Drive Recovery

If you are reading this, which would surprise me, you probably know that I work in digital forensics. Now, that doesn't mean that I know how to recover a drive if it has physically failed. Give me the bits, and I can probably do something with it.

So I recently received a drive that, in transit (probably), had a head crash. Now, this shouldn't, in theory, happen, as the heads are physically parked (moved to a non-data area of the disk) when powered down. Who knows what happened? The disk might have not been powered down properly, or a normal fault could have happened at another time, or maybe I screwed up something.

Anyway, for the low, low price of about $2500, I'm having data recovered. I'm not going to say the name of the service until I have more info about how they work. If they are successful, I'm happy to promote them, but I don't want to say anything yet.

Ultimately, if they can recover the data, it's a surprisingly positive (or ominous, depending on who you are) sign, actually. A head crash is pretty severe when it comes to media failure.

I had a discussion with my boss the other day, leading to my statement about the HDD equivalent of Yucca Mountain. The comparison is not really fair, but here goes:

Somewhere, actually manywheres, there are thousands, tens of thousands, and more, hard drives. These hard drives have been pulled from computers in governments, corporations, and even computer manufacturers. These drives may or may not have sensitive data on them, but no one knows, or will really ever know. Because of the risk involved, they can't be disposed of properly. They contain both valuable elements (gold) and toxic elements (some of them). And no one really knows what to do with them.

There are, of course, several options:
* You could melt (slag) or grind the drive down. This is definitely the safest route, data-wise, but dangerous to be around, and expensive.
* You can physically erase each bit one or more times - this is pretty safe, as it's never been proven that you can recover much data (no given bit with much more than 50%). For old drives, this had to be done multiple times because each bit was actually quite a large space, and a more modern, precise head could potentially pull data, but newer drives (say, less than 10 years old), a single pass is sufficient. This is less safe, very time-consuming, but overall sufficient to erase a drive. If I were in a corporation, I would do this to all drives. Wiebetech makes a hard drive eraser; I'm waiting on mine, but they are one of the better manufacturers of forensic equipment, so if they say it works, I would generally trust them. I do wish they had digital displays, though, especially for problems. Old drives tend to fail.
* You can degauss the drive. This is environmentally safe, and despite dire predictions, probably safe. However, you need a moving magnetic field to do this, and it's not cheap. I've never seen this in action, nor seen a test of reliability.
* You could getting this really cool hard drive hole punch, which is what my boss recommends.

Ultimately, though, the interesting question is, can you destroy the data on hard drives cheaply, effectively, and without danger? Now, for an individual drive, this isn't an issue, but when an organization literally casts aside thousands of drives a year, it's an important issue.

NOTE: DO NOT TRY THIS AT HOME (except for DBAN)