If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
DBAN question
I can't seem to find this anywhere. I have three, 2.5" hard drives I
was planning on selling soon and they are all different sizes. I am currently using one of the 7 pass DBAN algorithms on all three simultaneously on an unused desktop. Obviously, being three different sizes, two have finished before the last one. DBAN reports "succeeded" for the two while the last one continues to run. Can I remove the two that have finished, or should I wait until all three are done? Thank you. |
Ads |
#2
|
|||
|
|||
DBAN question
JBI wrote:
I can't seem to find this anywhere. I have three, 2.5" hard drives I was planning on selling soon and they are all different sizes. I am currently using one of the 7 pass DBAN algorithms on all three simultaneously on an unused desktop. Obviously, being three different sizes, two have finished before the last one. DBAN reports "succeeded" for the two while the last one continues to run. Can I remove the two that have finished, or should I wait until all three are done? Thank you. Are they set for Hot Swap in the bios / uefi? |
#3
|
|||
|
|||
DBAN question
JBI wrote:
I can't seem to find this anywhere. I have three, 2.5" hard drives I was planning on selling soon and they are all different sizes. I am currently using one of the 7 pass DBAN algorithms on all three simultaneously on an unused desktop. Obviously, being three different sizes, two have finished before the last one. DBAN reports "succeeded" for the two while the last one continues to run. Can I remove the two that have finished, or should I wait until all three are done? Thank you. You don't have to do it that way, as a start. Yes, DBAN runs in parallel. It can erase 99 drives in parallel, or so it claims. You could abort the outstanding run, disconnect the two drives which are finished, then consider your options. The 35 pass Gutmann algorithm is intended for drives which are 15 years old or older. These would be drives with maybe 4-5MB/sec write rates, with MFM encoding at the heads. Such drives have large fringing fields. And since they didn't use servo wedges and used a servo surface, it was possible to push them a half-track off the path and attempt to read the fringing field on the track. Doing 35 pass erasure, was an attempt to erase the track and the fringing field (after enough passes with the right patterns). Modern drives don't make it easy to do that sort of thing. I don't believe there is any track-offset capability on modern drives. In addition, a recent MFM (Magnetic Force Microscopy) picture, showed there is hardly any fringing field at all on modern recording tracks (and that's what makes SMR recording feasable). If someone is going to "scrounge" old passwords off your hard drive, or your bank account number, that's going to be a significant technical challenge. In summary, the remaining drive likely only needs *one* pass, not seven or thirty-five passes. That should save you some time. ******* Sufficiently modern drives, support the added "Secure Erase" command added to the ATA command set. It does a one pass erasure, done by the drive itself, and not by external software. The "Enhanced Secure Erase" even erases the re-allocated sectors. That flavor writes to every possible sector on the platter. Doing a single pass with DBAN, is less work. You have to find a copy of the Secure Erase program from CMRR, and set a password on the drive, in order to do a Secure Erase. ******* Note that, whether Secure Erase or DBAN, if an HPA is set on a drive, this can interfere with erasure and allow previously written information to be hidden. But it's pretty hard to set an HPA after the fact and shoot yourself in the foot. At least one brand of PC, used to "multiplex" five partitions into a four partition MBR, by using an HPA to hide the fifth partition, and a BIOS routine would edit the MBR to make the sleigh-of-hand seamless. That would be an example of your worst nightmare, in terms of proper DBAN (or Secure Erase) cleanup of a drive for resale. From an odds perspective, that's not too likely to be the drive in your hand right now. If you had such a drive, you remove it from the original computer, move it to another machine, remove the HPA, and erase all five partitions. On my current machine, the Intel SATA ports are blocked on HPA and cannot set or remove one. Only my Jmicron chip has a hole in the BIOS code that allows HPA work. And I've both set and cleared an HPA as an experiment. I changed a 250GB drive into a 6GB drive, to accelerate some "disk filling" experiments. That means 244GB of the drive was hidden from view, for as long as the HPA was asserted. If I were to DBAN the drive, only 6GB would be erased, and the other 244GB would be untouched. If you know for a fact some of the drive capacity is "missing", then you check for an HPA before selling the drive. And you need a port with the capability for that (like the JMicron IDE chip, plus an IDE to SATA adapter). Paul |
#4
|
|||
|
|||
DBAN question
JBI wrote:
I can't seem to find this anywhere. I have three, 2.5" hard drives I was planning on selling soon and they are all different sizes. I am currently using one of the 7 pass DBAN algorithms on all three simultaneously on an unused desktop. Obviously, being three different sizes, two have finished before the last one. DBAN reports "succeeded" for the two while the last one continues to run. Can I remove the two that have finished, or should I wait until all three are done? Thank you. In a command shell with admin privileges, what happens when you run: mount drive\ /d For example, if the drive letter assignment to a partition on a disk was D: then you use: mount d:\ /d Make sure to include the backslash after the drive letter since the root is the mount point of that volume. While you can unmount a volume (partition), there could be multiple partitions on a disk. You didn't say if there was 1, or more, partitions on the disks that complete the wipe. Run "mount /?" to see its command-line syntax and arguments. If you require a pretty GUI to do unmounting, read: https://www.computerhope.com/issues/ch001898.htm Are the already-wiped disks also hot-swappable? Since the computer is still powered while you wipe the other volume/partition/drive, you would be removing the other 2 disks while still powered. Are the wiped disks in hot-swap bays? That is, do you have hot-swap *hardware*? You can't get into the BIOS/UEFI settings while you are wiping the last disk, so you cannot go into the BIOS to disable the controllers to the already-wiped disks. Of course, since you booted using the DBAN media, you aren't in Windows to be unmounting drives. You loaded whatever OS (probably Linux) on which DBAN runs. You booted using that OS. You still cannot get into the BIOS screens while running DBAN. Just wait. What can you do with the 2 already-wiped drives before the 3rd still-wiping disk completes its erase? |
#5
|
|||
|
|||
DBAN question
On 09/26/2018 09:37 PM, Paul wrote:
JBI wrote: I can't seem to find this anywhere.Â* I have three, 2.5" hard drives I was planning on selling soon and they are all different sizes.Â* I am currently using one of the 7 pass DBAN algorithms on all three simultaneously on an unused desktop.Â* Obviously, being three different sizes, two have finished before the last one.Â* DBAN reports "succeeded" for the two while the last one continues to run.Â* Can I remove the two that have finished, or should I wait until all three are done?Â* Thank you. You don't have to do it that way, as a start. Yes, DBAN runs in parallel. It can erase 99 drives in parallel, or so it claims. I suppose actual limitations might depend on the power supply. Not sure how many drives a standard PC switching supply would support, but I suppose if you got up to half a dozen, there might be too much stress on the ps. You could abort the outstanding run, disconnect the two drives which are finished, then consider your options. I've decided I'm just going to let them run. The 35 pass Gutmann algorithm is intended for drives which are 15 years old or older. These would be drives with maybe 4-5MB/sec write rates, with MFM encoding at the heads. Such drives have large fringing fields. And since they didn't use servo wedges and used a servo surface, it was possible to push them a half-track off the path and attempt to read the fringing field on the track. Doing 35 pass erasure, was an attempt to erase the track and the fringing field (after enough passes with the right patterns). Modern drives don't make it easy to do that sort of thing. I don't believe there is any track-offset capability on modern drives. In addition, a recent MFM (Magnetic Force Microscopy) picture, showed there is hardly any fringing field at all on modern recording tracks (and that's what makes SMR recording feasable). If someone is going to "scrounge" old passwords off your hard drive, or your bank account number, that's going to be a significant technical challenge. In summary, the remaining drive likely only needs *one* pass, not seven or thirty-five passes. That should save you some time. Before I started, I researched this a bit and came up with inconclusive results. I came away thinking in some cases, one pass and then another article mentioning seven passes and a law enforcement test system was able to still read significant things off the drive after a two day deep scan. ******* Sufficiently modern drives, support the added "Secure Erase" command added to the ATA command set. It does a one pass erasure, done by the drive itself, and not by external software. The "Enhanced Secure Erase" even erases the re-allocated sectors. That flavor writes to every possible sector on the platter. I was thinking of this, but read that with USB 3 connected drives, secure erase might make them inoperative. I wasn't even sure it could be implemented in the USB 3 drives anyway. For future reference, I was wondering just what would happen to internal ATA drives subjected to secure erase, would Win or other programs still be able to install on them? Doing a single pass with DBAN, is less work. You have to find a copy of the Secure Erase program from CMRR, and set a password on the drive, in order to do a Secure Erase. ******* Note that, whether Secure Erase or DBAN, if an HPA is set on a drive, this can interfere with erasure and allow previously written information to be hidden. But it's pretty hard to set an HPA after the fact and shoot yourself in the foot. Yes, I was also reading about hidden sectors and that was a slight concern. At least one brand of PC, used to "multiplex" five partitions into a four partition MBR, by using an HPA to hide the fifth partition, and a BIOS routine would edit the MBR to make the sleigh-of-hand seamless. That would be an example of your worst nightmare, in terms of proper DBAN (or Secure Erase) cleanup of a drive for resale. From an odds perspective, that's not too likely to be the drive in your hand right now. If you had such a drive, you remove it from the original computer, move it to another machine, remove the HPA, and erase all five partitions. On my current machine, the Intel SATA ports are blocked on HPA and cannot set or remove one. Only my Jmicron chip has a hole in the BIOS code that allows HPA work. And I've both set and cleared an HPA as an experiment. I changed a 250GB drive into a 6GB drive, to accelerate some "disk filling" experiments. That means 244GB of the drive was hidden from view, for as long as the HPA was asserted. If I were to DBAN the drive, only 6GB would be erased, and the other 244GB would be untouched. If you know for a fact some of the drive capacity is "missing", then you check for an HPA before selling the drive. And you need a port with the capability for that (like the JMicron IDE chip, plus an IDE to SATA adapter). Well, the only thing I'm noticing is that a 500 GB drive comes up as 465 GB or so, but I read that was due to manufacturer advertising. You brought up some good points here. Thanks. Â*Â* Paul |
#6
|
|||
|
|||
DBAN question
JBI wrote:
Before I started, I researched this a bit and came up with inconclusive results. I came away thinking in some cases, one pass and then another article mentioning seven passes and a law enforcement test system was able to still read significant things off the drive after a two day deep scan. The way I would interpret this, is the difference between "formatting" and "erasure". In 2018, drives no long "low level format". That 15 year old drive I was referring to, would low level format (because it has a servo surface, and the other surfaces can be redefined at will). Low level format is different than a partition level format. Low level format is applied to the whole disk (I used to do them at work, and if you messed with the drive before completion, you could make luncheon meat out of the drive). Modern drives format at the partition level. There's no low level format. When you format, a new FAT or $MFT is written to the disk. The Disk Management format routine is "Quick" or "Full". Obviously "Quick" has no time to do anything, so we know it doesn't change the disk state. There could be old information on the disk, which a law enforcement two day scan could find. The quick format destroys the FAT, so easy peasy pointers to the file are removed. But a Recuva or Photorec scan could likely piece together a few files. This might be the kind of reference you're reading about. it takes Photorec a long time to process a disk in any case. OK, so now we try the "Full" format. What happens ? It writes a new FAT or a $MFT, then it "read verifies" (no writes involved!) the entire partition. All it's doing is reads for two hours. It does this to build a map of bad clusters. Again, this does *nothing* to remove old information. As in the Quick Format, law enforcement may profit by scanning. ******* DBAN obviously works at the physical layer, writing sectors. Now, the law enforcement scan gets nothing, because a pattern has been written to all the data sectors. DBAN doesn't write reallocated sectors. There could be some of those. If the forensic expert gets hands on a WDC/Seagate "reset" software, then the reallocated sectors (likely unreadable) would be mapped back in. Can anything be recovered ? Probably not. The drive tried to read the sector for 15 seconds times 120 rotations per second, which is a hell of a lot of tries. More tries are not likely to help. The ATA command "Secure Erase" does approximately as much writing as DBAN. The "diskpart" program and its "clean all" option, does as much erasing as DBAN and uses zeros for erasure. It's a tool I've used a number of times, to remove GPT info from large disks so that utilities stop finding the GPT info and acting upon it. I also use "clean all" to remove RAID metadata (change hardware boxes, plug RAID drives into box that doesn't have the same brand of chips). So "format" isn't a good option at all, either "Quick" or "Full". Secure Erase is good. Clean All is good. If all you have is a chance to do "one pass", you want that pass to be as complete as possible, and no HPA or DCO to prevent accessing every (visible) sector. Doing "Enhanced Secure Erase" protects against a skilled adversary, versus just some guy on Ebay who bought your drive. I've not read of any accounts of people having "disk reset" software. If the factory has any secrets, it's doing a good job of containing them. With USB flash sticks, the factory leaks like a sieve, and there are utilities in circulation for messing with the controller on those. I suspect the Seagate and WDC lawyers are too good at whacking former employees, for the employees to take a chance. Paul |
#7
|
|||
|
|||
DBAN question - now disc capacity
In message , JBI writes:
[] Well, the only thing I'm noticing is that a 500 GB drive comes up as 465 GB or so, but I read that was due to manufacturer advertising. You brought up some good points here. Thanks. ** Paul That's the discrepancy because 2^10 only _approximates_ to 10^3 - i. e. 1024 rather than 1000. Manufacturers would say that a G is 1000000000; Microsoft use 1073741824. Those 2.4% differences accumulate: my nominally 1 TB drive only shows as about 931G in "Properties". (There has been some attempt to use "kibi", "Gibi" and so on - abbreviations ki, Gi - for the binary ones, as opposed to kilo, giga - but it hasn't caught on widely.) I'm surprised: I'd have thought that the extra effort involved in programming disc controllers, etc. to handle non-binary sizes of disc would have been more effort than the saving was worth, at least in the early days of few-megabyte drives; however, the practice did stick, and now that the saving is up to about 7% for "terabyte" drives, I guess it _is_ starting to become significant. -- J. P. Gilliver. UMRA: 1960/1985 MB++G()AL-IS-Ch++(p)Ar@T+H+Sh0!:`)DNAf Veni Vidi Vacuum [I came, I saw, It sucked] - , 1998 |
#8
|
|||
|
|||
DBAN question - now disc capacity
J. P. Gilliver (John) wrote:
In message , JBI writes: [] Well, the only thing I'm noticing is that a 500 GB drive comes up as 465 GB or so, but I read that was due to manufacturer advertising. You brought up some good points here. Thanks. Paul That's the discrepancy because 2^10 only _approximates_ to 10^3 - i. e. 1024 rather than 1000. Manufacturers would say that a G is 1000000000; Microsoft use 1073741824. Those 2.4% differences accumulate: my nominally 1 TB drive only shows as about 931G in "Properties". (There has been some attempt to use "kibi", "Gibi" and so on - abbreviations ki, Gi - for the binary ones, as opposed to kilo, giga - but it hasn't caught on widely.) I'm surprised: I'd have thought that the extra effort involved in programming disc controllers, etc. to handle non-binary sizes of disc would have been more effort than the saving was worth, at least in the early days of few-megabyte drives; however, the practice did stick, and now that the saving is up to about 7% for "terabyte" drives, I guess it _is_ starting to become significant. "programming disc controllers" I hope this isn't about to turn into a Calvin and Hobbes cartoon. The "end-LBA" has to be programmed in any case. You can't be banging the heads against the hub :-) I don't even know if they still have limit-switches for this stuff, like the big drives had. Whether the end-LBA value is 12345 or 12346 makes no difference in the big scheme of things. In the following examples, the capacity is set up to suit the marketing department and is slightly bigger than "the value on the tin". 1000204886016 my 1TB drive (divisible by 63) 2000398934016 my 2TB drive (divisible by 63) The mapping of LBA to physical position is pretty weird in any case, due to zoned recording. It's already pretty hard to figure out where exactly the heads are supposed to go. The relationship between CHS or LBA value and voice coil position isn't easy to determine, and may actually use a table lookup for speed reasons. The table would get you to the right zone, then add some kind of offset to get the rest of the way into the zone. For a 1TB drive, all Seagate or WDC have to do is "make a number slightly bigger than 1TB value" and "make the number divisible by 63". For fun, you can check the number from your drive and see if it's divisible by 63. Where that comes from, is the fake CHS has 63 sectors per track or something, and they *do* want the drive to look like it has a fully formed CHS address space. Even though no modern application actually cares. It's a pretense to suit history, and not trigger any legacy code somewhere that *is* checking. Paul |
Thread Tools | |
Display Modes | Rate This Thread |
|
|