HPE Community
Operating System - HP-UX
1819763 Members
3336 Online
109606 Solutions
New Discussion юеВ

Data removal

 
SOLVED
Go to solution
jerry1
Super Advisor

тАО01-19-2004 03:50 AM

тАО01-19-2004 03:50 AM

Data removal

If you needed to completely wipe the data
from disks and prove that it was. What would you use or how would you really make sure and prove it was really removed. An rm does no literally remove all the bits. Just the link to the data as I understand it.

These are EMC arrays using LVM. Argument has
it that if you remove the lun then there is
no way to find the contiguous data.
0 Kudos
Reply
16 REPLIES 16
Todd McDaniel_1
Honored Contributor

тАО01-19-2004 03:53 AM

тАО01-19-2004 03:53 AM

Solution

Re: Data removal

IF you can dd using the /dev/zero file to the device that will wipe out any bytes of leftovers...

Just do it a few times...

Also there is a /dev/random that you can use to randomize the overwriting.
Unix, the other white meat.
Reply
Fabio Ettore
Honored Contributor

тАО01-19-2004 03:54 AM

тАО01-19-2004 03:54 AM

Re: Data removal

Hi,

if you are using LVM on EMC then you can execute lvremove of logical volumes.

# lvremove /dev/vgXX/lvolX

It will ask you if you are sure to delete it; answer yes and you should remove data completely.

Best regards,
Ettore
WISH? IMPROVEMENT!
Reply
Chris Wilshaw
Honored Contributor

тАО01-19-2004 03:55 AM

тАО01-19-2004 03:55 AM

Re: Data removal

To wipe the disk at the unix level, use

dd if=/dev/zero of=/dev/rdsk/DEVICE bs=1024k

However, this can take a long time depending on the size of the disks.
Reply
Todd McDaniel_1
Honored Contributor

тАО01-19-2004 03:56 AM

тАО01-19-2004 03:56 AM

Re: Data removal

Here is a link to the just released supported version of /dev/random...

http://www.software.hp.com/cgi-bin/swdepot_parser.cgi/cgi/displayProductInfo.pl?productNumber=KRNG11I

enjoy!!
Unix, the other white meat.
Reply
Jeff Schussele
Honored Contributor

тАО01-19-2004 03:57 AM

тАО01-19-2004 03:57 AM

Re: Data removal

Hi Jerry,

Although the only "sure" way to prevent data recapture on hard disks is to smash & burn 'em, see this thread which explains how to write multiple passes of ones & zeros:

http://forums1.itrc.hp.com/service/forums/questionanswer.do?threadId=201988

HTH,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Reply
Bill Hassell
Honored Contributor

тАО01-19-2004 05:52 AM

тАО01-19-2004 05:52 AM

Re: Data removal

Just how complete do you want the removal to be? Using dd to copy zeros, or a large file like vmunix, can wipe out the directory structure, but the raw data is still there. There is no way to create any links as all files and inodes are gone. However, a determined hacker might be able to recognize certain data patterns with prior knowledge. The rm command simply removes the entry in the directory and the inode. A scan of the disk could still find the data. Running dd across the entire disk using /dev/zero will wipe out all the data but with unlimited resources, residual magnetism could be analyzed and several erasures recovered. However, you'll need a CIA type budget for the equipment and the detailed knowledge of the filesystems and VLM layout design to interpret the results.


Bill Hassell, sysadmin
Reply
Michael Schulte zur Sur
Honored Contributor

тАО01-19-2004 07:17 AM

тАО01-19-2004 07:17 AM

Re: Data removal

Hi,

because of those guys with extraordinary technics, it is not enough to do it once. I wonder, if writing ones wouldn't be better than writing zeros. If you don't need the disk again, you might open it, start it and use a strong magnet on it or drop it in a volcano. ;-)

Michael
Reply
Bill Hassell
Honored Contributor

тАО01-19-2004 07:49 AM

тАО01-19-2004 07:49 AM

Re: Data removal

ones or zeros don't represent better or worse patterns. The reason is that on disk, the data is recorded as amplitude and position changes and while the pattern for all zeros or all ones might seem simple, there are several changes occuring on the disk surface, so the underlying pattern is completely invisible to normal disk drives. The money-is-no-object sleuths will remove all the electronics and replace it with very sophisticated analog read heads, sometimes with multiple read heads per track to look at the borders of each track. All this analog data is fed into analyzers that can subtract out the strongest signal and amplify the residual signal. Repeat as needed until the magnetic noise on the disk is the same as the residual.

So the technique depends on your level of paranoia (or government or business regulations). Current technology says that 15 to 20 rewrites of random data will eliminate all recoverable data. However, as stated before, a hammer does the job in a lot less time.


Bill Hassell, sysadmin
Reply
Chris Vail
Honored Contributor

тАО01-19-2004 07:56 AM

тАО01-19-2004 07:56 AM

Re: Data removal

To truly and irrecoverably destroy your data, I suggest removing the disk physically from your computer, and mounting in on an M$DOS or Windows system, then using the Norton Disk Utilities--they have a wipedisk command that will truly and absolutely destroy the data on the disk--to DOD specs and beyond. It can then be remounted to your HPUX system and re-initialized as you will.

Good Luck
Chris
Reply
G. Vrijhoeven
Honored Contributor

тАО01-19-2004 08:00 AM

тАО01-19-2004 08:00 AM

Re: Data removal

Hi,

Besides the UNIX command there it must be possible to let the EMC engineer wipe out the data. This will safe you the time and responcebility.

Gideon

PS the hammer methode sounds like a good anti RSI method!
Reply
jerry1
Super Advisor

тАО01-19-2004 08:10 AM

тАО01-19-2004 08:10 AM

Re: Data removal

Most of you are assuming one disk. Since this is an array utilizing several disks, ~$50,000 worth, the hammer method would not be a good idea. Since striping is involved
in this volume group. Removing the lun
would make sense. Since all the bits are
scattered across multiple disks. Once the
lun is removed there would be no way to
reconstruct the data as I understand it.




0 Kudos
Reply
Chris Watkins_1
Respected Contributor

тАО01-19-2004 08:12 AM

тАО01-19-2004 08:12 AM

Re: Data removal

Jerry,
unfortunately, proving that a thing "doesn't" exist
is a bit difficult. If it's a "must do" sort of thing, then you may
want to invest in a blowtorch. melting the platters is fun anyhow ;-)


Total destruction is the only "absolute" method of
proving that data on the disks can't ever be recovered.
If they can't take what's acceptable as "best practice",
then "total destruction" is your only out, in my opinion.

Not without 2 backups and an Ignite image!
Reply
Jeff Schussele
Honored Contributor

тАО01-19-2004 08:18 AM

тАО01-19-2004 08:18 AM

Re: Data removal

Hi Jerry,

Never say never I always say. The sensitivity of the data will dictate the methods required.
I think if you run several dozen iterations of overwrites with alternating ones & zeros (random data would be better) & THEN removed the LUNs - you'll be safe from all but the most determined "data thiefs" with unlimited budgets.

And to Chris V - A sage piece of advice my friend - Don't believe everything you read. I'll bet even Peter would tell you to take what the marketeer-type would tell you with a grain of salt.

Rgds.
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Reply
Chris Vail
Honored Contributor

тАО01-19-2004 08:55 AM

тАО01-19-2004 08:55 AM

Re: Data removal

To Jeff S:

REALLY????? I've TRIED to get data back after Norton's Wipedisk did its thing.....the Data Address Marks were gone--no way to tell where the sectors began and/or ended. It required a low-level format before the disk was usable again.
Of course, this was years ago, and it was the DOS version of Norton.

Whatever it did: it took a long time to do it. Of course, this was back when we thought 512MB was a huge hard disk, but then I'm dating myself.......


Chris
Reply
Jeff Schussele
Honored Contributor

тАО01-19-2004 09:09 AM

тАО01-19-2004 09:09 AM

Re: Data removal

Hi Chris,

Well - it'll work fine for that drive with it's current head/track alignment. But if the platters were pulled out, specialized equipment could scan either/both "sides" of the track(s) and still retrieve the data.
That's basically how all the data retrieval companies do it. In clean rooms with expensive equipment.
It all boils down to just how sensitive the data is & how determined & well-funded those in pursuit of said data are.

Rgds,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
Reply
Chris Vail
Honored Contributor

тАО01-19-2004 09:35 AM

тАО01-19-2004 09:35 AM

Re: Data removal

To Jeff S.

It was my understanding of the WipeDisk utilities that they actually seized control of the head stepper motor, and caused it to act in an almost analog fasion as it wrote the random data out to the disk. Otherwise, it could not have passed DOD certification.

And anyway, the last hard drive I sent to a clean room to get its data recovered was a MFM drive (circa 1985). When they cracked the case, this fine powder poured out--powder that used to be the magnetic coating of the platter. Now THAT is irrecoverable.....


Chris
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.