Used Hard Drives

[easysurfer]

I bought a bunch (well, 8 to be exact .. I'm doing some distro hopping) of used hard drives recently off ebay.

They looked almost new, anti-static wrapped and at first read with no OS got a screen that pops up saying drive is wiped. A nice touch I thought.

 

[SecondCor521]

I'm trying to figure out how the computer knew the "drive wipe date" of summer 2014.

A truly factory shipped drive (at least the ones my company shipped when I was there) were completely filled with zeros. There would be no data at all on the drive.

I suppose you could store it as a manufacturer-specific SMART attribute. But if that was the case, it would probably need the drive manufacturer and the computer manufacturer to be the same. As far as I know, Dell doesn't make hard drives; they OEM them from the usual suspects (Toshiba, Intel, Micron, etc.)

 

[easysurfer]

I didn't even notice the 2014 year. I mistakenly thought that read 2018.

 

[Sunset]

I would guess the software that wipes the drive leaves a little boot utility with the message, so the wiping person could quickly tell for sure it was done, and simply not booting up due to some other computer error.

 

[easysurfer]

I would guess the software that wipes the drive leaves a little boot utility with the message, so the wiping person could quickly tell for sure it was done, and simply not booting up due to some other computer error.

Yes, this is my guess too. The seller from ebay mentioned that the disks are wiped, so I bet he ran some utility that put the message.

 

[SecondCor521]

I would guess the software that wipes the drive leaves a little boot utility with the message, so the wiping person could quickly tell for sure it was done, and simply not booting up due to some other computer error.

Plausible, except for two things:

1. The wiping software would have to either know, assume, or figure out the target architecture of the computer into which the hard drive would next be installed. This is not trivial (well, assuming would be trivial but sometimes wrong). To make this point simply, the OP put the drive into a Dell computer, but he could have put it into something running an Apple OS or a Unix OS.

2. Leaving a boot utility on the drive would mean, by definition, that the drive was not wiped.

I don't recall all of the nitty gritty details, but I think a truly blank hard drive first needs to have a file system put on it (I think NTFS is the most common for Windows nowadays, but there was FAT32 and there are also Unix file systems that I forget the name of just now), then usually an operating system. This would typically be done at the OEM via a special manufacturing image copy process, or via a clean Windows install off of installation media.

 

[Sunset]

The OP picture looks like bios display message , does not require any OS to do that. It's at the chip level reading the low level format of the drive.

Much like a built in message the bios would give you if there was no disk in the machine, except then the message is contained within the bios.

By wiped it simply means OS and user data are written over (often multiple times). It does not mean it is empty.

 

[easysurfer]

The OP picture looks like bios display message , does not require any OS to do that. It's at the chip level reading the low level format of the drive.

Much like a built in message the bios would give you if there was no disk in the machine, except then the message is contained within the bios.

By wiped it simply means OS and user data are written over (often multiple times). It does not mean it is empty.

I was expecting a "no bootable" type message as that's what I think usually happens when I insert a wiped drive. Probably the seller used a utility to overwrite the old data and put this message on.

Regardless, first thing I did was restored a system on that drive .

 

[jim584672]

https://www.bleachbit.org/ will wipe it properly.

 

[SecondCor521]

The OP picture looks like bios display message , does not require any OS to do that. It's at the chip level reading the low level format of the drive.

Much like a built in message the bios would give you if there was no disk in the machine, except then the message is contained within the bios.

By wiped it simply means OS and user data are written over (often multiple times). It does not mean it is empty.

I understand what you are saying about the BIOS vs the OS and user data vs. the low level format of the drive.

My point is that a properly (<-IMHO) wiped drive, if you were able to just read the raw data, would literally be all addressable sectors completely filled with 256 or 512 bytes of zeros. (Little secret - the drives I worked on would keep track of which sectors were known empty, and if the host requested the data from those sectors, would give you a pre-filled buffer of zeros instead of reaching out to the media to "read" the zeros from the media. That way you get the correct answer but you get it faster.)

If a drive has anything but zeros, then it's not really wiped (again IMHO). Even a low level format that lays down a file system writes some data to sector 0 and I believe possibly some other sectors (2048, 4192, etc. maybe?). This is file-system dependent, but the data is non-zero.

Maybe they're just using a different meaning to "wiped" and my opinion is simply wrong/misinformed. Wouldn't be the first time.

And as a last point, you're correct in that the data is overwritten multiple times on traditional hard drives at least. There is a Department of Defense standard for the patterns to be overwritten and the number and sequence of those patterns. It has to do with the fact that traditional hard drives are read and written via magnetic fields, and if you overwrite just once or twice, there are advanced tools out there that can still "sniff" the remnants of the field and retrieve the data.

On the newer drives I worked on (SSDs), if they were encrypted drives, then it was faster and easier and just as secure to throw away the cryptographic keys - the data would still be there but it was complete gibberish. Of course you had to ensure that the keys were completely erased; I'm not sure how that worked exactly because the crypto stuff always seemed like waaay overkill (but the crypto guys were good at explaining how paranoid you have to think to cover all of your bases - we even had to worry about someone hijacking the SSD controller or the firmware, so the controllers had special encryption locations that needed to be carefully initialized for everything to work. Bottom line, don't forget your drive encrypt password or your data is gone forever and nobody can get it back, not even the SSD manufacturer.

 

[easysurfer]

There's a school of thought that thinks the only real way make data unreadable is the smash hard drive with hammer or put bullet or drill holes through the drive.

I'm not that paranoid. Well, at least not yet .

 

[MRG]

There's a school of thought that thinks the only real way make data unreadable is the smash hard drive with hammer or put bullet or drill holes through the drive.

I'm not that paranoid. Well, at least not yet .

A Megacorp we transferred them in secured transport, degauessed, and shreaded them. Of course it was pretty critical data that didn't really belong to us.

 

[DatumPoint5]

I fondly remember the "original quick low-level formatting command" in DEBUG G=C800:5

 

[easysurfer]

A Megacorp we transferred them in secured transport, degauessed, and shreaded them. Of course it was pretty critical data that didn't really belong to us.

Yes, I can see the need for shreading for critical data. Especially not belonging to the Megacorp.

Now I understand though, why looking at used laptops on ebay, many have no hard drive included. Bugs me though that many also don't include the matching hard drive caddy . That's a whole different topic.

 

[Car-Guy]

A Megacorp we transferred them in secured transport, degauessed, and shreaded them.

That was (maybe still is) the DOD standard for disposing of HD that contained classified data. Electronically wipe them with an approved program (usually 7 passes) and then physically shred the disk.

 

[ERD50]

...

If a drive has anything but zeros, then it's not really wiped (again IMHO). Even a low level format that lays down a file system writes some data to sector 0 and I believe possibly some other sectors (2048, 4192, etc. maybe?). This is file-system dependent, but the data is non-zero.

Maybe they're just using a different meaning to "wiped" and my opinion is simply wrong/misinformed. Wouldn't be the first time. ...

While I am sure you are technically correct, I really, really think that in this context, the only thing people expect is that the drive is "wiped of any previous user data/programs".

I certainly don't mind if I buy a "wiped" drive that is formatted (I can reformat it if needed), Or has some little program or data file that documents the date it was wiped of previous user data/programs.

-ERD50

 

[MRG]

That was (maybe still is) the DOD standard for disposing of HD that contained classified data. Electronically wipe them with an approve program (usually 7 passes) and then physically shred the disk.

Wasn't classified, but it was financial data that we were the custodian of. However if it was the DOD standard I can see Megacorp adopting it. In order to sell your services you had to convince your customers their data was secure.

 

[Sunset]

There's a school of thought that thinks the only real way make data unreadable is the smash hard drive with hammer or put bullet or drill holes through the drive.

I'm not that paranoid. Well, at least not yet .

I have bought computers at garage sales, full of people's information, pretty stupid of them.

My personal rule for my home computers, is to take the drive apart, take out all the platters, toss the circuitry in the garbage.

Inside are usually 2 large rare earth magnets, stuck onto a metal plate, these are great for sticking towels to the fridge, etc.

As for the platters I now have a stack of them in the basement, I might make a wind chime out of them as they have a really nice sound.

 

[easysurfer]

I have bought computers at garage sales, full of people's information, pretty stupid of them.

My personal rule for my home computers, is to take the drive apart, take out all the platters, toss the circuitry in the garbage.

Inside are usually 2 large rare earth magnets, stuck onto a metal plate, these are great for sticking towels to the fridge, etc.

As for the platters I now have a stack of them in the basement, I might make a wind chime out of them as they have a really nice sound.

I think a lot of folks that aren't into computers think of a computer as one thing and not the sum of it's parts. I was the recipient of a couple of old computers from my brother and his wife. Perfectly good hard drives and other parts that I've reused.

Figure that's my "pay" for all the TeamViewer sessions I do for them troubleshooting their computers .

 

[harley]

Now I understand though, why looking at used laptops on ebay, many have no hard drive included.

Sounds like my first PC. Two floppy drives, no hard drive. I was thrilled.

 

[jim584672]

If you have Win 10 Pro Bitlocker is available as an encryption option. If your machine falls into a stranger's hands they will only see gibberish.

 

[Sunset]

If you have Win 10 Pro Bitlocker is available as an encryption option. If your machine falls into a stranger's hands they will only see gibberish.

Same if you use Ubuntu desktop, when installing it, it asks if you want to encrypt the entire drive.

I give it a separate password for encrypting the entire drive, so I can have multiple accounts on a single machine each with their own password.