Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

  1. Some erasure standards include aperiodic random or periodic/pseudo-random overwriting steps that write random data throughout the whole drive. Some standards include firmware based erasure steps and the execution and result of those steps depend purely on drive firmware. Some drives write a non-zero pattern or non-periodic (random) data during firmware-based erasure.
    • Check the used erasure standard from the erasure report.
    • See the list of erasure standards and the execution steps from the Drive Eraser User Manual chapter 13 / page 80user manual.
    • For example, Seagate ST1000LM035-1RK172 1TB SATA HDD is known to write a repeating '33 CC 55 AA' pattern with NIST 800-88 Purge standard. The erasure method calls a NIST specified firmware erasure command which triggers the special pattern. The execution of the firmware based erasure command is out of software's control and it depends on how the drive firmware works.
  2. Check if the erasure process has written a Fingerprint onto the drive. The Fingerprint is a summary of the erasure report that is written in one of the sectors (sector 200 by default) of the drive.
    • To check if you had this feature on, you can load the image (used for the erasure) in Blancco Drive Eraser / Blancco 5 Configuration Tool and check if the setting in question is enabled or not.
    • By default, the Fingerprint is written on sector 200, and it contains following data separated by spaces and semicolons:
      • Blancco software license owner / customer name
      • Date & time of wipe finish (yyyy-mm-dd hh:mm)
      • Blancco software version
      • Hard drive serial number
      • Erasure status (Erased, Erased with exceptions or Not Erased)
      • Unique report ID
      • Digital signature
    • For more information about the Fingerprint, see the Drive Eraser User user manual page 56.
  3. Check if the erasure process has written a Bootable Asset Report onto the drive. The Bootable Asset Report is a short asset report visible as a splash screen when the machine is rebooted.
    • The Bootable Asset Report information is typically written on sectors 0 and 2-53 or 2-130 of the drive, depending on the size of the report information.
      • Sector 0 (MBR) contains the partition table information and Blancco's "tool" to read the Asset Report image file when the computer starts.
      • Sectors 2-130 contain the image file for the Bootable Asset Report. This image file data typically looks "random".
    • To check if you had this feature on, you can either boot the machine/drive without any CD/USB/PXE (the Bootable Asset Report should be displayed) or load the image (used for the erasure) in Blancco Drive Eraser / Blancco 5 Configuration Tool and check if the setting in question is enabled or not
    • For more information about the Bootable Asset Report, see the Drive Eraser User user manual page 57.
  4. In server environments, some RAID controllers write metadata onto the drive after the erasure has complete. This can also cause verification failures (more information in this article).
  5. Check if the erasure has (or has not) erased the remapped sectors and/or the hidden areas of the drive. If these sectors have not been erased, some tools may find some data there.
    • Check the erasure report for more information.
  6. Check if the erasure has been a full erasure or a partial one. Partial erasures are possible in case the software is configured to automatically preserve Windows recovery partitions or in case the user has erased individual drive partitions only. Check the erasure report for more information, a partial erasure is accompanied with a disclaimer.
  7. Some 3rd party software used to audit erased drives (or attempt to recover data from them) can write data in it during its validation process, especially if such tools restore the file system (e.g. NTFS) of the drive (via formatting).  If such tools are used for erasure validation or recovery, please be aware of the data that can be left.

...