Announcement

Collapse
No announcement yet.

Selling RAID5 drives - do I need to wipe them?

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • Selling RAID5 drives - do I need to wipe them?

    Hi all

    I've decommissioned a 4-drive RAID5 array (hardware - Intel ICH9R). As data is split across drives, do I need to wipe them before sellign them (e.g. eBay) ? In other words, could somebody purchase one drive from me and be able to access any of my data? Or is it all completely unrecoverable from a single drive?

    I know a wipe is best-practise but there's four drives and the estimated completion time for the first one is another 22 hours......

    Many thanks,



    Jim

  • #2
    Re: Selling RAID5 drives - do I need to wipe them?

    IMHO yes, as parts of files may be forensically recoverable, as well as (IIRC) entire small files which do not go over one block. Also someone could buy all 4 drives

    Put it this way, is the time (5 mins to start the wipe for each drive, then do other things) worth more than the damage someone could do IF they got the data.
    Tom Jones
    MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
    PhD, MSc, FIAP, MIITT
    IT Trainer / Consultant
    Ossian Ltd
    Scotland

    ** Remember to give credit where credit is due and leave reputation points where appropriate **

    Comment


    • #3
      Re: Selling RAID5 drives - do I need to wipe them?

      Originally posted by jimwillsher View Post
      I know a wipe is best-practise but there's four drives and the estimated completion time for the first one is another 22 hours......
      Yes! You can be fined, or go to jail in most counties for selling Hard Drives with other peoples personal infomation on them.

      Although the data might be sread out over 4 drives, it is still possible to get a large number of bits in a row (At lest 1 Cluster I believe), and depending on the cluster size, but that could be 200-300 credit card numbers.... or the enough IP data to map your network.

      If your company can not wait 22 hours per Drive (Wow, they must be massive or really really slow (or are you doing 100 passes?)) put all 4 in the dish washer (NOT a joke). Losing 4 hard drives is much better then your company being sued for not complining with national privacy policies (at lest in the USA, Austrlia, GB, Euro, Japan and most other countrys that have any type of national poiclies). It is a VERY common practise for data miners to buy old hard drives from large companys hoping to find something.

      Save yourself 3-5 years, and spend the 22 horus nuking the drives.

      Wofen
      Good to be back....

      Comment

      Working...
      X