MacInTouch Amazon link...

drive security and recycling

Channels
Security

Ric Ford

MacInTouch
I'm working with a client's old iMac with a very bad and very old internal drive, which has all their data and files on it. The drive is not accessible in the closed iMac design, but I can get some access via FireWire Target Disk Mode... while the thing is working, which is off and on. They have a backup drive with a recent backup. So the problem is how to secure the internal drive, so the computer can be safely recycled.

There are several options for this, but there are also problems due to the flakiness of the drive, which has it often dismounting unexpectedly and/or hanging the computer it's attached to (via Target Disk Mode). But one option seems particularly useful: encrypting the drive with FileVault.

The great thing about this is that it's an on-going, background process, and if the drive drops out, a reboot hopefully will bring it back and allow the encryption process to continue. The other beauty of the approach is that it secures the person's data while preserving it, so in this case, if the backup drive had problems, there would still be the possibility of recovering data from the main drive, yet it would still be safe to recycle.

diskutil corestorage list very helpfully shows the status of the encryption process, including current Conversion Progress in percent. Activity Monitor shows that CPU usage is hardly anything at all (on a 2011 MacBook Pro 13"). For tracking progress, this command-line combination can be useful:
date; diskutil cs list | grep 'Conversion Progress'

Additional notes:
  • It seems that the drive needs to be mounted, not offline, for conversion to continue.
  • Conversion is paused in Recovery mode.
  • I'm seeing conversion speeds well under 1 GB/min. for a very old hard drive connected via FireWire.
 


I'm working with a client's old iMac with a very bad and very old internal drive, which has all their data and files on it. The drive is not accessible in the closed iMac design, but I can get some access via FireWire Target Disk Mode... while the thing is working, which is off and on. They have a backup drive with a recent backup. So the problem is how to secure the internal drive, so the computer can be safely recycled.

There are several options for this, but there are also problems due to the flakiness of the drive, which has it often dismounting unexpectedly and/or hanging the computer it's attached to (via Target Disk Mode). But one option seems particularly useful: encrypting the drive with FileVault.

The great thing about this is that it's an on-going, background process, and if the drive drops out, a reboot hopefully will bring it back and allow the encryption process to continue. The other beauty of the approach is that it secures the person's data while preserving it, so in this case, if the backup drive had problems, there would still be the possibility of recovering data from the main drive, yet it would still be safe to recycle.

diskutil corestorage list very helpfully shows the status of the encryption process, including current Conversion Progress in percent. Activity Monitor shows that CPU usage is hardly anything at all (on a 2011 MacBook Pro 13"). For tracking progress, this command-line combination can be useful:
date; diskutil cs list | grep 'Conversion Progress'

Additional notes:
  • It seems that the drive needs to be mounted, not offline, for conversion to continue.
  • Conversion is paused in Recovery mode.
  • I'm seeing conversion speeds well under 1 GB/min. for a very old hard drive connected via FireWire.
Seems like a lot of work for a Mac that's going to be recycled.

Extract and smash the drives, if the Mac's already destined for the recycle center and the drive's unreliable.

Had two old iMacs that wouldn't boot and smelled of electrical fire. My experience trying to follow instructions to non-destructively open wasn't. Old clips and hardened glue didn't release; after forcing entry, I did retrieve the HDDs which still work and will boot a Mac through an external USB drive connector. Gave everything but the drives to a third party Mac shop for possible parts re-use (the 20" screens were still bright and crisp).

Once outside the old iMac, the drive might even work OK. Attach it to a Mac with a version of Disk Utility before "Secure Erase" was removed, and run a multiple pass "Secure Erase?" Though to be certain the drive's not recoverable, the drill press followed by a sledge hammer is the better technique.
 


Ric Ford

MacInTouch
Seems like a lot of work for a Mac that's going to be recycled.
Honestly, it's less work for me at the moment to leave a couple of computers working away for a bunch of hours than it is to try to mechanically open Apple's locked-shut iMac.
Extract and smash the drives, if the Mac's already destined for the recycle center and the drive's unreliable.
So... one point was that I can secure the drive (if it's accessible to macOS) by encrypting it, while still preserving its contents in case the backup drive (Time Machine) has a problem and this is our last hope for recovering important information.
 


Honestly, it's less work for me at the moment to leave a couple of computers working away for a bunch of hours than it is to try to mechanically open Apple's locked-shut iMac.

So... one point was that I can secure the drive (if it's accessible to macOS) by encrypting it, while still preserving its contents in case the backup drive (Time Machine) has a problem and this is our last hope for recovering important information.
A reminder of the discussion of passwords in the drawer vs. an encrypted password manager. In real life, what are the odds a bad guy would find and mount the unencrypted bare drive?

As to breaking into iMacs, if you don't have hope the corpse is worth saving, it's short work on the old white polycarbs, new metal putty knife or wood chisel helpful. From iFixit guides, the aluminum models may be even easier, no chisel needed. Then its extracted hard disk drive may mount better, freed of possible problems on the old Mac itself. Store the old drive and and its fresh clone in that drawer and their log-in credentials on a firmly affixed sticky note... or for real security, there's that safe deposit box.

Just a different approach. Looking forward to your report on how what you're doing goes.
 


Ric Ford

MacInTouch
In real life, what are the odds a bad guy would find and mount the unencrypted bare drive?
We were talking about recycling the whole Apple-sealed-shut iMac (with the old, bad drive in it, containing all their files and personal information). But, sure, when I recycle my Power Mac G5, I'll just remove the drive.
As to breaking into iMacs, if you don't have hope the corpse is worth saving, it's short work on the old white polycarbs, new metal putty knife or wood chisel helpful. From iFixit guides, the aluminum models may be even easier, no chisel needed.
I actually went to iFixit, but their disassembly guides didn't seem to match up with this particular iMac, which is very old but aluminum... and I got tired of trying to sort the mess out.
 


Ric Ford

MacInTouch
[FileVault] conversion is paused in Recovery mode.
However, it seems that you can do diskutil zeroDisk from Recovery mode, which may be the only way to secure a drive if FileVault encryption is failing for any reason.

Another good way to secure a drive is by using SoftRAID's Cerfify feature, which writes random patterns to the drive (then reads them back and compares to check drive integrity).
 


However, it seems that you can do diskutil zeroDisk from Recovery mode, which may be the only way to secure a drive if FileVault encryption is failing for any reason.

Another good way to secure a drive is by using SoftRAID's Cerfify feature, which writes random patterns to the drive (then reads them back and compares to check drive integrity).
hdparm (in Linux, or macOS with Homebrew or MacPorts installed) can securely erase just about anything (USB probably requires UASP).

I usually use the Gentoo Linux-based SystemRescueCD, which, with docache as a boot option, loads entirely in RAM.
 


hdparm (in Linux, or macOS with Homebrew or MacPorts installed) can securely erase just about anything (USB probably requires UASP). I usually use the Gentoo Linux-based SystemRescueCD, which, with docache as a boot option, loads entirely in RAM.
This blog post mentions and links to Parted Magic, which provides a GUI interface for both both SATA and NVMe SSD Secure Erase, as well as Secure Erase for hard disk drives. It will process HFS and HFS+. (Systems with the T2 and APFS, not so much?)
OWC's Rocket Yard Blog said:
How to Securely Erase an SSD Without Damaging the Drive
To make matters worse, at least from a security standpoint, even after overwriting data on an SSD, it’s possible that some of the original information is still present on the drive.

The problem for Mac users is that, for the most part, none of the utilities produced by SSD manufacturers that support Secure Erase Unit, or Format NVM, are able to run natively on a Mac. This leaves us to either create a Live Linux distribution on a flash drive, in order to run a Linux-based SSD utility from the SSD manufacturer (if available), or to use a bootable Windows partitioning and formatting utility that supports the secure erase feature in order to sanitize our SSDs.
 


Ric Ford

MacInTouch
This blog post mentions and links to Parted Magic, which provides a GUI interface for both both SATA and NVMe SSD Secure Erase, as well as Secure Erase for hard disk drives. It will process HFS and HFS+. Systems with the T2 and APFS, not so much?
As noted previously, I've been able to boot Linux on the new Mac Mini but not access its internal drive at all from Linux, let alone any APFS (or other) partitions on it.
 


That may be less effective than you think. I once tried scrambling an 800K Mac floppy disk with a very large magnet. To my astonishment, it still worked. I was thinking a blowtorch might work on the Apple Card (but haven't tried it).
... I use my handy drill on hard drives I'm tossing. I drive a bit through the hard drive several times. If I'm feeling frustrated, I may augment with a hammer for stress relief! I don't think even the NSA could recover these things. The same would work on a flimsy credit card.

FYI, if you have the older 3.5-inch hard drives that are held together with screws, there are some great flat magnets inside those suckers, handy around the house.
 



Be careful, because some drive platters are made of glass. I found this out the hard way when I tried to bend one from a 2.5-inch drive, thinking it was aluminum. Big mistake.
All 2.5" drives I've encountered in well over a decade use glass platters. I've only run into one 3.5" drive that used glass platters. When I tried to bend the platters to destroy the data, it shattered all over my apartment. Years later I occasionally find a shard of glass.

The trick to destroying the glass platters is to use duct tape. Make sure all the glass is covered by duct tape. Start flexing it with a little force and increase until it breaks. If you're worried, wear leather gloves.

[Warning: We recommend not trying to break glass platters in any way at all! —MacInTouch.]

For metal platters, I use two pairs of pliers to bend them. Flattening them enough to get data off would be nearly impossible.

I like to take the drives apart for recycling and to get the magnets. The ones glued to a flat mounting bracket make the best refrigerator magnets. For over a decade I've been meaning to try various solvents to see if I can dissolve the glue. The magnets are brittle; prying them off will usually break them.
 


Be careful, because some drive platters are made of glass. I found this out the hard way when I tried to bend one from a 2.5-inch drive, thinking it was aluminum. Big mistake.
Good warning.

My practice with retired hard drives that work is to store them securely. I recently pulled out some IDE drives from the mid-1990's with data dating back to the mid-1980's, fired them up, and backed up the old data to our new Synology. LibreOffice retrieved most of the old spreadsheet files; Quicken 2004 for Windows (running in Wine on Linux) was able to convert and read old data that had migrated from older versions of Quicken through Quicken 98.

Had a set of Windows drives infested with root kits. After stripping accessible electronics, those went to the big drill press in the shop, which drills right through the unopened case (though that's supposed to be done only when wearing OSHA approved safety gear...).

If it's necessary to cut up a "metal" credit card a tin snip should do the job. The example linked is kinda' costly for cutting up a credit card. Perhaps visit a maker space? A hardware store might let you try one on your little credit card.

Then, "titanium" may be just more Apple "reality distortion?"
YouTube said:
 


That may be less effective than you think. I once tried scrambling an 800K Mac floppy disk with a very large magnet. To my astonishment, it still worked.
To erase magnetic media, you need a magnetic field stronger than the field strength needed to flip bits (the media's "coercivity"). In general, higher density media has higher coercivity, since that is needed to pack more bits into a given area of disk surface.

This is why bulk media erasers usually consist of a very powerful electromagnet that generates an alternating field - in order to randomly scramble all of the bits. It is also why bulk erasers for one type of media (e.g. double-density 5.25" disks or audio cassettes) may not work on media with higher coercivity (e.g. 1.44MB 3.5" disks or VHS tapes). It is also why erasers meant for floppy disks and VHS tape probably won't be sufficient to erase a hard drive's platters (especially if they're still mounted in the drive's enclosure).

Degaussers with magnets powerful enough to erase a hard drive are not cheap. For example:
It should be noted (for those who were unaware) that once you degauss a hard drive, it can not be reformatted for use as a blank drive. All modern hard drives have servo motors for head positioning, and they rely on factory-written data to know where to put the heads - this head-positioning data gets wiped along with everything else when it is degaussed and can not be rewritten without specialized equipment (that was used when the drive was manufactured). Floppy disks, tape and very old hard drives (that use stepper motors), on the other hand, can usually be reformatted (or low-level formatted, in the case of hard drives) after degaussing.
... I use my handy drill on hard drives I'm tossing. I drive a bit through the hard drive several times. If I'm feeling frustrated, I may augment with a hammer for stress relief! I don't think even the NSA could recover these things.
That will certainly make the drive inoperable. If the drive had metal platters, then I suspect a data recovery service (probably one that charges a lot of money) could still read data from all of the surface area that remains after the drilling. If the drive wasn't encrypted, you might be able to recover quite a lot more than you suspect. (Of course, if it had glass platters, then the drill probably shattered it, leaving nothing to recover from.)

If you're willing to disassemble the drive and remove the platters, the easiest way to destroy data on metal platters would be to just abrade the magnetic material from the surface. A few minutes of scrubbing in the sink with steel wool or coarse sandpaper would probably do the job just fine.

Of course, if you need to destroy a lot of drives, you may prefer to buy a hard drive crusher instead.
 


To erase magnetic media, you need a magnetic field stronger than the field strength needed to flip bits (the media's "coercivity"). ... If you're willing to disassemble the drive and remove the platters, the easiest way to destroy data on metal platters would be to just abrade the magnetic material from the surface. A few minutes of scrubbing in the sink with steel wool or coarse sandpaper would probably do the job just fine.
I use a bench grinder.
 



... Of course, if you need to destroy a lot of drives, you may prefer to buy a hard drive crusher instead.
If I may add: Garner makes some products that I had used at an institution. There are also products to crush iPhones/iPads with minimum harm to user (enclosed, containment).

I've 20lb of magnets (rare earth) that I salvaged from hundreds of hard drives. I will state that almost all 2.5" hard disk drives use glass platters. Larger diameter pletters can be drilled with a drill press, if handy. But there is some irony in that older hard disk drives are worth money to some data recovery firms: the controllers, platters, motors and head assemblies could be reused as slave parts. Now, newer hard disk drives have encrypted chips onboard, making it harder for non-OEM recovery (hence why you see companies like Seagate, WD and others offer data recovery... they wrote the firmwarem so they can get to the data).

Oh, I would not use a grinder, because the fine particulates are dangerous. I've had coatings of the platters come off and stick to my fingers like microscopic glitter... hey, here's your data bits!
 


...Of course, if you need to destroy a lot of drives, you may prefer to buy a hard drive crusher instead.
Once upon a time I used a drill to destroy old hard drives. Effective, but time consuming and dulled my drill bits rather quickly. These days I use a hand sledge hammer. It's definitely as effective and quick as David's hard drive crusher and only costs about $30 instead of $4500. (If you don't already own a hand sledge, you may be amazed at how diversely useful this decidedly low-tech tool can be.)

The quickest approach is to just whack the drive several times on a hard surface, say a cement floor or driveway. Set it circuit-board-side down and metal lid up. Let the blows land on the lid favoring the edge of the hammer so you get a bigger, deeper dent in the case. Glass disks will shatter (but inside the case), and metal disks will be bent such that only the CIA will be able to retrieve any data. If you want a result like the hard drive crusher, put a 1x4 or 2x4 under one edge of the drive and have at it. Because you never open the disk casing, there is little likelihood of getting cut from broken glass or inhaling beryllium (unless you allow yourself to release your accumulated rage at what Apple has done to the Macintosh, so that you pulverize the case).

Basic safety precautions: Wear protective eye goggles! Allow enough space around the device and your arm swings so nothing gets caught up in the action. For additional safety, you can put an old towel over the disk before you strike it to contain any pieces which may break off, and wear leather gloves and a heavy long-sleeved shirt. This is the system I have used successfully for quite a while, but you use it at your own risk.

[For safety reasons, we don't recommend either drilling or hammering hard drives — as Fred says, it's entirely "at your own risk." —MacInTouch]
 


Amazon disclaimer:
As an Amazon Associate I earn from qualifying purchases.

Latest posts