[BBLISA] Looking for disk destruction in metro Boston/Manchester NH area.

John P. Rouillard rouilj at cs.umb.edu
Thu Feb 7 14:04:49 EST 2013 

In message <D5CAEF53-CB8E-4B13-8672-BF8C7AE80B44 at direwolf.com>, John
Orthoefer writes:
>Without speaking for JohnR.  It could be a contractual requirement
>for you to use a certified disk destroyer.  Yes if it's just some
>drives that you don't want someone dumpster diving, you likely
>don't want to spend the money to get it done professionally.  
>
>However, if you have a client's data on the drives, and they say
>at the end contract you need to certify the drives are destroyed.
>That comes with risk, you need a company that can certify what
>they did and how it was done, and likely carries some favor of insurance.  
>
>This is just me talking.  I don't know why he is asking. These are
>great ideas, but may not help for what he needs.   

I agree that these are great ideas. We came up with few of our own
including putting some hard working skeet out of work by replacing
them with the drives.

   PULL ... BANG!

with some nice large shot ought to make the data unrecoverable 8-).

I have tried to drill drives in the past, doable but not trivial. Also
if you do drill a drive spin it up afterwards (while you are safely
away from the drive) to make sure the metal bits scour the platters
and heads nicely till the whole thing stops working.

Our normal decomissioning (before releasing to employees or sending it
out for recyling) is to run a single cycle dban with a zero pass for
normal drives. For drives with sensitive (PII or contractually
obligated data) we return the drives to the supplier or do a more
extensive wipe of the data using multiple methods.

The drives I am discussing have have failed the required wipes. Just
for fun I took one of the drives and hooked it up and ran ddrescue on
it. Took a couple of weeks but I was able to recognize some of the
data pulled from it.

These drives have not been tracked so I am not sure what data may have
been on them, hence the need to actually get signed paperwork on the
destruction of the drives when they are removed from the company's
possession.

So unless somebody has an thermite grenade or arc furnace I can borrow
...  well I guess I wouldn't really be borrowing the thermite grenade
8-). In any case bring it to the meeting next week. I'll be there 8-).

--
				-- rouilj
John Rouillard
===========================================================================
My employers don't acknowledge my existence much less my opinions.

More information about the bblisa mailing list