Jump to content

Hard Drive Secure Deletion/Wipe


ner

Recommended Posts

Good afternoon all,

I need to purchase software to wipe seculry 976 computers before selling them off.

Would love to learn which is the best to wipe, but then also use on Vista Build to seculy delete the hard drives free space going forward.

I collage suggested that we use a program called Active Kill Disk?

What do u recommend.

Thanks

Link to comment
Share on other sites


Actually you do not need to buy anything.

There are several Freewares capable of doing that.

It's up to you to decide which level of security you think adequate, but do READ these:

http://www.911cd.net/forums//index.php?showtopic=21073

http://www.boot-land.net/forums/index.php?showtopic=2683

and links therein before wasting hours (and possibly increasing the wear on the drives) doing multiple passes of random data, which is perfectly unneeded.

jaclaz

Link to comment
Share on other sites

Thanks Guys.... Even better it can be done for Free...... what now can i spend my £5k budget on...... :thumbup

However... I have read those forum links, and now i am totally confused... Whats the best setting to ensure that the PC's are sold with the hightest level of security.

The plan will be to clean these PC's and the image them using ghost 11.5 with windows 2000 (the orgional software supplied)

We dont want anyone to recover the databases and customer details that these PC's have on them..

Edited by ner
Link to comment
Share on other sites

Yeah, pretty much any decent wiping app will do. Make sure it can do passes with random data. More passes are better. 2 passes are more than enough.

How are you doing the wiping? It might be faster to take out the drives and do the wiping an one PC with alot of ports.

Edited by brucevangeorge
Link to comment
Share on other sites

Make sure it can do passes with random data. More passes are better. 2 passes are more than enough.

Would you mind reading the given links?:

It's up to you to decide which level of security you think adequate, but do READ these:

http://www.911cd.net/forums//index.php?showtopic=21073

http://www.boot-land.net/forums/index.php?showtopic=2683

and links therein before wasting hours (and possibly increasing the wear on the drives) doing multiple passes of random data, which is perfectly unneeded.

And think a bit about the matter?

You might later want to review your opinion...:unsure:

jaclaz

Link to comment
Share on other sites

Make sure it can do passes with random data. More passes are better. 2 passes are more than enough.

You might later want to review your opinion...:unsure:

Already done so.

http://www.boot-land.net/forums/index.php?showtopic=2683

DeviceEraser allows to completely overwrite a large number of media, making it impossible to recover anything useful from them.

It runs directly under Windows or in a PE environment and therefore can access even SATA and other rare drives that are usually invisible to BootDisks like DBAN

Currently several overwriting methods are supported:

1 Pass overwriting with ones/zeros/random (fast erase which makes the data unrecoverable from normal users)

3 Pass overwriting using ones, zeros and random.

He mentioned secure deletion of data. Yes you can delete the files quickly, but most are still recoverable until overwritten. Zeroes work, but I like a random pattern just for the hell of it. Its still overwriting either way.

Yes it does put a negligible amount of wear & tear on an already worn drive.

Edited by brucevangeorge
Link to comment
Share on other sites

Already done so.

I meant the whole thread, not just the first post, including this:

http://www.boot-land.net/forums/index.php?...c=2683&st=8

and later.

The whole point I am trying to make is that noone has EVER seen ANY data recovered adter a single 00 pass, or if this EVER happened there is NO actual eveidence of this ANYWHERE, ad, as said there:

And I am not the only one searching (vainly ;)) for a proof:

http://16systems.com/zero/index.html

Q. What is this?

A. A challenge to confirm whether or not a professional, established data recovery firm can recover data from a hard drive that has been overwritten with zeros once. We used the 32 year-old Unix dd command using /dev/zero as input to overwrite the drive. Three data recover companies were contacted. All three are listed on this page. Two companies declined to review the drive immediately upon hearing the phrase 'dd', the third declined to review the drive after we spoke to second level phone support and they asked if the dd command had actually completed (good question). Here is their response... paraphrased from a phone conversation:

"According to our Unix team, there is less than a zero percent chance of data recovery after that dd command. The drive itself has been overwritten in a very fundamental manner. However, if for legal reasons you need to demonstrate that an effort is being made to recover some or all of the data, go ahead and send it in and we'll certainly make an effort, but again, from what you've told us, our engineers are certain that we cannot recover data from the drive. We'll email you a quote."

Q. Why are you doing this?

A. Because many people believe that in order to permanently delete data from a modern hard drive that multiple overwrites with random data, mechanical grinding, degaussing and incinerating must be used. They tell others this. Like chaos, it perpetuates itself until everyone believes it. Lots of good, usable hard drives are ruined in the process.

jaclaz

Link to comment
Share on other sites

Hello All,

I don't mean to hijack this thread but the topic has got me wondering if my normal HDD format/clean routine is enough.

Usually a family members pc becomes bogged down/infected at some point and I'm the one thats called to come fix it. In the case of a viral infection that does more damage then I'm able to repair or the unavoidable user screwup that brings the system to an unusable state it comes time to do my usual HDD format/OS Install and so on.

- Check if any important items are missing from backup. (normally this isn't an issue)

- Insert Vista Disc, Select repair computer, launch Diskpart from command prompt and delete all partitions. Then do a Clean All pass before recreating the OS partition with a full format and then proceed to do an OS install.

Is an HDD Secure Delete/Wipe App such as DBan something I should be using for 2-3 passes to remove anything left on the drive to clean out the drive? When would be the appropriate time to use an app like dban?

Thanks.

Link to comment
Share on other sites

In a nutshell but if you had actually read the links you should already have got this :whistle::

  • clean/format/full format DO NOTHING to the actual files that can then be recovered (if not overwritten) at ANY time with very high probability of success.
  • wiping (i.e. overwriting) with a single pass of 00's is ENOUGH to make the files UNRECOVERABLE by ANYONE except maybe and only in a frammentary and not at all "dependable" way by perhaps a few Government Agencies through the use of of MFM (Magnetic Force Microscope) with a procedure that will likely take weeks.

There is NO reason (except security concerns) to completely wipe a hard disk.

(drive WON'T be faster, but you will lose some time waiting for the wiping to complete and you will put unneeded strain on the HD)

There is NO reason to ever do more than a single pass.

(there is NO evidence that something can be recovered after a single pass)

jaclaz

Edited by jaclaz
Link to comment
Share on other sites

You might want to look at the HDDErase package which uses the drives internal Secure Erase or Enhanced Secure Erase commands to wipe the drive:

Very good. :)

From it's FAQ's:

Q: Do multiple overwrites work better than a single overwrite:

A: Many commercial software packages are available using some variation of DoD 5220, some going to as many as 35 overwrite passes. Unfortunately the multiple overwrite approach is not very much more effective than a single overwrite since it does not do much to the remaining track edges where most of the very low level distorted remnant data remains after an overwrite and it takes a lot more time (even with 3 overwrites it can take more than a day to erase a large capacity hard disk drive).

From it's Protocols:

http://cmrr.ucsd.edu/people/Hughes/CmrrSec...seProtocols.pdf

Normal Secure Erase

Secure erase is called Security Erase in the ATA disk specification and Secur ity Initialize in SCSI. The

command must cause an overwrite operation that stores random bits in all user accessible blocks on storage

media. The overwriting user data itself need not be random if the device randomizes user bits before media

storage.

The current ATA specification for Normal Erase mode states that the SECURITY ERASE UNIT command

shall write binary zeroes to all user accessible data areas. (ATA reassigned blocks are not user accessible

because they have no user address). This level of erasure is excellent for fast erasure, although it does not

precisely follow the three writes called out in DoD 5220. CMRR verification testing (below) showed that the

erasure security is at the level of DoD 5220, because drives having the command also randomize user bits

before storing on magnetic media. In-drive block verify is via internal write fault detection hardware, which

takes no additional time thus increases user willingness to use the command. The three block writes of DoD

5220 plus verify can take far longer than the secure erase command. CMRR test times were up to days but the

drive normal Secure Erase can complete in 30-45 minutes.

jaclaz

Link to comment
Share on other sites

In a nutshell but if you had actually read the links you should already have got this :whistle::

  • clean/format/full format DO NOTHING to the actual files that can then be recovered (if not overwritten) at ANY time with very high probability of success.
  • wiping (i.e. overwriting) with a single pass of 00's is ENOUGH to make the files UNRECOVERABLE by ANYONE except maybe and only in a frammentary and not at all "dependable" way by perhaps a few Government Agencies through the use of of MFM (Magnetic Force Microscope) with a procedure that will likely take weeks.

There is NO reason (except security concerns) to completely wipe a hard disk.

(drive WON'T be faster, but you will lose some time waiting for the wiping to complete and you will put unneeded strain on the HD)

There is NO reason to ever do more than a single pass.

(there is NO evidence that something can be recovered after a single pass)

jaclaz

:blushing: I did attempt to read the links you posted previously but the first link didn't load up (kept timing out) and the second link I quickly read through which apparently didn't sink in. I apologize for any disturbance/annoyance it may have caused. Thanks for the quick summary, I'll be sure to make the appropriate changes to my HDD setup routine to follow your recommendations.

Link to comment
Share on other sites

[ :blushing: I did attempt to read the links you posted previously but the first link didn't load up (kept timing out) and the second link I quickly read through which apparently didn't sink in. I apologize for any disturbance/annoyance it may have caused. Thanks for the quick summary, I'll be sure to make the appropriate changes to my HDD setup routine to follow your recommendations.

No, actually it's not your (or my ;)) fault :), the boot-land server has been a bit erratic lately, it seems like due to web agents/bots "attacking" it. :(

The links in the thread are however these (FYI):

http://www.nber.org/sys-admin/overwritten-data-guttman.html

http://www.actionfront.com/whitepaper/Driv...20Ver14Alrs.pdf

http://www.actionfront.com/whitepaper/Driv...%20Preprint.pdf

http://www.forensicfocus.com/index.php?nam...065&start=0

http://16systems.com/zero/index.html

It is also worth a read the Original Gutmann's Paper (the thing that unwantingly originated the MYTH):

http://www.usenix.org/publications/library...mann/index.html

AND in the newish version comprising the "Epilogue":

http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

In the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques.

.....

Looking at this from the other point of view, with the ever-increasing data density on disk platters and a corresponding reduction in feature size and use of exotic techniques to record data on the medium, it's unlikely that anything can be recovered from any recent drive except perhaps a single level via basic error-cancelling techniques. In particular the drives in use at the time that this paper was originally written have mostly fallen out of use, so the methods that applied specifically to the older, lower-density technology don't apply any more. Conversely, with modern high-density drives, even if you've got 10KB of sensitive data on a drive and can't erase it with 100% certainty, the chances of an adversary being able to find the erased traces of that 10KB in 80GB of other erased traces are close to zero.

(bolding/underlining is mine)

What a bunch of guys (with the "outside" very little help of yours truly ;)) are trying desperately to do is to debunk the myth of the "several passes" and also that of "random data" needed, risking to overdoing it :unsure::

one single pass with 00's is enough!

jaclaz

Edited by jaclaz
Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...