Data Destruction HOWTO

=Get a device=

At receiving
Data destruction, when done right, takes a long time. The donor is not likely to want to hang around and wait until it's done. Therefore, we need to store the devices securely while they wait for wiping. When we receive a donation, we need to get it to Evaluation ASAP. During Eval the drive(s) need to be pulled.

From storage
Secure storage for devices needs to have its own inventory, which needs to be checked against the contents every time the storage is opened. This can be as simple as a list on the inside of the door, but we need to have it.

Currently (as of 2013-05-05) drives to be wiped are stored in a blue toolbox marked "Drives to be wiped". This toolbox should be kept locked. Whomever leads the events at FCS should hold the key for the duration of the event. Hopefully someone trustworthy at FCS can keep the key between events, otherwise we need to invent a secure way to keep the key. There is no inventory list for the contents of the box as yet (when I left all the drives had been or were being wiped) but we'll have to stick one in the box next week.

=Wipe device=

Using DBAN
http://www.dban.org/

Using wipe
http://wipe.sourceforge.net/

Using shred
https://www.gnu.org/software/coreutils/manual/html_node/shred-invocation.html

Shred is part of coreutils, and therefore should be present on most GNU/Linux installs by default (not on android, nor part of BusyBox)

It looks to me as though shred is a bit faster than DBAN, but it's hard to tell with so few trials.

Here's the command as I've been using it:

sudo shred -zvf /dev/sda

This does three randomizing passes on /dev/sda with a final pass of all zeroes. Before running shred, it's a good idea to do

lsblk -d

to list available block devices. We want to shred anything called sd[a-z]. Don't shred sr0, that's an optical drive.

NOTE that it's probably possible to glob all block devices by typing 'shred /dev/sd*'. This is a BAD IDEA for several reasons, not the least of which is that you might overwrite your live media! So, don't do it, k?

=Return device to inventory=


 * 1) Label device as wiped
 * 2) Mark as such in inventory
 * 3) Place in appropriate location