NOTICE: As of March 3, 2005, Autoclave is no longer supported. Please see the End-Of-Life Notice for details and an alternative.

Autoclave v0.3

April 9, 2002

hard drive sterilization on a bootable floppy

Note: Autoclave only works on x86 PCs (386 and higher processors and compatibles such as AMD) with more than 8MB of RAM and a floppy drive (for now. A cd image is on the way). It seems to have problems on some laptops. I don't know enough about the boot process on Macs, Sparcs, Alphas and other types of machine to port it. If you know how to make a bootable floppy for other architectures and want to help port Autoclave, please drop me a line.

Frequently asked questions <- Please read this before asking me questions

Downloading/Installation Instructions <- Go here to download Autoclave

Usage Instructions <- Go here to see what Autoclave looks like when it's running

Legalese <- Licensing, disclaimers, etc

Links

2001.05.03 - v0.1

2001.07.13 - added contributed batch file

2002.04.05 - v0.2 (still IDE-only, though)

2002.04.09 - v0.3 fixes a serious bug in 0.2 which prevented it from running on older machines (also, slightly better instructions on these pages

Have you ever bought a used computer, possibly at a failed dot-com auction or Boeing Surplus? Ever taken a look at what's on the hard drive? When the last dotcom I worked for went out of business, all the computers were auctioned off. I heard a few weeks after the auction that a bartender had been asking one of my former co-workers about the details of another co-worker's love life, details he picked up from reading the personal email which had been left on a computer sold at the auction.

One of my current co-workers says that whenever he buys a used computer he pokes around on the hard drive to see what's left over. Given how many dotcoms are going out of business these days, I'm sure there are plenty of hard drives out there with interesting data.

So, let's say you want to sell your old computer, but you don't want folks reading all your old email or getting your bank account number. What do you do? Reformat the drive? It took me less than a minute of searching google to find a company which sells a utility specifically for recovering data from drives which have been reformatted, hit by viruses, and whatnot.

Maybe you already know about such utilities, and you've gone to the trouble of filling your entire hard drive with zeros. That'll take care of the commercial recovery utilities. But according to this paper someone with a few thousand dollars and the know-how could recover your data even from that. (Keep in mind that this is theoretical. Nobody seems to know even a friend of a friend who's actually been able to recover data from a zeroed drive. Although it's unlikely the NSA or the Mafia would admit that they could.)

At this point, the question is "how valuable is the data on my hard drive?". Did you keep a list of bank account numbers on your computer? Did you have a list of PINs for your debit cards? Is your identity worth stealing? All paranoia aside, it's unlikely that anybody cares enough about the data on a personal computer to take the time to recover a zeroed-out drive. If the computer comes from a business, hospital, or research lab, it's another story. Data on those computers could be worth big money to the right buyer.

That's where Autoclave comes in. It can perform simple zeroing. It can also overwrite the hard drive with specific patterns which exercise all the bits on the drive, making it extremely difficult to recover anything at all. Could the NSA recover anything from a drive which has been erased using this disk? I don't know. I personally doubt it. But if that's who you're worried about reading your data, it's probably best if you pound the drive into dust using a sledge hammer, and then fuse the pieces together with a blowtorch.

NOTE FOR UW USERS: According to the UW's Computer Disposal Policy, hard drives must be wiped electronically using a 3-pass binary overwrite. As of february, 2003, physical destruction is not an option. Autoclave has 5 levels of cleanliness; you want to use level 3.

LEGALESE
This software should only be used in compliance with all applicable laws and the policies and preferences of the owners of any systems on which the software is to be run.
The developers and licensors of the software provide the software on an "as is" basis, excluding all express or implied warranties, and will not be liable for any damages arising out of or relating to use of the software.
THIS SOFTWARE IS MADE AVAILABLE "AS IS", AND THE UNIVERSITY OF WASHINGTON DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, WITH REGARD TO THIS SOFTWARE, INCLUDING WITHOUT LIMITATION ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE, AND IN NO EVENT SHALL THE UNIVERSITY OF WASHINGTON BE LIABLE FOR ANY SPECIAL, INDIRECT OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, TORT (INCLUDING NEGLIGENCE) OR STRICT LIABILITY, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

I personally don't know how licensing works on software I've written for my employer, the University of Washington. However, as much of the code in Autoclave is based on software which is licensed under the terms of the GNU Public License, I am under the impression that Autoclave itself should be licensed under those terms. Until I hear otherwise from UW legal counsel, that will be the case.

To Do:

Serialize wiping multiple disks per system. Currently, you have to open a new console for each disk and wipe in parallel. It may be faster in serial; I'm not sure.

Get better time estimates. 15 minutes to zero a 2Gb drive?
+ I've got percentage indicators working at least.

Better documentation

Double check bash script syntax. Getting an error about "break".
+ I think this is fixed now.

Allow user to boot with all safety warnings off. Maybe.

How to handle RAID?
+ Shouldn't have to worry about it, unless the drives aren't /dev/hd*

SCSI support?
+ Soon.

Other architectures: mac (ppc/68k), sparc, alpha?
+ Unlikely.

Credits:

uClibc -- a C library for embedded systems: http://www.uclibc.org/

Busybox -- The Swiss Army Knife of Embedded Linux: http://www.busybox.net/

Linux kernel 2.4.9: http://www.kernel.org

The GNU File Utilities: http://www.gnu.org/software/fileutils/fileutils.html

SYSLINUX -- lightweight floppy boot loader: http://syslinux.zytor.com/

Links:

Darik's Boot and Nuke - A very similar piece of software, with SCSI support, for people in a hurry.
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html - The paper on which the software at the core of Autoclave is based.
http://www.cryptoapps.com/~peter/usenix01.pdf - Another paper by the author of the above, with regards to data on solid-state devices rather than hard drives.
http://www.zdelete.com/dod.htm - Summary of Standard DoD 5220.22-M / NISPOM 8-306, the Department of Defense data cleaning requirements.
http://www.dss.mil/isec/nispom.htm - 1995 NISPOM, what the above link summarizes.
http://www.computer.org/security/garfinkel.pdf - Simson Garfinkel and Abhi Shelat's IEEE Security & Privacy paper summarizing their experience recovering data from used hard drives purchased at auction.
http://www.hivercon.com/hc02/talk-seifried.htm - Powerpoint presentation from HiverCon 2002 about secure data deletion.
Here's a discussion on BugTraq about NSA and DoD data overwrite standards (concluding that the NSA has no such standards, and anyone who claims otherwise is full of it).
Looking for a real autoclave for cleaning medical instruments and such? Try sterilizers.com; they appear to have a huge selection.

--Josh Larios <jdlarios at cac dot washington dot edu>