A way how to "destroy" ZFS / data

[HolyK]

Hi all,

ZFS is a robust FS and it can survive disk failure(s) without loosing data, that's good and all of us like that :D (or not?). But my question is from opposite side of view.... What ways do we have for destroying/erasing the data/ZFS? I don't want to destroy some corporate data storage or something like that :D , i am just curious what behavior will be the kill-shot for ZFS and if there is a way how to "rescue" after some disaster scenario.

I'm not counting the usual disk format. Also unplugging the system USB dongle will "remove" the system, so also the config for RAIDZ, but this can be rebuilded since the information are stored on the start and also at the end of each drive (if i'm right). I am thinking that the small script which will rewrite several block at the start and at the end of the disk will be successful way how to screw the whole RAIDZ.

Any ideas, or experiences? :D

 

[jgreco]

Destroying the partition table (GPT format is a bit of a pain!) or at least destroying the listed partitions in the GPT table is likely to be sufficient to cause ZFS to be unable to identify its data. This doesn't make it unrecoverable, just unrecoverable to someone who lacks the ability to figure out what should be there.

It only gets worse from there.

Usually it is not that hard to unravel the house of cards we call filesystems.

 

[Stephens]

The only secure way to erase the data on a disk is to erase the data on the disk. Don't believe for a second that if you blank out the front and end of a ZFS disk that I can't still read your data on your HDD. Difficult? Yes. Impossible? Not at all. Compression and Encryption would make it more difficult, though. If you're going to toss a disk and don't want others to read the info, you can just expose it to a powerful magnet. If you plan to reuse the disk, you can use other methods. It really depends on what you're trying to do with the disks.

 

[jgreco]

There's obviously a spectrum of destruction options available. At one end is making the disk merely unimportable, which is where I started off. At the other end? Well...

Thermite's fun for guaranteeing total destruction.

A sufficiently powerful magnet can probably blank the disk, but being sure of that is another thing, and availability of a suitable magnet is a problem too. A five-pound sledge is much more certain and probably less expensive and more fun too.

But in the land of practical, you probably need something like DBAN if you actually want to write over all that data in a manner that's likely to render the data unrecoverable. In the realm of solutions that destroy the data without harming the physical storage medium, DBAN is on the far end as it actually destroys the data in a noisy enough manner that even a recovery specialist is unlikely to be able to recover it.

 

[ben]

The options in FreeNAS for deleting a pool include an option to destroy the data (rather than merely "exporting" the pool). I believe that writes zeros, but I'm not sure. At the very least it makes it non-trivial to re-import the pool. You can always 'dd if=/dev/null of=/disk/device bs=1M' or something of the like, if you want to write zeroes yourself.

 

[cyberjock]

DBAN is 1 of only 2 programs(last time I did DoD hard drive wipes) that was actually approved for downclassing a hard disk. There's tons of rules for when/how/if you can.

For the average joe deleting the partition table will be a "game over".

For a more experienced user you'd need a full write of something to the entire disk to make it unrecoverable.

For complete and total destruction from any possible recovery you'll need to do a full disk wipe. There's alot of theory that if you had an electron microscope and someone wrote all zeros that the data may be recoverable, but there has never been any evidence that it could effectively work. To protect from this "theoretical" attacker you'd need to write random patterns multiple times. This theoretical attacker would likely be a very well funded organization(think US/Chinese/Russian government) and they'd have to REALLY want to get your data. Keep in mind that nobody has ever heard of anyone being able to do a data recovery using an electron microscope even from a single write of zeros. Somewhere I had a PDF from a website where one of the hard drive manufacturers discussed the whole theory with electron microscopes and pretty much said there's no way in hell even they could do data recovery with an electron microscope because its just not possible. So take it for what its worth.

Me personally, I just write a single pass of random data and call it good. If any attacker steals the drive and really thinks that data is hidden on there they'll have lots of fun trying to "decrypt" /dev/random. :P