I was recently asked how to dispose of an old hard drive in a secure manner. This comes up all the time, and unfortunately most folks just toss them in the trash or electronics recycle bin without thinking, or worse, sell it on eBay. The best option is an industrial hard drive shredder, but they’re a tad bit expensive for a small business or individual. So what to do?
This came up in conversation recently, when someone asked why I had band-aids on a couple of my fingers. I started to make up a story about finding a lost saber tooth tiger, but that didn’t go very far so I fessed up and admitted that it was wrestling with an external hard drive case so I could destroy the disk. I’m not sure that was any more believable, but it was true.
The best option of course, is to encrypt the disk when it’s brand new, and then disposal is straightforward – recycle or trash, no destruction needed. In fact, that’s about all that ‘encryption at rest’ is good against in data centers, unless you have folks walking in and stealing drives out of a running array. In this case, it was an old disk that I hadn’t bothered encrypting, so really did need to destroy it. The biggest challenge is opening the ‘techie-proof’ enclosures that pre-built drives come in. The hard drive manufacturers do that to prevent companies from harvesting inexpensive consumer disks for use in large arrays, but it causes major end of life problems. Between prying, wedging, and the occasional sawsall to cut through the plastic and glue, I eventually managed to get it open, with the aforementioned digital wounds.
Once open it actually gets easier if you have the right tools. Torx bits are a must, and you have to hunt for the screws under the labels to get it open. Once the outer case is open, there’s two options. If it’s a small laptop drive, the platters can usually be shattered (safety goggles please). For desktop drives, it’s a continued battle of the screws and bits, but eventually you can get each platter out – then just grab your pliers, bend each one in half. Unless you’re storing major secrets, that’s likely secure enough for disposal.
If you have someone who doesn’t like to use whole disk encryption, having them do this a few times will cure that quickly. It’s tedious and occasionally painful. But far less painful than having your data stolen out of an eRecycling facility.
I just clamp them in a vise, and drill straight through the platters a couple times. Would that pass the Doug Test?
Depends on the data and your risk tolerance. A data recovery service can mount the platters and recover all but the damaged sections. By physically distorting the platters it makes that task far more difficult.
After spending a half-day destroying old disks, I went back and made sure everything was encrypted. To borrow a line from a great movie, “It’s the only way to be sure”