When StarTech.com first offered up their USB 3.0 Standalone Eraser Dock for review, it took me a little while to really figure what it was for. The name is long and a bit confusing, but that's because this device fulfills two mostly separate roles. In one mode, it's a normal USB to SATA drive dock that allows for easy access to bare 2.5" or 3.5" drives. The rest of the time, it's a specialized standalone gadget for securely erasing and overwriting drives.

Erasing a hard drive can mean any of several things. If you just want to make a clean OS installation to a drive that already contains some data, then wiping the filesystem headers and partition tables will render the drive "empty" as seen by software not intended for data recovery. If you're decommissioning a computer that was used to handle classified information, you might be required to use an external degaussing coil or simply destroy the drive in question. In a context with less severe requirements for rendering the data inaccessible, the usual method is to overwrite the entire drive one or more times.

Solid state drives complicate things due to their use of wear leveling and substantial spare area. In general, multiple writes to the same logical block address will not go to the same physical flash memory cells. A single pass of writing fresh data to the drive could leave 10% of the old data physically intact and accessible to somebody with the right tools. The limited program/erase cycle count of flash memory makes multi-pass overwrite schemes undesirable. To enable a reasonable and thorough erase procedure, virtually all SSDs support the ATA Secure Erase command or its SAS or NVMe equivalents, allowing a computer to simply instruct the drive to erase itself in whatever manner is appropriate for that drive.

Most SSDs use a shortcut for implementing Secure Erase: whether or not the user is taking advantage of the drive's encryption capability, all data written to the flash memory is encrypted. When the user requests a secure erase, the drive throws out the encryption key, generates a new one, and marks all previously in-use blocks as ready for garbage collection. The old data is effectively inaccessible once no copies of the encryption key exist, and the drive doesn't have to erase every single block of flash or even all the blocks that were in use. Different drives and controllers may vary in how many blocks they erase during the Secure Erase process, but both an immediate full erase and a just-in-time approach can work.

Secure Erasing a solid state drive has a side effect that we rely on when testing SSDs: it functions as a whole-drive TRIM operation. When the drive knows that all the data has been discarded, its wear leveling process no longer has to move any older data out of the way when it encounters a block that isn't empty; it can erase the block as soon as (or before) it's needed and immediately write the incoming new data. Thus, a Secure Erase eliminates the write performance penalty that drives suffer from when their spare area gets filled and the garbage collection process can no longer keep pace, resetting the drive to the performance it had when new. Secure Erase is also more reliable for this purpose than a whole-drive TRIM, since TRIM commands are hints the drive is allowed to ignore.

However as essential as the Secure Erase function is for a SSD, performing a Secure Erase on a drive installed in a PC can be surprisingly difficult. Out of the box, Windows and OS X provide no mechanisms for issuing Secure Erase commands. Many SSD vendors provide tools that include a secure erase feature, but there's no cross-vendor tool for Windows. The easiest method is usually to boot into a Linux live image that has the necessary tools, though some motherboards have a UEFI Secure Erase tool. Furthermore, many systems lock drives on boot to prevent a Secure Erase by accident or by a malicious program (since it's irreversible), so power cycling the drive by putting the system to sleep may be necessary to get it to accept the erase command. The actual Secure Erase process takes less than two minutes on every SSD I've tested, but rebooting to another operating system makes it a much longer and more error-prone process.

Destroying Data With The StarTech USB 3.0 Standalone Eraser Dock

The dock's erase methods include a quick erase to just overwrite partition tables, a one-pass all zeros overwrite, and several multi-pass overwrite procedures based on various government standards. There's a custom erase option where the user can specify the number of passes and what kind of data to write on each pass (random, or a specified byte value). The eraser dock also supports issuing the ATA Secure Erase and Enhanced Secure Erase commands for drives that can erase themselves (this includes most SSDs and many hard drives).

During a Secure Erase operation, the dock displays the elapsed time and a countdown based on the time required as reported by the drive. For every SSD I've tested, this has been a very pessimistic estimate: consumer drives usually report 2 minutes and take 10-20 seconds or up to a minute for a filled 1TB TLC drive, and some enterprise drives report that an hour will be needed but finish in under two minutes.

For the erase modes based on overwriting, the situation is less pleasant. Big drives naturally take a long time to wipe, but the dock takes longer than it should. During an all-zeros single-pass erase, it reports a speed of 120-125MB/s, well below what the drives are capable of sustaining. For the 3TB hard drive I had on hand, this means a full wipe would take almost 70% longer in the dock than it would if performed by my PC, though I didn't test either of those to completion. Unlike for Secure Erase, these time estimates are all too realistic.

As this product is intended for organizations that have strict data security standards, naturally it also has a logging mechanism. The eraser keeps an internal record of its erase jobs, and has a serial port to output to a reciept printer or a computer (neither is bundled). After each erase operation or when chosen from the menu, the eraser dock prints out a summary of the operation. This makes it trivial to establish an auditable paper trail documenting when and how each drive was processed.


    >>> HDD Clear Record <<<

[HDD Information]
  Model     : ADATA SP550
  Version   : O0730A
  Serial No.: 1F3320023990
  Capacity  : 0.0KB(0)
  DCO Size  : None
  HPA Size  : None

Action     : SECURE ERASE
DCO Removed: No
HPA Removed: No
Erase Time : 00:00:16

Erase Sucessful: Yes

Start at 2016-02-10 00:00:42
End   at 2016-02-10 00:00:58

Machine ID: 33710.08381.54766.08381.54766




________________________________________
                             (Signature)
Print at 2016-02-10 01:10:33


The dock is also capable of formatting a drive and saving a log file containing a little more information for each drive than the above receipt sample.

Navigating the menus is straightforward. The display is 16 characters by two lines, and the four buttons are up, down, OK and ESC. The erase options and USB link are all on the root menu, and there are submenus for managing the log data and configuring the device. In addition to retaining the log data and current time, the dock will also remember the user's preferred default option, so in most cases erasing a drive is as simple as powering on the dock, inserting the drive, and pressing OK.

Internally, the eraser dock is powered by a Xilinx Spartan 3 FPGA with 64MB of external DDR2 and a VIA Labs USB3 to SATA 3Gb/s bridge chip. The bridge chip supports USB Attached SCSI Protocol (UASP), but I was unable to get that to work on the StarTech Eraser Dock. The dock is supplied with a 60W power brick and four different AC power cords, so the one SKU is suitable for use in most countries. That all adds up to a hefty bill of materials to support a niche usage, and the price tag reflects that: $283.99 direct from StarTech.com, and $223.07 from Amazon.com.

Given the limitation of SATA 3Gb/s speeds for communicating with the drive and the overhead of USB Mass Storage Bulk-Only protocol for communicating with the host computer, the dock's performance as an external storage device is limited. I've tested the Eraser Dock's performance against an internal SATA connection using both a solid-state drive (Samsung 850 Pro 2TB) and a mechanical hard drive (Seagate Barracuda 3TB ST3000DM001).

AnandTech 2015 SSD Test System
CPU Intel Core i7-4770K running at 3.5GHz (Turbo & EIST enabled, C-states disabled)
Motherboard ASUS Z97 Deluxe (BIOS 2501)
Chipset Intel Z97
Chipset Drivers Intel 10.0.24+ Intel RST 13.2.4.1000
Memory Corsair Vengeance DDR3-1866 2x8GB (9-10-9-27 2T)
Graphics Intel HD Graphics 4600
Desktop Resolution 1920 x 1200
OS Windows 8.1 x64
Sequential Performance
POST A COMMENT

38 Comments

View All Comments

  • Samus - Wednesday, February 17, 2016 - link

    Interesting product, but really expensive. You could build a great drive wiping station for $100 bucks, one that could wipe 4+ drives simultaneously. All you need is a semi-modern motherboard with a few SATA ports, a USB flash drive to boot Derik's Boot and Nuke, and a cozy case lined with rubber to set the drives on or a case with tool-less drive insert/ejection. Boot and Nuke can be scripted to run autonomously so you wouldn't need a keyboard/mouse/monitor, just turn the PC on with drives attached, wait for the flash drive access light to stop blinking and press 1-5 to run scripts 1-5 which you define. It can output a log to serial\parallel port, or write a recurring log to a network share or the USB flash drive itself. I setup a station years ago that printed a report to a networked printer by just outputting the log to an IP address, and the printer would pick it up as a PCL job,

    This is just 3x more expensive than it should be. If it did 2-4 drives simultaneously, had eSATA, working USB 3.0 UASP, more custom configurations/scripting and perhaps a built in thermal label printer, $300 would be justified. But as it is, it's just a glorified (and crippled) $30 drive dock.
    Reply
  • erple2 - Sunday, February 28, 2016 - link

    I'm not sure that Darik's boot and nuke is sufficient, though. Most hard drives (all hard drives made after about 2001) implement the ata secure erase feature in firmware (it's part of the ata spec). So a simple hdparm command will do what you need to securely erase any HDD. Note that the "overwrite n times with alternating 0's and 1's" method isn't really any more helpful today as it was in the past. Even a single full overwrite buys you only a barely better than 50% chance of getting the value of the given bit. Plus with the density of data HDDs today, it's very nearly impossible to even read a drive without its read head.

    As for SSD, that's probably more complex, but the "sanitize" command should be sufficient. It passes nist sp800-88, at least.
    Reply
  • azrael- - Thursday, February 18, 2016 - link

    I see a Seagate HDD was used in the test. Don't Seagate drives have a history of destroying themselves (albeit at usually the most inopportune time) making this a moot exercise... ;-) Reply
  • Senti - Friday, February 19, 2016 - link

    Seagate drive is another insurance that data is really destroyed. Reply
  • scaryhalo - Saturday, February 20, 2016 - link

    Coffee and Doughnut on screen, large grin on face, strange look from fellow commuters! You sir, are chuckle master today :) Reply
  • Reginaldpeebottom - Thursday, February 18, 2016 - link

    I think the market they are seeking to fill is obviously a niche one and the price is appropriate. All the suggestions here of it being cheaper to setup something that could do more drives, or faster, or "better" somehow miss the point that this product is aimed at something like a small-medium sized professional/business office (Doctor, lawyer, accountant, etc) where they don't have a permanent IT person, they have staff with computer skills which are minimal beyond their work applications, and they need or are required to deal with privacy related issues upon decommissioning old computer HDs. This product is perfect for that: it looks simple to use, is stand alone, and time really isn't an issue since th staff person just walks away and does her/his work. The print out is great too if used as a way to have a record of the job being done for auditing purposes. $300 price tag is something businesses like that won't even blink at. It's not that expensive and it can be expensed. Reply
  • bobbozzo - Sunday, February 21, 2016 - link

    Hi, I would have liked to see a few words about build quality...
    I was looking for an eSATA dual-dock, and came across StarTech and some other brands, but all of them had lots of bad reviews complaining about unreliable connections, etc.
    thanks!
    Reply
  • Sam Snead - Saturday, March 12, 2016 - link

    If you really wanted to make sure no one could ever read a drive, wouldn't it be better to drill a few holes through the drive and toss it into the nearest body of water? I've heard a few .45 caliber slugs thru the drive also makes it unreadable, but that is awfully non-PC. Reply

Log in

Don't have an account? Sign up now