However, there are a few concerns about the process. First, you make reference to filling all sectors as being know as a Secure Erase. Be careful with this term, Secure Erase is in fact a data purge protocol developed by the University of California San Diego’s Center for Magnetic recording Research which is in fact embedded in the microcode of all SATA, ATA, PATA and lap top hard drives since 2002 and as early as 1999. I appreciate that you were referring to a general term of ‘a secure erase’, but these terms can be confused.
Your process will address most accessible user data sectors, but will not protect any unencrypted data that is in locked sectors or tracks that are in the P-List or G-List (or bad block table). Yes, these sectors are flagged as bad by the drive, but there is a possibility that for sectors blocked by the G-List that during the initial write cycle, when the sector was determined as bad, that personally identifiable data may have been written to these sectors before being marked bad.
Another consideration is that neither utility will touch the Protected Service Areas of the drive. So, the Host Protected Area which can contain information will still be fully retreivable, as would any information in the DCO region of the drive.
The NIST 800-88 is an excellent resource for data destruction protocol on a wide range of storage devices. The techniques you employ would be considered CLEAR level protection, meaning that the process is susceptible to laboratory data recovery efforts. Purge level technologies such as Degaussing and Secure Erase are NOT susceptible to laboratory recovery efforts. Degaussing being the application of magnetic flux of a magnitude sufficient to cause coercion of the device media rendering the media and the drive unusable, and Secure Erase being an efficient embedded purge utility, rendering the drive reusable at the completion of the process.
Secure Erase was created at the request and with the participation of the NSA and other government agencies, and most major hard drive manufacturers as a common efficient and reliable purge technology. This technology is a standard in the ATA spec, and is present in every modern hard drive except for SCSI and SCSI derivatives. Secure Erase has limitations in that it is inhibited by many computers at the BIOS level. It is for this very reason that commercial software makers have a difficult time creating a reliable software product that benefits from Secure Erase.
The way around this has been accompished by some folks in New Hampshire at EDT who produce the Dead on Demand Digital Shredder. An appliance that delivers users the ability to insert their drives in the appliance, and using Secure Erase, purge their hard drives in less than 1/18th the time it takes to use software based overwrite technology. The next time you do a triple overwrite on a 100 Gig drive, consider whether you would prefer waiting the 8-12 hours to process or if you would rather have the drive purged and ready to re-purposed in 17-42 minutes (based on drive speed).
Unlike software based overwrite technology, Secure Erase purges all user accessible regions of hte drive including the P-List, G-List, HPA, and DCO assuring you that the entire drive is purged of any possible traces of user data. Rendering the device properly decommissioned.
If I were processing devices containing medical data, I would not want to take any chances. A simple reference to Attrition.org clearly indicates the impact of recoverable PII and is not a risk I think any one would want to bear.
Just my 2 cents.]]>