StarTech Standalone Hard Drive Eraser And USB 3.0 Dock Capsule Review
by Billy Tallis on February 16, 2016 8:00 AM EST- Posted in
- Storage
- USB 3.0
- SATA
- DAS
- StarTech.com
When StarTech.com first offered up their USB 3.0 Standalone Eraser Dock for review, it took me a little while to really figure what it was for. The name is long and a bit confusing, but that's because this device fulfills two mostly separate roles. In one mode, it's a normal USB to SATA drive dock that allows for easy access to bare 2.5" or 3.5" drives. The rest of the time, it's a specialized standalone gadget for securely erasing and overwriting drives.
Erasing a hard drive can mean any of several things. If you just want to make a clean OS installation to a drive that already contains some data, then wiping the filesystem headers and partition tables will render the drive "empty" as seen by software not intended for data recovery. If you're decommissioning a computer that was used to handle classified information, you might be required to use an external degaussing coil or simply destroy the drive in question. In a context with less severe requirements for rendering the data inaccessible, the usual method is to overwrite the entire drive one or more times.
Solid state drives complicate things due to their use of wear leveling and substantial spare area. In general, multiple writes to the same logical block address will not go to the same physical flash memory cells. A single pass of writing fresh data to the drive could leave 10% of the old data physically intact and accessible to somebody with the right tools. The limited program/erase cycle count of flash memory makes multi-pass overwrite schemes undesirable. To enable a reasonable and thorough erase procedure, virtually all SSDs support the ATA Secure Erase command or its SAS or NVMe equivalents, allowing a computer to simply instruct the drive to erase itself in whatever manner is appropriate for that drive.
Most SSDs use a shortcut for implementing Secure Erase: whether or not the user is taking advantage of the drive's encryption capability, all data written to the flash memory is encrypted. When the user requests a secure erase, the drive throws out the encryption key, generates a new one, and marks all previously in-use blocks as ready for garbage collection. The old data is effectively inaccessible once no copies of the encryption key exist, and the drive doesn't have to erase every single block of flash or even all the blocks that were in use. Different drives and controllers may vary in how many blocks they erase during the Secure Erase process, but both an immediate full erase and a just-in-time approach can work.
Secure Erasing a solid state drive has a side effect that we rely on when testing SSDs: it functions as a whole-drive TRIM operation. When the drive knows that all the data has been discarded, its wear leveling process no longer has to move any older data out of the way when it encounters a block that isn't empty; it can erase the block as soon as (or before) it's needed and immediately write the incoming new data. Thus, a Secure Erase eliminates the write performance penalty that drives suffer from when their spare area gets filled and the garbage collection process can no longer keep pace, resetting the drive to the performance it had when new. Secure Erase is also more reliable for this purpose than a whole-drive TRIM, since TRIM commands are hints the drive is allowed to ignore.
However as essential as the Secure Erase function is for a SSD, performing a Secure Erase on a drive installed in a PC can be surprisingly difficult. Out of the box, Windows and OS X provide no mechanisms for issuing Secure Erase commands. Many SSD vendors provide tools that include a secure erase feature, but there's no cross-vendor tool for Windows. The easiest method is usually to boot into a Linux live image that has the necessary tools, though some motherboards have a UEFI Secure Erase tool. Furthermore, many systems lock drives on boot to prevent a Secure Erase by accident or by a malicious program (since it's irreversible), so power cycling the drive by putting the system to sleep may be necessary to get it to accept the erase command. The actual Secure Erase process takes less than two minutes on every SSD I've tested, but rebooting to another operating system makes it a much longer and more error-prone process.
Destroying Data With The StarTech USB 3.0 Standalone Eraser Dock
The dock's erase methods include a quick erase to just overwrite partition tables, a one-pass all zeros overwrite, and several multi-pass overwrite procedures based on various government standards. There's a custom erase option where the user can specify the number of passes and what kind of data to write on each pass (random, or a specified byte value). The eraser dock also supports issuing the ATA Secure Erase and Enhanced Secure Erase commands for drives that can erase themselves (this includes most SSDs and many hard drives).
During a Secure Erase operation, the dock displays the elapsed time and a countdown based on the time required as reported by the drive. For every SSD I've tested, this has been a very pessimistic estimate: consumer drives usually report 2 minutes and take 10-20 seconds or up to a minute for a filled 1TB TLC drive, and some enterprise drives report that an hour will be needed but finish in under two minutes.
For the erase modes based on overwriting, the situation is less pleasant. Big drives naturally take a long time to wipe, but the dock takes longer than it should. During an all-zeros single-pass erase, it reports a speed of 120-125MB/s, well below what the drives are capable of sustaining. For the 3TB hard drive I had on hand, this means a full wipe would take almost 70% longer in the dock than it would if performed by my PC, though I didn't test either of those to completion. Unlike for Secure Erase, these time estimates are all too realistic.
As this product is intended for organizations that have strict data security standards, naturally it also has a logging mechanism. The eraser keeps an internal record of its erase jobs, and has a serial port to output to a reciept printer or a computer (neither is bundled). After each erase operation or when chosen from the menu, the eraser dock prints out a summary of the operation. This makes it trivial to establish an auditable paper trail documenting when and how each drive was processed.
>>> HDD Clear Record <<< [HDD Information] Model : ADATA SP550 Version : O0730A Serial No.: 1F3320023990 Capacity : 0.0KB(0) DCO Size : None HPA Size : None Action : SECURE ERASE DCO Removed: No HPA Removed: No Erase Time : 00:00:16 Erase Sucessful: Yes Start at 2016-02-10 00:00:42 End at 2016-02-10 00:00:58 Machine ID: 33710.08381.54766.08381.54766 ________________________________________ (Signature) Print at 2016-02-10 01:10:33
The dock is also capable of formatting a drive and saving a log file containing a little more information for each drive than the above receipt sample.
Navigating the menus is straightforward. The display is 16 characters by two lines, and the four buttons are up, down, OK and ESC. The erase options and USB link are all on the root menu, and there are submenus for managing the log data and configuring the device. In addition to retaining the log data and current time, the dock will also remember the user's preferred default option, so in most cases erasing a drive is as simple as powering on the dock, inserting the drive, and pressing OK.
Internally, the eraser dock is powered by a Xilinx Spartan 3 FPGA with 64MB of external DDR2 and a VIA Labs USB3 to SATA 3Gb/s bridge chip. The bridge chip supports USB Attached SCSI Protocol (UASP), but I was unable to get that to work on the StarTech Eraser Dock. The dock is supplied with a 60W power brick and four different AC power cords, so the one SKU is suitable for use in most countries. That all adds up to a hefty bill of materials to support a niche usage, and the price tag reflects that: $283.99 direct from StarTech.com, and $223.07 from Amazon.com.
Given the limitation of SATA 3Gb/s speeds for communicating with the drive and the overhead of USB Mass Storage Bulk-Only protocol for communicating with the host computer, the dock's performance as an external storage device is limited. I've tested the Eraser Dock's performance against an internal SATA connection using both a solid-state drive (Samsung 850 Pro 2TB) and a mechanical hard drive (Seagate Barracuda 3TB ST3000DM001).
AnandTech 2015 SSD Test System | |
CPU | Intel Core i7-4770K running at 3.5GHz (Turbo & EIST enabled, C-states disabled) |
Motherboard | ASUS Z97 Deluxe (BIOS 2501) |
Chipset | Intel Z97 |
Chipset Drivers | Intel 10.0.24+ Intel RST 13.2.4.1000 |
Memory | Corsair Vengeance DDR3-1866 2x8GB (9-10-9-27 2T) |
Graphics | Intel HD Graphics 4600 |
Desktop Resolution | 1920 x 1200 |
OS | Windows 8.1 x64 |
- Thanks to Intel for the Core i7-4770K CPU
- Thanks to ASUS for the Z97 Deluxe motherboard
- Thanks to Corsair for the Vengeance 16GB DDR3-1866 DRAM kit, RM750 power supply, Carbide 200R case, and Hydro H60 CPU cooler
38 Comments
View All Comments
Teknobug - Tuesday, February 16, 2016 - link
I had a pile of SCSI and ATA and some earlier SATA drives to a place to have them recycled, they told me it's $250 and better off just smashing them with a hammer- I shook my head at that advice and just left them sitting in the garage, even when formatting them they still have bits of data that people can retrieve and it's not worth paying $250 to recycle them.Camikazi - Tuesday, February 16, 2016 - link
I just take them apart when not busy and use the platters for decoration and other things. I'm sure someone somewhere can still get info from it if they really wanted too but I'm sure there are easier ways to get the info they are looking for.Beany2013 - Tuesday, February 16, 2016 - link
3.5" platters make excellently coasters for mugs.Horribly slippery and slidey, but very pretty.
Murloc - Wednesday, February 17, 2016 - link
do you really have secret data on them that is worth at least hundreds of dollars in work?duartix - Tuesday, February 16, 2016 - link
Do they sell a secure eraser to securely erase the secure eraser's log of secure erases?BrokenCrayons - Tuesday, February 16, 2016 - link
And if they do, what happens when you need to securely erase the secure eraser log eraser?Azethoth - Wednesday, February 17, 2016 - link
This is already built in. You choose the paper option and attach a large metal garbage can to print out into. When you need to erase you just burn it at night out in the parking lot. It provides heat for the hobos and in the morning you pour water in as the second erase cycle. Then you mulch that into your grass and flower beds and observe it 24/7 with security cameras just to be sure.a1exh - Tuesday, February 16, 2016 - link
I built one of these for OCZ UK (which at the time was Oxford Semiconductors) in 2005 using the OXUF931S. The BOM would have been far less than this. No DDR. No Xilinx chip. I2C eInk display. Just a USB->SATA bridge running custom firmware. While very useful here at work, when I suggested selling them I was told there was no market for them. I cannot imagine anything has changed.jardows2 - Tuesday, February 16, 2016 - link
The article got me thinking about a software solution. Looks like there are lots of utilities for "secure erase" but not all claim to be "certified." Anyone have experience with software solutions?Holliday75 - Tuesday, February 16, 2016 - link
Killdisk was used at my last job as a tech for a very large data hosting company. We used KD on most servers and servers considered to house high business impact data was physically destroyed using a shredder. During large decommission projects I would cry at the site of watching thousands of 300gb SAS drives being tossed into the chipper.