Discussion Forums > Technology
Looking for hardisk format software
bork:
Must be hiding some strange stuff if you are worried about someone trying to recover it. I use to do some strange stuff in the military years back and I never used erasing as a means to clear data from computer equipment. It left in only two ways, in a secure transport where custody was always maintained or it was destroyed into a pile of slag.
Perspective on things:
- personal data like banking info. It would be easier to social engineer the info than to try and extracted it from an erased HD.
- company data. one pass erase is good. Non-government organization do not have access to the technology to even think about recovering erased data. Most people are not savvy enough to cover their tracks so whatever information the person is trying to hide can be found out though other means.
The only time you would have to worry about data being recovered is if results in getting the attention of some high level government organization.
Just do a simple one pass wipe to clear erased data. Never loose possession of a hard drive you used unless it has been processed though a Kiln first (2500 degrees is good enough), sledge hammer and anvil is also good.
Pentium100:
--- Quote from: bork on August 18, 2010, 04:18:33 PM ---Must be hiding some strange stuff if you are worried about someone trying to recover it. I use to do some strange stuff in the military years back and I never used erasing as a means to clear data from computer equipment. It left in only two ways, in a secure transport where custody was always maintained or it was destroyed into a pile of slag.
--- End quote ---
Sure. The cost of the drive in your case was less than the cost of the possibility that someone might be able to recover the data.
--- Quote ---Perspective on things:
- personal data like banking info. It would be easier to social engineer the info than to try and extracted it from an erased HD.
--- End quote ---
I hear a rubber hose is also effective, but it should be applied to the owner of the device.
--- Quote from: nstgc on August 18, 2010, 03:53:08 PM ---Think about reading a bit on a hard drive as checking for a certain limit. Lets say that if 75% of the particles in that bit are up, then its a 1. Writing a zero will bring that below 25%, however if you write zeros to zeros, the the zero'ed zeros will still be lower than the zeroed ones. As a result there is a contrast.
--- End quote ---
Noise, that's present in any magnetic medium, will reduce the contrast. Also, no drive writes ones and zeros straight to the medium, all drives use encoding, new drives using RLL (a long time ago, MFM was used, and before that - FM) to reduce the length of time without a reversal (or the drive may lose count of how many zeros there was).
Tiffanys:
Acronis TrueImage Home. It can also clone drives and such. But, it has the best methods of data destruction available... Personally, I use the US DoD destruction algorithm. It's especially important if you're doing an RMA or something where anyone else will get their hands on it.
Here's an explanation of one of the destruction methods: http://en.wikipedia.org/wiki/Gutmann_method
Also, the types: http://www.robabdul.com/blog/Different_Data_Destruction_Methods.htm
daveLovesIt:
Just to add 10 cents:
1 pass wipe? Yep, sufficient if you arent being hunted by a government. But just remember that wiping a disk and telling windows to format a disk are not the same thing. It's necessary to write to the whole disk, typical formats leave the partition table intact and also various windows likes to leave some naughty little records here and there. I fixed many XP laptops which had allegedly failed drives simply by doing an ext2 format before a vfat format in knoppix, and hey presto windows would install again. These systems all had cracked WGA or had a dual-boot linux-native partition before "failing", and I can omly assume that these "bad" disks were simply marked so by windows. I dread to imagine what else Microsoft might deem to secretly record on ever-growing disks. Never trust a proprietary OS to tell the truth.
Tiffanys mentioned the DoD algo. The DoD also set a standard for the number of passes that was sufficient, and it was 7. So some paranoid (might have been Gutmann) mused that if the US government said 7 passes, then they can obviously read at least 14, so do 35 minimum. Problem is... disks are getting bigger. It takes a fairly long time to shred even a small drive this many times with a simple algorithm, but if you partition your disks or make sure the sensitive data only ever lands on a small flash disk or something, this is better.
Shred is good for linux, and when I last used it, Eraser was a nice windows tool. Do not erase folders, it means jack, (swap/page file? various indexing and caching?) but erase block devices.
Spoiler is big, I wrapped it up because nobody but the truly interested wants to see a thread cluttered with a geeks discourse on data removal policies,
(click to show/hide)Now, the real nub is not taking a hard-disk and extracting unknown data from it a random. Don't worry about bank details and such, just wiping a few times should be more than enough. If you wanna get paranoid, I liked the mersenne twister algo for introducing random data randomly across a disk in a somewhat random manner. (I didnt see why it was good until I looked at an electron microscope shot of an overwritten JPEG with zeroes only) but it is seriously overkill. Also, I last played with this shit years ago, and it may all be moot now. Uncle Sam does not want your credit card number nor your holiday pics. However, the maths and the technology do, very probably, exist to prove that a file was present on a disk despite extensive measures, which may mean the difference between a conviction or not.
What the limits are, I have no idea, but you must be seriously wanted before an agency wants to commit a big pile of maths, money and machines to shop you via this method. There is, in fact, only one reason that they would. They already know you did it. How do they catch you? Monitoring, and then being diligent enough to ascertain that no other was subverting your pc (actually hard unless they watch you type in shell or something). The only real reason to dredge your disks is that they cannot convict on the evidence they have, (reasonable doubt or because it was acquired illegally) or they want some likely possibles for an unknown datum (eg a large keyfile) and thus turn a ridiculous bruteforce into something viable. Probably to do some illegal monitoring.
If you can take the time to envisage a system whereby a perfect XOR implementation prevents the appropriate data from ever being written to a disk in clear at all, and the key never recoverable by another human, you can basically shout "I have the file" and then say "only joking" and there would never be any proof unless knowledge of the file itself was enough. It's quite a puzzle, but not unsolvable. As systems get ever more complex, implementing this across all layers gets harder... but if you simplify the arena in your head, and turn it over... it's beautifully easy. xD Just bear in mind, again, that no amount of cleverness can protect you from being caught in the act.
New disks really are big, and clever. So on one hand the scope for recovering data is smaller, but the scope for insidious super-secret data-mirroring at a hardware level is much higher... so physical destruction is the key if you are really paranoid. I like thermite for wrecking stuff made of metal, not because I'm a paranoid criminal hacker, but because I usually opt for the solution which involves the most fireworks. It can go head-to-head with a kiln for heat, does way more damage than a hammer and anvil to a planar surface and is phenomenally faster than a even a q-formatting. And just like me, it looks great, and it's really cheap. xD
Pentium100:
Delete and format do not overwrite the data.
Deleting just marks the space occupied by the file as "empty". This is faster than secure wipe and most of the time you do not need it.
Format just overwrites the file table (MFT, FAT), but leaves the data sectors intact. Quick format ends after this, while full format verifies (reads) all sectors to make sure that they are readable and marks all unreadable sectors as bad.
I'll try to write a "spolier" too :)
(click to show/hide)All depends on how much the government want to get you. Getting the data from an overwritten area most likely is more expensive than they wish to spend while there are cheaper methods like a rubber hose. Of course, if they found a hard drive that they believe has crucial information and the owner of the drive is dead, then a recovery attempt might be used.
There are hard drives that encrypt all data, also, software like Truecrypt can do that for you.
Thermite may be cheap, but the drive isn't.
Navigation
[0] Message Index
[#] Next page
[*] Previous page
Go to full version