dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1203

elwoodblues
Elwood Blues
Premium Member
join:2006-08-30
Somewhere in

elwoodblues

Premium Member

Read only Hard drive

The hard drive is chock full of bad sectors, and I've managed to transfer everything off it.

WD has given me an RMA to send it back (2tB black). The drive got badly borked during a chkdsk,and I temporarily lost it.

I got it back but now it's in Read only mode (can't even delete the partition from disk manager) Try to fix it with FSUTIL, and Diskpart, but both errored out with a read only drive.

I just want to delete the partition so that WD doesn't get all the "linux distros" that are on that drive right now, when I send it back.

craig70130
Premium Member
join:2004-04-27
New Orleans, LA

craig70130

Premium Member

If they want to get to the data, deleting the partition isn't going to help any.

Download a utility like DBAN and run it from a CD or bootable flash drive and let it make numerous passes on the drive.

mattmag

join:2000-04-09
NW Illinois

mattmag to elwoodblues

to elwoodblues


I have to think WD could care less what was on an RMA'd disk when they get it back?

elwoodblues
Elwood Blues
Premium Member
join:2006-08-30
Somewhere in

elwoodblues to craig70130

Premium Member

to craig70130
I don't think anyone is going to do a low level look at the HD, I just want to eliminate the face value of it, that's all.
elwoodblues

elwoodblues to mattmag

Premium Member

to mattmag
said by mattmag:

I have to think WD could care less what was on an RMA'd disk when they get it back?

I would tend to agree, but better safe then sorry....

koitsu
MVM
join:2002-07-16
Mountain View, CA
Humax BGW320-500

koitsu to craig70130

MVM

to craig70130
said by craig70130:

Download a utility like DBAN and run it from a CD or bootable flash drive and let it make numerous passes on the drive.

Good advice -- except for the "numerous passes" part. There's no point in multiple passes (meaning there is no gain to doing such; a single pass is enough):

»www.anti-forensics.com/d ··· -enough/

The only point I slightly disagree with in the above article is to use encryption to "ensure everything is a mess". You don't need encryption for that; a random number generator will accomplish the same thing.

DBAN, by default, chooses PRNG (pseudo random number generator) as its default data source. I always change this to the zeroing method. Zeroing offers the exact same level of security as PRNG and everything else, as proven by the Great Zero Challenge:

»hardware.slashdot.org/st ··· accepted

Details (since the main site it was hosted at simply says "was never accepted" (by data recovery/forensics companies)) and results, including communication with some recovery companies:

»hostjury.com/blog/view/1 ··· accepted

The main reason I advocate zeroing the drive rather than writing random values all over it, is that writing random data over the MBR area often tends to mess up operating systems (if the disk is put into a machine that tries to read LBA 0) for quite literally no gain.
koitsu

koitsu to elwoodblues

MVM

to elwoodblues
said by elwoodblues:

said by mattmag:

I have to think WD could care less what was on an RMA'd disk when they get it back?

I would tend to agree, but better safe then sorry....

I have some idea of what hard disk manufacturers do with RMA'd drives after they get them; ones matching certain criteria (defined by the manufacturer -- we'll never know what that is) certainly end up in an analysis and forensics lab for actual review to see what went wrong. Very low level diagnostics (usually through the serial port on the drive) and sometimes physical (clean room) analysis is done. All the results are taken back and fed into some sort of centralised system which, I'm sure, can determine if there's been a high number of failures (and on a general level, of what type) within certain periods of time (i.e. "in November we had a 3% return rate for drives manufactured in Malaysia out of plant FA8, and 90% of those were all for misaligned heads. Bob, can you please find out if there were any issues with the manufacturing line at FA8 during that time?").

Post-analysis, parts (specifically pieces of a hard disk) are thoroughly tested (much more than any kind of testing you or I can do). Ones which pass tests can reliably be reused (usually in RMA replacements; for example drives that have the "Recertified" text on them). The PCB with its controller, power circuitry, cache, etc. may all be working fine -- no sense in melting that down if it's fine, right? Same goes for shells of drives -- those are cleaned and reused. Platters and heads, on the other hand, probably have a high melt-down or recycle rate. And blah blah blah... you get the idea.

The places where you send your drives to be RMA'd are not data recovery plants. Some disk manufacturers do offer data recovery, but that's done separately at the customer's request/expense. So the only way someone would be able to get your data is if:

a) Thief intercepts package during shipping (i.e. manufacturer never receives it, shipping/receiving guy steals it, etc.),

b) An employee at the RMA company (often contractors and sometimes subsidiaries), or hard disk manufacturer, actually gets their hands on the drive and "makes it disappear" before the drive actually gets logged in their system as being received,

c) An employee deep within the bowels of the company doing analysis/forensics decides to spend a few days trying to extract all the data from your drive (without anyone noticing), then proceeds to stick it all on another drive, followed by him... what, uploading the drive contents to the Internet? Reading your Email? Selling the Email addresses taken from your address book? Sure, it's possible -- but at what price? Imagine what happens if the employer catches him. He'll never work that job (for any manufacturer or contractor) again. Ever.

I think (c) is what people think of/fear the most, and it's silly. (a) is more likely, given how nonsensical shipping companies are today. I've never heard of (a) happening; if someone has a reference/case to where it has happened I would love to read an in-depth version, and I'd even be willing to reach out to the PR dept. at the manufacturer to ask for any missing details. But in all my years I've never heard of it happening.

It's more likely that a manufacturer might replace their hard disks with bricks.

craig70130
Premium Member
join:2004-04-27
New Orleans, LA

craig70130

Premium Member

A drive manufacturer is not going to do anything with a returned drive themselves. However, I don't know how they dispose of returned drives they decide not to 'fix'.

I do know first hand that many drives returned to OEM's - Dell, etc., in the past, have been sold at what could be described as garage sales for pennies on the dollar. However, my first hand knowledge is from 20+ years ago.

elwoodblues
Elwood Blues
Premium Member
join:2006-08-30
Somewhere in

elwoodblues to koitsu

Premium Member

to koitsu
There is nothing confidential or personal on that drive, just "linux distros".

Strangely enough, they sent me a new drive, not refurb/certified one.

aurgathor
join:2002-12-01
Lynnwood, WA

aurgathor to koitsu

Member

to koitsu
I think people who know that those are RMA-d drives, highly unlikely to steal them, or trying to extract data from them. Why steal a drive that could be a paperweight, and why waste time on recovering possibly worthless data?

However, there is another possibility:
d) manufacturer tests the drive -- No Problem Found, gets reboxed and resold as a refurb with all the data on it intact.
Aranarth
join:2011-11-04
Stanwood, MI

Aranarth to elwoodblues

Member

to elwoodblues
You have to check but some RMA returns only ask for the top plate of the HD case you can do what you want with the rest.

If the drive contains confidential data or is an enterprise drive this is sometimes an option.

This allows you to get a replacement drive and destroy the bad drive however you see fit.

Bill
Premium Member
join:2001-12-09

Bill to craig70130

Premium Member

to craig70130
said by craig70130:

A drive manufacturer is not going to do anything with a returned drive themselves. However, I don't know how they dispose of returned drives they decide not to 'fix'.

Drive manufacturers do look at field returns, especially on "enterprise" drives like the OP is RMA'ing. They want to figure out why drives are failing in the field, how they could potentially lessen returns on the product via a FW update, or whether it's something that'll have to go into a future product.

That said, field returns are normally going to be categorized into certain failure buckets. Often times the return can be easily categorized without digging too deeply into the drive and without having to look at any user LBAs. If for some reason the drive doesn't fall into one of the pre-existing failure buckets, then more investigation has to take place and that could involve having the drive run through one of the manufacturer's more in-depth FA tools, which could include a scan of user LBAs, but is not going to involve reconstructing the file system on the drive to where they could see your files.

If I had private/confidential information on the drive I'd wipe it first to be safe. But if the data isn't private don't worry about it.