JDA

Data of Mass Destruction: Part II

Details

Category: Blog

Published on Friday, 11 September 2009 11:04

Written by Brian Dykstra

Hits: 833

(Need to catch up? Click here for "Data of Mass Destruction: Part I.")

We've finally reached the first stage of destruction: degaussing. Degaussing is a process where magnetic media is exposed to a powerful, alternating magnetic field of sufficient intensity to completely saturate the media. Let me start by saying all degaussers are not created equal.

All of the degaussers we used were rented from the fine people at Data Devices International (www.datadev.com) out in San Marino, CA. Renting a degausser for a destruction project probably makes sense for most people as the purchase price for a degausser ranges from $3,500-$25,000. You'd have to be performing a lot of destruction on a regular basis to make that kind of purchase pay back.

The Bad: We started the project with a Verity System V660 EVO hard drive degausser with infrared remote control. The V660 is a table top style degausser that supposed to generate 6,600 gauss of energy and be suitable for server and PC hard drives but not tapes. Having some experience with degaussers, the V660 seemed like a good choice with a high energy output and claims of one pass, five second degauss cycles.

As a computer forensic/e-discovery professional, I'm always suspicious of hardware and software vendor claims, so of course we decided to test a few hard disks after degaussing to ensure they were properly degaussed. Testing a degaussed hard disk drive is a bit of a tricky scenario and far from perfect. Degaussing may leave a hard disk in a condition where it won't spin or function properly when connected to a computer but could still contain data on the internal hard drive platters. This is usually caused by the degaussing process corrupting the "servo tracks" on the hard disk drive that tell the computer how to communicate with the hard drive. In very general terms it is usually a good sign that the hard disk drive was successfully degaussed if the "servo tracks" were scrambled. Short of a clean room review of the platters from a hard drive damaged in such a manner, there isn't a good in-house testing option. Our much simpler test was to simply connect the degaussed hard disk drive to a computer running Linux. We checked for the following:

1. Does the hard disk drive spin-up when powered?

2. Is the hard disk drive successfully detected by the Linux host computer?

3. Does the Linux host computer detect a file system on the hard disk drive?

4. Is there reviewable data on the hard disk after degaussing?

Generally if you can answer yes to any of the four questions above the hard disk in question was not completely degaussed. After carefully following the degaussing instructions included with the Verity Systems V660 degausser we performed our four-step checking procedure. To our surprise not only did the first three drives we tested all spin-up properly, but the file systems on the hard disks were successfully detected and data was reviewable. We decided that something must be wrong with our process so after double-checking the degausser's manual, we degaussed the hard disk drives again and retested. After a 2nd, 3rd and 4th run through the V660 we were still able to review data on the hard disks. Next we decided to check line voltage where we plugged the degausser in to make sure it was providing enough power for the degaussing process. After checking everything we could think of, speaking with tech support at Data Devices International and unsuccessfully degaussing the hard disk several more times we decided the V660 must have been damaged during shipping.

Data Devices International overnight shipped a brand new, replacement Verity Systems V660 to us and we started the whole procedure over again. To our surprise the new V660 also failed to properly degauss the hard disks. In the end we found that a process of running the hard disks through the V660 eight times for 30 seconds at a pass (changing drive orientation each time) was the only way to successfully degauss a single hard disk drive. If you add that up, it means we had to actively degauss each hard drive for a total of 4 minutes to produce acceptable results. The problem with this extended-run, multiple-pass process is that both the hard disk drives and the Verity Systems V660 become very hot. The metal casing of the hard disk drives was actually heated to the point that the operator had to wear heavy gloves to prevent burning his hands. This heating problem also cased the V660 to overheat and trip the automatic shut-off/cool-down after degaussing four to eight hard disk drives. To make matters even worse, the hard disk drives vibrated so loud, even when secured in the drive holder with the lid closed, that the operator had to wear hearing protection.

To summarize, our experience with two Verity Systems V660s was very bad and we would not recommend this degausser to anyone.

For the second part of our destruction project we decided to select a degausser that used a new technology, specifically, capacitive discharge degaussing, rather than copper coil used in older degaussers like the Verity Systems V660. A capacitive discharge degausser stores up energy in large capacitors and then releases the energy in a powerful electromagnetic burst. The capacitive discharge process produces very little heat and the degausser can be run almost continuously. Capacitive discharge degaussers are also known as "pulse degaussers".

The Good: Data Devices International provided us with one of their new Garner HD-3WXL Continuous Duty Drive and Tape degaussers. One of the first things that we noticed about the new HD-3WXL degausser was that it seemed lighter, and was smaller and easier to move around because of carrying handles. During a careful read-through of the instruction manual we noticed that there was a warning about electromagnetic energy from the degausser being measurable up to twelve inches away from the unit during operation. We always recommend removing sensitve magnetic media such as cell phones, USB thumb drives, electronic keys and credit cards when working with any degausser. It is probably unlikely that these items would be adversely affected but why risk a pocket full of wiped credit cards?

The Garner HD-3WXL degausser worked even better than we expected. The degausser ran quiet, cool and quick. We didn't experience any drives that failed to degauss after a single 10 second pass. We also liked the little voltmeter on the side of the HD-3WXL that let us know it was actually pulsing the hard disk drives. There is a short little video of the HD-3WXL degausser doing its job at http://www.datadev.com/degausser-hard-drive-data-security-lto-hd3.html . Unlike a lot of other tools we've used, it performed exactly as advertised on YouTube.

The final phase of the destruction project was to take all of the freshly degaussed hard disk drives and various other bits of storage media to a physical destruction facility. We selected the oddly-named Back Thru The Future Computer Recycling, Inc. (BTTF) in Ogdensburg, New Jersey. You can securely send drives to BTTF in locking security containers that they will send to you, but we chose to deliver the hard disk drives in person. An important step in this final phase is to securely pack all of the hard drive for delivery to the physical destruction facility. We recommend using a heavy-duty banker box and not putting more than 30-40 hard drives in each box because of the weight. It is also important to make an exact count of how many hard drives are placed in each box. Here we recommend writing the number of drives in each box on the outside of the box and securely sealing it with packing tape for delivery. It is probably overkill but we like to treat every piece of digital media provided to us by a client as evidence until it is no longer our responsibility, therefore I recommend initialing each banker box where the tape and box meet as would normally be done for evidence. This extra little step makes tampering with any of the boxes obvious should anything unfortunate happen during delivery.

Once the hard disk drives are delivered to BTTF expect to spend some time with one of their employees recounting all of the hard drives to make sure nothing got lost in transit. From there the good people at BTTF will take control of the hard disk drives and generate another list by serial number of each piece of magnetic media before grinding everything into little metal shreds.

BTTF also has an excellent YouTube video on their web site of hard disk drives going into the shredder at http://www.backthruthefuture.com/index.php. The hard drive shredder is a lot of fun to watch after all the careful work that goes into a properly performed data destruction project. Once everything has been completely shredded, BTTF will provide a full set of their own certificates of destruction. The final step is combine the two sets of certificates of destruction into a final set and store it with other archived corporate documents.

• < Prev
• Next >