StarTech Standalone Hard Drive Eraser And USB 3.0 Dock Capsule Review
by Billy Tallis on February 16, 2016 8:00 AM EST- Posted in
- Storage
- USB 3.0
- SATA
- DAS
- StarTech.com
When StarTech.com first offered up their USB 3.0 Standalone Eraser Dock for review, it took me a little while to really figure what it was for. The name is long and a bit confusing, but that's because this device fulfills two mostly separate roles. In one mode, it's a normal USB to SATA drive dock that allows for easy access to bare 2.5" or 3.5" drives. The rest of the time, it's a specialized standalone gadget for securely erasing and overwriting drives.
Erasing a hard drive can mean any of several things. If you just want to make a clean OS installation to a drive that already contains some data, then wiping the filesystem headers and partition tables will render the drive "empty" as seen by software not intended for data recovery. If you're decommissioning a computer that was used to handle classified information, you might be required to use an external degaussing coil or simply destroy the drive in question. In a context with less severe requirements for rendering the data inaccessible, the usual method is to overwrite the entire drive one or more times.
Solid state drives complicate things due to their use of wear leveling and substantial spare area. In general, multiple writes to the same logical block address will not go to the same physical flash memory cells. A single pass of writing fresh data to the drive could leave 10% of the old data physically intact and accessible to somebody with the right tools. The limited program/erase cycle count of flash memory makes multi-pass overwrite schemes undesirable. To enable a reasonable and thorough erase procedure, virtually all SSDs support the ATA Secure Erase command or its SAS or NVMe equivalents, allowing a computer to simply instruct the drive to erase itself in whatever manner is appropriate for that drive.
Most SSDs use a shortcut for implementing Secure Erase: whether or not the user is taking advantage of the drive's encryption capability, all data written to the flash memory is encrypted. When the user requests a secure erase, the drive throws out the encryption key, generates a new one, and marks all previously in-use blocks as ready for garbage collection. The old data is effectively inaccessible once no copies of the encryption key exist, and the drive doesn't have to erase every single block of flash or even all the blocks that were in use. Different drives and controllers may vary in how many blocks they erase during the Secure Erase process, but both an immediate full erase and a just-in-time approach can work.
Secure Erasing a solid state drive has a side effect that we rely on when testing SSDs: it functions as a whole-drive TRIM operation. When the drive knows that all the data has been discarded, its wear leveling process no longer has to move any older data out of the way when it encounters a block that isn't empty; it can erase the block as soon as (or before) it's needed and immediately write the incoming new data. Thus, a Secure Erase eliminates the write performance penalty that drives suffer from when their spare area gets filled and the garbage collection process can no longer keep pace, resetting the drive to the performance it had when new. Secure Erase is also more reliable for this purpose than a whole-drive TRIM, since TRIM commands are hints the drive is allowed to ignore.
However as essential as the Secure Erase function is for a SSD, performing a Secure Erase on a drive installed in a PC can be surprisingly difficult. Out of the box, Windows and OS X provide no mechanisms for issuing Secure Erase commands. Many SSD vendors provide tools that include a secure erase feature, but there's no cross-vendor tool for Windows. The easiest method is usually to boot into a Linux live image that has the necessary tools, though some motherboards have a UEFI Secure Erase tool. Furthermore, many systems lock drives on boot to prevent a Secure Erase by accident or by a malicious program (since it's irreversible), so power cycling the drive by putting the system to sleep may be necessary to get it to accept the erase command. The actual Secure Erase process takes less than two minutes on every SSD I've tested, but rebooting to another operating system makes it a much longer and more error-prone process.
Destroying Data With The StarTech USB 3.0 Standalone Eraser Dock
The dock's erase methods include a quick erase to just overwrite partition tables, a one-pass all zeros overwrite, and several multi-pass overwrite procedures based on various government standards. There's a custom erase option where the user can specify the number of passes and what kind of data to write on each pass (random, or a specified byte value). The eraser dock also supports issuing the ATA Secure Erase and Enhanced Secure Erase commands for drives that can erase themselves (this includes most SSDs and many hard drives).
During a Secure Erase operation, the dock displays the elapsed time and a countdown based on the time required as reported by the drive. For every SSD I've tested, this has been a very pessimistic estimate: consumer drives usually report 2 minutes and take 10-20 seconds or up to a minute for a filled 1TB TLC drive, and some enterprise drives report that an hour will be needed but finish in under two minutes.
For the erase modes based on overwriting, the situation is less pleasant. Big drives naturally take a long time to wipe, but the dock takes longer than it should. During an all-zeros single-pass erase, it reports a speed of 120-125MB/s, well below what the drives are capable of sustaining. For the 3TB hard drive I had on hand, this means a full wipe would take almost 70% longer in the dock than it would if performed by my PC, though I didn't test either of those to completion. Unlike for Secure Erase, these time estimates are all too realistic.
As this product is intended for organizations that have strict data security standards, naturally it also has a logging mechanism. The eraser keeps an internal record of its erase jobs, and has a serial port to output to a reciept printer or a computer (neither is bundled). After each erase operation or when chosen from the menu, the eraser dock prints out a summary of the operation. This makes it trivial to establish an auditable paper trail documenting when and how each drive was processed.
>>> HDD Clear Record <<< [HDD Information] Model : ADATA SP550 Version : O0730A Serial No.: 1F3320023990 Capacity : 0.0KB(0) DCO Size : None HPA Size : None Action : SECURE ERASE DCO Removed: No HPA Removed: No Erase Time : 00:00:16 Erase Sucessful: Yes Start at 2016-02-10 00:00:42 End at 2016-02-10 00:00:58 Machine ID: 33710.08381.54766.08381.54766 ________________________________________ (Signature) Print at 2016-02-10 01:10:33
The dock is also capable of formatting a drive and saving a log file containing a little more information for each drive than the above receipt sample.
Navigating the menus is straightforward. The display is 16 characters by two lines, and the four buttons are up, down, OK and ESC. The erase options and USB link are all on the root menu, and there are submenus for managing the log data and configuring the device. In addition to retaining the log data and current time, the dock will also remember the user's preferred default option, so in most cases erasing a drive is as simple as powering on the dock, inserting the drive, and pressing OK.
Internally, the eraser dock is powered by a Xilinx Spartan 3 FPGA with 64MB of external DDR2 and a VIA Labs USB3 to SATA 3Gb/s bridge chip. The bridge chip supports USB Attached SCSI Protocol (UASP), but I was unable to get that to work on the StarTech Eraser Dock. The dock is supplied with a 60W power brick and four different AC power cords, so the one SKU is suitable for use in most countries. That all adds up to a hefty bill of materials to support a niche usage, and the price tag reflects that: $283.99 direct from StarTech.com, and $223.07 from Amazon.com.
Given the limitation of SATA 3Gb/s speeds for communicating with the drive and the overhead of USB Mass Storage Bulk-Only protocol for communicating with the host computer, the dock's performance as an external storage device is limited. I've tested the Eraser Dock's performance against an internal SATA connection using both a solid-state drive (Samsung 850 Pro 2TB) and a mechanical hard drive (Seagate Barracuda 3TB ST3000DM001).
AnandTech 2015 SSD Test System | |
CPU | Intel Core i7-4770K running at 3.5GHz (Turbo & EIST enabled, C-states disabled) |
Motherboard | ASUS Z97 Deluxe (BIOS 2501) |
Chipset | Intel Z97 |
Chipset Drivers | Intel 10.0.24+ Intel RST 13.2.4.1000 |
Memory | Corsair Vengeance DDR3-1866 2x8GB (9-10-9-27 2T) |
Graphics | Intel HD Graphics 4600 |
Desktop Resolution | 1920 x 1200 |
OS | Windows 8.1 x64 |
- Thanks to Intel for the Core i7-4770K CPU
- Thanks to ASUS for the Z97 Deluxe motherboard
- Thanks to Corsair for the Vengeance 16GB DDR3-1866 DRAM kit, RM750 power supply, Carbide 200R case, and Hydro H60 CPU cooler
38 Comments
View All Comments
buhusky - Tuesday, February 16, 2016 - link
I'm sorry, did I miss the part where you verified it securely erased everything or did you just take it at its word?Billy Tallis - Tuesday, February 16, 2016 - link
It depends on what you mean. When using the ATA Secure Erase mode, the dock is most definitely issuing the correct commands. What the drive does with that command is up to the drive, not the dock. Reading out the contents of the drive and checking that every byte is zero is not sufficient to verify that the drive's Secure Erase procedure actually got rid of all the data securely, because you can't read what's in spare area or remapped sectors without opening up the drive. I didn't do a full run and verification of the single-pass write zeros erase, but I did confirm that it was spending the time actually writing zeroes to the drive.Avalon - Tuesday, February 16, 2016 - link
Seems like a waste to me. If you need to be in the business of securely erasing drives, you're going to buy a multi-bay dock to get this done. My old IT company had several 8 and 16 bay duplicators/erasers on hand to process large amount of drives.If you're doing it for personal use, well, there's much cheaper ways to do this. I don't see a market for this device.
Wolfpup - Tuesday, February 16, 2016 - link
Wow, this is great! I've got one in my cart right now. I've wanted something like this for YEARS.Guess I'll plan to run the secure erase first on anything I'm getting rid of, then run the best-mode overwrite for the hell of it.
I don't really care about the performance, as long as it's doing its job. Just thrilled if I can have something simple like this to take care of such an annoying job...and I don't even need it near a computer, can plug it in anywhere with a spare outlet and let the thing run!
extide - Tuesday, February 16, 2016 - link
Page covering pop up ad!http://images.teraknor.net/popup-ad.png
xrror - Tuesday, February 16, 2016 - link
Am I the only one cackling madly at the disaster potential for this device?"oops, I guess it was in the wrong mode"
azrael- - Thursday, February 18, 2016 - link
Was just about to write pretty much the same thing.You've got to really, really, really make sure this thing is in the correct mode, because otherwise you suddenly have a lot more free space than you thought. ;-)
xrror - Friday, February 26, 2016 - link
hehe... 100% compression! ;pboozed - Tuesday, February 16, 2016 - link
Probably cheaper than buying a Mac and running Adobe CC on it too.DataMD - Wednesday, February 17, 2016 - link
Looks a handy tool for erasing small numbers of hard drives. Would be keen to understand what independent testing has been carried out to ensure all data is eradicated and whether this item has gained, or intends to gain, accreditations and government approval.