Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

wiping old hard drives

  • 17-01-2012 7:19pm
    #1
    Closed Accounts Posts: 19,080 ✭✭✭✭


    what programs are you guys using to wipe hard drives these days? they are both ide and sata drives and i would be doing it via usb connection on xp. i want to securely erase the data so that it cannot be recovered.

    i see that the likes of ccleaner has this built in. has anyone had experience with it or would you suggest alternatives?

    thanks


Comments

  • Registered Users, Registered Users 2 Posts: 9,560 ✭✭✭DublinWriter


    Sledge hammer and concrete block?


  • Closed Accounts Posts: 19,080 ✭✭✭✭Random


    i should add that i would like to sell them on.


  • Closed Accounts Posts: 3,683 ✭✭✭Kensington


    DBAN?

    You could also use TrueCrypt in secure mode to encrypt the entire drive (overwriting anything that may have been retrievable in unencrypted form in the process) and then format. Any data that would be magnetically readable would be in encrypted form.


  • Registered Users, Registered Users 2 Posts: 218 ✭✭Screaming Monkey


    if you not going to destroy them then http://www.dban.org/ although you have to boot into it.

    SM


  • Registered Users, Registered Users 2 Posts: 579 ✭✭✭edmund_f


    Industrial shredder is the only totally secure way I know of, after that personally think it is a trade off between how long you want to spend wiping them to how determined someone is to recover information from the wiped disk. To answer your question, Ubuntu live CD- shred.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 326 ✭✭schrodinger


    Try the manufacturer ATA secure erase, this will use the manufacturers wipe facility which as I understand it has a better chance of wiping the full width of the tracks.

    http://tinyapps.org/docs/wipe_drives_hdparm.html


  • Registered Users, Registered Users 2 Posts: 378 ✭✭brendanL


    I second DBAN.. really handy.


  • Registered Users, Registered Users 2 Posts: 56 ✭✭PeterHughes


    I second the physical approach, I normally use a black and decker drill and 4 or 5 holes, it generally shatters all the internal disks in the drive, no chance of recovery.

    Software wise there is a utility called Data Shredder that I use from Hiren's Boot CD that works very well.


  • Closed Accounts Posts: 7,230 ✭✭✭Solair


    If drilling one, remember to wear goggles! They can cause shards if metal to fly!

    Hitting it with a sledge hammer so as to break it into bits will render it utterly unusable.


  • Registered Users, Registered Users 2 Posts: 126 ✭✭infodox


    Install a new OS, Truecrypt the whole thing, DBAN, repeat.

    Do it 4 or 5 times so that there is *nothing* but junk left behind.

    This erases most anything

    For permenant disposal:

    Either that or a hammer, a bucket of drain opener (lye/sodium hydroxide) and a few days time. The Al platters will be royally f*cked up by the Lye, then dispose of down the drain sieving/straining out larger particulates for burial.

    Or just hit it a few times, get drunk and ditch it in the bin at a nightclub...


  • Advertisement
  • Closed Accounts Posts: 7,230 ✭✭✭Solair


    Once you damage the disk platters or even the read/write heads the drive is utterly useless. Unless you've something so confidential on there that the CIA and MI6 are after you, there's absolutely no hope of it ever being recovered.

    You'd actually need a forensic lab and a hell of a lot of time, technology and dedication to extract data from a physically broken hard drive.


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    I think a full format is sufficient.


  • Closed Accounts Posts: 7,230 ✭✭✭Solair


    I think a full format is sufficient.

    Not really and it would not be advisable if you are selling a computer on to someone else or having it recycled, especially if it contains anything like medical or financial records.

    Any PC / Mac being sold on should really have the drive properly erased. If it's being disposed of, remove the drive and damage it beyond use.


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    Solair wrote: »
    Not really and it would not be advisable if you are selling a computer on to someone else or having it recycled, especially if it contains anything like medical or financial records.

    Any PC / Mac being sold on should really have the drive properly erased. If it's being disposed of, remove the drive and damage it beyond use.

    If its Windows Vista/ 7, full format most likely will do.

    I think though the average user will not be recovering data though, and if you suspected someone was going to do that, you wouldn't be giving the drive to them in the first place. But I agree with you, its good practice to properly erase data safely.

    Some guy here has trouble recovering data after a full format with Windows 7:
    http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/16be9a01-5445-4de4-9f8a-178a3e5f7730
    Hello Sharma,

    This is T.Ravikiran. I am also having the same problem.. if you find the solution... please send the to me. We are in desperate need of solution.

    We have tried the more than 10 recovery software, but could'nt recover the data.

    Kindly reply ASAP.

    Regards,

    T.Ravikiran

    http://www.hdd-tool.com/hdd-repair/difference-between-full-format-and-quick-format.htm
    4. The default format option in Windows XP and Windows 7 is different. That is Windows XP – Full format, Windows 7 – Quick format. Full format in Windows 7 will erase data completely and no data recovery software could recover files again.

    http://support.microsoft.com/kb/941961/en-us
    The format command behavior has changed in Windows Vista. By default in Windows Vista, the format command writes zeros to the whole disk when a full format is performed. In Windows XP and in earlier versions of the Windows operating system, the format command does not write zeros to the whole disk when a full format is performed.

    I think this would hamper most of the recovery softwares available to the average user.


  • Closed Accounts Posts: 1,029 ✭✭✭Wicklowrider


    Its a long time since I was involved in this level of support so please bear that in mind before flaming :)

    Does this not still work?

    http://www.computerhope.com/rdebug.htm#4


    It was simple and free! Reduced any hdd to a physical piece of machinery and the computer couldn't see it until it was newly partitioned and formated


  • Registered Users, Registered Users 2 Posts: 10,339 ✭✭✭✭LoLth


    one pass is enough with modern hard drives.

    http://www.anti-forensics.com/disk-wiping-one-pass-is-enough

    so yes, a full format (not quick!) should do the trick.

    alternatively, get an old PC, connect all the drives to it internally (take out the cd drive to connect up another, use an ide/sata to usb bridge to connect another etc. copy DBAN to a bootable USB (set up manually or maybe unetbootin has a dban option), boot from DBAN and nuke em all! single pass (non-military) wipe should do it.


  • Closed Accounts Posts: 18,056 ✭✭✭✭BostonB


    1 pass with DBAN is enough.


  • Registered Users, Registered Users 2 Posts: 126 ✭✭infodox


    As an aside, good luck wiping USB keys. A person I know fairly well tells me that he had USB keys that had been wiped, formatted, and erased so much that they would no longer mount reliably, dating back as far as 2007 or so. Old, well abused and carefully erased devices. Yet one forensics officer with a copy of Encase was able to pull all kinds of **** from the drive, dating as far back as 2008 or so. This was recently as well.

    I never feel one wipe is enough, having seen what Encase and a competent forensics person can do. Physical destruction of the drive to NOTHING is the only really secure way to erase data.

    I do wonder though, if a person with a habit of using second hand hard drives had their drives seized, how are they meant to prove in court what data is theirs and what is the previous owners? One never knows what the previous owner had on their drives... And a 120gb drive with about 40gb of bad sectors from the previous owner gives one pause to think "what the hell were they doing to that machine?!"


  • Closed Accounts Posts: 18,056 ✭✭✭✭BostonB


    Someone who says "wiped, formatted, and erased" doesn't know what they are doing. It was never wiped if they got something off it.

    http://www.anti-forensics.com/disk-wiping-one-pass-is-enough-part-2-this-time-with-screenshots

    http://www.anti-forensics.com/disk-wiping-one-pass-is-enough


  • Registered Users, Registered Users 2 Posts: 37,316 ✭✭✭✭the_syco


    If its Windows Vista/ 7, full format most likely will do.
    I've done a full format, reinstalled Windows ono it, and then found out that I need to get a file from the old OS. With tools on the market, I was able to get teh document back.

    I second DBAN.
    Random wrote: »
    what programs are you guys using to wipe hard drives these days?
    what did you use the HDD for? Business or personal? Who are you selling the HDD to (friends, family, who)?


  • Advertisement
  • Closed Accounts Posts: 18,056 ✭✭✭✭BostonB


    the_syco wrote: »
    I've done a full format, reinstalled Windows ono it, and then found out that I need to get a file from the old OS. With tools on the market, I was able to get teh document back.

    I second DBAN....


    This might explain why...
    Contrary to popular belief, doing a full format with Windows 7 only over-writes the old disk format configuration data (the MBR) with the new and checks for sector errors, then marks the remaining space to be over-written as needed, it does not over-write (remove) any other data at all, it's all still there including code from previous Operating Systems and all of the old personal data.

    http://www.sevenforums.com/tutorials/172617-secure-erase-wipe-definition-methods.html


  • Registered Users, Registered Users 2 Posts: 37 tommy.obr


    Pop them in the microwave, about two minutes on full heat should do the job. The microwave might'nt be in great shape after it though..:)


  • Closed Accounts Posts: 18,056 ✭✭✭✭BostonB


    Yes metal in a microwave not so clever.


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    BostonB wrote: »

    The windows support page might be incorrect so, as it says it writes 0's to entire drive:
    http://support.microsoft.com/kb/941961/en-us


  • Registered Users, Registered Users 2 Posts: 10,339 ✭✭✭✭LoLth


    isnt the "quick format" an overwrite of the MBR and set overwrite flag on the contents of any existing MFT while a "full format" is a proper wipe of every sector which is why it takes so much longer?

    For raid arrays, a full initialisation is a full write of zeroes.

    for USB keys, there was a whitepaper released on SSD and Flash storage, I think the result was up to 85% of data was recoverable even after a "secure" wipe that would have destroyed all data on a standard HDD.

    link to tomshardware article:
    http://www.tomshardware.com/news/solid-state-flash-translation-layer-NAND-FAST-11-Sanitization,12252.html

    link to the whitepaper:
    http://www.usenix.org/events/fast11/tech/full_papers/Wei.pdf


  • Closed Accounts Posts: 18,056 ✭✭✭✭BostonB


    The devil is in the details. Assume nothing.

    Just do a single wipe. Then you're not left wondering.

    Microsoft, it depends which kind of format you do. For the love of mike...


  • Closed Accounts Posts: 7,230 ✭✭✭Solair


    Well this is one way of ensuring absolutely no risk of data theft!



  • Registered Users, Registered Users 2 Posts: 126 ✭✭infodox


    LoLth is correct - with USB keys and flash storage, the way their filesystem and memory actually functions means that standard wiping tricks fail miserably. They are designed to stop you from damaging the drive by read/write to fast, so they simply seem to "contain" your wiping in some way. I do not fully understand the theory behind it all, but in practice I know that EnCase + competent forensics guy does a bloody amazing job of file recovery!

    I am sure some of the forensics guys at WIT can concur? A friend suggests the best way to wipe a USB drive is to fill it COMPLETELY with junk data, format, repeat. Or just take a lumphammer or blowtorch to it...

    For securing from civilians/average people DBAN is fine. But if one REALLY has something to hide, PHYSICAL OBLITERATION of the drive is needed. Smashing, blowtorching and dissolving followed by filtration (remove any frags left intact) and burial / dumping over a large landmass.

    Depends on your paranoia levels!

    (of course, we all wish we had an epic hard drive shredding machine, don't we?)


  • Closed Accounts Posts: 18,056 ✭✭✭✭BostonB


    infodox wrote: »
    ...they simply seem to "contain" your wiping in some way. I do not fully understand the theory behind it all,

    ...A friend suggests the best way to wipe a USB drive is to fill it COMPLETELY with junk data, format, repeat....

    For securing from civilians/average people DBAN is fine....

    Do you realise that's all one and the same thing. Overwriting all the disc. EnCase can't recover what isn't there.

    Some one advocating formating is not credible IMO. Unless they are specific about what the formatting is doing.


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 273 ✭✭Weylin


    i was told that if you can get yourself a large magnet (old car speaker etc) and use it on the drive that it will wipe it :D. not sure if you can use drive again.:confused:


  • Closed Accounts Posts: 18,056 ✭✭✭✭BostonB


    You'd need a massive magnet, a car speaker wouldn't do it.

    Would you trust your data security to such a half baked method?

    You'd need something like this http://garner-products.com/harddrive.htm

    We usded to have an old smaller one in our office, its an electro magnet, about the size of a 2 or 3 shoe boxes. I've never seen it used.


  • Registered Users, Registered Users 2 Posts: 126 ✭✭infodox


    BostonB: by format they meant "try to completely zero out before beginning the filling-with-trash-again". just like how DBAN, etc, work, except actually creating massive files then deleting them rapidly , a lot, so to cause more obfustication.

    I still am a firm believer in destroying the things physically though.


  • Closed Accounts Posts: 18,056 ✭✭✭✭BostonB


    Someone that vague and loose with technical terms I wouldn't trust with a crayon. Besides it makes no sense to "try" something half assed when theres an easier and proven alternative, that works.


  • Closed Accounts Posts: 2,267 ✭✭✭h57xiucj2z946q


    /thread


  • Registered Users, Registered Users 2 Posts: 8,813 ✭✭✭BaconZombie




  • Advertisement
  • Closed Accounts Posts: 18,056 ✭✭✭✭BostonB


    LOL. :D

    Personally I drill a couple of holes in old drives through the platters when I'm dumping them. Not that's usually anything of much importance on them. Of course if the data is that important the drive should be encrypted in the first place.

    BTW
    Random wrote: »
    i should add that i would like to sell them on.

    Don't get much for destroyed drives.


  • Registered Users, Registered Users 2 Posts: 126 ✭✭infodox


    The discussion of permenantly killing drives was as an intellectual/educational exercise. I think that for the OP, DBAN will do the job.

    BostonB: I rarely if ever use the correct technical terminology for *anything*. I refer to things using more casual terms as there is no *need* for fancy words for them. I understand it, and the people I discuss things with people who get the idea, hence, no need for techno-jargon. As I learned a long time ago, technical jargon maketh not one an expert... Far too many charlatans out there who "talk the talk".

    BaconZombie - Very interesting video :) Also, fun!


  • Closed Accounts Posts: 19,080 ✭✭✭✭Random


    i suppose i have nothing to hide from the cia / mi5 / kgb that theyre not gonna find out about me without the hdd. i suppose i mean personal photos / video / information etc when selling on a second hand hdd.

    i suppose its nothing top top secret at the end of the day but at the same time its nice to have some piece of mind.


  • Closed Accounts Posts: 18,056 ✭✭✭✭BostonB


    infodox wrote: »
    ...BostonB: I rarely if ever use the correct technical terminology for *anything*. I refer to things using more casual terms as there is no *need* for fancy words for them....

    I see, Like a driving instructor saying "go" or "stop", it doesn't really matter what you use.


  • Registered Users, Registered Users 2 Posts: 579 ✭✭✭edmund_f


    - watches carefully -


  • Advertisement
  • Closed Accounts Posts: 19,080 ✭✭✭✭Random


    if i encrypt the whole partition with truecrypt and a randomly long password then it should be secure enough, right?


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,583 Mod ✭✭✭✭Capt'n Midnight


    Random wrote: »
    if i encrypt the whole partition with truecrypt and a randomly long password then it should be secure enough, right?
    if using true crypt make the recovery disk (you will still need the password)
    encryt the whole disk , some OS's use more than one partition

    if your drive already has remapped sectors (SMART TOOLS) they will NOT be encrypted or over written unless you use CMRR or similar to wipe the drive.


    While the drive is in the PC you are still at risk of someone recovering the password from RAM or usual trojans reading data on a live system.


    Note that if you don't have backups then using truecrypt means you won't be able to recover your data from your drive when it dies.

    http://www.tog.ie/ will be hosting a short talk on March 1st
    Title: Data erasure for the security conscious and the overly paranoid pervert.


    Blurb: Lets discuss some of the commonly used methods of data erasure and

    why they might just be overkill due to the limitations of modern forensic investigation tools.
    Will include a couple of live demos of file deletion and recovery (or lack there of).


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,583 Mod ✭✭✭✭Capt'n Midnight


    infodox wrote: »
    As an aside, good luck wiping USB keys. A person I know fairly well tells me that he had USB keys that had been wiped, formatted, and erased so much that they would no longer mount reliably, dating back as far as 2007 or so. Old, well abused and carefully erased devices. Yet one forensics officer with a copy of Encase was able to pull all kinds of **** from the drive, dating as far back as 2008 or so. This was recently as well.
    Many flash devices have wear levelling so the device remaps sectors on the fly so when you save data or "overwrite" the data goes to physical sectors which have received less us.

    a quick format of the drive and using something like sdelete to generate a large file that fills the entire drive and contains random data is a much better option than trying to "overwrite" existing files.

    Simply piping random data to the drive will NOT work
    Erasing individual files / folders will NOT work

    for solid state it's fill the entire drive or nothing


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,583 Mod ✭✭✭✭Capt'n Midnight


    BostonB wrote: »
    Yes metal in a microwave not so clever.
    Exposed 3.5" hard disk platters might work better than 2.5" platters since closer to a quarter wavelength

    But if you don't dissemble the drive then the case will act like a Faraday cage and presumably you will just fry the board and not affect the platters.



    If anyone has a spare microwave oven they would like to donate then this can be investigated further. :pac:


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,583 Mod ✭✭✭✭Capt'n Midnight


    Its a long time since I was involved in this level of support so please bear that in mind before flaming :)

    Does this not still work?

    http://www.computerhope.com/rdebug.htm#4


    It was simple and free! Reduced any hdd to a physical piece of machinery and the computer couldn't see it until it was newly partitioned and formated
    Not sure if it works with Logical Block Addressing etc.

    In any event since it doesn't touch anything other than the first sector on the hard drive you can recover from it very quickly with gpart or testdisk.

    In fact if wasn't for HDD's coming with recovery partitons etc recovery was even easier - back in the day you just setup a new partition, type of NTFS , start at 63 and stop at the end of the disk , the trickiest bit was remembering to set the partition active/boot


  • Closed Accounts Posts: 18,056 ✭✭✭✭BostonB


    ...Simply piping random data to the drive...

    I don't understand what that means, or how someone would do it?


  • Closed Accounts Posts: 18,056 ✭✭✭✭BostonB


    ...If anyone has a spare microwave oven they would like to donate then this can be investigated further. :pac:

    :D From experience, the microwaves don't work so well after these kinda tests. My Dad one put a Big Mac in the foam packaging in a microwave. The foam packaging melted, the smell was brutal. Another time he tried my Nasa metal finish Ceramic cup. Cue strange burning smell and noises from the microwave. Which never worked properly after that. I think he did a tinfoil container another time.


  • Moderators, Recreation & Hobbies Moderators, Science, Health & Environment Moderators, Technology & Internet Moderators Posts: 93,583 Mod ✭✭✭✭Capt'n Midnight


    BostonB wrote: »
    I don't understand what that means, or how someone would do it?
    dd is available in most good operating systems, you can install cygwin to get it in windows, but note device names may be diff

    this will trash the data on your drive if you are stupid enough to run it, but you may be overwriting the same physical sector several times
    dd if=/dev/random of=/dev/sdc3 bs=512

    this won't wipe any folders or directory structures but because it's a file the SSD will know not to reuse any physical sectors
    dd if=/dev/random of=/media/disk/bigfile bs=512

    as for bs=512 ymmv sector / cache size / magic numbers to tweak speed
    I usually use ddresuce for big jobs because it's rate adaptive and restartable and shows progress, but it doesn't work with /dev/random
    you can use /dev/urandom , it may be faster than /dev/random depending on your hardware but will be less random


  • Closed Accounts Posts: 18,056 ✭✭✭✭BostonB


    I'm not a linux bod. Whats its purpose.


  • Registered Users, Registered Users 2 Posts: 8,813 ✭✭✭BaconZombie


    */Puts on Hackerspace Grey Hat */

    We are having talks for Engineers Week in TOG Hackerspace and one is on this topic:

    Title: Data erasure for the security conscious and the overly paranoid pervert.


    Blurb: Lets discuss some of the commonly used methods of data erasure and
    why they might just be overkill due to the limitations of modern forensic investigation tools.
    Will include a couple of live demos of file deletion and recovery (or lack there of).
    Speaker

    Kevin McGlone
    BIO
    Kevin is a full time student studying computer forensics and security at Waterford institute of Technology. He founded the WIT Hackers Society in Jan2011 and was involved in the organisation of the CampusCon hacker conference. He loves hacking, forensics & networking.

    http://www.tog.ie/2012/02/engineers-week-2/

    * { Mod : Remove if you feel this should not be posted here } *


  • Advertisement
Advertisement