[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y ] [Search | Home]
4Archive logo
Question about hard drive disposal
If images are not shown try to refresh the page. If you like this website, please disable any AdBlock software!

You are currently reading a thread in /g/ - Technology

Thread replies: 93
Thread images: 9
/g/, I was tasked earlier today to dispose of a hard drive, but I'm not sure if I did a good enough of a job.

I work at a hospital as an IT assistant and my boss gave me a hard drive (a maxtor one, 40gb very old) that we use on the servers but he only gave me 1 hour and a half to deal with it (seems like this was going along with a batch)

So without much time the best I could gather was getting a drill and a drill bit but by the time I managed to even get the stuff I ran out of time. The best I could do was drill a hole completely (you could see through the other side) on pic related position of the HDD

It seems the hdd had patient information that was very private and the hospital doesn't want people snooping in. It's nothing too serious, but it's definitely a concern for patients I suppose.

Question is though, would a hole on pic related's position be enough? I wanted to do at least 2 more holes in it to make sure I got through the platter, but didn't have enough time.
>>
>>52322796
do you not have a fucking killdisk app or something to write over the data to make it irrecoverable
>>
>>52322890
First thing I thought was DBAN it, but I didn't have the time to do it if I wanted to dispose of the thing

If I had more time I'd have wiped it first and then drilled through it
>>
You could have erased the data when the hdd was working using a boot program. All you needed was a bootable drive and a computer. The program basically writes random bits over and over to hide magnetic footprints.
>>
you should have done several holes or bent cracked the discs inside.
>>
>>52322796
Remove the platters, throw at the closest body of water. The corrosion will deal with any data left.
>>
>>52322916
>>52322796
Gather a bunch of old disks and use thermite to melt them down.

Cheapest and best method. Plus it's easy to make.
>>
>>52322916
The best I could do with the time I had was smash it a hammer, and drill through position on OP's picture

Could people still harvest the data even through data? Would anyone go through these lengths on old hard drives in garbage?
>>
>>52322925
>litter
Ok
>>
>>52322950
If you had information people wanted, yes they could recover most of it even if you smashed the platters.

I'm not talking about any day garbage divers either.
>>
>>52322950
well it isn't your fault if the data is recovered.

your hospital should know that there are companies that can completley destroy hard drives and the data on them.
>>
>>52322796
Should have taken a shotgun to it.
>>
>>52322967
Well I'm not sure what data the hospital had, but shouldn't be too private stuff, still somewhat worrisome though

Would a hole on OP pic's position have gone through the platter? I just tried to make it as difficult as possible so a random fag wouldn't think it was worth the hassle for a 40 gb hdd

>>52322992
Yeah and I barely had time to mess around with it. It's those cases when your boss think hard drives can be destroyed in 5 minutes without tools or anything

If I had another hour I'd be set with just using a DBAN and doing some physical damage on it so my boss wouldn't nag at me
>>
Hard drives are extremely fragile. It should not take anyone more than a minute, let alone 90 of them, to render one permanently inoperable. No tools of any kind are necessary.
>>
>>52323019
Assuming you didn't damage the read head they could just replace the circuit board and have potential success aside from some corrupted where you damaged the platter.

No easy task unless you know what you're doing considering many things can go wrong.

But really if you even were to just smash it you'd render it useless for 99.99% of people unless they had millions of dollars worth of equipment for forensic work.
>>
idiots why don't you just put it on craigslist, get rid of the drive, get rid of the date, make some money. hell maybe they wanna trade for some other hard drive.
>>
>>52323101
Dude, the hard drive was hard and sturdy as fuck. Like I'd smash it several times with a hammer and the cover of the platter wouldn't even bend.
But if they're as fragile as you say then I should be alright

>>52323112
After smashing it with a hammer several times I was still worried if the insides were damaged so I drilled through it just to make sure.
I hope it was damaged enough that no one would bother with it
>>
>>52323136
It's pretty illegal to simply sell private medical data.
>>
File: 1438828254117.jpg (49 KB, 550x535) Image search: [iqdb] [SauceNao] [Google]
1438828254117.jpg
49 KB, 550x535
>>52323153
Why didn't you just open the cover?

Open it and smash the platters themself.
>>
>>52323166
No tools
If I had a T7 screwdriver I could open it up, but didn't have either
>>
>>52323179
you could have drilled the screws out and then just used a screwdriver to pry it open.
>>
>>52323187
My drill bit didn't fit the screws and that single bit was a fucking pain to get
>>
Why you didn't extract the platter and use a grinder on it?
I alway use this method. Hard disk platters becomes dust.
>>
>>52323200
You should have actually just gone to the roof of your hospital and threw it at the building next door.
>>
So I guess it all sums up with "can't really tell pal, hope for the best"?

Shit, I hope this doesn't bite anyone in the ass.
I fucking hate my boss
>>
>>52322912
>You could have erased the data when the hdd was working using a boot program.

He only had 1 hour to do it. Not enough to erase all sectors. And that is assuming that all sectors work fine and won't end up causing stalls due to errors.

Drilling that hole was a good thing to do. It most likely cracked the discs inside, no chance in hell to recover anything after that.

>>52322916
>bent cracked the discs inside.

HDD platters don't bend like a CD/DVD. They explode into a billion pieces instead. You can still try doing it, but do it in a bucket or something so the small pieces don't end up littering your entire room. I swear I still find some of them months later.
>>
>>52323154
why you format it to fat32 before you sell it

https://www.about.com/l2format%20fuckin%20nub.aspx
>>
>>52322796
If you drilled a hole that went through the other side and got through the platter that will be pretty good

The rest will be debris of garbage getting inside the HDD and chances are it will scratch the disk and give all sorts of issues with it

No one will bother getting that unless they know for sure it's worth it. Which they don't
>>
>>52323236
You realize having windows 'format' doesn't erase any data on it from before aside from header information...
>>
You have put a hole in the disk.
I doubt the usual suspects will bother with it.
seeing as typically your back yard hacker will need a fully functioning drive and wont have the tools required to take the disk out and read it
>>
>>52323248
fat32 quick format always does the trick, scrub.

besides why the fuck do you only have an hour to destroy data, why aren't there backups of this data that you're also worrying about, and why is this a single disk that contains the data.

I don't work for a hospital but we have backups for days and months of our data and there is no single drive that we can pull that has any of the data on it, as our shit is all raided together.

also when we do decommission drives we DBAN, and physically destroy the drive, every one of them... why aren't you give the time needed to do your job correctly? Why do you care about the outcome of all of this when you have no control over it.
>>
>>52323340
The guy you're replying to isn't me by the way

But the reason I wasn't given enough time was probably because there were more hard drives that were disposed earlier one and this one was left out

Given how old it was the hospital was probably updating its systems (Maxtors are what? pre-2006?)
Reason I'm worried is Idk what kind of info it had so it really weighs on my conscience if something happened to the patients and I was to be blamed for it.

Maybe /g/ could say if what I did was good enough for your regular snooper. I hope it was.
>>
>>52323394
Oh another possible reason for not enough time is because my boss probably didn't know data in hard drives can be a bitch to get rid off

I guess he thought just letting it fall down a couple of times would do the job
>>
>>52323153
>Dude, the hard drive was hard and sturdy as fuck. Like I'd smash it several times with a hammer and the cover of the platter wouldn't even bend.
>But if they're as fragile as you say then I should be alright
Yes, it was done after the first solid hit.
>>
>>52323394
It's fine.
Only some forensics lab would be able to recover any data from the thing.
>>
>>52322796
Dude, you work in a hospital.

You presumably have access to an MRI machine.

The thing generates magnetic fields on the order of 1 Tesla (really fucking strong). Put the HDD in there and any data that was on it will be unrecoverable.

Alternatively, get sledgehammer and smash. If you had time to remove the platters a regular hammer should work just fine. The more you smash the platter the finer the fragments will become and the harder it will be to reconstruct the data.
>>
>>52323394
Why did you have an hour though, why couldn't you just hang on to it until you could do it properly? Was a boogie man coming?

Also if you drilled a hole through it, you most likely shattered the platter within, it would now take more time and energy to recover the data than it could ever be worth to anyone... 99.999999999999999999999999% impossible to get.
>>
>>52323166
>>52323360
>face book frogs
erase yourself, preferably gutmann method
>>
File: 1442687662444.jpg (22 KB, 533x477) Image search: [iqdb] [SauceNao] [Google]
1442687662444.jpg
22 KB, 533x477
>>52323467
>thinks pepe images were made on facebook


Kill yourself kid.
>>
>>52322796
Do you not have a hammer you could smash it with?
>>
>>52323465
>why did you have an hour though
see
>>52323410
That, and it was going with a batch with other hdds, so I guess my boss wanted everything together so I wouldn't be late
if I had more time I'd have used DBAN and I wouldn't be making this thread.

But thanks for everyone who replied
if I had more time I'd have used
>>
>>52323458
"so tell us again how you broke this million dollar mri machine, this time a little louder, into this microphone"
>>
>>52323458
I wouldn't do this unless you want to responsible for breaking the MRI machine.

The no metal in the room rule isn't for your safety it's for the machines safety. An MRI machine is not an inexpensive machine.
>>
>>52323458
Im sure they just let random plebs use the mri machine all the time
>>
>>52323488
So really what you're saying is that the reason you only had one hour to destroy the data is because your boss said in one hour you have to have the data destroyed. There was no audit or anything on that sort, it's just that he wanted it done. Like a boss might not have a good reason for you to show up to work on time, it's just what he wants so you have to do it.

Well I would have told that guy to eat a shit steak.
>>
>>52323179
1 x lighter
1 x scrap of plastic
or you could have melted a piece of plastic into the screw hole, let it harden for a min
hey presto, fucking plastic t7 screwdriver

i done similar things like this and it works a treat
>>
>>52323536
>Well I would have told that guy to eat a shit steak.
You have no idea how pissed I was man.
Like I had to talk with a bunch of people to get a hammer and a drill, and the guy only wanted to give me a single bit

No screwdrivers, no nothing and time was running out. It's like he thinks data in hdds is something to played with.
>>
>>52323564
what if i wanted a metal one with a nice handle?
>>
>>52323571

sorry brah 1.5hours, no time to fuck about smelting, moulding and polishing
>>
>>52323571
drill hole into metal bar
shove plastic into it
bam a screwdriver
>>
1. DBAN 5 passes
Not even god himself can recover data from that.
2. hit it with a hammer.
If you really hate it.


Before destroying it, DBAN it.
>>
>>52323458
Goddamn this made me kek, I bet you are hoping to find "Man destroys MRI machine trying to format HDD after receiving advice from 4Chan" in the newspaper weren't you?
>>
>>52323482
>face book shit
reported
>>
>>52322796
You work in a hospital, you already have HIPAA Compliant ways of disposing of data and if you don't holy fucking shit are you all retarded as fuck.

>source, I have worked in Healthcare IT for a major Hospital Network
>>
>>52323712
>animefag derailing thread as usual

Way to break multiple rules in one post.
>>
>>52323719
how would not having HIPAA Compliant ways of disposing of data make him a retard, anon?
>>
If I were OP, i'd take the hard drive home, pretend I smashed it into pieces with a hammer with a lot of fun, and checkl what kind of crusty secrets it has inside.

But OP is a faget.
>>
>>52323719
Came to post exactly this. Your boss is a fucking idiot for not disposing of hardware correctly (or at least telling you how to instead of just handing you the drive and saying "go away") and you're a fucking idiot for even posting this. Any method apart from that prescribed under HIPAA is illegal and will get your shit fucked under law.

I worked in a school and we *still* sent decom drives off to be securely shredded. Learn the correct process per the regulations you are legally obliged to follow (and fuck what your fleshwaste of a boss says, he's already demonstrated himself to be a liability) and use them to destroy the drive, or expect to get arsefucked for non compliance when someone finds out.
>>
>>52323758
Because you work in IT in a fucking Hospital and not being compliant with HIPAA can mean a multi million dollar lawsuit for a single infraction involving PHI.

It's multi million dollar kind of retarded.
>>52323771
This

Based on the all responses, /g/ is confirmed for neckbears that have never worked in an enterprise environment of any sort.
>>
>>52323758
It makes him a retard because he works in an industry where it should be pretty fucking obvious that secure data destruction via accountable methods is required, and he is too fucking stupid to make that mental connection. The dumb cunt is fucking around with a drill instead. THAT'S what makes him a retard.
>>
>>52323771
Based /g/, throw a fit in front of your boss, lose your shit, lose your job, but you don't lose dignity

Too fucking based.
>>
>>52323784
what would you do in OP's stead given the resources he had then

what you're saying is that you wouldn't do anything, and just cry that this is all wrong and get your boss fired and then take his place

you're a genius bro props to you
>>
Do we know which country OP is in?
>>
>>52323804
What I would do is look up the documentation my employer should be providing me regarding secure data destruction and follow it. If there was no such documentation, I would be climbing the managerial chain to find out why, or looking for a new role with a department that does not place me at risk of penalty because of their incompetence.

All of this you will understand once you move out of mums basement kid.
>>
>>52323777
From what I gather from OP's post, the HDD that was given to him came from a batch
We don't know what kind of hospital he operates and if the HDD he had was one that was left out

You can't, for the fuck of yourself, push the values of the industry you worked in, in the standards you worked in, to be the standards the whole world will follow

Standards that should be followed, and standards that are actually followed are two things very different. If you don't understand that much you should re-evaluate things before calling other retards.
>>
>>52323829
If it was in a machine that was EVER connected to a health network, it falls under that jurisdiction, period. Sure, it may have only ran the infoboard LCD's in the foyer, but fuck knows who has accessed it or put what on it. I have known of helldesk robots using random, low use machines as network shares on the down low, god knows what kind of rogues there are in that place if his boss is pulling this kind of shit.
>>
>>52323829
HIPAA is not a standard you just don't follow because you feel like saving 30 minutes or a couple hundred thousand dollars. It's just one of the few standards you don't fuck around with because if you do, you're looking at a lawsuit from the patient (Which they will win) auditing and fines from the government and an internal investigation that will get your ass fired faster than you can say "but.."
>>
>>52323825
idk why you're crying about other being basement kids when you're the one throwing a fit for no reason in a thread that already had OP's question answered.

i figure you should go look to do something productive instead of making clear to everyone how big your neckbeard is
>>
File: A13EDE006F.jpg (60 KB, 470x685) Image search: [iqdb] [SauceNao] [Google]
A13EDE006F.jpg
60 KB, 470x685
>>52323857
> Well fuck, he's right.
> I'll fall back on ad hominem, that's always a winner,

Here you are sweetheart, can't have that gorgeous mascara of yours running down your cheeks now can we..
>>
>>52323771
Haha, reminds me, I've retrieved and replaced the PC of a psychiatrist once, after a whole upgrade.

>mount the HDD
>files were deleted, not a format, just cleared c:/recycler/stuffs
>just launch Testdisk, retrieve a bunch of Ms-WORKS documents (well craziness is contagious) and basically every report she made, stories were kept there.
That was interesting, and I still have them, and her Dell Optiplex P4
>>
>>52323852
Are you kidding me?
Are you fucking kidding me?

We just had a major fucking hacking issue going on with that children company because they didn't follow basic standards of fucking security

Like, bottom of the barrel standards of security? I forgot the name of that company

Are you really fucking shitting me that you don't understand that standards exist but whether companies or industries properly follow is really up to them?

Can you really just go around and call people "basement dwellers" when you don't fucking understand this much?
>>
>>52323877
Let the blackmail begin anon. Start with nudes and work your way up. Even if she's a 60 year old hamplanet the lesson will be grand.
>>
>>52323887
Vtech is the name of that company, children's toys company.
>>
>>52323887
>that children company
I'm just going ask, are they related to Healthcare in any way?

Because this is a discussion regarding Healthcare security/data disposal standards.
>>
>>52323894
What kind of consequences can she face if it's ever found out she didn't securely delete the files?
>>
>>52323914
No, but that doesn't hurt the main point in the slightest.
>>
>>52323916
I'm sure whoever licensed her to practice has mandated processed around patient data security and would have penalties in place, but, in the same way as I print dox and drop them into letterboxes when I find a PC on curbside that has not been wiped/had the HDD pulled, it's a lesson in data security more than anything. I'd rather go "hey look, I just found your birth certificate on the PC you threw out, here's a link to some info on securing your data so people less honest than me don't rape your life right out from under you" than let it slide. The more we educate the plebs, the less they'll fuck with our days by doing stupid shit.
>>
>>52322796
Are you kidding?
Smash it with a fucking hammer, takes like 2 seconds.
>>
No one cares about your hospital's crusty old patents.

Your boss just wanted to feel like a secret agent for a day.
>>
>>52323978
not OP, but I wanted to ask

does smashing with a hammer works fine like that?

like, last time i put it inside a microwave i had found in a dumpster

and i really wanted to blow it up, so thats how i did and it was fine and all

but just smashing it with hammer would be enough without taking the cover out or anything?

i thought hdds were sturdier than that
>>
>>52324004
Just keep smashing until the cover comes off, then smash the fucking disks too. They will already be fucked anyway just from the frame bending them but if your paranoid there is no reason not to. It would literally takes seconds and a few good hard swings.
>>
>>52324022
This
You just gotta be careful with the flying shards that might hit your eye if you strike hard enough if you're not wearing eye protection
>>
>>52324004
2.5" HDD's tend to use use glass platters, so yeah, wailing on one of them will fuck it good and proper. a 3.5" drive, not so much.

I tend to drill a hole in the upper cover, fill the drive with acetone (non conductive) the fire it up. Acetone eats the magnetic coating off the platters leaving them bare metal, you're not getting shit off that drive.
>>
>>52323926
Yes it does. Different industries have different standards and are enforced to different degrees. Guess what, the healthcare industry get's fucked in the ass if it doesn't comply with HIPAA

VTech loses a few sales and has to put out a day one patch if they fuck something up.

The discussion is clearly based around the Healthcare industry and you're clearly autistic if you can't understand this.
>>
>>52324047
> a 3.5" drive, not so much.
You aren't hitting them hard enough manlet.
>>
>>52322942
Thermite does not melt the platters.
>>
File: 1385469443.jpg (20 KB, 259x191) Image search: [iqdb] [SauceNao] [Google]
1385469443.jpg
20 KB, 259x191
>>52324050
> Implying any amount of force will shatter an aluminium disk of metal

>>52324048
Shouldn't you be off getting your arse plunged by a sock wearing faggot?
>>
>>52324048
No. You're clearly autistic if you think every single hospital will obey standards if the one you worked in did.

That's just fucking hilarious, and VTech is an example of an industry who didn't follow basic standards of security and that will also cost them millions in prosecution

Just how many industries gets the stick and fucked for not following basic forensics?

It's really up to them to enforce it, but it's also up to them to pay the price for not doing it.
God, you're retarded. Last time I'm replying.
>>
File: 1409151834468.png (100 KB, 238x329) Image search: [iqdb] [SauceNao] [Google]
1409151834468.png
100 KB, 238x329
>>52324071
The goal isn't to break them retard, just fucking them up is enough.
You go ahead and try to recover data off that platter when it looks like it took more hits than your mom's face. Bet you $100 you wont get shit.
>>
>>52324048
>VTech loses a few sales and has to put out a day one patch if they fuck something up.
Retard.
>>
OP, if you smashed it a couple of times with a hammer and drilled a hole on the plate, you have nothing to worry about

People who savage HDDs on the trash look for ones where people just threw it away without basic knowledge of wiping it out etc.

If you put a hole in it, that makes it hard enough no one wants to bother, and if it's just a regular hdd, no one will
>>
>>52322796

So, a few things here:

#1. Devices that store ePHI (electronic Patient Health Information) have to be physically destroyed in such a manner that no remnants of the data can be recovered. Most "secure destruction" companies put them through shredders, then degauss the whole pile.
#2. There has to exist a chain of responsibility for this. A running list of who has had that drive has to be maintained, and available incase of audits. From whomever pulled it from the "server", whomever had access to where it was stored, whomever rode in the car it was in, you, your boss, etc.
#3. There has to be validatable proof of the destruction performed. Secure Destruction companies basically issue a "Certificate of destruction" for that drive/serial number to say "Shit's dead, yo" and maintain these records themselves, too.

A) What your boss asked you to do is pretty shady. Proper tools are needed for secure destruction, and he obviously did not care if you had them or not.
B) The method you performed was not secure at all. Realistically, nobody is going to pull this thing's platters, spin 'em and try to scrape up some identities to harvest. But this fantasy setting shouldn't even be given a leg to stand on for possibility.
C) Report your boss. Broker your own deal with the hospital, say you'll make things right where he didn't. Offer them a slightly less-pricey contract since it'll be you solo. Profit.
>>
>>52324084
You clearly have no idea what HIPAA is or really how important it is in the Healthcare industry if you keep on insisting that a Hospital won't follow its standards.
Thread replies: 93
Thread images: 9
Thread DB ID: 383326



[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y] [Search | Home]

[Boards: 3 / a / aco / adv / an / asp / b / biz / c / cgl / ck / cm / co / d / diy / e / fa / fit / g / gd / gif / h / hc / his / hm / hr / i / ic / int / jp / k / lgbt / lit / m / mlp / mu / n / news / o / out / p / po / pol / qa / qst / r / r9k / s / s4s / sci / soc / sp / t / tg / toy / trash / trv / tv / u / v / vg / vip /vp / vr / w / wg / wsg / wsr / x / y] [Search | Home]

All trademarks and copyrights on this page are owned by their respective parties. Images uploaded are the responsibility of the Poster. Comments are owned by the Poster.
This is a 4chan archive - all of the shown content originated from that site. This means that 4Archive shows their content, archived. If you need information for a Poster - contact them.
If a post contains personal/copyrighted/illegal content, then use the post's [Report] link! If a post is not removed within 24h contact me at [email protected] with the post's information.