I've heard of a company going so far in data secrecy that they destroyed their old monitors as they might contain traces of burn-in of sensitive data or something along the lines
I remember hearing that the Nellis AFB (that‘s were Area 51 is) has a it‘s own scrapyard where all computers ever brought into the base are disposed, crushed, burned and then buried forever. No digital equipment is allowed to ever leave the premises ever again.
Or pay a teenager minimum wage to throw these at walls. What drives we couldn't DOD wipe, we either pierced with a drill, and when we discovered that some of the drive plates shattered, we took those drives on the top of the stairwell at our campus and dropped them 5 stories down the middle. Spectacular sounds. We even chipped the marble after like the 30th drop. The drives sounded like a musical instrument lol.
When I was getting my Cybersecurity degree I took a digital forensics class and it is truly fascinating. Data destruction and recovery is such a cool topic and the tools that allow you to do data carving are a lot of fun.
In most larger scale applications for permanent drive / data destruction they use a shredder and conveyor system in order to feed the drives in quickly, and get just a bunch of small chunks that can be recycled afterwards. But the singular drive crusher is a cool demonstration
The one advantage this system has to that is easier auditing of the physically destroyed drives. If you just have a pile of chunks on a belt or in a bucket, it's kind of hard to tell what's what.
I worked in a hospital that had close to 1000 HDD's / SSD's each year that needed to be destroyed. Shredders are expensive so we just used a manual press, like the crusher in the video, but manual. SSD's were wiped using a program called Kill disk that did 13 different passes. It was a never ending task.
@ctg4818 maintaining one is, has to be hot enough to melt everything, got to have extract fans for the smoke and fumes from the metals, fuel for the fire, etc. This is MUCH easier.
Instant secure erase is also a very awesome feature for essentially most business and personal stuff. It’s essentially encryption and it throws out the key.
One thing to be careful with here is that it's called ATA Sanitize, and "Secure Erase" is a different feature that doesn't actually employ any encryption - it simply drops the page mapping table.
@@gsuberland Usually, and as per ATA specification, ATA Secure Erase should erase SSDs completely by resetting every bit, not just dropping the mapping table. What you are talking about is a simple format or deleting a partition afaik. Sure, there are maybe some wack ATA implementations out there but this shouldn't be the standard.
If the drive is SED hdd,, the secure erase has 2 modes instant erase/Sanitize Cypto {default} clears protected and hidden area and resets private and public encryption keys (doesn't zero fill the drive all stored data is unrecoverable due to encryption keys reset) Advance secure erase same as instant erase + your normal zero fill For ssd's secure erase clears page table + sends a mass trim command to all nand chips (if the drive supports encryption it also resets teh private and public key) this takes usually less then 30 seconds with background garbage collection completing the zero fill via trim in the background (a couple of minutes) NOTE if the drive has encryption or SED support,, Regardless if you have enabled or not the password or relevant security feature, the data is already encrypted so a secure erase at stage 1 of a secure erase command has already made the data unrecoverable because it has reset the encryption keys (before hdd zero fill happens or ssd trim)
@@simon2763 The specification for ATA Secure Erase was written for HDDs, and on SSDs does not mandate that all flash cells, including user-inaccessible cells used for over-provisioning and wear levelling, are wiped. What it says is that all logical blocks must be reset to zero. On a HDD that means wiping the disk. But, on flash, a logical block can be zeroed by simply marking it as free (which can be done en masse by zeroing the allocation table) so it doesn't actually make any guarantees about preventing chip-off data recovery. As such, vendor implementations do not guarantee complete erasure when using the old Secure Erase command. The language of ATA Sanitize makes the need for security in the threat model of chip-off data recovery, which typically forces vendors to implement a cryptographic method. This is also sometimes referred to as ATA Cryptographic Key Reset by vendors who want to make it clear how the operation works. If you have the option to use ATA Sanitize / Cryptographic Key Reset, always use that.
I'm glad he made that last segment. My own server has 4 SED drives and it's ridiculously easy to wipe them because you really only have to erase the encryption key, and you can also do it as often as you want, to ensure that there's no "ghost" of the original encryption key still in Flash somewhere
Minor correction: "NIST SP 800-88", from 2006, is the original standard where the *old* recommendations came from (which was a derivative of a DoD standard), and it's the newer NIST SP 800-88 *Rev1* from 2014 that has more up-to-date standards that are relevant for modern media. The original standard was particularly unscientific and was largely written to satiate the paranoia of military types; Peter Gutmann, the guy who the ridiculous 35-pass wipe system was named after, once described the standard as a bunch of "voodoo incantations". The modern Rev1 standard is much better, with clear actionable advice around different media technologies, and even makes it clear where recommendations have been upgraded beyond what is reasonably necessary just for the sake of peace of mind.
The most effective wipe method I found is by writing 2 random passes and then 2 passes of zeroes, this is also the national nuclear standard of data removal
@@FlowPoly That is an old method and is no longer recommend or necessary. On a HDD it wastes a ton of time and unnecessarily ages the disk. A single random pass wipe is fully secure against recovery. On an SSD or USB stick, standard overwrite wipe methods (no matter how many passes you do) will not properly erase the data. The NIST SP 800-88 Rev1 standard discusses this problem in detail. On SSDs you should use ATA Sanitize (also known as ATA Cryptographic Key Reset), which is instant and causes no excess wear. This is not the same as Secure Erase, which guarantees security against simple recovery but does not guarantee security against chip-off recovery.
@@gsuberland A single random pass wife if fully secure against recovery. Hahaha, very funny! There are a few open source projects that can recover that quite easily, not even getting into some of the more advanced options. There is a reason why intelligence organizations require a destruction greater than what is shown here. Heck, just look at 911. They were recovering information off of drives that were badly damaged and burned back then. You don't have to have much of an imagination to figure out what they can do today.
In health insurance we did a 2T wipe. Followed by shredding to 1.5"/3-4cm size. Took about 3 minutes per 3.5" drive. They had sprung for a $15000 shredder years back. I tried to get them to go for a service when we decommissioned 960 12TB enterprise 3.5" drives.
That's a very old method from a DoD standard and is very much pointless these days. Alas, data wiping utility salespeople love to tout the overkill methods.
If I'm not mistaken I think the current procedure for HAMR drives with high data sensitivity requirements is to use ATA Secure Erase, then shredding, then saving the shreds and sending to a secure destruction smelting/incineration facility to basically turn it into slag. I think most cybersecurity people aware of HAMR put out a moratorium banning acquisition and production use of HAMR drives.
Linus please do a definitive video guide about prepping hard drives for resale or wiping specific data and have labs run the drives for recovery after to test best methods.
I work at an IT job and had to use the EMP and crusher. It's always fun and everyone always wants to have a look at a hard drive being crushed. In the end, destruction is always fun I guess.
I had 2 dead 2.5" SSDs on hand a few weeks ago. I opened them up and used some snips to cut the chips into small shards. Kinda cathartic in a weird way.
I bought a 2.5" hard drive from CeX a while ago that hadn't been erased. It belonged to a medical student and had all her work and personal data on it.
I got a "laptop" from 85 with a half dead disk with personal data on it. Imagine the guys surprise when I msgd him on Facebook telling him I came across his 1988 resume.
I love when LMG makes videos like this, talking about the logistics of tech. I just got my CompTIA and Pc Pro certifications this week. this video coincidentally lined up with the last few chapters and enlightened me more on the topic of degaussing.
SED drives do always encrypt even if "not enabled" so a secure erase still works regardless. Locking the drive just adds another key, which protects the encryption key, to prevent the drive from being moved between machines without first secure erasing it with the PSID printed on the drive.
Cool demonstration but I'm disappointed you didn't try using drives after degaussing them. I have found using manual degaussing on tapes has resulted in mixed results.
Although what I had used at the time was less sophisticated than the looks of this unit, results were indeed a mixed bag upon testing afterwards. I certainly would try a few out in the beginning if for nothing else a piece of mind knowing that there isn't just a speaker making the audible "thuddunk" noise lol.
I'd love to see a video comparing the different ways to delete, wipe and destroy data and drives then try different recovery methods to see which way to wipe data and which ways to recover data are the best. I'm especially interested in the destroyed drive taken to that cool drive recovery place they've made a video about before
They would get nothing. The data recovery service is for fixing things like a physically broken drive, or one that's file system got corrupted. Things of that nature. For example on a broken drive they can disassemble the drive and put the platters into a machine to read them. They can't reconstruct what isn't there though. At best is what they mentioned in the video on older drives.
@@manuelh.4147 now you are wrong, in the old day data was in nice striate digital grooves of 0's and 1's the high capacity drive, do fancy tricks, yo get more data space, data is almost at edges over lapping the track, gooves, on the and to left and the on to the right, so the hardware of the drive already knows how recover data been partly wiped, it doing every time new data be add to drive.
For actual hard drives, it is super easy to simply remove the platter and run it through a dimpling machine and then cut the platter in half. It also makes it possible to sort the material for recycling. For SSD drives, it is easy to cut them up with sheet metal cutters. Backup tapes are more time consuming to destroy. I usually take the DLT tapes apart and pop the ends off the tape reel. Then cut through them with a sharp razor knife or box cutter. This creates thousands of small pieces of tape that then goes in the shredder bin.
A professor I had in College worked for the DoD for a while back in the 1990s. The way they "declassified" hard drives at the time was with a sandblaster.
Here government harddrives need to be shredded and the chips can't exceed a certain size .Depending on how critical the data is that size can be preeeety small
@@FleaOnMyWienerfrom my knowledge (and taking a slight guess that this person probably has a decent level of security clearance), he would be quite lucky to just get fired AND a sizable fine. (At least the US govt) tries to take data destruction very seriously for secure data storage devices
I used to work for a company who made degaussers and crushers like this and they are super cool. 10 tons of force on the crusher, and they're up to 40,000 gauss (4 Tesla) on the degaussers which is cool, but terrifying to work on when doing QA and the capacitors fail to discharge lol. A surprisingly small market but a lot of interest from big data companies. I don't work there anymore but they're a great group of people, Garner Products if anyone is interested.
What kind of caps are used there? The only ones I dare to handle are those up to 50V for small to midsized electronics projects because they still can ruin your day by popping or "suddently" discharging when your mind isn't fully there.
The degaussers were fun back when I was destroying old spindle drives at a previous job. Some of the really heavy drives with a lot of platters would jump inside the sled with a satisfying thump.
I used to work for a company called "Device" where we took old computers from large companies and repurposed them for schools in 3rd world countries. One of the first things we did is run a dos program (I can't remember the name of it) that would spend about 6 hours overwriting the drives to comepletely erase any data that was stored. Apparently, this software worked on the binary level, you could even choose if you wanted all 0s or all 1s. If for whatever reason we couldn't erase a drive, it would have to be destroyed. We smashed them to bits with a lump hammer and incerated them.
Linus being excited about something I spend sometimes 8 hours a day doing makes me feel like I'm an old person watching my grand children play with a toy I used to love as a kid.
As someone who has done enterprise level disk wipes (thousands at a time), it can take hours to a week depending on drive type, size, quantity, and number of controllers. Also, most companies either have a third party securely dispose of the drives, or they shred the drives into pieces around 1-2 cm in size. Also, you definitely do not want your junior tech responsible for the destruction of sensitive data, which could easily lead to them making a simple mistake and sensitive data, possibly getting out.
I have done thousands of data wipes. At some point also sent securely to melting facility. Reality is that enterprises should use disk encryption (which they usually do) and simply overwriting drives couple of times ensures it will be impossible to restore anything. It doesn't matter the size, it will take only 4-12 hours per disk to do 6-7 overwrites depending on size and you can have dozen or dozens written over at the same time. Doesn't matter if it is ssd or harddisk, nothing is restorable. Cheaper than shredding.
@@jarhu86 It massively depends on who owns the data as well, for some levels of data i've dealt with complete destruction of the hardware is the only legally acceptable disposal method.
As a small business IT consultant, I always recommend my clients use encryption on their drives. The possible speed hit is minimal in business use most of the time, and when we're done with the drive, we don't have to worry about data destruction. Taking it out of the computer with the encryption key is enough to resell the drive. I also find that encrypting a drive with bitlocker takes much less time than a DBAN old school overwrite method.
These are super cool. I did a refresh for a bank I worked for back around 2010, and they brought in a portable one of these, basically just the crusher section with a big chonkin handle on top. We called it the taco maker.
I was about to say that SSD crusher looks inadequate then you proved it with "the controller survived". Not every SSD has the same layout, there could have been a storage chip where that controller was.
This is a very interesting topic. I’d like to see the many different forms of data deletions…ranging from simply deleting by user to using this machine… put to the test by a professional attempting to find the data on the drives.
One thing I've noticed with consumer SSDs using their internal full secure erase or SED erase stuff is that it's kind of unreliable depending on how old the SSD is and who makes it. I found when erasing drives for eBay recently that depending on the drive it would say it did its secure erase, but then I would find files on it using DMDE and have to either do it again or do a manual overwrite (which has a lot of downsides with SSDs the least of which is killing write endurance). I suggest if you're using any SED or BIOS secure erase stuff as a home gamer maybe doing a sanity check after to make sure the data is really gone.
I recently build a Linux server with an SED and documentation about SEDs is very sparse. If you use Bitlocker on Windows you have to go through a procedure of installing the SSD vendors software, reboot from this software and immediately enable Bitlocker after that. On Linux you have to install your on preboot environment in the non encrypted section. It is far from user friendly, so I would assume most people don't this functionality on their SSDs.
@@xXxJakobxXx3 I currently use Debian LUKS for full disk encryption which asks me if I wanted it during OS install. It's really easy to setup. Plus you can have several LUKS passwords as backups or for different users.
@@Velocifyer Can you further elaborate what you mean by that? Op posted that he got a SED from eBay and could still read data from it. I shared that on some drives you have to go through a lot of steps to enable the encryption and therefore some users might not do it.
@@xXxJakobxXx3 SED does not involve a unencrypted boot partition (if you use FDE that is not SED just put your kenels in the ESP). SED is handled by the firmware/whatever boots up the bootloader, you just enable it in firmware config (if you want it password protected).
For further viewing, I recommend an old Defcon talk called "And That's How I Lost My Other Eye: Explorations in Data Destruction". Yes, a lot of stuff goes boom.
Data destruction is such an unfortunate but necessary part of life. Ideally you can get away without destroying the drive, but often it's not the case. Even when you can be confident in the data being erased (or encrypted with the key deleted) oftentimes businesses need the confidence only achieved by destroying the drive.
I can talk about that, my company has a couple of certifications and all of thems mandate DESTROYING harddrives... (even if we encrypt harddrive to begin with)
@@filonin2 How would you like all of your medical data out in the open? Or every transaction you made with a company? How about really important trade secrets that the original company can't prove, because they did not patent their solution? There is a fair amount of personal harm and property harm at risk, drive destruction may look overkill (because it frequently is), but the consequences of not doing so may be worse. This is exactly the kind of stuff we need to be pretty "insecure" about and go for maximum overkill.
Depending on which organization you work for, some policies my delve into more stringent requirements for SSD destruction. Crushing it like they did in the video would probably be fine for most people, except for the government. The DoD policy on SSDs literally calls for disintegration or 1mm x 1mm pieces.
@@GampyBamblor well, technically speaking, throwing a SSD in an oven is less work than using an angle grinder. And also using an angle grinder, would not meet policy standards, depending on where you work.
If you wonder if something like this is actually used - > Yes. It is. I work for a global, huge ass, automotive industry company as an IT specialist, and we have procedures for drives older than 5 years. Frist we nuke them by using a special device, similar to the one showed in the video. Then they are handed over to the maintenance department where they cut them in half (under our supervision). Afterwards we pack them in locked containers, and they are sent to a company that destroys them completely. Too much? Probably. But on another side, in a game with enormous players, information is everything. Some piece of data that falls into the wrong hands, even if actually harmless, if presented the right (wrong) way can ruin even the largest companies.
The one we have at work grinds them up. Apparently it was purchased with leftover budget at the end of year from a salesman they nicknamed "George Liquor". It has a dedicated power supply, and it uses a conveyor belt to feed the grinder. Everything has to be disposed of to DoD standards.
My go-to method for recycling an old drive is to do a badblocks scan in Linux with the -w option. That writes and reads several different patterns to the drive, and confirms if it still works right.
@@soundspark yeah, if you want it really secure I wouldn't recommend this approach for an SSD. Overprovisioning on a hard drive is usually much less, if it's even there at all. So it should be fine.
I'm really wondering why you didn't try to plug the hdd in after degaussing and see if theres data. Or even better trying out some data recovery programs and see if that alone had worked and if curshing was really necessary. Would have been interesting.
There's no point. Going through degaussing renders the drive inoperable. Even if there's somehow data left in a small part of it, the tracking data on the rest of the drive missing means the heads wouldn't even be able to properly locate themselves, much less read anything.
Oh man, I use to sysadmin a data center and was tasked with creating a shredding server where any drive connected to a specific controller would be discovered, smartctl checks run on it, and then shredded using the shred package on Linux and indicate whether it was to go back into prod or to be physically destroyed, and then sound out reports to the DC manager. This cart would've been so wonderful to have.
I know that for a long time, any company that dealt with like, US military projects was required to incinerate their hard drives after use, because sufficiently determined forensic analysis could pull useful information off even shards of a shredded disk after dozens of overwrites. So the crusher part on this is mostly just for decoration and giving you those nice dramatic 'after' pictures... but the degauser pulse is about as good as setting the drive on fire.
i worked for a massive data destruction facility and this is not what was acceptable. this was only done after every single sector of the hdd was overwritten hundreds of times with a random number generator ( mersene twister ), after it was verified that every sector had been done several times, then it was physically destroyed such as this.
the same process was repeated 3 to 12 times (dod3) depending on the customer each pass was 36 so minimum 100 plus passes, i cant say the software name because it would identify the company but that was just step one for data wipe. step 2 was a massive degausser that was so violent the hdds would dance on it and jump it was nuts lol the noise it made was incredibly satisfying.after that was physical destruction. some required the whole process to be on camera some just required audits/reports. fun fact the highest security request we got was not from a bank but a major automotive company. we could only guess what they wanted destroyed but they asked for the most reporting, video, audits and signatures and proof that the hdds were converted to 3mm balls. they had to go through a hammer mill and chain shredder !
While Linus was talking about the degaussing feature, I got a kick out of the body bag under the whiteboard when he asked, if anyone nearby had a pacemaker.
On the question about erasing tons of drives with Secure Erase and Overwrite - You can use a product such as the Destroyinator, which is basically a 45Drives Chassis loaded up with Linux and a copy of Killdisk Industrial to perform bulk erasure AND compliance reporting of disks. It's pretty cool. You hot swap the drive into one of the drive bays on the 45Drives chassis, it'll automatically destroy the data, and if a disk fails for any reason, you'll get a report saved and can send it off to get Degaussed and/or physically destroyed.
Just having a degausser was a fun time when I worked data center for some OT work at a former job. Now if only we had the destructiveness of crushing, but still fun either way.
Some guys I know (they refurbish laptops for poor People in our country) and they wrote a program with numpy to manually overwrite and nullify every bit of a harddrive. It’s surprisingly performant (but we are still talking multiple hours a drive. Because they overwrite every bit multiple times as you said) They got a thread ripper server running Linux just for erasing disks from old company laptops . As far as I know they’re Procedure is good enough to pass some certifications but I don’t know which
@@VADemonunless you insist on true randomness for some reason, in which case that's definitely gonna be the limiting factor unless you have specialised hardware.
@@unvergebeneid that's silly. even if the requirement were to be non-repeatable securely random oberwrite (why?) the performant way would be to generate a cryptographically random stream with AES, which is already accelerated to gigabytes/s per core on Zen microarchitectures. Actually I think the only technical explanation for Threadripper would be its I/O capabilities.
I actually manage a data sanitization/destruction setup. I setup and maintain servers that will utilize pxe deployable software to write over disks of any kind, as well as supporting in situ wiping/diagnostics for devices with built in storage i.e mac, tablets, phones etc. I also validate the software level destruction with third party tools that check the hashes to ensure the writes were successful. With all that being said, the most fun part is absolutely the big shredder on wheels that we have! Nothing beats watching a drive get mangled to smithereens and dropped into a bucket. Makes me smile everytime!
The SSD chip crusher busted up the chip enclosure... but did it actually crack the chip die? Offhand, I'm not familiar with the size of dies used for nand chips, but a lot of chips use very small dies. What keeps one from extracting the surviving die and repackaging it?
What always also works is running 800VDC from a supercap thru the power connector in addition to crushers, that burns the chips nicely before you crush them, then theres nothing to be read even if you somehow managed to get a partial nand chip working
My dad used to be a service tech working on large server installations amongst other things. IIRC, back in the 90's, protocol at his company (very large international corporation) was to drive a 1/4" slotted screwdriver through the hard drive with a hammer before disposal. He may have had to do that in two spots to make sure the drive was extra dead.
I work for a large contractor that was involved in the secret development of a new google datacenter complex. Part of Project Vandalay (yes, literally) was securing the whole building to keycard access, with extra shells of security around several offices, and the destruction of over a hundred laptops that were used, no matter how tangentially, on some aspect.
I like the Red Dead Redemption font you guys used for Uncle Linus’s quote :) I’ve always just filled my entire drive to the brim with video files and then formatted it in order to permanently erase the data.
The problem with a lot of these papers are: There's never been a single recorded incident of someone being able to recover data from a drive that's had a single pass of zeros written to it. Yes, in theory you could figure out what was there before the single pass erase... but in practice, no one has managed to do it yet.
We send our drives to a company specialized in destroying data (from printed pages to drives of any kind). They put drives through a crusher / metal shredder which makes sure that the biggest piece of anything thrown in it is less than a cm in any dimension. Usually the pieces are more like confetti.
Bad take. Many outfits don't need to own one of these, and maybe require the use of this type of machine once or twice every decade. The cost of ownership doesn't make sense for upfront cost, storage space, maintenance, etc. Nearly every outfit would rather rent/lease this machine when they actually require it's use instead of holding onto it and spending more money.
The same as any other e-waste. Shipped to china where they salvage anything worth anything, and the solvents get dumped in a river/lake and the solids get thrown into a landfill or incinerator.
Theoretically, yes. However having worked for a hospital, recycling classified material was considered unsafe, all our paper and destroyed hard drives went to a secure facility (presumably a landfill)
Generally speaking nope. The problem is if you crush it as one entirely assembled drive, everything becomes one or a bunch of mixed scraps. The better solution would be for platters to be destroyed separate from the hdd controller and the body of the drive. Circuit boards once broken can't be recycled as no one is going to seal the broken edges of multi-layer boards just to reverse electroplate them. If they gave a damn about preventing ewaste they'd open the top cover of the drives, smash the platters and recycle the rest; for SSD's they'd only destroy the NAND chips and/or the controllers (could drill through them). The method shown in the video creates nothing but ewaste. To anyone who goes "but Snowden" - remember, he didn't steal drives, he snuck files out of a microSD card he smuggled in and out of a secure facility. The solution to not need to physically destroy drives is to use encryption and simply destroy the keys and then create new ones, then write zeros to everything.
We have a $199 data destruction solution at work. A hydraulic press we found on Ebay. But! We modified it slightly we welded on some teeth just for good measure Works very well
good point, but the problem with hosting things on site is what if there's a fire or other environmental catastrophe and all of your data is lost? these records are required by the government so a scenario like that is not acceptable, and the cloud service is probably replicated on multiple continents with many copies of the data so it can never be lost
@@pwii If anything, sending the data across the internet and storing in another companies hands (probably in some other country) seems to me like it would increase cost and risk. Easpecially if you already are a hoster and have redundant systems
To be fair, corporations like to have something that just tracks this for them automatically. It helps with compliance. No one actually wants to spend a lot of time on this, it's just one small part of a business process so again, the less stuff you have to worry about keeping and managing the better.
@@amogusenjoyer Well that makes little sense then, because if you're not willing to spend time on it, why have someone run that machine at your locations. Have the disks picked up and destroyed with proof of destruction like most do anyway...
I used to do this for defunct military hard drives. Used Blancco data erasure software and then they would be crushed into effectively plastic sand. If the erasure software didn’t work due to a really broken hard drive, then we had to drill through them several times before they went to the crusher. Always a fun Friday afternoon job…
At a previous company, we managed secure medical data for three letter groups. For drive destruction at EOL, we had "Company Range Days" where we utilized high speed projectiles to permanently disable drives/tapes. We sent photos to our Cx for evidence. They were entertained at our novel approach.
There are thousands of models of hard drive and the order of barcodes can vary. It’s to help the program decide which long string of numbers is the model and SN without creating and maintaining a massive lookup table
I don't comment very much but i loved this video please count this as my vote for a video with the shredder or any other things relating to this type of content so entertaining and fun to watch.
I used to work in a Goodwill computer works department and because we had to reuse drives for our builds we had to make sure they were all properly wiped. So we actually had a set up using large KVM switches and old motherboards on shelves to run 3 pass DBAN on multiple drives in parallel so we could have enough drives for production. We usually wiped drives between 250GB and 2TB with the occasional 4TB or higher but even then those still took awhile to wipe just on the 3 pass. I can imagine not wanting to 3 dozen passes on server level drives those wipes might take weeks.
The best data destruction method is to plan ahead and to use full disk encryption from day 0 with off disk encryption keys. This is how most enterpriuse storage arrays now work, and destroying data at the end of life is as simple as rotating the encryption key. SSD's also encrypt all data internaly by default, however the encryption key is stored in device.
I haven't yet watched, but place I worked we had a shreder. It was fun. We had a device that would do that to drives, but it didn't meet our requirements for spinning media. That device had an insert that perforated SSD and that was great! The ssd perferator has videos on YT pd-5 w/SSD-1. SEM Model 0315 was the shredder, and SEM EMP1000-HS was the 20000 gaus/2.0 tesla degauser. The degauser claims it is portable, but when we needed to ship it back after 7 years(14000 drives) for a thermal fault it took 3 of us to get its 160lb chassis down to the loading dock to be shipped. I really wanted to pipe a camera and some light into the shredder it waa so satisfying watching it work.
![[Part 1] รักมาไม่ทันตั้งตัว❤ หนุ่มสาวโสดถูกจับมาแต่งงานกันกะทันหัน แถมเธอยังเป็นหัวหน้าของเขา?!](http://i.ytimg.com/vi/y2pOOMkuFI0/mqdefault.jpg)
I've heard of a company going so far in data secrecy that they destroyed their old monitors as they might contain traces of burn-in of sensitive data or something along the lines
That's next level.... - LS
Also remember to cut the RAM in half!(Yes, I know a company doing that)
The worst burn-in I ever saw on a CRT monitor was at an airport control tower, That might have been more of a problem had it been a military base,
i just use a hammer, waaay more cathartic
I remember hearing that the Nellis AFB (that‘s were Area 51 is) has a it‘s own scrapyard where all computers ever brought into the base are disposed, crushed, burned and then buried forever. No digital equipment is allowed to ever leave the premises ever again.
it would be a lot faster and cheaper to just hand the drive to Linus and wait for him to drop it like he normally does
I don't know, Linus isn't a cheap person to hire these days :)
Or pay a teenager minimum wage to throw these at walls. What drives we couldn't DOD wipe, we either pierced with a drill, and when we discovered that some of the drive plates shattered, we took those drives on the top of the stairwell at our campus and dropped them 5 stories down the middle. Spectacular sounds. We even chipped the marble after like the 30th drop. The drives sounded like a musical instrument lol.
Just want to say thank you, for editing in a full audio(and visual) explanation as to the crushing failure you guys had.
Very much appreciated.
When I was getting my Cybersecurity degree I took a digital forensics class and it is truly fascinating. Data destruction and recovery is such a cool topic and the tools that allow you to do data carving are a lot of fun.
Same for me, in fact I passed my digital forensics class last month. It's amazing what you are able to recover.
Fascinatingly what? Don't leave us hanging!
How do you like cyber?
In most larger scale applications for permanent drive / data destruction they use a shredder and conveyor system in order to feed the drives in quickly, and get just a bunch of small chunks that can be recycled afterwards. But the singular drive crusher is a cool demonstration
The one advantage this system has to that is easier auditing of the physically destroyed drives. If you just have a pile of chunks on a belt or in a bucket, it's kind of hard to tell what's what.
Because fire is too expensive???
I worked in a hospital that had close to 1000 HDD's / SSD's each year that needed to be destroyed. Shredders are expensive so we just used a manual press, like the crusher in the video, but manual. SSD's were wiped using a program called Kill disk that did 13 different passes. It was a never ending task.
@ctg4818 maintaining one is, has to be hot enough to melt everything, got to have extract fans for the smoke and fumes from the metals, fuel for the fire, etc. This is MUCH easier.
Why does Linus need an expensive machine? Let him handle it for 2 minutes and he’ll drop it😂
Not if he can't pick it up.
We talking about dropping the machine or the hdd? Or both? Or the machine with hdd inside?
Instant secure erase is also a very awesome feature for essentially most business and personal stuff. It’s essentially encryption and it throws out the key.
One thing to be careful with here is that it's called ATA Sanitize, and "Secure Erase" is a different feature that doesn't actually employ any encryption - it simply drops the page mapping table.
@@gsuberland Usually, and as per ATA specification, ATA Secure Erase should erase SSDs completely by resetting every bit, not just dropping the mapping table. What you are talking about is a simple format or deleting a partition afaik. Sure, there are maybe some wack ATA implementations out there but this shouldn't be the standard.
If the drive is SED hdd,, the secure erase has 2 modes
instant erase/Sanitize Cypto {default} clears protected and hidden area and resets private and public encryption keys (doesn't zero fill the drive all stored data is unrecoverable due to encryption keys reset)
Advance secure erase same as instant erase + your normal zero fill
For ssd's secure erase clears page table + sends a mass trim command to all nand chips (if the drive supports encryption it also resets teh private and public key) this takes usually less then 30 seconds with background garbage collection completing the zero fill via trim in the background (a couple of minutes)
NOTE if the drive has encryption or SED support,, Regardless if you have enabled or not the password or relevant security feature, the data is already encrypted so a secure erase at stage 1 of a secure erase command has already made the data unrecoverable because it has reset the encryption keys (before hdd zero fill happens or ssd trim)
@@simon2763 The specification for ATA Secure Erase was written for HDDs, and on SSDs does not mandate that all flash cells, including user-inaccessible cells used for over-provisioning and wear levelling, are wiped. What it says is that all logical blocks must be reset to zero. On a HDD that means wiping the disk. But, on flash, a logical block can be zeroed by simply marking it as free (which can be done en masse by zeroing the allocation table) so it doesn't actually make any guarantees about preventing chip-off data recovery. As such, vendor implementations do not guarantee complete erasure when using the old Secure Erase command. The language of ATA Sanitize makes the need for security in the threat model of chip-off data recovery, which typically forces vendors to implement a cryptographic method. This is also sometimes referred to as ATA Cryptographic Key Reset by vendors who want to make it clear how the operation works. If you have the option to use ATA Sanitize / Cryptographic Key Reset, always use that.
Did you watch the video? He literally sats that at the end.
Linus is a simple man.
Linus sees an object.
Linus sees a way to destroy the object.
Linus destroys the object.
Linus is happy.
Be like Linus.
This 👏🏿👏🏿
Yes
Simple Linus.
Dr. Leon Crèam
A way to drop the object*
I'm glad he made that last segment. My own server has 4 SED drives and it's ridiculously easy to wipe them because you really only have to erase the encryption key, and you can also do it as often as you want, to ensure that there's no "ghost" of the original encryption key still in Flash somewhere
Minor correction: "NIST SP 800-88", from 2006, is the original standard where the *old* recommendations came from (which was a derivative of a DoD standard), and it's the newer NIST SP 800-88 *Rev1* from 2014 that has more up-to-date standards that are relevant for modern media. The original standard was particularly unscientific and was largely written to satiate the paranoia of military types; Peter Gutmann, the guy who the ridiculous 35-pass wipe system was named after, once described the standard as a bunch of "voodoo incantations". The modern Rev1 standard is much better, with clear actionable advice around different media technologies, and even makes it clear where recommendations have been upgraded beyond what is reasonably necessary just for the sake of peace of mind.
The most effective wipe method I found is by writing 2 random passes and then 2 passes of zeroes, this is also the national nuclear standard of data removal
@@FlowPoly That is an old method and is no longer recommend or necessary. On a HDD it wastes a ton of time and unnecessarily ages the disk. A single random pass wipe is fully secure against recovery. On an SSD or USB stick, standard overwrite wipe methods (no matter how many passes you do) will not properly erase the data. The NIST SP 800-88 Rev1 standard discusses this problem in detail. On SSDs you should use ATA Sanitize (also known as ATA Cryptographic Key Reset), which is instant and causes no excess wear. This is not the same as Secure Erase, which guarantees security against simple recovery but does not guarantee security against chip-off recovery.
@@gsuberland A single random pass wife if fully secure against recovery. Hahaha, very funny!
There are a few open source projects that can recover that quite easily, not even getting into some of the more advanced options.
There is a reason why intelligence organizations require a destruction greater than what is shown here.
Heck, just look at 911. They were recovering information off of drives that were badly damaged and burned back then. You don't have to have much of an imagination to figure out what they can do today.
In health insurance we did a 2T wipe. Followed by shredding to 1.5"/3-4cm size. Took about 3 minutes per 3.5" drive. They had sprung for a $15000 shredder years back. I tried to get them to go for a service when we decommissioned 960 12TB enterprise 3.5" drives.
Linus, destroyer of expensive technology
Lets be real, we were all watching in hopes he'd somehow drop the cart off a loading dock
*Breaks the machine*
Drop the machine
By using even more expensive technology!
Linus has left his drop stage and entered his crush stage.
When i worked IT in a gov building, our wipe program would 0 and 1 over the drive 13 times, then we would also take the electromagnet to them.
I mean it's government data so understandable enough i suppose
@@TheMaskedHeart i would have guessed they have a need to destroy the drives.....
Where I work we degauss and shred. It's the only way to be sure.
That's a very old method from a DoD standard and is very much pointless these days. Alas, data wiping utility salespeople love to tout the overkill methods.
why not just a circular drillhead, would be fast
If I'm not mistaken I think the current procedure for HAMR drives with high data sensitivity requirements is to use ATA Secure Erase, then shredding, then saving the shreds and sending to a secure destruction smelting/incineration facility to basically turn it into slag. I think most cybersecurity people aware of HAMR put out a moratorium banning acquisition and production use of HAMR drives.
Damn talk about over kill
I want those drives with more capacity. Atleast general public does. Workspace is different story.
All of those cyber-security people can better mandate not storing any unencrypted data on HAMR drives.
Wait, why would they ban HAMR? It sounds like it would be super awesome for cybersecurity to me.
Flying to an active volcano sounds easier and possibly cheaper.
Linus please do a definitive video guide about prepping hard drives for resale or wiping specific data and have labs run the drives for recovery after to test best methods.
I work at an IT job and had to use the EMP and crusher. It's always fun and everyone always wants to have a look at a hard drive being crushed. In the end, destruction is always fun I guess.
This is too powerful, Somebody needs to stop Linus before it's going to be too late!!!!!
Universe destruction is imminent.
too powerful... yet they nerfed it up front by not using 220v
Maybe we should all ship him our old dead hard drives so he has an abundance of drives to smash
I had 2 dead 2.5" SSDs on hand a few weeks ago. I opened them up and used some snips to cut the chips into small shards. Kinda cathartic in a weird way.
when i was in highschool me and my friends did some bad things and ended up putting our hard drives on train tracks and burying the pieces lol
@@bmxscapefriendly reminder that you have digital footprint😅
metal cantering punch will make short work of chips.
That takes time... this machine munches faster and destroys drive..
@@macking104 you're right cutting a drive up with scissors is much less time efficient than renting a specialized machine to do it for me
I bought a 2.5" hard drive from CeX a while ago that hadn't been erased. It belonged to a medical student and had all her work and personal data on it.
I've had a trash picker friend give me dumpster computers that have had _interesting_ stuff on them.
I got a "laptop" from 85 with a half dead disk with personal data on it. Imagine the guys surprise when I msgd him on Facebook telling him I came across his 1988 resume.
Nice detail addition with the failed crush. Like to see the how thoughtful y’all’ve become 👏🏻
I love when LMG makes videos like this, talking about the logistics of tech. I just got my CompTIA and Pc Pro certifications this week. this video coincidentally lined up with the last few chapters and enlightened me more on the topic of degaussing.
Gratz!
CompTIA certs are an arbitrary plague on the industry, a shoehorned way for a guy to make money that means nothing. Congratulations anyway.
SED drives do always encrypt even if "not enabled" so a secure erase still works regardless. Locking the drive just adds another key, which protects the encryption key, to prevent the drive from being moved between machines without first secure erasing it with the PSID printed on the drive.
Cool demonstration but I'm disappointed you didn't try using drives after degaussing them.
I have found using manual degaussing on tapes has resulted in mixed results.
Hey! Adrian! Never expected to
see you here!
that's probably a floatplane exclusive content then.
Although what I had used at the time was less sophisticated than the looks of this unit, results were indeed a mixed bag upon testing afterwards. I certainly would try a few out in the beginning if for nothing else a piece of mind knowing that there isn't just a speaker making the audible "thuddunk" noise lol.
@@EmilePolka Nope. The Floatplane exclusive is Elijah and Sammy squishing various media.
@@EmilePolka😂😂😂😂
I'd love to see a video comparing the different ways to delete, wipe and destroy data and drives then try different recovery methods to see which way to wipe data and which ways to recover data are the best.
I'm especially interested in the destroyed drive taken to that cool drive recovery place they've made a video about before
They would get nothing. The data recovery service is for fixing things like a physically broken drive, or one that's file system got corrupted. Things of that nature. For example on a broken drive they can disassemble the drive and put the platters into a machine to read them.
They can't reconstruct what isn't there though. At best is what they mentioned in the video on older drives.
Like it says, one overwrite is enough. You aintT going to recover anything.
@@manuelh.4147 now you are wrong, in the old day data was in nice striate digital grooves of 0's and 1's the high capacity drive, do fancy tricks, yo get more data space, data is almost at edges over lapping the track, gooves, on the and to left and the on to the right, so the hardware of the drive already knows how recover data been partly wiped, it doing every time new data be add to drive.
Appreciate the dead body at @7:52. I'm glad the editors are having fun.
For actual hard drives, it is super easy to simply remove the platter and run it through a dimpling machine and then cut the platter in half. It also makes it possible to sort the material for recycling. For SSD drives, it is easy to cut them up with sheet metal cutters. Backup tapes are more time consuming to destroy. I usually take the DLT tapes apart and pop the ends off the tape reel. Then cut through them with a sharp razor knife or box cutter. This creates thousands of small pieces of tape that then goes in the shredder bin.
When you open those helium drives, do you breathe in the helium and talk in a funny voice?
A professor I had in College worked for the DoD for a while back in the 1990s. The way they "declassified" hard drives at the time was with a sandblaster.
Here government harddrives need to be shredded and the chips can't exceed a certain size .Depending on how critical the data is that size can be preeeety small
How much trouble would you be in if you stole a non destroyed drive
@@FleaOnMyWienerin my experience you wouldn’t get the chance to, government drives and paper documents are typically witness destruction.
@@FleaOnMyWienerfrom my knowledge (and taking a slight guess that this person probably has a decent level of security clearance), he would be quite lucky to just get fired AND a sizable fine. (At least the US govt) tries to take data destruction very seriously for secure data storage devices
@@FleaOnMyWiener Ever hear of Snowden? That kind of trouble.
I would say it would be 3 -5mm pieces, as that is dod standard I believe
I used to work for a company who made degaussers and crushers like this and they are super cool. 10 tons of force on the crusher, and they're up to 40,000 gauss (4 Tesla) on the degaussers which is cool, but terrifying to work on when doing QA and the capacitors fail to discharge lol. A surprisingly small market but a lot of interest from big data companies. I don't work there anymore but they're a great group of people, Garner Products if anyone is interested.
what is the price for these kind of machines?
What kind of caps are used there? The only ones I dare to handle are those up to 50V for small to midsized electronics projects because they still can ruin your day by popping or "suddently" discharging when your mind isn't fully there.
The degaussers were fun back when I was destroying old spindle drives at a previous job. Some of the really heavy drives with a lot of platters would jump inside the sled with a satisfying thump.
i work for a certain data center company and we use your crushers occasionally when our manglers are dead
@@bugshot4760 If they're NSA listed models usually 20-30k USD depending on options, non-listed are 6-15k.
I used to work for a company called "Device" where we took old computers from large companies and repurposed them for schools in 3rd world countries. One of the first things we did is run a dos program (I can't remember the name of it) that would spend about 6 hours overwriting the drives to comepletely erase any data that was stored. Apparently, this software worked on the binary level, you could even choose if you wanted all 0s or all 1s. If for whatever reason we couldn't erase a drive, it would have to be destroyed. We smashed them to bits with a lump hammer and incerated them.
Linus being excited about something I spend sometimes 8 hours a day doing makes me feel like I'm an old person watching my grand children play with a toy I used to love as a kid.
Man. I feel sad seeing the poor drives getting destroyed :(
As someone who has done enterprise level disk wipes (thousands at a time), it can take hours to a week depending on drive type, size, quantity, and number of controllers. Also, most companies either have a third party securely dispose of the drives, or they shred the drives into pieces around 1-2 cm in size. Also, you definitely do not want your junior tech responsible for the destruction of sensitive data, which could easily lead to them making a simple mistake and sensitive data, possibly getting out.
I have done thousands of data wipes. At some point also sent securely to melting facility. Reality is that enterprises should use disk encryption (which they usually do) and simply overwriting drives couple of times ensures it will be impossible to restore anything. It doesn't matter the size, it will take only 4-12 hours per disk to do 6-7 overwrites depending on size and you can have dozen or dozens written over at the same time. Doesn't matter if it is ssd or harddisk, nothing is restorable. Cheaper than shredding.
And less e-waste
@@jarhu86 It massively depends on who owns the data as well, for some levels of data i've dealt with complete destruction of the hardware is the only legally acceptable disposal method.
THIS IS HILLARIOUS!!! This is one of the parts of my job! I never thought of it as anything I would ever see on LTT! 🤣
As a small business IT consultant, I always recommend my clients use encryption on their drives. The possible speed hit is minimal in business use most of the time, and when we're done with the drive, we don't have to worry about data destruction. Taking it out of the computer with the encryption key is enough to resell the drive. I also find that encrypting a drive with bitlocker takes much less time than a DBAN old school overwrite method.
These are super cool. I did a refresh for a bank I worked for back around 2010, and they brought in a portable one of these, basically just the crusher section with a big chonkin handle on top. We called it the taco maker.
I was about to say that SSD crusher looks inadequate then you proved it with "the controller survived". Not every SSD has the same layout, there could have been a storage chip where that controller was.
Better off using an industrial shredder.
This is a very interesting topic. I’d like to see the many different forms of data deletions…ranging from simply deleting by user to using this machine… put to the test by a professional attempting to find the data on the drives.
One thing I've noticed with consumer SSDs using their internal full secure erase or SED erase stuff is that it's kind of unreliable depending on how old the SSD is and who makes it.
I found when erasing drives for eBay recently that depending on the drive it would say it did its secure erase, but then I would find files on it using DMDE and have to either do it again or do a manual overwrite (which has a lot of downsides with SSDs the least of which is killing write endurance).
I suggest if you're using any SED or BIOS secure erase stuff as a home gamer maybe doing a sanity check after to make sure the data is really gone.
I recently build a Linux server with an SED and documentation about SEDs is very sparse. If you use Bitlocker on Windows you have to go through a procedure of installing the SSD vendors software, reboot from this software and immediately enable Bitlocker after that. On Linux you have to install your on preboot environment in the non encrypted section. It is far from user friendly, so I would assume most people don't this functionality on their SSDs.
@@xXxJakobxXx3 I currently use Debian LUKS for full disk encryption which asks me if I wanted it during OS install. It's really easy to setup. Plus you can have several LUKS passwords as backups or for different users.
@@xXxJakobxXx3 that is not SED
@@Velocifyer Can you further elaborate what you mean by that? Op posted that he got a SED from eBay and could still read data from it. I shared that on some drives you have to go through a lot of steps to enable the encryption and therefore some users might not do it.
@@xXxJakobxXx3 SED does not involve a unencrypted boot partition (if you use FDE that is not SED just put your kenels in the ESP). SED is handled by the firmware/whatever boots up the bootloader, you just enable it in firmware config (if you want it password protected).
this is very interesting, a whole series on data center infrastructure would be cool
Please no. LTT knows jack shit about datacenter infrastructure. Leave that stuff to the pros.
@@newsama LTT does data infrastructure cool
For further viewing, I recommend an old Defcon talk called "And That's How I Lost My Other Eye: Explorations in Data Destruction". Yes, a lot of stuff goes boom.
It's funny how well Linus knows his audience of government agents
Data destruction is such an unfortunate but necessary part of life. Ideally you can get away without destroying the drive, but often it's not the case. Even when you can be confident in the data being erased (or encrypted with the key deleted) oftentimes businesses need the confidence only achieved by destroying the drive.
I can talk about that, my company has a couple of certifications and all of thems mandate DESTROYING harddrives... (even if we encrypt harddrive to begin with)
Businesses sound pretty insecure and need therapy.
@@filonin2 How would you like all of your medical data out in the open? Or every transaction you made with a company? How about really important trade secrets that the original company can't prove, because they did not patent their solution? There is a fair amount of personal harm and property harm at risk, drive destruction may look overkill (because it frequently is), but the consequences of not doing so may be worse. This is exactly the kind of stuff we need to be pretty "insecure" about and go for maximum overkill.
@@filonin2 maybe if you went to therapy you'd learn a little about reflection.
Yh.. and how would you recover that data after software shredding the drive multiple times? Genius...
For M.2 SSD sticks I would use an induction heater coil to turn it back to sand in seconds.
Depending on which organization you work for, some policies my delve into more stringent requirements for SSD destruction. Crushing it like they did in the video would probably be fine for most people, except for the government. The DoD policy on SSDs literally calls for disintegration or 1mm x 1mm pieces.
Or just an ordinary cheap angle grinder....
@@GampyBamblor well, technically speaking, throwing a SSD in an oven is less work than using an angle grinder. And also using an angle grinder, would not meet policy standards, depending on where you work.
@@NicholasOrlickif its dust no one can read it anyway
@@captainheat2314 that’s what I’m saying if you incinerate it you can’t read it.
If you wonder if something like this is actually used - > Yes. It is.
I work for a global, huge ass, automotive industry company as an IT specialist, and we have procedures for drives older than 5 years.
Frist we nuke them by using a special device, similar to the one showed in the video. Then they are handed over to the maintenance department where they cut them in half (under our supervision). Afterwards we pack them in locked containers, and they are sent to a company that destroys them completely.
Too much? Probably. But on another side, in a game with enormous players, information is everything. Some piece of data that falls into the wrong hands, even if actually harmless, if presented the right (wrong) way can ruin even the largest companies.
The one we have at work grinds them up. Apparently it was purchased with leftover budget at the end of year from a salesman they nicknamed "George Liquor". It has a dedicated power supply, and it uses a conveyor belt to feed the grinder. Everything has to be disposed of to DoD standards.
0:39 We need a LTT x Hydraulic Press Channel collab.
My go-to method for recycling an old drive is to do a badblocks scan in Linux with the -w option. That writes and reads several different patterns to the drive, and confirms if it still works right.
Remember software erase methods do not ensure over-provisioned storage is destroyed.
@@soundspark yeah, if you want it really secure I wouldn't recommend this approach for an SSD. Overprovisioning on a hard drive is usually much less, if it's even there at all. So it should be fine.
I'm really wondering why you didn't try to plug the hdd in after degaussing and see if theres data. Or even better trying out some data recovery programs and see if that alone had worked and if curshing was really necessary. Would have been interesting.
There's no point. Going through degaussing renders the drive inoperable. Even if there's somehow data left in a small part of it, the tracking data on the rest of the drive missing means the heads wouldn't even be able to properly locate themselves, much less read anything.
@@Acorn_Anomaly I've only got your and some on screen graphics claim of that, it being demonstrated is much more interesting.
Oh man, I use to sysadmin a data center and was tasked with creating a shredding server where any drive connected to a specific controller would be discovered, smartctl checks run on it, and then shredded using the shred package on Linux and indicate whether it was to go back into prod or to be physically destroyed, and then sound out reports to the DC manager. This cart would've been so wonderful to have.
I know that for a long time, any company that dealt with like, US military projects was required to incinerate their hard drives after use, because sufficiently determined forensic analysis could pull useful information off even shards of a shredded disk after dozens of overwrites. So the crusher part on this is mostly just for decoration and giving you those nice dramatic 'after' pictures... but the degauser pulse is about as good as setting the drive on fire.
i worked for a massive data destruction facility and this is not what was acceptable. this was only done after every single sector of the hdd was overwritten hundreds of times with a random number generator ( mersene twister ), after it was verified that every sector had been done several times, then it was physically destroyed such as this.
why
After the Degausser, there is no data
Hundreds of times? What was the data deletion standard that you guys had to implement?
the same process was repeated 3 to 12 times (dod3) depending on the customer each pass was 36 so minimum 100 plus passes, i cant say the software name because it would identify the company but that was just step one for data wipe. step 2 was a massive degausser that was so violent the hdds would dance on it and jump it was nuts lol the noise it made was incredibly satisfying.after that was physical destruction. some required the whole process to be on camera some just required audits/reports. fun fact the highest security request we got was not from a bank but a major automotive company. we could only guess what they wanted destroyed but they asked for the most reporting, video, audits and signatures and proof that the hdds were converted to 3mm balls. they had to go through a hammer mill and chain shredder !
@@Mile-long-listthere's thorough and then there's paranoid.
While Linus was talking about the degaussing feature, I got a kick out of the body bag under the whiteboard when he asked, if anyone nearby had a pacemaker.
I didnt even know Data Destruction was a thing. Super interesting video ! Thank you LTT.
On the question about erasing tons of drives with Secure Erase and Overwrite - You can use a product such as the Destroyinator, which is basically a 45Drives Chassis loaded up with Linux and a copy of Killdisk Industrial to perform bulk erasure AND compliance reporting of disks. It's pretty cool. You hot swap the drive into one of the drive bays on the 45Drives chassis, it'll automatically destroy the data, and if a disk fails for any reason, you'll get a report saved and can send it off to get Degaussed and/or physically destroyed.
Just having a degausser was a fun time when I worked data center for some OT work at a former job. Now if only we had the destructiveness of crushing, but still fun either way.
I love this type of education content!
Some guys I know (they refurbish laptops for poor People in our country) and they wrote a program with numpy to manually overwrite and nullify every bit of a harddrive. It’s surprisingly performant (but we are still talking multiple hours a drive. Because they overwrite every bit multiple times as you said) They got a thread ripper server running Linux just for erasing disks from old company laptops .
As far as I know they’re Procedure is good enough to pass some certifications but I don’t know which
"numpy" "threadripper" "performant"
It's not 1990s and you'll only be limited by the drive's write speed.
@@VADemonunless you insist on true randomness for some reason, in which case that's definitely gonna be the limiting factor unless you have specialised hardware.
@@unvergebeneid that's silly. even if the requirement were to be non-repeatable securely random oberwrite (why?) the performant way would be to generate a cryptographically random stream with AES, which is already accelerated to gigabytes/s per core on Zen microarchitectures.
Actually I think the only technical explanation for Threadripper would be its I/O capabilities.
@@VADemon I agree. There are tools, however, that are limited by the entropy pool. Not that more cores would help with that.
It's not a Linus video without him damaging products!
I'm thinking of putting this into my new build to help future proof it.
I actually manage a data sanitization/destruction setup. I setup and maintain servers that will utilize pxe deployable software to write over disks of any kind, as well as supporting in situ wiping/diagnostics for devices with built in storage i.e mac, tablets, phones etc. I also validate the software level destruction with third party tools that check the hashes to ensure the writes were successful. With all that being said, the most fun part is absolutely the big shredder on wheels that we have! Nothing beats watching a drive get mangled to smithereens and dropped into a bucket. Makes me smile everytime!
The SSD chip crusher busted up the chip enclosure... but did it actually crack the chip die? Offhand, I'm not familiar with the size of dies used for nand chips, but a lot of chips use very small dies. What keeps one from extracting the surviving die and repackaging it?
What always also works is running 800VDC from a supercap thru the power connector in addition to crushers, that burns the chips nicely before you crush them, then theres nothing to be read even if you somehow managed to get a partial nand chip working
Im surprised that method is not used, but maybe its to safety concerns.
@@nanielwolf5768 it doesnt comply with standards, but i like doing it in addition knowing noone will ever recover anything from those.
A machine made for Seagate drives. My dream machine.🎉🎉🎉
I heard Scott Sveinnson would have loved to be featured in this episode.
My dad used to be a service tech working on large server installations amongst other things. IIRC, back in the 90's, protocol at his company (very large international corporation) was to drive a 1/4" slotted screwdriver through the hard drive with a hammer before disposal. He may have had to do that in two spots to make sure the drive was extra dead.
when linus asks if anyone has a pace maker am i seeing a corpse under a blanket near the white board? lol
body bag
Linus paid $30,000 for DBAN and a sledgehammer.
Amazing setup.... but the 50 gallon drum outside I burn used motor oil in makes short work of these drives as well.
10/10 for environmental destruction.
I work for a large contractor that was involved in the secret development of a new google datacenter complex. Part of Project Vandalay (yes, literally) was securing the whole building to keycard access, with extra shells of security around several offices, and the destruction of over a hundred laptops that were used, no matter how tangentially, on some aspect.
One of the best recent videos!
I like the Red Dead Redemption font you guys used for Uncle Linus’s quote :) I’ve always just filled my entire drive to the brim with video files and then formatted it in order to permanently erase the data.
The problem with a lot of these papers are: There's never been a single recorded incident of someone being able to recover data from a drive that's had a single pass of zeros written to it. Yes, in theory you could figure out what was there before the single pass erase... but in practice, no one has managed to do it yet.
This is literally just an overly complicated, likely HILLARIOUSLY overpriced hydraulic press because of pencil pushers.
We send our drives to a company specialized in destroying data (from printed pages to drives of any kind). They put drives through a crusher / metal shredder which makes sure that the biggest piece of anything thrown in it is less than a cm in any dimension. Usually the pieces are more like confetti.
WAIT NO LINUS TAKE THEM APART FOR THE MAGNETS ;_;
Not to mention I love collecting the platters
Leasing for less than $1000 a month 😂. The whole cart is worth maybe $5000 at most. Gotta love hardware as a service.
Especially since they said it was using a Raspberry Pi...
Bad take. Many outfits don't need to own one of these, and maybe require the use of this type of machine once or twice every decade. The cost of ownership doesn't make sense for upfront cost, storage space, maintenance, etc. Nearly every outfit would rather rent/lease this machine when they actually require it's use instead of holding onto it and spending more money.
@@mygamertag2010X Lol. Data Centers are obviously the main clientele. Once or twice every decade 😂
We actually have a client using our MDDS currently, and they process around 1k-2k drives per month
@@rack_tech Sounds like the exact kind of Customer they're made for!
That thing is ridiculously over priced for the simple thing it is!
Question: Can destroyed hard drives, SSD's be recycled? I wish the video covered that too.
The same as any other e-waste. Shipped to china where they salvage anything worth anything, and the solvents get dumped in a river/lake and the solids get thrown into a landfill or incinerator.
Probably as much as other technology.
Theoretically, yes. However having worked for a hospital, recycling classified material was considered unsafe, all our paper and destroyed hard drives went to a secure facility (presumably a landfill)
Generally speaking nope. The problem is if you crush it as one entirely assembled drive, everything becomes one or a bunch of mixed scraps. The better solution would be for platters to be destroyed separate from the hdd controller and the body of the drive. Circuit boards once broken can't be recycled as no one is going to seal the broken edges of multi-layer boards just to reverse electroplate them.
If they gave a damn about preventing ewaste they'd open the top cover of the drives, smash the platters and recycle the rest; for SSD's they'd only destroy the NAND chips and/or the controllers (could drill through them).
The method shown in the video creates nothing but ewaste.
To anyone who goes "but Snowden" - remember, he didn't steal drives, he snuck files out of a microSD card he smuggled in and out of a secure facility.
The solution to not need to physically destroy drives is to use encryption and simply destroy the keys and then create new ones, then write zeros to everything.
@@matthewnirenbergbut then governments cant greenwash as effectively by throwing things into landfills instead of recycling
We have a $199 data destruction solution at work. A hydraulic press we found on Ebay. But! We modified it slightly we welded on some teeth just for good measure
Works very well
7:48 appreciate the bit
isnt there an option to recycle the drives or at least parts of it?
The hard drive shreds will be recycled just like other e-waste
The PCBs can be recycled, sure, but any data-containing component is destroyed
YES! I need this in my life for next time I need to 'wipe' a drive.
The cloud-service kinda seems like a downside to me. Happen to know if you could host your own database onside? Otherwise, a pretty neat product
good point, but the problem with hosting things on site is what if there's a fire or other environmental catastrophe and all of your data is lost? these records are required by the government so a scenario like that is not acceptable, and the cloud service is probably replicated on multiple continents with many copies of the data so it can never be lost
It seems like they're selling a service instead of a tool, based on how Linus mentioned renting those carts.
@@pwii If anything, sending the data across the internet and storing in another companies hands (probably in some other country) seems to me like it would increase cost and risk.
Easpecially if you already are a hoster and have redundant systems
To be fair, corporations like to have something that just tracks this for them automatically. It helps with compliance. No one actually wants to spend a lot of time on this, it's just one small part of a business process so again, the less stuff you have to worry about keeping and managing the better.
@@amogusenjoyer Well that makes little sense then, because if you're not willing to spend time on it, why have someone run that machine at your locations. Have the disks picked up and destroyed with proof of destruction like most do anyway...
I used to do this for defunct military hard drives. Used Blancco data erasure software and then they would be crushed into effectively plastic sand. If the erasure software didn’t work due to a really broken hard drive, then we had to drill through them several times before they went to the crusher. Always a fun Friday afternoon job…
At a previous company, we managed secure medical data for three letter groups.
For drive destruction at EOL, we had "Company Range Days" where we utilized high speed projectiles to permanently disable drives/tapes. We sent photos to our Cx for evidence. They were entertained at our novel approach.
Honestly, if it wasn't for the Degaussing, then its not be secure for certain kinds of data.
its almost like thats why they put the degausser on there and not just a crushing device. hmmmm
Yip, we wanted a redundant destruction system.
They need an AI model to read a bar code from a picture? Really? Like REALLY?
There are thousands of models of hard drive and the order of barcodes can vary. It’s to help the program decide which long string of numbers is the model and SN without creating and maintaining a massive lookup table
OCR has always been based on ML/AI
@@cassist000 not *always*, but yes it is alot older than the current AI scamGPT train
Fascinating stuff. We used to use a disk crusher fifteen years ago where I worked. Strangely it was super satisfying dropping 3½" drives into it!
i've a hdd shredder before and i know how enjoyable watching it go from hdd to metal Potpourri in few seconds
i need this one at my home, in case if i'm dead, my family or police can't find my browser history
7:45 where'd the bag go Linus.
New head cannon: not everyone was alright
I don't comment very much but i loved this video please count this as my vote for a video with the shredder or any other things relating to this type of content so entertaining and fun to watch.
I took my old drives apart and used the platters as coasters. Worked a treat.
That was a remarkably thorough explanation
Depending on the classification of the data, some drives also need to be shredded so no single particle is greater than 3mm in size.
I used to work in a Goodwill computer works department and because we had to reuse drives for our builds we had to make sure they were all properly wiped. So we actually had a set up using large KVM switches and old motherboards on shelves to run 3 pass DBAN on multiple drives in parallel so we could have enough drives for production. We usually wiped drives between 250GB and 2TB with the occasional 4TB or higher but even then those still took awhile to wipe just on the 3 pass. I can imagine not wanting to 3 dozen passes on server level drives those wipes might take weeks.
The best data destruction method is to plan ahead and to use full disk encryption from day 0 with off disk encryption keys. This is how most enterpriuse storage arrays now work, and destroying data at the end of life is as simple as rotating the encryption key. SSD's also encrypt all data internaly by default, however the encryption key is stored in device.
7:47 body on the floor on the left after the pacemaker comment LOL
I haven't yet watched, but place I worked we had a shreder. It was fun. We had a device that would do that to drives, but it didn't meet our requirements for spinning media. That device had an insert that perforated SSD and that was great! The ssd perferator has videos on YT pd-5 w/SSD-1.
SEM Model 0315 was the shredder, and SEM EMP1000-HS was the 20000 gaus/2.0 tesla degauser.
The degauser claims it is portable, but when we needed to ship it back after 7 years(14000 drives) for a thermal fault it took 3 of us to get its 160lb chassis down to the loading dock to be shipped.
I really wanted to pipe a camera and some light into the shredder it waa so satisfying watching it work.
Diskpart clean my boys