Product Review: WiebeTech Drive eRazer
As a forensic examiner, I'm leery of offering too much guidance about how to selectively delete information in undetectable ways. Naïve reliance by bad actors on the marketing hype for data wiping tools is a forensicist's best friend. So, chillax bad guys: that free tool you downloaded will cover up your data theft activity. Don't give it a second thought. In fact, why go to the trouble of using a tool? Microsoft wouldn't call it "deleted" if it weren't truly gone, gone, gone!
But seriously, sometimes its not only good conduct to delete data, it's good sense. Giving away that old computer? Need to recycle hard drives used to transfer ESI in closed cases? Buying a used drive on E-Bay and want to be sure their porn habits don't get mistaken for yours? Deleted just doesn't mean gone.
When you need to thoroughly wipe the contents of an entire drive, there are no cost/low cost approaches you can take ranging from free software tools like Darik's Boot and Nuke (DBAN) to activating the self-wipe routines built into hard drives manufactured since 2001. But these require a bit more technical savvy and cabling prowess than most users possess.
So a little company called WiebeTech specializing in hardware for the computer forensic community came up with a nifty little gadget called the Drive eRazer that attaches via the most common hard drive interfaces (i.e., 2.5" laptop and 3.5" desktop PATA, plus all SATA configurations). Then, simply sliding a switch overwrites the drive with zeroes--all without using a computer. A drive wiped this way won't yield up data to forensic analysis but can be easily returned to service--sans its former content--with just a couple of mouse clicks.
I tested the Drive eRazer recently and, except for a few quibbles, give it high marks for efficiency and effectiveness when wiping healthy hard drives. The $172.00 bundle I got included the small, cell phone-sized eRazer device, adapters and data/power cabling for PATA and SATA drives and a 110VAC power supply. The Drive eRazer for PATA desktop hard drives alone is $102.00. Notably absent from the box was any sort of user's manual or disk, though the label promised an "information CD." Someone was dozing in the fulfillment department! But, the absent manual was available online in the Support area of the WiebeTech website and, truly, the product is so simple, I only needed the manual to learn what the blinking LEDs signify.
To erase a drive, you attach the power supply to the Drive eRazer, connect the proper power cable and adapter between the Drive eRazer and hard drive, then slide a switch from "off" to "erase." If all goes well, you'll hear the drive spin up and LEDs will begin to flash in a sequence predicting the time remaining until the drive is wiped with zeroes. After a while--and it could be hours for a large hard drive--the status light will glow a steady green, indicating the drive is wiped.
I wiped and tested three drives of varying sizes and configurations multiple times, creating new partitions and fully refilling each with randomized data between wipes, then using a hex editor to ensure that only zeroes were present after each wipe. If there had been any remnant of data left behind, I'd have seen it; but, the Drive eRazer left the drives clean as a whistle and performed faster than if I'd wiped the drives using software.
One minor drawback of the Drive eRazer was its reliance on flashing LEDs to communicate drive status and time to completion. You have to count flashes to know drive status, and the remaining time is shown as a succession of 1 to 10 blinks indicating the digits 0-9. But, the user must subtract one from each succession of blinks to get the right value. That is, 1 blink, 3 blinks, 2 blinks, 9 blinks represents 0, 2, 1, 8, or an estimate of 218 minutes remaining until completion. What a kludge! I'd prefer to pay a bit more for a device with a more articulate LCD readout.
Another quibble was the uncertainty of its performance when encountering bad sectors. To be fair, every tool is challenged by bad sectors, and the Drive eRazer managed to deliver a wiped drive notwithstanding; but, the device is so limited in its ability to communicate that I couldn't be certain the drive was reliably wiped until I completed a sector analysis. Other users might be left wondering if the drive was clean or not.
If you only have the occasional drive to wipe, the Drive eRazer may be priced out of reach; but, if you routinely wipe drives, need to speed the process and don't want to tie up systems in the effort, the Drive eRazer is a first-class tool: solidly constructed, easy-to-use and effective. A smart buy for forensic examiners, IT departments and e-discovery shops.
P.S.: I have no affiliation with WiebeTech and am not being compensated for this product review.
There is one issue of forensic significance that I thought should have been mentioned in your review.
It's best practice not to simply wipe a drive, but to verify the wipe (through a CRC returning an all-zero value). Any tool that wipes, but doesn't verify, creates double work for a forensic computer examiner.
Posted by: Tony Patrick, B Inf Tech, CFCE | June 08, 2009 at 03:08 PM
Tony: I agree that it's important for a forensic examiner to routinely audit their tools' performance. As I noted, I used a hex editor to check whether the wipes were accomplished in each instance.
I don't agree that it creates double work because the wipe and the check should, by rights, be independent efforts (because a flawed tool is hardly a good check upon itself). Since the hardware wipe is significantly faster than software, it still saves some time overall.
From the standpoint of unattended workflow, you probably have the better argument. More machine time, but less examiner time.
Posted by: Craig Ball | June 08, 2009 at 10:27 PM