Securely erasing tapes

[emulator]

Can anyone tell me if the "long erase" option in Retrospect will securely erase any data on a tape?

[Mayoff]

It does write data to the entire tape but I do not know if it is a "secure erase" like you see on a hard disk.

[emulator]

Is there any way that you might be able to find this out? In the meantime, I'm also checking on services that destroy and even buy back used tapes:

 

http://www.mediarecovery.com/services/tape_buyback.php

 

Magnetic degaussing devices are just too expensive ($15,000..wow!).

Edited September 9, 2008 by Guest

[rhwalker]

Nah. They are under $100 (USD).

media eraser

 

media eraser

 

Google is your friend.

 

Russ

[Mayoff]

Retrospect sends a long erase command to the tape drive. it is then up to the tape hardware to write over the entire tape. It should be secure but you should ask the drive vendor to be sure.

[emulator]

Touche'...however, higher-density tapes require more powerful magnetic fields. To erase LTO and SDLT tapes, the price goes up a bit over $100:

 

http://www.datalinksales.com/cgi-bin/shop/datstore.cgi?user_action=detail&catalogno=V91HD/DLT

 

I'm going to take Robin's suggestion and check with the drive vendor.

[Lennart_T]

What is your purpose? Selling/reuse the tapes or just make them unreadable?

 

You can make them unreadable by just put them on the ground and use a sledgehammer.

 

EDIT: Not all types of tapes are useable after degaussing. Check the tape vendor.

Edited September 10, 2008 by Guest

[emulator]

After doing some checking, I'm going to post my own, home-brewed way of securely erasing tapes, while still maintaining their usability. I hope that this helps others facing the same dilemma. The strategy involves writing encrypted data to a tape to the point of filling it up, and then doing a full conditioning erase. The process does take quite a bit of time, but doesn't cost any extra money.

 

Before starting, the following items are required:

 

a. TrueCrypt (http://www.truecrypt.org). This software is a disk encryption solution which allows the user to create encrypted disk images similar to Apple's *.dmg files.

 

b. A hard drive - The drive should have free space slightly greater than the native (non-compressed) capacity of the largest tape that you wish to securely erase. For example, if you are wanting to erase an LTO3 tape (400GB native capacity), make sure that the hard drive has around 420GB of free space.

 

c. Retrospect

 

1. Download TrueCrypt and create an encrypted disk image that is slightly smaller than the free space available on the hard drive in point b above. For example, if we are securely erasing an LTO3 tape and our hard drive is 420GB in size, make the TrueCrypt image 415GB. The reason that we make the disk image slightly larger than the tape's capacity is to ensure that every bit of the tape is filled up, thereby erasing any existing data on the tape. Make sure to use at least AES encryption. For this example, name the disk image Tape_Worm.tc.

 

Note: TrueCrypt takes a LONG time to create the image.

 

2. Create an encrypted Retrospect TAPE backup set. I used the best possible encryption level (256-bit AES). For this example, name the backup set Tape_Worm.

 

3. Add the tape that you wish to securely erase to the Tape_Worm backup set.

 

4. Once the disk image in step 1 is finished formatting, create a script or immediate backup that backs up the Tape_Worm.tc to the Tape_Worm backup set. Make sure that you do NOT use any compression whatsoever. Remember that we are trying to fill this tape up with encrypted information.

 

Note: since the Tape_Worm.tc file is slightly larger than the tape's maximum capacity, Retrospect should prompt for a second tape to compete the backup. Go ahead and cancel the request.

 

5. Once the backup completes, erase the tape from Retrospect using the "Long Erase" option.

 

The above steps write an encrypted file to the tape, encrypting that file as well, followed by a long erase by the drive. Perhaps it's paranoid, but if you want to make sure the data is gone from the tapes, I believe that this should do it.

[rhwalker]

Perhaps it's paranoid, but if you want to make sure the data is gone from the tapes, I believe that this should do it.

Not really, depends on how paranoid you are and how heroic the data recovery methods are.

 

The underlying data can still be recovered with appropriate techniques because (a) the head won't write in exactly the same position as before, leaving a small residual of prior magnetic flux and ( it is possible to subtract out the most recent write and, with heroic techniques, recover the prior write from background noise. Ask Rose Mary Woods. Only the spooks are able to do this.

 

If you are really paranoid, only two ways are (1) bulk eraser (see links above) or (2) destroy the tape, whether by shredding or putting it in acid, etc.

 

Russ

[emulator]

Hey All...

 

I thought that I'd re-visit this topic. I did some checking with some data recovery firms asking them if they would test my data erasure method above. The general consensus that I got from them is the following:

 

1. It is VERY expensive to try to recover the data from the tapes.

2. One firm actually told me that in the 20 years' experience in data recovery and in testing this type of request, that it's not worth even trying to recover the data as this type of erasure is sufficient.

 

I hope that this helps others worried about securely erasing tapes.

[emulator]

Here's some information from a member of the data restoration community (quoted with permission):

 

From: "Wells, Don"

Date: Mon, 6 Oct 2008 10:33:26 -0500

To:

Subject: Serpentine tech tapes

 

Marc,

 

If you have overwritten the tapes then there is nothing anyone could do to get that data back. Even if you do a quick initialization of this type media, you can kiss the data behind the EOD goodbye.

 

Regards,

 

Don Wells

VP Technologies

FIRSTAdvantage

Data Recovery Services

Toll Free 877.304.7189

Local 214.350.8202

Fax 214.350.8951

www.datarecovery.net

 

When I asked Mr. Wells to elaborate, he sent the following.

 

 

Marc,

 

The reason being is that with serpentine technology tapes, the EOD (End Of Data marker) is written across all channels of the tape at one time and the signal causes backscatter which overlaps onto adjacent tracks. The firmware in the drive will not allow you past this point. We would be rich if we could recover from this. There has been some success with DLT 4 technology but it’s not cost effective, none for SDLT and LTO. You have actually overwritten the length of the tapes which means there is nothing there anyway. With helical scan technology such as DDS (DAT) and 8mm you can position past EOD and get what’s behind it. If this type of tape is overwritten the full length, then that data is not recoverable either. There has been some toying around with MFM (Magnetic Force Microscopy) wherein the stretch of the tape, which happens in normal use, has shown an underlying shadow but at thousands of dollars per inch for incomplete, BS data, it hardly makes sense. Whoever told you that “if someone REALLY wanted to get the data from the tapes, it could be done†doesn’t have a clue. If you are concerned past this explanation, incinerate the tapes J.

 

Regards,

 

Don

[Mayoff]

I would agree with Don. This matches everything I have heard over the past 14 years of supporting tape/backup technology.