- Integrated Systems
- About Us
- Integrated Systems
- About Us
03-20-2007 03:51 AM
I was thinking of booting from the OpenVMS CD and using INIT/ERASE ...Run it 7 times on each disk. After a few days ...Finished.
On my PC I have data shredders that conform to US DOD 7 pass erase standards etc etc ...
What does INIT/ERASE overwrite the disk with ?
Is it random 1's and 0's ?
The best solution I suppose is to send the disk to a disk destruction company.
Solved! Go to Solution.
03-20-2007 06:34 AMSolution
If you were around when PDPs roamed the datacenter and spent your nights running BAD from bootable tapes.
$ ANALYZE/MEDIA/EXERCISE=FULL (/pattern=)
I can point you at the utility, you need to review if this meets your requirements, possibily with an auditor or security person.
03-20-2007 07:00 AM
On OpenVMS, you can load a pattern erasure via the $erapat mechanisms. The default is all zeros, but you can select a DoD pattern by loading an $erapat -- and the source code of one version is provided with various OpenVMS distributions.
For some existing discussions of disk data remanence and secure disk data erasure, start at:
There's also a discussion of BAD (and low-level SCSI operations) over in the ATW area, at:
The attached text is from the OpenVMS FAQ at www.hoffmanlabs.com/vmsfaq/ ... Other discussions are available, and can be reviewed by you or your site information security folks.
5.42.6 How to perform a DoD security disk erasure?
Sometimes refered to as disk, tape, or media
declassification, as formatting, as pattern erasure,
or occasionally by the generic reference of data
remanence. Various references to the US Deparment of
Defence (DoD) or NCSC "Rainbow Books" documentation are
also seen in this context.
While this erasure task might initially appear quite
easy, basic characteristics of the storage media and
of the device error recovery and bad block handling
can make this effort far more difficult than it might
Obviously, data security and sensitivity, the costs
of exposure, applicable legal or administrative
requirements (DoD, HIPPA or otherwise), and the
intrinsic value of the data involved are all central
factors in this discussion and in the decision of the
appropriate resolution, as is the value of the storage
With data of greater value or with data exposure
(sometimes far) more costly than the residual value
of the disk storage involved, the physical destruction
of the platters may well be the most expedient,
economical, and appropriate approach. The unintended
exposure of a bad block containing customer healthcare
data or of credit card numbers can quite be costly,
of course, both in terms of the direct loss, and the
longer-term and indirect costs of such exposures.
Other potential options include the Freeware RZDISK
package, the OpenVMS INITIALIZE/ERASE command (and
potentially in conjunction with the $erapat system
service) and OpenVMS Ask The Wizard (ATW) topics
including (841), (3926), (4286), (4598), and (7320).
For additional information on sys$erapat, see the
OpenVMS Programming Concepts manual and the OpenVMS
VAX examples module SYS$EXAMPLES:DOD_ERAPAT.MAR. Some
disk controllers and even a few disks contain support
for data erasure. Some DSSI Disk ISEs, for instance.
For the prevention of casual disk data exposures,
a generic INITIALIZE/ERASE operation is probably
sufficient. This is not completely reliable,
particularly if the data is valuable, or if legal,
administrative or contractual restrictions are
stringent-there may well be revectored blocks that
are not overwritten or not completely overwritten by
this erasure, as discussed above, and these blocks can
obviously contain at least part of most any data that
was stored on the disk - but this basic disk overwrite
operation is likely sufficient to prevent the typical
You will want to consult with your site security
officer, your corporate security or legal office, with
HP Services or your prefered service organization,
or with a firm that specializes in erasure or data
declassification tasks. HP Services does traditionally
offer a secure disk declassification service.
03-20-2007 04:12 PM
>using INIT/ERASE ...Run it 7 times on each
>disk. After a few days ...Finished.
INIT/ERASE writes zeros (it has to so it can be used to init volumes to be put into a shadow set). That probably won't satisfy serious data erasure standards. It's fairly easy and fast to write a program which does block LOG_IO in a spiral write to hit every allocatable block on the disk with whatever you like. Even faster if you do multiple asynch streams. BUT you won't necessarily nuke ALL the data on the disk. There may be meta data, or replaced bad blocks, which the truly paranoid might consider a potential risk (of course if you actually WANT to recover the data, you often can't get it from a perfectly good disk, even without erasure attempts!)
>The best solution I suppose is to send
>the disk to a disk destruction company
How much does it cost? What about the risk of diversion? How do you know they don't just on sell them?
Might be simpler and cheaper just to bring a hammer to work so you and your colleagues to vent their cumulative frustrations against computers (you might even be able to charge a fee for the privilege ;-)
03-21-2007 01:50 AM
03-21-2007 02:22 AM
I have found a company that minces disc drives into dust. Our Audit department will verify their validity as a trusted company.