meyerast/DECSEraser

T

meyerast 18011e8865 Fix for writing to DECS, beautifying output

2026-04-27 12:27:46 -04:00

dbanplusplus.egr.msu.edu.apkovl.tar.gz

Improved logging, added offline mode, redid registry export

2026-04-09 16:06:56 -04:00

erase_drive.sh

Fix for writing to DECS, beautifying output

2026-04-27 12:27:46 -04:00

LICENSE

Initial commit

2026-03-13 08:49:47 -04:00

log_drive_info.sh

Fix for writing to DECS, beautifying output

2026-04-27 12:27:46 -04:00

README.md

Improved logging, added offline mode, redid registry export

2026-04-09 16:06:56 -04:00

test_network_drive.sh

Added logging of drive contents

2026-04-07 17:52:39 -04:00

README.md

DECSEraser

Connection

Storage Type	Connection Type	Method	Implemented?	Notes
Hard Drive (SATA)	SATA	5.25" 4x Bay 3.5" Enclosure > 4x SATA SAS Card > PCIe Slot A	Yes
Solid State Drive (SATA)	SATA	5.25" 4x Bay 2.5" Enclosure > 4x SATA SAS Card > PCIe Slot A	Yes
Solid State Drive (NVMe)	PCIe/M.2	5.25" 4x Bay NVMe Enclosure > MiniSAS to M.2 > M.2 Slot A	Yes

Erasing

Storage Type	Erase Type	Method	Implementation	Implemented?
Hard Drive (SATA)	- Baseline - Secure Erase - Decommission	- Clear Partitions - 3 Pass Write - 7 Pass Write	- sgdisk - nwipe - nwipe	Yes Yes Yes
Solid State Drive (SATA)	- Baseline - Secure Erase - Decommission	- Clear Partitions - Secure Erase - 7 Pass Write	- sgdisk - hdparm - nwipe	Yes Yes Yes
Solid State Drive (NVMe)	- Baseline - Secure Erase - Decommission	- Clear Partitions - Secure Erase - 7 Pass Write	- sgdisk - nvme_cli - nwipe	Yes Yes Yes

Logging

Info	Location	Log To:	Implemented?	Data	Notes
User	- Script Input	- Ticket - Logfile	Yes	- Username	Probably can implement as part of the kerb auth
Wipe Details	- Script Input	- Ticket - Logfile	Yes	- Erase Level - Device Type - Device
Script Output	- Terminal Output	- Logfile	Yes	- All script output	Via transcribing or output redirection
Machine Data	- Registry	- Ticket - Logfile	Yes	- Machine Name - Domain	HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ComputerName HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters
Local Users	- Registry - Filesystem	- Logfile	Yes	- Local User List	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList c:/Users
Domain Users	- Registry - Filesystem	- Ticket - Logfile	Yes	- Domain User List	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList c:/Users
Last Logged On User	- Registry	- Ticket - Logfile	Yes	- Username	HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI
Storage Info	- Other	- Ticket - Logfile	Yes	- Serial Number - SMART Data	smartctl
System Info	- Registry	- Logfile	Yes	- Manufacturer - Model	HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\BIOS Can't actually be done offline
Misc	- Misc	- Ticket - Logfile	Yes	- Current Time - Date

Other

Goal	Task	Reasoning	Implemented?	Notes
Erasure Environment	Setup Alpine Linux Environment with SquashFS/No Persistence	Lightweight Linux Distro that can be loaded into RAM and be edited. Avoids wiping USB but also can be used on any machine and customized.	Yes
Scripted Erase Tool	Write a script to guide the erase process	Allows for ease of use, and ensures consistent workflow Can also tie in user auth, logging, etc	Yes	Done via bash scripting in erase_drive.sh
User Authentication	Implement user authentication	For Auditing, Logging, connection to network shares, etc.	Yes	Probably kerb auth via krb5
Logging	Implement logging	For auditing purposes	Yes	Record user, drive serial, grab user list (if windows/unix drive), grab hostname, record script inputs
Ticket Notes	Add ticket note through script	To keep keyword searchable records associated with a ticket	No	Send email to Otobo with small details such as level, hostname, serial, etc Might involve policy changes for when a ticket should be created.