Category Archives: ATA

Securely erase hard drives

In a previous post I wrote about disk wiping tools. If you haven’t read that article, I suggest reading it before reading this one. Also, this article is written with the assumption that the reader has a fair amount of technical knowledge.

The reasons for wanting to wipe a hard disk drive are many:

  • You might expect a visit by NSA-SCS.
  • You might suspect a rootkit infestation.
  • You might wish to sell your old computer or throw it away and you don’t want your anyone else to get a hold of your private data 1).
  • Same as above, only for companies, hospitals, law firms or anyone else with legal obligation to prevent the spreading of sensitive data.
  • You’re simply paranoid.

Whatever your reasons are, you need to make sure that the data that used to be on your hard drive are gone, hence the need for a disk wiping tool.

But as mentioned in my previous post, wiping tools – that is; block erase wiping tools (BEWTs) – have certain limitations:

  • Hidden data areas (HPA/DCO) might not be wiped, possibly leaving rootkits in place (although probably non-functional).
  • Blocks marked as bad by the hard drive itself are not wiped (blocks marked as bad by the operating system only will be wiped). This information is possible to recover using exotic forensic techniques 2).

In addition to these two previously mentioned limitations, the following apply:

  • When data is overwritten (block erased), the old data on the hard drives might leave magnetic information on off-track areas of the hard drive. BEWTs have no way of erasing this off-track information. This information is theoretically possible to recover using exotic forensict techniques. 3)
  • On modern, high-capacity drives, multiple overwrites are no more effective than a single overwrite. 4)
  • BEWTs are suseptible to malware attacks. 5)
  • Using BEWTs takes time. Following the old DoD 5220.22-M directive of 3 consecutive wipes might take as much as 24 hours on a 250GB disk. BEWTs can exceed the DoD standard and wipe a drive as many as 35 times, leaving the computer used for wiping non-operational for weeks.
  • When you’ve run a BEWT, you have little posibility of verifying that a complete wipe has taken place; that all user accessible areas has been wiped. You’ll have to rely on the information that the BEWT gives you.

Enter Security Erase
Lately there’s been some hype about the relatively new ATA command addition called Secure Erase (part of the ATA Security Feature Set), from now on refered to as “ATA-SE”. ATA-SE is an ATA command (SECURITY ERASE UNIT) built into hard drive firmware that, if executed, orders the hard disk drive to wipe itself. Using software similar to BEWTs (boot disk with an ATA command program) you can trigger this built-in function, wiping your hard drive. Alternatively, you can use the same program to simply lock the hard drive rendering it useless, so that only a wipe (or providing the correct password) can unlock the drive to make it usable again 6). If you have a disk drive produced 2001 or later (with a capacity of 15GB or higher) there’s a 99% chance that your hard drive implements ATA-SE.

But what’s the hype about?

Continue reading


Filed under ATA, data forensics, data recovery, encryption, hard drive wiping, hard drives, Ibas, NSA, security