIOS attached drives autodetection
list.

So Using DBAN was clearly out of the question on any of these 4 drives
and I could't even sell them on for spares or repair as it still had my
digital data on it.

The last time I had to securely destroy a disk, it had glass platters
coated in a magnetic metal oxide.Â* They were *easy* to destroy, with a
lump hammer!

So today I set to work with these 4 failed drives which are 7,200 rpm
versions

Got my battery powered screwdriver and remmoved all the Torx screws
including those under the stickers.

PCBs was successfully removed from all 4 drives and tossed into WEEE bin

The metal Lids was also successfully removed after breaking the hermetic
seal from all four and tossed into WEEE bin.

The torx screws were removed for the read/write heads on swinging arms
and removed..... and tossed into WEEE bin.

Then the spindle annular rings have 6 torx screws, which are
successfully removed and tossed into WEEE bin....

I then remove the platters and I end up with 10 platters (3 form two
drives and 2 from 2 drives)

I then try and smash them with a hammer. just put a dint into the
surface so clearly not glass.

I then get the chop saw out with a metal cutting blade... Blunted the
brand new blade.

I then get the HSS drill bit set out and the pillar drill..... The HSS
drilsl won't touch it......

Then I the favoured uk.d-i-y nuclear option... a grinder!

I take the platters to my bench grinder..... the grinding wheels are
blunted and you can see streaks of metal embedded in the discs from the
platters.....

I didn't have a professional grade degausser unit so that was not an
option open to me.....

So I think long and hard about what other methods are open to me to
securely destroy the platters....

I then fill up the garage sink with water after putting the sink plug in.

I use a pair of mole grips to hold the disc platter by the edge and
light my MAPP blowtorch...

I apply the blue flame to platter and then finally manage to melt the
platter and watch molten droplets of metal drop off into the sinkful of
water...

Rinse and repeat 9 more times....

1 empty bottle of MAPP gas later, the metal granules are now in the WEEE
bin!

RESULT!

I'm currently burning garden waste, old bit of fence etc. in a home made
incinerator made from a 200 litre oil drum with assorted air holes, on a
little stand to protect the rough bit of lawn. With dry-ish stuff the
bottom half gets up to a reasonable red heat in no time. I don't believe
you need to dismantle, just pop them on the top of the pile once it has
started, and collect the remains in the morning.

On Thu, 15 Apr 2021 20:02:08 +0100, SH wrote:

snip

PCBs was successfully removed from all 4 drives and tossed into WEEE bin

The metal Lids was also successfully removed after breaking the hermetic
seal from all four and tossed into WEEE bin.

The torx screws were removed for the read/write heads on swinging arms
and removed..... and tossed into WEEE bin.

Then the spindle annular rings have 6 torx screws, which are
successfully removed and tossed into WEEE bin....

snip

I use a pair of mole grips to hold the disc platter by the edge and
light my MAPP blowtorch...

I apply the blue flame to platter and then finally manage to melt the
platter and watch molten droplets of metal drop off into the sinkful of
water...

Rinse and repeat 9 more times....

1 empty bottle of MAPP gas later, the metal granules are now in the WEEE
bin!

Once you have broken something like that down into it's component
parts, wouldn't the metals (case, lid, platter droplets, screws etc)
go in the 'metals' with only the PCB / heads going in the WEE bin?

I appreciate most other stuff in there will contain many of the same
components you have but the difference being yours are now separated?

I just took our old tumble dryer to pieces and ended up with the
metals (side panels, screws, drum, heater), electrical bits (motor,
switches, PCB, wiring) and plastics (base, ducting, lid, door) and
they will all go to different places:

Metal / motor to the scrappy with the load of batteries I've built up,
plastics in 'Hard plastics' and the other electrical bits in the WEE
container at the same place as the plastics and the PCB / connectors /
cable to a PCB recyclers when I go that way next (the other two places
are local).

The last time I went to the PCB recyclers there one a 1 tonne bag
there half full of all sorts of connectors (most with brass / gold
plated pins). I asked how much that would fetch full and I think it
was way more than I expected. I think they even reclaim the solder.

Cheers, T i m

On 15/04/2021 20:02, SH wrote:

I apply the blue flame to platter and then finally manage to melt the
platter and watch molten droplets of metal drop off into the sinkful of
water...

Why bother?

Hit it a few times with a hammer. Break the PCB, and nobody is going to
try to resurrect it.

On 15/04/2021 21:58, GB wrote:
On 15/04/2021 20:02, SH wrote:

I apply the blue flame to platter and then finally manage to melt the
platter and watch molten droplets of metal drop off into the sinkful
of water...

Why bother?

Hit it a few times with a hammer. Break the PCB, and nobody is going to
try to resurrect it.


+4 (in a box waiting for next trip to tip)

--
Robin
reply-to address is (intended to be) valid

On 15/04/2021 21:58, GB wrote:
On 15/04/2021 20:02, SH wrote:

I apply the blue flame to platter and then finally manage to melt the
platter and watch molten droplets of metal drop off into the sinkful
of water...

Why bother?

Hit it a few times with a hammer. Break the PCB, and nobody is going to
try to resurrect it.





was that hit the whole intact drive or hit the platters only? Your reply
was not clear on that point

On 16/04/2021 08:51, SH wrote:
On 15/04/2021 21:58, GB wrote:
On 15/04/2021 20:02, SH wrote:

I apply the blue flame to platter and then finally manage to melt the
platter and watch molten droplets of metal drop off into the sinkful
of water...

Why bother?

Hit it a few times with a hammer. Break the PCB, and nobody is going
to try to resurrect it.





was that hit the whole intact drive or hit the platters only? Your reply
was not clear on that point


I hit the whole drive pretty hard with a hammer. That should damage the
motor etc, but not necessarily the platters. If you smash the PCB, it
becomes a major job to source another, so nobody is going to bother.

I hit the whole drive pretty hard with a hammer. That should damage the
motor etc, but not necessarily the platters. If you smash the PCB, it
becomes a major job to source another, so nobody is going to bother.

Sourcing another PCB is easy, eBay is a good source of failed drives
from which you can take teh PCB from as a donor "organ"

I prefer to direct the destructive energy at the platters *themselves*

S.

GB wrote:
On 15/04/2021 20:02, SH wrote:

I apply the blue flame to platter and then finally manage to melt the
platter and watch molten droplets of metal drop off into the sinkful of
water...

Why bother?

Hit it a few times with a hammer. Break the PCB, and nobody is going to
try to resurrect it.

The one thing that *might* do is suggest there's something worth
hiding! :-)

--
Chris Green
·

On 15/04/2021 20:02, SH wrote:
Whenever I wish to sell on of a hard disc, I *always* do a secure
overwrite using a variety of software tools, such as DBAN (Darik's Boot
'n' Nuke)and it gets securely erased to DoD standards..... before it
leaves my hands..... So my personal and financial data does not get
exploited by ne-er do wells....

I had 2 off 40 GB and 2 off 500 GB hard discs that either had the click
of death or was not "present" in the BIOS attached drives autodetection
list.

So Using DBAN was clearly out of the question on any of these 4 drives
and I could't even sell them on for spares or repair as it still had my
digital data on it.

The last time I had to securely destroy a disk, it had glass platters
coated in a magnetic metal oxide.Â* They were *easy* to destroy, with a
lump hammer!

So today I set to work with these 4 failed drives which are 7,200 rpm
versions

I use one of two methods for this class of drive:

Got my battery powered screwdriver and remmoved all the Torx screws
including those under the stickers.
PCBs was successfully removed from all 4 drives and tossed into WEEE bin

The metal Lids was also successfully removed after breaking the hermetic
seal from all four and tossed into WEEE bin.

The torx screws were removed for the read/write heads on swinging arms
and removed..... and tossed into WEEE bin.

Then the spindle annular rings have 6 torx screws, which are
successfully removed and tossed into WEEE bin....

I then remove the platters and I end up with 10 platters (3 form two
drives and 2 from 2 drives)

Yup all that, then repurpose the discs as coasters, having roughed up
the surface a bit / given them a wipe over with a neodymium magnet.

OR

Skip all the above dissassembly steps, place drive on concrete floor,
hit robustly with 14lb sledge several times. That is enough to bend the
entire drive, platters and all, so it can't be spun up or read by any
conventional method. (Yes there is a fair chance that GCHQ or the NSA
might be able to get something back off them, but they are not the folks
I am trying to keep out!)



--
Cheers,

John.

/================================================== ===============\
| Internode Ltd - http://www.internode.co.uk |
|-----------------------------------------------------------------|
| John Rumm - john(at)internode(dot)co(dot)uk |
\================================================= ================/

John Rumm wrote:

repurpose the discs as coasters, having roughed up
the surface a bit / given them a wipe over with a neodymium magnet.

OR

Skip all the above dissassembly steps, place drive on concrete floor,
hit robustly with 14lb sledge several times.

I think I've got "enough" magnets out of hard drives by now, and though
the platters are pretty and shiny, and might make good bird scarers, I
don't need them, so I just take a plugging chisel and lump hammer to
mash the case into the platters.

Yup all that, then repurpose the discs as coasters, having roughed up
the surface a bit / given them a wipe over with a neodymium magnet.


That won't fly with SWMBO, she will not recognise them as coasters and
would throw them in the bin.



Skip all the above dissassembly steps, place drive on concrete floor,
hit robustly with 14lb sledge several times. That is enough to bend the
entire drive, platters and all, so it can't be spun up or read by any
conventional method.Â* (Yes there is a fair chance that GCHQ or the NSA
might be able to get something back off them, but they are not the folks
I am trying to keep out!)

The Hard drive is based on arather substantial frame (most likely to be
aluminium. I'd rather direct the destructive energy onto the individual
platters otherwise, you can;t gaurantee the destructive energy *is*
getting through to the platters if you're hitting the entire drive.....

Plus some drives have multiple platters......

"SH" wrote in message
...

Yup all that, then repurpose the discs as coasters, having roughed up the
surface a bit / given them a wipe over with a neodymium magnet.

That won't fly with SWMBO, she will not recognise them as coasters and
would throw them in the bin.

Time to trade her in on a less stupid bimbo.

Skip all the above dissassembly steps, place drive on concrete floor, hit
robustly with 14lb sledge several times. That is enough to bend the
entire drive, platters and all, so it can't be spun up or read by any
conventional method. (Yes there is a fair chance that GCHQ or the NSA
might be able to get something back off them, but they are not the folks
I am trying to keep out!)

The Hard drive is based on arather substantial frame (most likely to be
aluminium. I'd rather direct the destructive energy onto the individual
platters otherwise, you can;t gaurantee the destructive energy *is*
getting through to the platters if you're hitting the entire drive.....

Plus some drives have multiple platters......