Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

Giving laptop to charity - is deleted data safe?

  • 13-05-2014 9:30pm
    #1
    Registered Users, Registered Users 2 Posts: 518 ✭✭✭


    Just posted this on laptops, but mod suggested it would be more appropriate here......

    We have two laptops that are unused - taking up space in our spare room and a waste of scarce resources. Some charities seem interested in taking old laptops, which is fair enough by me.
    The main problem is security of private information. I can delete all of the files, but my understanding is that if somebody is nifty enough with computing they would be able to access them anyway. Is there any way to permanently delete all files, so that the laptops can be given to charity?

    Before you ask, there is nothing dodgy on the laptops, but we have all kinds of financial files, letters etc. written and saved to the laptops.


Comments

  • Moderators, Recreation & Hobbies Moderators Posts: 5,838 Mod ✭✭✭✭irish_goat


    Download Eraser. http://eraser.heidi.ie/

    And then run a task on your unused disk space and/or any files you want permanently deleted.


  • Closed Accounts Posts: 18,966 ✭✭✭✭syklops


    DBAN is your only man!


  • Registered Users, Registered Users 2 Posts: 518 ✭✭✭CarPark2


    Thanks for the suggestions.
    So the question is, would you be happy to donate your old computer to charity after running these programmes?


  • Closed Accounts Posts: 4,930 ✭✭✭duckysauce


    CarPark2 wrote: »
    Thanks for the suggestions.
    So the question is, would you be happy to donate your old computer to charity after running these programmes?

    yep its what alot of financial institutions use to wipe their machines , if you are still not sure take the hard drives out , and donate the rest of the laptop.


  • Registered Users, Registered Users 2 Posts: 3,739 ✭✭✭Stuxnet


    Run DBAN and you will be fine


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 4,331 ✭✭✭Keyzer


    Stuxnet wrote: »
    Run DBAN and you will be fine

    Agreed. Its free and simple to use...


  • Registered Users, Registered Users 2 Posts: 1,882 ✭✭✭johndoe99


    Dban will do the business. If your still not sure, take out the HD (easy to do) and destroy it. Then hand them into Charity.


  • Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭trout


    You are right to be cautious with your sensitive & personal information.

    If you plan to give these laptops to charity, I wouldn't spend any time trying to manually delete data, you'll spend an age at it, and still not be sure that you've got it all.

    It can be quite simple to recover deleted data ... so you do need to shred or securely erase the drive(s) before you move the laptop on.

    DBAN autonuke ... problem solved.

    This is a pretty good walkthrough -> http://www.howtogeek.com/howto/15817/wipe-delete-and-securely-destroy-your-hard-drives-data-the-easy-way/

    NB - be sure to remove any USB keys or external drives that you want to keep BEFORE you run DBAN :)


  • Registered Users, Registered Users 2 Posts: 3,097 ✭✭✭stevek93


    Its amazing to see how foolish people can be, I have bought a few laptops over the years from Adverts and the stuff people leave behind you wouldn't believe. A DBAN overnight will do the job.


  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    Here's an article about the Guardian Newspaper Computers storing Snowden leaks that the UK Gov made them destroy under supervision by the GCHQ and what parts in particular GCHQ wanted destroyed.

    I don't think DBan is gonna cut it.

    Sledge hammer and the flames of Hell maybe???

    privacyinternational.org/blog/what-does-gchq-know-about-our-devices-that-we-dont
    The Guardian decided that having the documents destroyed was the best option. By getting rid of only the documents stored on computers in the UK, it would allow Guardian journalists to continue their work from other locations while acquiescing to the Government's demand. However, rather than trust that the Guardian would destroy the information on their computers to the Government's satisfaction, GCHQ sent two representatives to supervise the operation.

    Alternatively, it might have been expected that GCHQ would solely target the hard drives of the devices in question. The hard drives, after all, are one of the few components of a computer where user data is supposed to be retained after the power to the device is removed.

    Surprisingly, however, GCHQ were not just interested in hard drives nor did they destroy whole devices. An examination of the targeted hardware by Privacy International, with cooperation from the Guardian, has found the whole episode to be more troubling and puzzling than previously believed.

    During our invesitgation, we were surprised to learn that a few very specific components on devices, such as the keyboard, trackpad and monitor, were targeted along with apparently trivial chips on the main boards of laptops and desktops. Initial consultation with members of the technology community supported our identification of the components and that the actions of GCHQ were worth analyzing further.



    Door to Hell

    dailymail.co.uk/sciencetech/article-2179622/The-Door-Hell-Giant-hole-Karakum-Desert-40-YEARS.html

    :)


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 1,193 ✭✭✭liamo


    The very helpful replies so far address two specific issues :
    1. Deleting specific files beyond recovery.
    2. Deleting all data on the disk beyond recovery.

    Your question seems to imply that you would like to delete all user files while leaving the OS intact on the laptop.

    While the replies that recommended Eraser were helpful and I agree that Eraser is a great tool, I don't think that's a good idea in this case. You can't have tracked all user files over the lifetime of the laptop so you will have no guarantee that you have erased all user files.

    In this case, I believe the DBAN recommendations are more appropriate. These charities (I'm specifically thinking Camara) will be more than happy to install an OS before passing the laptop on.

    Additionally, for next time, any new or existing laptops should be encrypted (I favour TrueCrypt).

    You may think that encrypting a home laptop is overkill?

    If you're giving the laptop away you can simply do a quick format. Job done.

    Also, if the laptop is lost or stolen, you won't have to lose sleep over the data stored on it.

    My home laptop was stolen a couple of weeks ago. While I'm still feeling the inconvenience of its loss, I at least had a few backups of all important data and the laptop was entirely encrypted. The thief will have no access to my private data - work stuff, bank details, personal documents, etc. The encryption of the laptop changed its theft from a crisis into an inconvenience.

    Food for thought ......


  • Moderators, Society & Culture Moderators Posts: 32,286 Mod ✭✭✭✭The_Conductor


    I rehabilitate laptops for a programme in Kenya (maybe a half-dozen a year, not a large volume). I send them out via the Franciscan missionaries, to a teacher training college- where they are distributed on a needs basis.

    It depends on the laptop- but I use software to over-write the hard-drive, a minimum of 7 times, and if the person is paranoid about data on the hard-drive, up to 35 times. I wipe free space, MFT and at a cluster level- and then repartition the hard-drive, and install Ubuntu or similar (if there is a Window's License- I'll install the appropriate copy of Windows etc).

    If someone is totally paranoid about their laptop- I whip out the hard-drive, destroy it mechanically, and use the laptop for parts.


  • Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    I remember reading that using linux dd and overwriting with zeros once was good enough, that this notion that people can actually retrieve data from a hard disk that has been written to is nonsense. So, my question is this:

    Has anyone ever heard of anyone actually successfully retrieving data from a hard disk that had been overwritten with zero's only once?

    I think it's a worthy experiment.


  • Moderators, Society & Culture Moderators Posts: 32,286 Mod ✭✭✭✭The_Conductor


    Khannie wrote: »
    Has anyone ever heard of anyone actually successfully retrieving data from a hard disk that had been overwritten with zero's only once?

    I think it's a worthy experiment.

    Theoretically, its possible.

    However, the time, effort and expense involved would be prohibitive.
    Aka- it would cost literally thousands.

    I worked in Data Recovery for a while (in a former life)- we managed to recover data in many improbable situations- however we had access to remarkable hardware- and often unlimited budgets (some recovery would have been on behalf of law enforcement agencies- who were willing to go to whatever lengths it took to retrieve whatever could be retrieved).

    We also decrypted some encrypted drives- some of the companies had proprietary encryption which they bundled free-of-charge, which wasn't too difficult to crack.

    Its highly improbable that anyone could retrieve data- but not impossible- if sufficient time, effort and money was thrown at decrypting a hard-drive. For all intents and purposes- it is so unlikely that anyone could be bothered........


  • Registered Users, Registered Users 2 Posts: 203 ✭✭industrialhorse


    Theoretically, its possible.

    However, the time, effort and expense involved would be prohibitive.
    Aka- it would cost literally thousands.


    I worked in Data Recovery for a while (in a former life)- we managed to recover data in many improbable situations- however we had access to remarkable hardware- and often unlimited budgets (some recovery would have been on behalf of law enforcement agencies- who were willing to go to whatever lengths it took to retrieve whatever could be retrieved).

    We also decrypted some encrypted drives- some of the companies had proprietary encryption which they bundled free-of-charge, which wasn't too difficult to crack.

    Its highly improbable that anyone could retrieve data- but not impossible- if sufficient time, effort and money was thrown at decrypting a hard-drive. For all intents and purposes- it is so unlikely that anyone could be bothered........

    I'm sure the NSA and GCHQ tick all of those boxes:pac:


  • Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    I'm sure the NSA and GCHQ tick all of those boxes:pac:

    They tick those boxes, but I'm not so sure it's possible. What I'm interested in finding out is if anyone is aware of it actually happening - a hard drive, properly wiped only once (not formatted, but data actually overwritten with zeros or random data) having anything successfully retrieved from it.

    My guess - it's all theory and no application.


  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    Khannie wrote: »

    Has anyone ever heard of anyone actually successfully retrieving data from a hard disk that had been overwritten with zero's only once?

    I think it's a worthy experiment.

    Article few years back in comp and tech with guy that used microscope to go back 1 write...i think that was the jist anyway.

    Ehh...im on phone, il see can i find it later and link it here.


  • Registered Users, Registered Users 2 Posts: 37,485 ✭✭✭✭Khannie


    Being a sceptic is great. If you're wrong, it's because curiosity. If you're right, you're right. Win / win! :pac:


  • Moderators, Society & Culture Moderators Posts: 32,286 Mod ✭✭✭✭The_Conductor


    bedlam wrote: »
    No, it is effectively urban legend or people talking about drives 15 years or older.

    In my case- it was a former life- and yes, it was over 10 years ago. It involved all manner of magnetic technology (including quite a few Jaz disks etc).


  • Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭trout


    Khannie wrote: »
    Has anyone ever heard of anyone actually successfully retrieving data from a hard disk that had been overwritten with zero's only once?

    Recovering from a format, or delete is trivial ... I've never seen / heard / read about recovery from a disk that has been zeroed.
    Khannie wrote: »
    I think it's a worthy experiment.

    I've tried several times - in the name of science - and never got back a damn thing from any disk that had been overwritten in this way.

    You can get some data back from white-space, or deleted space, even after formats ... but once it's been written ... that's what it holds.

    This paper was doing the rounds when I was in college ... it's a good read, and makes a convincing argument that a single pass is all you need.

    http://privazer.com/overwriting_hard_drive_data.The_great_controversy.pdf


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 4,151 ✭✭✭kupus


    Anyone have anything to say about this, or were they old computers with old hard drives? Or people just didnt wipe the data in the first place?

    http://www.telegraph.co.uk/earth/earthnews/9700836/How-your-old-computer-may-be-on-its-way-to-Africas-online-fraud-capital.html


  • Closed Accounts Posts: 1,260 ✭✭✭Rucking_Fetard


    Article few years back in comp and tech with guy that used microscope to go back 1 write...i think that was the jist anyway.

    Ehh...im on phone, il see can i find it later and link it here.
    Khannie wrote: »
    Being a sceptic is great. If you're wrong, it's because curiosity. If you're right, you're right. Win / win! :pac:

    Don't mind me, other way around, 1 wipe was enough.

    Site is abandoned now, google says untrusted, it's here--->enter at your peril

    anti-forensics.com/disk-wiping-one-pass-is-enough/


    Came across this then...
    The National Industrial Security Program, or NISP, is the nominal authority (in the United States) for managing the needs of private industry to access classified information.

    The Defense Security Service provides a Clearing and Sanitization Matrix (C&SM) which does specify methods.[5] As of the June 2007 edition of the DSS C&SM, overwriting is no longer acceptable for sanitization of magnetic media; only degaussing or physical destruction is acceptable.

    wikipedia.org/wiki/National_Industrial_Security_Program


  • Registered Users, Registered Users 2 Posts: 9,605 ✭✭✭gctest50


    The Defense Security Service provides a Clearing and Sanitization Matrix (C&SM) which does specify methods.[5] As of the June 2007 edition of the DSS C&SM, overwriting is no longer acceptable for sanitization of magnetic media; only degaussing or physical destruction is acceptable.

    That would eliminate the small chance that the program/device used to overwrite the disk has been neutered by a rogue employee.

    The rogue employee could run a few disks through the neutered device and then take them home


  • Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭trout


    The term "magnetic media" covers more than hard disks, you'd have tapes & floppies as well, in various formats, these may offer more scope for recovery.

    Degaussing or physical destruction (shredding) is a blunt solution, when you have no further use for the media.

    If you want to re-use a hard disk then DBAN, dd, format, zero ... whatever method you use ... a 1 pass wipe is most probably all you need.

    NIST SP 800-88 supports 1 pass (see page 16) http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_with-errata.pdf. It mentions "studies by the NSA" ... but I can't find those yet; I'll keep looking.

    With my own data I've always gone for DBAN autonuke with multiple passes, not because I really believe Big Brother will spend any time or effort trying to recover my rubbish data ... but because it's so easy to let DBAN do it's thing. Fire & forget.


  • Registered Users, Registered Users 2 Posts: 2,216 ✭✭✭Kur4mA


    As a lecturer of mine and smarter man than myself once said... "If you are truly concerned about your data, then the best tool out there to wipe your data is a hammer". He literally told us the only sure method is to hammer the drive into dust.


  • Registered Users, Registered Users 2 Posts: 9,957 ✭✭✭trout


    Old phone support shaggy dog stories ...

    (1) US military guy phones up Gateway tech support about his home PC. After troubleshooting for a while, they determine the hard drive has failed, and will be replaced under warranty.

    The customer is obliged to return the faulty part ... and after some wrangling, he agrees to do so, so long as he can "police up" his data. Tech support agrees to this as a reasonable request ... upon which the military guy proceeds to bludgeon the failed hard drive with what he described as a "5 lb short stack sledgehammer".

    Some days later, a tupperware box of metal shards and assorted electronic parts arrived ... complete with RMA number.

    (2) Same company, different customer, different technician. Another failed hard drive, again to be replaced under warranty. Customer said he'd need a week or so before he could send the drive back. "No problem, take your time sir" ...

    When the drive arrived back it had been drilled, repeatedly, so that it looked like swiss cheese, and was somehow corroded & rusted, and smelling faintly of seaweed. Turns out the customer had taken a drill-press to it, and then soaked it in a bucket of seawater for several days.

    I would wager both these methods are simple but effective :)


  • Closed Accounts Posts: 1,004 ✭✭✭Recondite49


    syklops wrote: »
    DBAN is your only man!

    Syklops has it right, DBAN is what you need. If you feel paranoid afterwards you can always choose to encrypt the drive afterwards with a program like Truecrypt or CryptFS so any data fragments will be difficult to get at.


  • Registered Users, Registered Users 2 Posts: 19 martindoran


    i find useing eraser (free) does the job quiet nicely


Advertisement