[go: up one dir, main page]

HK1128780A - Hard drive eraser - Google Patents

Hard drive eraser Download PDF

Info

Publication number
HK1128780A
HK1128780A HK09105455.8A HK09105455A HK1128780A HK 1128780 A HK1128780 A HK 1128780A HK 09105455 A HK09105455 A HK 09105455A HK 1128780 A HK1128780 A HK 1128780A
Authority
HK
Hong Kong
Prior art keywords
drive
hard disk
disk drive
erase
data
Prior art date
Application number
HK09105455.8A
Other languages
Chinese (zh)
Inventor
Jack D. Thorsen
Original Assignee
Ensconce Data Technology, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Ensconce Data Technology, Inc. filed Critical Ensconce Data Technology, Inc.
Publication of HK1128780A publication Critical patent/HK1128780A/en

Links

Description

Hard disk drive eraser
Cross Reference to Related Applications
This application claims the benefit of U.S. provisional patent application No. 60/728,320, filed on 20/10/2005, the contents of which are incorporated herein by reference.
Technical Field
The present invention relates to computer and data security, and in particular to an apparatus and method for erasing data contained on a magnetic data storage medium.
Background
Computer and data security is a significant concern for individuals, businesses, and governments. In particular, security techniques for erasing or otherwise handling electronically stored data are an increasing concern. U.S. patent application publication No. 2004/0252628 (commonly assigned to ensonce data technology, inc., and incorporated herein by reference) describes the importance of developing safe data destruction for individuals, businesses, and governments. Legislation has also pushed the importance of data security to the front end. To comply with federal regulations, companies now need to completely and reliably eliminate all sensitive data on hard disk drives before they are disposed of or reused. Specifically, the financial services modernization act (2003) (granmm-Leach-Bliley), the fair and accurate credit transaction scheme in 2003 (facect), the enterprise and criminal fraud liability scheme in 2002 (Sarbanes-Oxley), and the health insurance portability and liability scheme (HIPPA) all contain data security requirements. Regulations under these schemes set requirements for handling sensitive data in a secure manner.
In response to the increasing demand for computer and data security, a variety of techniques have been developed for erasing or destroying electronically stored data. One such development is data erasure program software, which aims to make deleted files unrecoverable and to eliminate extraneous data created and stored by many applications, particularly those involving the internet. Such software allows for running on a computer that contains a hard drive that stores information to be deleted. The software causes certain data on the hard drive to be overwritten. However, the BIOS of the computer and/or components of the hard drive itself may interfere with the software, thereby preventing a complete erasure of data on the hard drive. For example, the BIOS of the computer and/or components of the hard drive may prevent data on certain areas of the hard drive from being erased. Thus, the data is not securely erased or destroyed and can often be recovered by well-known forensic data recovery techniques.
What is needed, therefore, is a method for erasing data contained on a storage medium, such as a hard disk drive, so that it is not recoverable by known forensic data recovery techniques.
Disclosure of Invention
Embodiments provide an apparatus and method for erasing a hard disk drive. A system configurable as a self-contained and portable device includes a control device configured to support an erase module. The erase module is configured to erase the hard disk drive such that data erased from the hard disk drive is not forensically recoverable. The system also includes a user interface and at least one drive bay (bay) configured to provide communication between the hard disk drive and the control device. According to an exemplary method, a hard disk drive is erased using a low frequency. According to another aspect, a certificate is generated to certify that the hard disk drive has been erased.
Other features and embodiments will be apparent from the following detailed description and the accompanying drawings which illustrate exemplary embodiments.
Drawings
FIG. 1 is a block diagram illustrating a hard disk drive erase system according to an exemplary embodiment of the present invention;
FIG. 2 is a partial schematic view of a hard disk drive;
FIG. 3 is a flowchart illustrating a method for erasing a hard disk drive according to an exemplary embodiment of the present invention;
fig. 4 to 13 show the structural configuration of a hard disk drive erasing system according to an exemplary embodiment of the present invention.
Detailed Description
In the following detailed description, reference is made to the accompanying drawings, which form a part hereof, and in which is shown by way of illustration specific embodiments in which the invention may be practiced. In the drawings, like reference numerals refer to like elements. The embodiments illustrated are described in sufficient detail to enable those skilled in the art to practice them, and it is to be understood that other embodiments may be utilized and that structural and logical changes may be made. The described progress of the process steps is exemplary of an embodiment; however, the order of the steps is not limited to that set forth herein but may be altered except to the extent that the steps must be performed in a certain order.
FIG. 1 illustrates a hard disk drive erase system 100 according to an exemplary embodiment. System 100 is a stand-alone system that provides secure erase capability for hard disk drives. The system 100 enables a hard drive to be erased such that data selected for erasure is not forensically recoverable. The term forensically unrecoverable means that data cannot be restored by currently used techniques.
The system 100 includes a control device 120 capable of supporting software applications. For example, the apparatus 120 may be a central processing unit, a server, among others. Control device 120 supports erase module 140. Erase module 140 may be one or more computer software applications for erasing data from a storage medium. For example, module 140 may include software available from the Magnetic Recording Research Center (MRRC) located at the university of california at san diego, specifically, one software name in the software application is "HDDErase 2.0 Beta".
The control device 120 communicates with a storage device 122. The storage device may be any form of memory capable of storing electronic data. According to an exemplary embodiment of the present invention, erase module 140 causes data related to each erase procedure to be stored on storage device 122. In this manner, the system 100 maintains a record of the erase process. The stored data may include hard drive identification information such as drive serial number, drive manufacturer, drive model number, drive size; a start date/time stamp; an end date/time stamp; an erasing method; an indication of success or failure; a user initiating an erase procedure; erasing the certificate; and others.
The system 100 also includes a user interface 101, the user interface 101 enabling a user to enter information into the system 100 and retrieve information from the system 100. Preferably, the user interface 101 is a Graphical User Interface (GUI). The user interface 101 may be, for example, a display device and a keyboard or a touch screen monitor, etc.
The system also includes at least one hard drive bay 110. In the illustrated embodiment, system 100 includes a plurality of hard drive bays 110. Each bay 110 may be populated with at least one hard drive 170. Accordingly, the system 100 may support erasure of multiple hard drives 170 simultaneously. The drive bay may support at least one type of hard drive 170, but preferably supports multiple hard drive 170 types. Each bay 100 optionally includes a locking mechanism 111 and a status indicator 112 for informing the status of the hard disk drive 170 in the bay 110. Preferably, the control device 120 is in communication with the locking mechanism 111 and knows whether the locking mechanism 111 is in the locked or unlocked state. Although the status indicators 112 are shown on the drive bays 110, the status of the hard drives 170 in each bay 110 may also be displayed on the user interface 101.
Each drive bay 110 may operate independently of the other drive bays 110 and may connect individual hard disk drives 170 to the system 100 drive bay 110 and disconnect from the system 100 drive bay 110 without interfering with the operation of the other drive bays 110. Accordingly, a user may remove a hard drive 170 from the system 100 and connect the hard drive 170 to the system 100 without powering down the system 100 or interrupting the ongoing erase process.
The drive bay 110 enables communication between one or more hard drives 170 and the system 100 so that the system 100 can erase data contained on the hard drives 170. Optionally, the system 100 may be configured to enable a user to access and read the contents of a hard drive 170 located in the drive bay 110 via the user interface 101.
Each drive bay 110 includes at least one connection device, such as a port, cable, probe, or any device, mechanism, or component for establishing communication between the system 100 and the hard disk drive 170. In one embodiment, the drive bay 110 includes one or more cables 110a, such as a data cable and a power cable, connected to the hard disk drive 170. Other means and components for providing communication between the system 100 and the hard drive 170 may also be employed. The system 100 can accommodate different hard drive 170 types with different cabling requirements. In addition, the drive bay 110 may include a probe 110b, the probe 110b being attached to the hard drive 170 at a location other than a typical cable attachment location. For example, the probe 110b may be connected to inject a signal into a printed circuit board of the hard drive 170. Alternatively, the system 100 is configured to communicate with the hard drive 170 in situ (i.e., as it would be in a particular device such as a personal computer). It should be understood that the system 100 may include one or more drive bays 110 and may also be configured to connect directly to one or more hard drives 170 in situ.
Optionally, the system 100 communicates with an output device 125 for outputting information such as the status of the hard drive 170 and erase certificates, for example, by printing, emailing, or other output mechanisms. In one embodiment, the output device is a printer for printing a certificate (e.g., in the form of a label) that proves that a particular hard drive 170 has been erased. Alternatively, the output device may be integrated with the system 100.
Further alternatively, the system 100 may communicate with the Internet 151 or other computer network (not shown). The control device 120 may be configured to provide the erasure certificate and record to a remote device 150, such as a computer, and the remote device 150 may be part of a computer network controlled by a third party independent of the user of the system 100. According to one embodiment, a third party receives erase certificates from a variety of sources (e.g., from multiple systems 100) and stores the erase certificates. In this way, a third party maintains data regarding hard drive erasures, which can be easily accessed on demand.
In a conventional overwrite erase process, the read/write head writes on a portion of the hard disk drive 170. Fig. 2 is a schematic diagram of a surface of a storage portion of the hard disk drive 170. The read/write head moves over a path or track 225 as shown in FIG. 2. During the data writing process, the edges 226 of the track 225 may be magnetized to some extent, but the edges 226 may be magnetized relatively weakly than the central region of the track 225. Also, data in the margin 226 may not be completely erased by the overwrite process. Such incompletely erased data may be recovered using forensic techniques. The system 100 is able to completely erase the hard drive 170 such that data erased from the drive 170 cannot be forensically recovered. Note that the track 225 and the edge 226 are shown only schematically, and that there may be a relatively gradual, rather than abrupt, transition between the track 225 (where overwriting is sufficiently complete to render the data unrecoverable) and the edge 226 (where the data is recoverable due to incomplete overwriting).
In one embodiment, the control module 140 provides a "low frequency" overwrite of the entire hard drive 170 to be erased. This overwriting may be performed by a software program such as HDDErase 2.0 Beta software. The low frequency is the frequency of the magnetizing current provided to the write head in the hard disk drive 170 being erased. This low frequency is selected to be lower than the frequency typically used by the hard drive 170 to write data. Because of the reduced frequency, the effective overwrite area of the track 225 is widened. Preferably, the low frequency of a given drive is chosen to be low enough to increase the area of the track 225 so that no edge 226 leaves enough data to be forensically recovered, i.e., completely erase the drive 170. Such overwriting is designated to be performed a predetermined number of times to erase the drive 170. The user may select the number of overwrites or use a default selection.
The low frequency of the overwrite depends on the type of hard drive 170 to be erased. For example, for the Seagate Barracuda drive, the low frequency used is preferably between about 20Mhz and about 0Mhz, as compared to a typical frequency of about 50Mhz or higher. A frequency of 0Mhz causes driver 170 to be overwritten with a dc signal. As used in a conventional manner, the hard drive 170 will not perform a "DC scrub". In an exemplary embodiment, the erase module causes the hard drive 170 to perform a DC erase by providing a signal to the hard drive 170 through a printed circuit board (not shown) of the hard drive 170.
Optionally, the module 140 is configured to erase the hard drive 170 by a number of different methods. For example, the system may be configured to erase the hard drive 170 using the low frequency erase process described above and one or more conventional overwrite processes (e.g., a multiple overwrite process or an off-track overwrite process).
In another embodiment, the module 140 copies predetermined files from the hard drive 170 to the storage device 122, a different hard drive 170 in a different rack 110, or an external hard drive (not shown). The module 140 then completely erases the drive and replaces the predetermined copy file on the drive. The module 140 may also be configured to image (ghost, i.e., fully copy) the hard drive 170 onto a different hard drive 170. Moreover, the module 140 may also be configured to provide post-erase procedures, such as reformatting or repartitioning of the hard drive 170.
In additional embodiments, the module 140 is configured to provide a privacy preserving erase procedure that does not require reading any data on the hard drive 170 prior to the erase procedure. To this end, the module 140 writes a sector of the hard disk drive 170 with one or more flags (i.e., predetermined data). After the erase process is complete, the module 140 reads the previously marked portion of the hard drive 170 to ensure that the data is erased. The module 140 may first overwrite the drive 170, then perform an erase procedure, and then read the drive to ensure that the data has been erased. With these processes, there is no need to read the data originally contained on the hard drive 170.
In yet another embodiment, the module 140 is configured to provide a certificate that provides information about the hard drive 170 that has been erased or otherwise processed by the system 100. The certificate may include hard drive identification information such as drive serial number, drive manufacturer, drive model number, drive size; a start date/time stamp; an end date/time stamp; specifying an erasure method or process to perform (e.g., mapping, formatting, etc.); an indication of success or failure; a user initiating an erase procedure; and other information. In one aspect, the condition of the credential is that the drive bay 110 remains closed and locked throughout the erase process. The certificate may take any form (e.g., any file format, electronic form, printed form, and others).
FIG. 3A illustrates one embodiment of a process for erasing a hard drive 170 using the system 100 (FIG. 1), according to an embodiment of the present invention. It should be understood that the order of the steps described in connection with fig. 3A may be altered and additional steps may be added.
In step 201, the system 100 is activated or "booted" by a user. Upon system boot, the user is presented with a graphical user interface 101. Optionally, the user is required to enter login information using the user interface 101. It is particularly useful to require entry of login information if the use of the system 100 is limited to a particular user. Any suitable login scheme may be used, such as password, biometric recognition, voice recognition, and the like.
Upon entry of invalid login information in step 202, the user is prevented from accessing the erase module 140 in step 203. If the user enters valid login information in step 202, the user can interface with the module 140 in step 204. Multiple users may have access to the system 100 at the same time.
Using the user interface 101, a user can initiate an erase procedure, view erase records and certificates stored on the storage device 122, and manage the system 100. These processes will be described in more detail below.
At step 205, the user initiates an erase procedure. In this regard, the user 140 mounts the hard drive 170 to be erased and locks the drive bay 110 in which the hard drive 170 is mounted. Alternatively, the system 100 may be connected in situ to the hard drive 170. At step 206, the erase module 140 detects that the hard drive 170 is installed and the locking mechanism 111 is in a locked state.
The user may then select the erase method to be used by entering information into the user interface 101 in step 207. Alternatively, the user may accept a default erase method preset in the system 100. In one embodiment, the user may also choose to copy certain files from the hard drive 170 to the storage device 122 (or to a different hard drive 170 in a different bay 110) and then return them to the drive after erasure, or to image the contents of the hard drive 170 to a different hard drive 170.
Once the erase method is selected, the user initiates an erase procedure in step 208. The user may have the erase process complete or may terminate the process before completion. Upon completion or termination of the erase process (whether successful or not) in step 209, the results are stored on storage device 122.
In step 211, the user selects to receive an erase certificate. In one embodiment, the certificate is printed in the form of a label that is attached to the driver 170. Alternatively, the certificate may also be sent to a third party in electronic or other form. For example, the erase certificate may be electronically transmitted to the third party via the internet 151. The third party may be a certificate service center that will verify the certificate to prove that the hard drive 170 has been successfully or unsuccessfully erased.
In step 213, the user removes the erased hard drive 170 from the drive bay 110. If the user prints an erase certificate (e.g., in the form of a label), the user places the erase certificate on the erased hard drive 170.
In step 210, a user may manage the system 100, including all of the racks 110. The user may, for example, set or change their own password, select a default erase method for the drive bay 100, and so on. The user may also receive updates for the erase module 140.
In step 212, the user may view the record of the system 100 and erase the certificate. Optionally, the erase module 140 may be configured to enable a user to search for an erase record based on desired search criteria.
FIG. 3B illustrates a process of using the system 100 with at least first, second, and third drive bays 110-1, 110-2, 110-3 according to another embodiment of the invention. The method shown in fig. 3B is particularly useful in forensic applications. If evidence of a crime or event exists in the form of the hard drive 170 or data thereon, it is desirable to retain the hard drive 170 and any data thereon, but it is also desirable to analyze the hard drive 170 and its data without unduly disturbing the evidence while maintaining a flawless chain of custody. One solution is to copy the evidence hard drive to one or more other hard drives that are known to be free of data.
In steps 301 and 302, first and second hard disk drives 170-1, 170-2 are placed in the drive bays 110-1, 110-2, respectively. The first and second hard drives 170-1, 170-2 are erased in a secure manner to ensure that no data exists on either of the two drives 170. In step 303, the erase process is certified as described above in connection with step 211 of FIG. 3A.
In step 304, the evidence hard drive 170-3 is placed in the third drive bay 110-3. The drive is then mapped into each of the first and second drives 170-1, 170-2 in the drive bays 110-1, 110-2. That is, all data in the evidence drive is copied to each of the first and second drives 170-1, 170-2 in the drive bays 110-1, 110-2.
If desired, the drive, evidence hard drive 170-3, is erased in a secure manner in step 306. A certificate for this erasure procedure and/or image procedure may also be provided in step 307. The evidence drive, whether erased or not, can then be escrowed or returned to its owner by a suitable authority. The copied first and second drives 170 may be analyzed. Alternatively, one of the replicated hard drives 170-1, 170-2 may be stored as evidence by a suitable authority, if desired.
Although the process described above in connection with FIG. 3B includes making two copies of the hard drive 170, additional or fewer copies may be made as needed or desired.
Fig. 4-13 illustrate the structural configuration of hard disk drive erase system 100 (fig. 1) according to an exemplary embodiment of the present invention.
Referring to fig. 4, the system 100 includes a stand-alone base unit 700. The term stand-alone refers to the apparatus 700 being configured to receive or connect to the hard drive 170 to avoid impediments to data erasure, such as the BIOS of the local device, components of the hard drive itself, and so forth. For example, the apparatus 700 may house a hard drive 170 that is typically used in conjunction with different devices, such as a Personal Computer (PC), to allow functional access to data by a PC user. Alternatively, the system 700 may be connected to the hard drive 170 in situ in its local device.
This is to be distinguished from the conventional erase techniques described above, which simply load erase software onto the PC to attempt to erase data from the PC hard drive 170, which is located in the local device or is conventionally connected to enable the user to access the data stored on the hard drive. Preferably, device 700 is physically separate from the other devices. The apparatus 700 may also be physically adjacent to or physically integrated with another apparatus or device and may communicate with another device via the internet 151 or a computer network.
The base unit 700 may include drive bays 110, which drive bays 110 are accessible via an access device (e.g., door 705, opening, etc.). Alternatively, where the apparatus 700 is to be connected to an in situ hard drive 170, the one or more drive bays 110 may be connection means, such as cables, probes, or other means for providing communication between components of the apparatus 700 and the in situ hard drive 170.
The device 700 also includes a user interface 101. The hard drive 170 is placed in the apparatus 700 and connected to a connection means such as a port, cable, probe, or any device, mechanism, or component for establishing communication between the system 100 and the hard drive 170. In one embodiment, the hard drive 170 is connected such that components that interfere with data erasure of the hard drive 170 are avoided. The cable connection 110a is illustrated in fig. 5 as a connection device, but other connections, such as a probe 110b, etc., may also be used.
Fig. 5 illustrates a more complex embodiment of the system 100 including a base device 700. In the illustrated embodiment, additional racks 110 are included in the supplemental devices 805, 806. The supplemental devices 805, 806 include the drive bay 110 and means for interfacing with the base device 700 (e.g., a port, cable, or any means, mechanism, or component for establishing communication between the supplemental devices 805, 806 and the base device 700 to enable the drive bay 100 of the supplemental devices 805, 806 to communicate with the system 100). As shown in fig. 5, the supplemental apparatus may be stacked above or below the base apparatus 700 and may take the form of a drawer 805 or platform 806.
Fig. 6-10 illustrate an easy-to-carry structural embodiment of the system 100. As shown in fig. 6 and 7, the system 100 may be configured within a single portable base device 1000. Fig. 6 is a front view and a side view of the apparatus 1000, and fig. 7 is a rear view of the apparatus 1000. The base device 1000 includes an optional handle 1002 (fig. 6) for improved portability. The base device 1000 includes an interface 1156 for a power cord, whereby the base device 1000 can be connected to a power source. The base device 1000 may also include a rechargeable battery (not shown) to enable use in situations where power is not readily available.
The base device also includes a user interface 101 (fig. 6), the user interface 101 being illustrated as a touch screen interface. The user interface may also be another type of interface, such as a screen, a keyboard, and/or an audio interface. The output device 125 is an integrated label printer having a label dispenser 1125 for printing certificates in the form of labels as described above. The base unit 1000 also includes ports 1155 (fig. 7) (e.g., USB, ethernet, and telephone ports) to enable the base unit to connect to the internet and/or other base units 1000 or devices.
The apparatus 1000 also includes a drive bay 110. Each drive bay 110 includes an opening 1012 configured to receive a drive module 1100. The drive module 1100 is, in turn, configured to house the hard drive 170. Fig. 8-10 show additional views of the driver module 1100. As explained in more detail below, with the configuration of the drive bay 110 and drive module 1100 shown in fig. 6 and 8-10, no cables are required to provide a connection between the hard disk drive 170 and the system 100.
As shown in fig. 6, each drive bay 110 includes a port 1010, illustrated as a USB port, within the opening 1012. Each drive module 1110 includes a port 1110, the ports 1110 being configured to connect to the ports 1010 of the drive bays 110. Thus, each drive module 1100 can be used in an interchangeable manner in each drive bay 110. It should be understood that any suitable port or connection providing communication between the drive module 1100 and the drive bay 110 may be used.
Each drive module 1110 also includes one or more hard drive ports 1160, 1161 (FIG. 8) configured to receive the hard drives 170. Thus the system 100 can accommodate different types of hard disk drives 170 and different drive modules 1100 can have different ports 1161, 1160 suitable for different types of hard disk drives 170.
One or more ports 1160, 1161 are preferably provided on the interface board 1166. In the event that it is desired to replace the interface ports 1160, 1161 (e.g., because of damage or the need for a different port 1160, 1161 to accommodate a different type of hard disk drive), the interface board 1166 may be removed from the drive module 1100 and replaced with another interface board. This reduces costs compared to replacing the entire driver module 1100.
The drive module 1100 also includes a hard drive support portion 1120. A support (support) portion 1120 is used to secure the hard drive 170 when the hard drive 170 is connected to the drive module 1100. In the illustrated embodiment, the support portion 1120 also serves as a guide when the drive module 1100 is placed in the drive bay 110 to ensure that the drive module port 1110 is connected to the drive bay port 1010. FIG. 10 illustrates a side view of a hard disk drive 170 connected to a drive module 1100.
In the illustrated embodiment, the support portion is connected to the drive module 1100 by a hinge (hinge) 1121. Accordingly, the support portion 1120 can be in an open position (fig. 8) or in a closed position (fig. 9). When in the closed position, support portion 1120 covers and protects ports 1110, 1160, 1161 and improves portability.
Each driver module 1100 includes a latch 1111, the latch 1111 activates a locking mechanism 111 (e.g., an electromagnetic lock, etc.). As shown in fig. 6, each driver module 1100 also includes a status indicator 112. In the embodiment of FIG. 6, the status indicator comprises a color changing LED that signals the status of the hard disk drives 170 in the drive bays 110. For example, a green color may indicate that the process is complete and the hard drive 170 may be removed, while a red color may indicate that the process is in progress and the drive bay 110 should not be opened.
It should be understood that one or more drive bays 110 according to embodiments described herein may also be included in a conventional computer device. For example, a drive bay 110 including a drive module 1100 may be provided in a personal computer or other device to enable the device to accommodate multiple types of hard disk drives.
Fig. 11-13 illustrate more complex embodiments of the system 100 including the base apparatus 1000.
Fig. 11 shows the base device in communication with a laptop computer 1199 (or other personal computer device) and an external hard drive 1198 via a port 1155 (fig. 7). In this configuration, the base device 1000 functions as an external hard drive for the laptop 1199. The external hard drive 1198 may serve as a storage device 122 and/or receive data copied from the hard drives 170 within the drive bays 110.
Fig. 12 illustrates a plurality of base devices connected together in a "daisy chain" fashion via port 1155 (fig. 7). In this configuration, each apparatus 1000 may act as both a client and a host device. Also, an extension stand 1210 is connected to and in communication with the base apparatus 1000. The extension bay 1210 includes additional drive bays 110, with the drive bays 110 being operated by the base apparatus 1000 to which the extension bay 1210 is connected.
FIG. 13 illustrates a "hub-and spoke" configuration of the device 1000. In the embodiment of fig. 13, device 1000/1300 connected to multiple other devices 1000 acts as a hub to control those other devices 1000.
It should be understood that a variety of other configurations are possible including one or more devices 1000. Also, such other configurations may include an expansion chassis 1210, a laptop computer 1199 (or other personal computing device), or an external hard drive 1198.
The structural configurations illustrated in fig. 4-13 are merely examples, and other structural configurations are possible. Moreover, the processes and devices described above illustrate many preferred methods and devices that can be used and made. The above description and drawings illustrate exemplary embodiments that achieve the objects, features and advantages of the present invention. It is not intended, however, that the invention be limited strictly to the above-described and illustrated embodiments. Any modification of the present invention which comes within the spirit and scope of the following claims should be considered part of the present invention.

Claims (52)

1. An apparatus for erasing a hard disk drive, the apparatus comprising:
a control device configured to support an erase module configured to erase a hard disk drive such that data erased from the hard disk drive is not forensically recoverable;
a user interface; and
at least one drive bay configured to provide communication between a hard disk drive and the control device.
2. The device of claim 1, wherein the erase module is configured to provide a current having a lower frequency than a current used to write the data.
3. The apparatus of claim 1, wherein communication between the hard disk drive and the control device is configured such that obstructions to data erasure in the hard disk drive are avoided.
4. The apparatus of claim 1, wherein communication between the hard disk drive and the control device is provided by a cable.
5. The apparatus of claim 1, wherein the drive bay comprises:
an opening;
a first port disposed within the opening; and
a drive module having at least one second port configured to receive a hard disk drive and at least one third port connected to the first port.
6. The apparatus of claim 5, wherein the drive module further comprises a support portion configured to secure the housed hard disk drive.
7. The apparatus of claim 1, further comprising a storage device configured to store information about an erasure procedure.
8. A system for erasing a hard disk drive, the system comprising:
a control device configured to support an erase module configured to erase a hard disk drive such that data erased from the hard disk drive is not forensically recoverable;
a user interface to allow user input;
a plurality of drive bays connected to the control device, each drive bay configured to provide communication between a hard disk drive and the control device;
storage means in communication with the control unit for storing information; and
an output device in communication with the control unit for outputting information.
9. The system of claim 8, further comprising a network connection device enabling the control device to connect to a computer network.
10. The system of claim 9, wherein the network connection means enables the control means to connect to the internet.
11. The system of claim 8, wherein at least one drive bay further comprises a locking device, the locking device in communication with the control device.
12. The system of claim 8, wherein the user interface is a touch screen monitor.
13. The system of claim 8, wherein the output device is a printer.
14. The system of claim 8, wherein the plurality of drive bays are configured to be modular such that one or more drive bays can be connected to or disconnected from the control device.
15. The system of claim 8, wherein at least one drive bay includes a cable for providing communication between the hard disk drive and the control device.
16. The system of claim 8, wherein each drive bay comprises:
an opening;
a first port disposed within the opening; and
a drive module having at least one second port configured to receive a hard disk drive and at least one third port connected to the first port.
17. The system of claim 16, wherein the second port of a first drive module is configured to receive a first type of hard disk drive and the second port of a second hard disk drive module is configured to receive a second type of hard disk drive.
18. The system of claim 16, wherein the at least a second port is provided on an interface board, and wherein the interface board is removable from the driver module.
19. The system of claim 16, further comprising a plurality of locking devices, each locking device configured to lock a drive module into an opening of a respective drive bay.
20. The system of claim 16, wherein each drive module further comprises a support portion configured to secure a housed hard disk drive.
21. The system of claim 20, wherein the support portion is attached to the driver module by a hinge such that the support portion is movable between an open position and a closed position.
22. The system of claim 21, wherein the support portion covers the second and third ports when in the closed position.
23. The system of claim 8, wherein the control device, the storage device, and the plurality of drive bays are integrated into a single apparatus.
24. The system of claim 23, wherein the device is portable.
25. The system of claim 23, wherein the output device is integrated within the apparatus.
26. A computer device, comprising:
at least one drive bay comprising a first port and configured to receive a drive module; and
at least one drive module having at least one second port configured to receive a hard disk drive and at least one third port for connection to the first port.
27. The apparatus of claim 26, wherein the second port of a first drive module is configured to receive a first type of hard disk drive and the second port of a second hard disk drive module is configured to receive a second type of hard disk drive.
28. The device of claim 26, wherein the at least second port is provided on a first interface board, and wherein the first interface board is removable from the driver module.
29. The device of claim 28, wherein the drive module is configured to receive a second interface board in place of the first interface board, the second interface board including at least a fourth port configured to receive a second type of hard disk drive.
30. The apparatus of claim 26, wherein each drive module further comprises a support portion configured to secure a housed hard disk drive.
31. The apparatus of claim 30, wherein the support portion is attached to the driver module by a hinge such that the support portion is movable between an open position and a closed position.
32. The system of claim 31, wherein the support portion covers the second and third ports when in the closed position.
33. The apparatus of claim 26, wherein the drive module is removable from the drive bay.
34. A method for erasing at least one hard disk drive, the method comprising the steps of:
providing an apparatus configured to erase a hard disk drive, the apparatus comprising a plurality of drive bays, each drive bay for receiving a hard disk drive and providing communication between the hard disk drive and the apparatus;
placing a first hard disk drive to be erased in a first drive bay;
copying data from the hard disk drive;
storing the copied data; and
operating the device to perform an erase procedure to erase data from the first hard drive such that the data is forensically unrecoverable.
35. The method of claim 34, further comprising operating the device to rewrite the copied data to the first hard disk drive after the erase process.
36. The method of claim 34, further comprising placing a second hard disk drive in a second drive bay, wherein the copied data is stored to the second hard disk drive.
37. The method of claim 36, further comprising operating the device to perform an erase procedure to erase data from the second hard drive prior to storing the copied data.
38. The method of claim 34, wherein the apparatus further comprises a storage device, and further comprising operating the apparatus to store information about the erasure procedure in the storage device, the stored information including at least one of the set of: drive serial number, drive manufacturer, drive model, drive size, start date/time stamp, end date/time stamp, erase method, indication of success or failure, and the user who initiated the erase process.
39. The method of claim 34, wherein the apparatus further comprises an output device, and wherein the method further comprises operating the output device to output a certificate containing information about the erasure procedure, the certificate information including at least one of the set of: drive serial number, drive manufacturer, drive model, drive size, start date/time stamp, end date/time stamp, erase method, indication of success or failure, and the user who initiated the erase process.
40. A method for erasing at least one hard disk drive, the method comprising the steps of:
providing an apparatus configured to erase a hard disk drive, the apparatus comprising storage means, output means and at least one drive bay for providing communication between a hard disk drive and the apparatus;
placing a first hard disk drive in a first drive bay;
operating the device to perform a first erase procedure to erase data from the first hard drive; and
storing information about the first erasure procedure to the storage device, the stored information including at least one from the set of: drive serial number, drive manufacturer, drive model, drive size, start date/time stamp, end date/time stamp, erase method, indication of success or failure, and the user who initiated the erase process.
41. The method of claim 40, wherein the apparatus further comprises an output device, and wherein the method further comprises operating the output device to output a certificate containing information about the first erasure procedure, the certificate information including at least one of the set of: drive serial number, drive manufacturer, drive model, drive size, start date/time stamp, end date/time stamp, erase method, indication of success or failure, and the user who initiated the erase process.
42. The method of claim 40, wherein performing the first erase procedure comprises overwriting data to be erased using a current having a lower frequency than a current used to write the data.
43. The method of claim 40, wherein the step of placing the first hard drive in the first drive bay comprises providing communication between the hard drive and the device such that obstructions to data erasure in the hard drive are avoided.
44. The method of claim 40, further comprising locking the first hard disk drive within the first drive bay using a locking device.
45. The method of claim 40, further comprising detecting a locked or unlocked state of the locking device.
46. The method of claim 45, wherein the erase procedure is indicated as failed if the detected state of the lockout device is unlocked during the first erase procedure.
47. The method of claim 40, wherein the first erase procedure renders erased data non-forensically recoverable.
48. The method of claim 40, wherein the step of performing the first erase procedure comprises performing a predetermined number of overwrites.
49. The method of claim 40, further comprising placing a second hard disk drive in a second drive bay,
50. the method of claim 40, further comprising performing a second erase procedure at least partially concurrently with performing the first erase procedure.
51. The method of claim 40, wherein the first erase procedure comprises:
(a) the first hard disk drive is overwritten,
(b) erasing all data from the first hard disk drive such that the erased data is not forensically recoverable, an
(c) Confirming that the data has been erased by reading at least a portion of the first hard disk drive, wherein (a), (b), and (c) are performed sequentially.
52. The method of claim 40, wherein the first erase procedure comprises:
(a) writing predetermined data to portions of the first hard disk drive,
(b) erasing all data from the first hard disk drive such that the erased data is not forensically recoverable, an
(c) Confirming that the data has been erased by reading only the portions of the first hard disk drive that were written at (a), wherein (a), (b), and (c) are performed sequentially.
HK09105455.8A 2005-10-20 2006-10-19 Hard drive eraser HK1128780A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US60/728,320 2005-10-20

Publications (1)

Publication Number Publication Date
HK1128780A true HK1128780A (en) 2009-11-06

Family

ID=

Similar Documents

Publication Publication Date Title
US20120303920A1 (en) Hard drive eraser
US9244627B2 (en) Secure data erasure system for erasing a plurality of data storage devices
US7124301B1 (en) Data protection method for a removable storage medium and a storage device using the same
Kissel et al. Guidelines for media sanitization
US6954753B1 (en) Transparent electronic safety deposit box
US20040243734A1 (en) Information processing apparatus, method of controlling the same, control program, and storage medium
CN101341493B (en) Computer Data Management Method
US8429207B2 (en) Methods for implementation of information audit trail tracking and reporting in a storage system
US7519763B2 (en) Apparatus, system, and method for deliberately preventing unauthorized access to data stored in a non-volatile memory device
US9223515B2 (en) Devices and methods for device-mapping connectivity hub
US20190004717A1 (en) System and method for providing a secure airborne network-attached storage node
US8601123B2 (en) Media management method for a media processing device
Steel Windows forensics: The field guide for conducting corporate computer investigations
US20060087760A1 (en) Simple method of protecting customer data on hard drives returned from the field
Hughes et al. Tutorial on disk drive data sanitization
HK1128780A (en) Hard drive eraser
EP1806746A2 (en) Disk unit, magnetic disk unit and information storage unit
US20090157857A1 (en) Data Management Method and Data Management System Using an External Recording Medium Writing Device
KR200291274Y1 (en) Data storage system of Auto teller machine using RAID
JPH036639A (en) Storage system, file control system, and operating system and information processor adopting the same operating system
JPH08203257A (en) Card type hard disk device and information processing apparatus using the same
Nikkel Forensic acquisition and analysis of magnetic tapes
JP2000020793A (en) Automatic transaction device and log file recording method
JP2004013327A (en) Information processing apparatus and information processing method
Orvis CIAC-2325