I did this on purpose... ask me why

[JordB]

 

Sometimes you just need to break things.

 

A Few Papers on Magnetic Force Microscopy:

https://escholarship.org/uc/item/26g4p84b

https://www.vidarholen.net/~vidar/overwriting_hard_drive_data.pdf

http://all.net/ForensicsPapers/2012-12-07-OverwrittenMagneticRecovery.pdf

 

Software Encryption Resources:

    Windows - https://support.microsoft.com/en-us/windows/turn-on-device-encryption-0c453637-bc88-5f74-5105-741561aae838#ID0EBD=Windows_11

    Linux - https://cloud.ibm.com/docs/BlockStorage?topic=BlockStorage-LUKSencryption

    OS X - https://support.apple.com/en-ca/guide/mac-help/mh11785/mac

 

Check out @‌RACK at https://at-rack.co.uk/ and https://www.linkedin.com/company/at-rack/

[emosun]

isnt it easier to just say you dropped it

[ScuttleSE]

Interesting stuff.

 

At work we have two devices for this kind of stuff. For spinning drives we have a 20.000 gauss degausser, and for ssds we have a shredder. A colleague of mine tried to shred a 2.5" HDD, the results were.... interesting

 

 

[manikyath]

back when i worked at -some shipping provider- we had a prodcedre for destroying compactflash cards from firewalls that involved a pair of pliers in specific positioning. because we knew where the two chips in the CF cards were, and grabbing it the right way and just ripping it between the two pliers essentially shredded both chips.

 

it's an interesting space to do guaranteed data removal.

[Zodiark1593]

Wonder if it would be possible to build a ramset jig into a case, designed to rapidly destroy the memory chips of an SSD, should any tampering be detected.

 

Would love to see forensics recover data from chips, that have nails stuck through them. 

[HenrySalayne]

Why do you have this machine at the office, Linus? What unspeakable things did you do?

[ScuttleSE]

17 minutes ago, Zodiark1593 said:

Wonder if it would be possible to build a ramset jig into a case, designed to rapidly destroy the memory chips of an SSD, should any tampering be detected.

 

Would love to see forensics recover data from chips, that have nails stuck through them. 

This is what the TPM-module on your motherboard is for. The encryption key to your harddrives can live in there, in a tamper-proof chip, any tampering, the data is inaccessible

[kokosnh]

wow, just wow,  It's so good, like somebody read some of my post here on the forums about it. 

 

I like that they cover almoust everything, I feel like it could be little more highlighted, to do not use HDD erasing programs for SSD, and only use secure erase on them.
(It was explained, why not to do it, but I think it could me more highlighted, as we do see people on the forum zeroing the SSD for no apparent reason )
I like how they did highlighted that even secure erase is only OK, only if implemented correctly in the SSD/program (like checking the result value after, and reporting it correctly). That's important. 

 

I like how they did mention SED drives, how they work, and that by default, they do not encrypt the data! That's important. (yes, I know they do encrypt it, while they don't, but just let it go for now...) 
They only failed to mention that nowadays, nobody trust SED HDD/SSD anymore, and why is that. 
And the problem of zeroing SMR HDD. 
rest is very good, it's very comprehensive guide for any novice. 

EDIT:                              

Ps. The only one more shenanigans that I rarely touched upon, is the type od SED SSD/HDD and secure erase command. Ther are some shenanigans in implementation there in some models. 
"The data encryption is always running; however, encryption keys are not managed, and the data is not secure until either TCG/Opal or ATA security feature sets are enabled." so typical SED drive, but 
"This technique is a quick means to sanitize the drive, since deleting the encryption key will, in theory, render the data on the drive irretrievable." 

Basically when such SED SSD/HDD retrieves secure erase command, it's just deleting, and generating new encryption key by itself. 

You probably see where this is going... 
The default encryption key, and it's storage space, on the SSD itself... not to mention the pseudo random, key generators.

[Ryker Robb]

1 hour ago, Zodiark1593 said:

Wonder if it would be possible to build a ramset jig into a case, designed to rapidly destroy the memory chips of an SSD, should any tampering be detected.

 

Would love to see forensics recover data from chips, that have nails stuck through them. 

Not exactly using a ramset jig, but something like this:

set up to trigger upon tampering, would be kinda cool.

[Ryker Robb]

This was pretty cool too.

[Zodiark1593]

2 hours ago, ScuttleSE said:

This is what the TPM-module on your motherboard is for. The encryption key to your harddrives can live in there, in a tamper-proof chip, any tampering, the data is inaccessible

Encryption itself is a very strong, potentially insurmountable, layer of security. But it’s only one layer, and should be a last resort at that.

 

Ideally, I’d prefer not to even provide attackers the opportunity to perform brute force attack. 

[Avocado Diaboli]

2 hours ago, kokosnh said:

They only failed to mention that nowadays, nobody trust SED HDD/SSD anymore, and why is that. 

The reason is pretty obvious. Not destroying the drive and trusting the encryption to never be broken is terrible practice, because you have no means of verifying that the encryption is indeed flawless or that there won't be a point where breaking said encryption through brute force will become viable. And then you're facing a scenario where you let out confidential data instead of just destroying it outright beyond retrieval. It's just overall much less of a headache to destroy it.

[-DDH]

At work we recently purchased and used the Pure Leverage drive crusher. It is quite fun and worked great on destroying a variety of older data center drives. We also used it on several 2.5" drives. A few of the drives had glass platters and they would shatter as we crushed them. The best part is we finally worked through our backlog of drives as everyone enjoyed taking a turn at crushing a few drives. I attached the link below in case anyone else is interested as we were.

https://purelev.com

[VinLAURiA]

That thumbnail... Linus is starting to look old.

 

[dogwitch]

yeah even drive in pic.  you can get recover data from it.

 

[Ryker Robb]

13 hours ago, dogwitch said:

yeah even drive in pic.  you can get recover data from it.

 

Even after it's been through the degausser?

[dogwitch]

17 hours ago, Ryker Robb said:

Even after it's been through the degausser?

change in patterns of magnetic field.  you can reverse figure out the pattern.

a trick in space science can be applied to data storage.

 

nsa/cia

general will melt the drives. the only way to permanently destroy the data.

[Ryker Robb]

6 hours ago, dogwitch said:

change in patterns of magnetic field.  you can reverse figure out the pattern.

a trick in space science can be applied to data storage.

*In theory. 

I'd like to see any real life examples of this being done on a modern drive. The data densities are soo small, that any traces of patterns leftover after a degauss are going to be next to imposible to find, let alone interpret.

[manikyath]

8 hours ago, dogwitch said:

change in patterns of magnetic field.  you can reverse figure out the pattern.

a trick in space science can be applied to data storage.

the thing with HDD degaussers is they are validated to wreck the magentic field on the platters of specific technologies (that they are validated for) hard enough that realisticly there is not enough left to reconstruct any data. in theory there will be vague remanents of the original data, but it is impossible to distinguish those remanents from the noise around them.