Sanitize your hard drives with Drive eRazer Ultra

CRU-DataPort's Drive eRazer Ultra ($249) is a small device that lets you "sanitize" hard disk drives -- that is, remove any data that you wouldn't want somebody else to gain access to, such as credit card numbers, passwords, financial data, photos, web histories, software license numbers or contact information. It can also wipe your entire disk, including the hidden, protected data that most free software-based utilities can miss.

The eRazer Ultra connects directly to Serial ATA (SATA) and IDE/Parallel ATA (PATA) drives after you've removed them from your desktop PC. (You can use the device with laptop drives if you purchase the optional adapter.) If you'd like, you can also hook the eRazer up to a computer to see the contents of the drive before performing an erase, or afterwards, to make sure the drive has been wiped.

For this review, I used a Drive eRazer Ultra on a handful of SATA and PATA hard drives taken from friends' and other computers that had been put aside for disposal or repurposing. (Note: The Drive eRazer Ultra is only intended for mechanical hard drives, not for solid-state drives (SSDs).)

Looking at the box

The Drive eRazer Ultra is 3.2 x 2.2 x 0.95 in. -- about twice the size of a deck of cards. There is also an AC power supply that is almost as big as the Drive eRazer Ultra (slightly larger, in fact, if you include the power cord). The device includes ports and data cables for 2.5-in. and 3.5-in. SATA hard drives and 3.5-in. IDE/PATA drives, along with a power-out port and power cables to use with the drives. (Drive data and power ports are standardized across these form factors.)

The company also offers a variety of adapters for use with other types of drives, such as 2.5-in. IDE drives, for prices ranging from $40 to $70, depending on the adapter.

The unit also includes a power switch, a circular four-button control (Up/Down/Enter/Back), a two-line 16-character backlit LCD alphanumeric display, and status lights for power on/off and drive/activity status. The user interface could be better -- bigger display, more buttons -- and the documentation could be clearer and more comprehensive. However, the odds are that anybody using this will quickly get the hang of it.

If you want to see what is on the connected drive, the Drive eRazer Ultra has a USB Type B port (the squarish-looking one with two angled-off corners), allowing you to connect to a computer when the Drive eRazer Ultra isn't in "Sanitize a Drive" mode. ("Sanitize" mode requires it to not be connected to a computer; if it is, the eRazer Ultra will display a "Please Disconnect" reminder message.) CRU-DataPort doesn't include a Type-B-to-Type-A USB cable, but they're inexpensive to buy.

The Drive eRazer Ultra also has a 9-pin serial port in case you want to connect to a printer and print out a verification tracking label (modeled after a Department of Defense label template) containing information such as the model/serial number, the erase method used, and lines for sign-off and release signatures. (According to Bill Head, Product Development Manager at CRU-DataPort, enabling the Drive eRazer Ultra to support a USB host connector to a printer would roughly double the cost of the appliance.)

Sanitizing for security

"Sanitizing" (a.k.a. "scrubbing" or "data erasure") means erasing all digital content (including data that has been marked "bad" by the drive's own firmware) on a hard drive to the point where it can't be recovered by data-recovery programs. (As most of us already know, simply deleting a file doesn't actually erase the complete file contents from your hard drive; nor does emptying the Recycle Bin.)

If you want to re-use the drive, a non-destructive method is to write over every block on the disk one or more times. Overwriting the data with binary zeros in one pass is generally considered sufficient for most users. Some government and industry standards specify several passes; some organizations prefer to write a custom pattern rather than plain old zeros.

One concern is that most drives have one or more hidden protected areas on the drive -- in other words, not visible to the user, operating system or BIOS -- where sensitive data might lurk. In particular, hard drives may have a Host Protected Area (HPA), which contains diagnostic tools and other hard drive utilities, and/or a Device Configuration Overlay (DCO), which contains configuration data.

Additionally, if a drive's controller determines that a block or sector on the drive is faulty, the controller will transparently re-map reads and writes to the factory-defined reserve sector pool -- another area difficult to access.

There are a number of utilities available for scrubbing your disk clean, such as the free Darik's Boot And Nuke (DBAN) . However, many disk erase programs -- including DBAN -- can't reach these hidden protected areas on the drive. To fully scrub a drive, you need to be able to use a program that not only writes to the visible parts of a disk, but can also see and write to hidden areas (or "unhide" them and write to them) and also write to bad blocks.

Most ATA hard drives built since 2001 (and bigger than 20GB) have a utility called Secure Erase which, because it's not included in the drive controller, can write directly to the disk (and thus scrub it). It's possible to initiate a hard drive's Secure Erase command by using a utility such as the free HDDerase.

If you are concerned that the drive may have ultra-sensitive information that still might be recovered, you can try a hardware solution such as eRazer Ultra -- or you may simply want to physically destroy the drive.

Using the Drive eRazer Ultra

I found it quite easy to use the Drive eRazer Ultra. There's no software to install; the Drive eRazer Ultra comes with everything preloaded.

You first connect the hard drive to the eRazer, using one of the provided data cables/ribbons (or an accessory adapter) along with the provided power connector.

For 3.5-in. drives that aren't enclosed (where you can see circuit boards on the bottom), CRU-DataPort includes a metal plate you can use temporarily to protect the drive's electronics and better dissipate heat. The package includes screws for connecting the metal plate to the drive, but I simply used a rubber band to hold it on.

You then plug in the eRazer's power supply and turn it on.

You decide which sanitizing mode you want by toggling through the eRazer's menu (which you follow on the LED display). The Drive eRazer Ultra offers 12 erase modes, including:

Quick Erase. This is a single-pass erase, overwriting data with zeroes. It is sufficient for most regulatory compliance purposes.

Custom Erase. This makes 1-99 passes, writing either all zeroes or a user-selected pattern. It's useful for companies that are required to do more than a single pass.

Secure Erase N. This starts the drive's built-in Secure Erase/Normal function so it can overwrite bad blocks using all zeros.

Secure Erase E. This starts an Enhanced Secure Erase, which removes data from the Host Protected Area (HPA) and Device Configuration Overlay (DCO), both of which are hidden areas. It leaves the areas hidden, and uses a write pattern defined by the drive's vendor rather than all zeroes.

Eight additional modes that reflect data sanitization/drive erasure standards from the U.S. Department of Defense, NIST, Canada, Great Britain and Australia.

You then select "Start Erasing" on the LCD display. The eRazer asks for a confirmation to proceed (requiring you to hit the Enter key again). After a minute or so, the Drive eRazer Ultra will indicate the size of the drive, and then display and update the percentage of drive erased and roughly how many minutes remain.

In my tests, which included old 40GB PATA drives and a 200GB SATA drive, a single-pass "scrub" took about 45 minutes. CRU-DataPort's Bill Head says that, in general, scrubbing new (manufactured after 2010) SATA drives should be about 7GB/minute for a single pass; so, for example, scrubbing a 1TB drive would take about 2 to 2.5 hours.

At a Glance

Drive eRazer Ultra


Direct price: CRU-DataPort

Pros: Affordable, more comprehensive than a software-only solution

Cons: User interface could be more informative; no built-in help

After the drive has been scrubbed, the Drive eRazer Ultra will perform a verification operation, checking a small sample of disk sectors to confirm whether they have any content other than the pattern that was written in the Erase cycle. You can choose how large the sample should be: "minimal," 0.1%, or 1%. Doing any more than that would take much longer than the actual sanitization process, says CRU-DataPort's Head -- trying to verify 100% this way on a 1TB drive could take days, even weeks.

Afterwards, I checked several of the erased drives by connecting them to my desktop computer and running the free version of Stellar Phoenix Windows Data Recovery. I found no data remaining. As far as I could tell, CRU-DataPort's Drive eRazer Ultra did, as claimed, sanitize the disk to the point where data could not be recovered via software. It's possible that a forensic tech lab with a clean room and electron microscope looking at the disk might be able to find some data. But that's way more expensive than even your above-average data villain's budget will afford.


The CRU-DataPort's Drive eRazer Ultra does what it says. It's affordable, portable, and, once you've used it a few times, simple to use.

At $250, the CRU-DataPort's Drive eRazer Ultra is more than your average user needs. If you're only going to want to scrub a few drives per year, there are several free utilities available, including the previously mentioned Darik's Boot And Nuke (DBAN) or Eraser, a free Windows utility that safely overwrites previously deleted data. Mac OS X users can use its included Disk Utility, which offers single-pass and multi-pass disk-overwriting features.

But if you provide IT services and find yourself dealing with a number of hard drives that need to be securely wiped before being repurposed or disposed of, the Drive eRazer Ultra is a worthwhile addition to your toolkit.

This story, "Sanitize your hard drives with Drive eRazer Ultra" was originally published by Computerworld.

Copyright © 2012 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022