Recently the topic of wiping hard drives with electromagnetic degaussers came up on the Security Focus pen testers mailing list. I had just previously finished some testing in this area and I posted the following article to the list. I might add that my purpose in conducting the testing was for a project I wanted to present at Notacon, unfortunately I came to learn that degaussers permanently ruin hard drives. Something I learned from the mailing list that wasn't in my article was that some hard drives have servo tracks saved on an unused platter and degaussing a drive will also wipe those tracks - with no method of recovery outside of the factory. I don't know this for a fact but seemed to be 'common knowledge' for the folks that do high end data recovery on the list. Take it with a grain of salt.

3-2005

I recently tried several experiments with wiping hard drives by electromagnets, the results where quite surprising to me. My first attempt was to build my own electromagnet which failed pretty bad. I was able to build a fairly strong electromagnet large enough to encase a hard drive but this design was flawed once I looked into more efficient designs. Using some basic calculations I realized I would need much more voltage and many more turns of wire or a more efficient design to get a magnet even close to the power of a small hand-held degausser. I moved on to testing a basic AC powered hand-held tape degausser. These tests where either inconclusive or failed, more info below.

Two types of tests: AC versus DC.
Electromagnets can operate in two modes: AC and DC. In AC (Household current) the magnetic field reverses polarity at 60 cycles per second. Because of inductive reactance the magnetic field is reduced in strength when compared to a DC current of the same voltage that never changes polarity. However this difference may not be very noticeable in real world testing.

Test subjects and methods:
I tested 3 IDE hard drives, a 40MB Seagate, a 170MB Maxtor? and a 4GB Maxtor. Because of a lack of time and early poor results I did not attempt to do a forensic capture of the data on the drive to see what parts of the data was affected. My test was only to see if the drive would boot up a system after exposure to the magnetic field. MS-DOS 7 was the operating system installed.

DC Tests:
I operated the normally AC powered degausser with a 36v DC power source. I put the degausser to the surface of the drive and waved it around for 1 minute or longer. I verified that the magnetic field was penetrating all platters of the drive by activating the degausser and picking up pieces of metal from the opposite side of the drive. Obviously the field was weaker than when the degausser runs in AC operation because of the significantly lower voltage, however the field was strong enough I had hoped for good results. Unfortunately, after the 170MB and 4GB drive where subjected to the magnetic field both remained bootable and did not show any loss of data. The 40MB drive was not available for testing, see the AC results...

AC Tests:
In all AC tests the drives where physically damaged to some degree. Because of the 60Hz nature of the AC mode of operation one could hear the drives rattling inside the covers during exposure. I assumed this was mostly the armature being affected. I suspect the repetitive slamming of the armature against the home position may have contributed to the damage found. This leads me to believe that only a DC electromagnet could successfully wipe a drive without damage to it, but this is only speculatory.

I tested the 40MB drive first and once I found it had been damaged I moved back to using DC to power the degausser for initial tests. The 170MB drive was damaged also. The 4GB drive was not damaged initially. In a last attempt to be certain the magnetic field was fully penetrating the 4GB drive I removed the lid and replaced it with one made from plexi-glass. This may or may not have been theoretically sound but satisfied my curiosity. Upon inspection I found that the coil of wire from the armature to the head had been uncoiled and stretched out, reaching towards the electromagnet. While the drive was still bootable at this point, the first boot attempt failed. The second was successful, this was probably because of debris that entered the drive enclosure during the lid change (In the future a low atmosphere environment would be preferred for drive disassembly). I performed a full format of the drive, this failed with multiple sectors lost. I suspect the top-most platter was no longer accessible because of head damage received from the electromagnet.

In conclusion, I found that 'normal' electromagnets available at hand just do not have the power necessary to forensically wipe a hard disk. While they can certainly damage a drive, they don't seem to affect the data. I am curious how systems like the "4000FS" operate without damaging the drive. In speaking with a colleague we determined the best way to permanently erase a hard drive would be to expose the platters to a corrosive agent such as turpentine or some acid that would dissolve the ferromagnetic coating.

Hope this was insightful.

-dosman