how to completely "Clean" my hard drive?.

whisper

Member
Apr 1, 2008
68
0
Did a search..found nothing..which forum should i post about cleaning my hard drive?

i just used Privacy Eraser Pro in a cracked version to clean my hard drive. the i followed with Easeus Data Recovery Wizard: and was a little shocked @ what turned up.

This happened before, and I've even Defragged then just spent a few hours recopying random files to fill up the disk, then deleted them and then erased the empty portion again: still found recoverable file and file names.
Since then i've tried to rename new files to something simple/unrevealing as i've saved them.

Suggestions? no i don't want to reformat. if i was selling it, sure.
 

Ceewan

Famished
Jul 23, 2008
9,151
17,033
reformatting a hard drive is useless for the purpose you are mentioning. It appears you wish to permantly delete files so they cannot be recovered and your harddrive can be reformatted cleanly. This can be done at no cost to you, although depending on the size of your harddrive it may take few hours.

Try to recover data after using this:
http://www.truecrypt.org/

It won't happen. Deletion is old school. Encrypt your data instead. Don't dismiss this advice offhand, try it and prove me wrong. Got any questions?
http://www.truecrypt.org/faq
 

Rollyco

Team Tomoe
Oct 4, 2007
3,556
34
Darik's Boot And Nuke is widely recognized as a reliable tool for wiping drives. Download, burn to bootable disc, boot the disc, and proceed. I recommend Interactive mode, PRNG method, 1 pass. Your data will be gone from even the most determined law enforcement scrutiny.

Don't waste your time with more passes or slower paranoid mode like DoD Short. 1 pass renders your data completely unrecoverable.
 

Ceewan

Famished
Jul 23, 2008
9,151
17,033
Dban is pretty old school Rollyco. I did not realize they had updated that program as it had become outdated at one time. Nice link, Thank you for sharing that. I am a big fan and supporter of Sourceforge and open source software.
 

Rhinosaur

Outside Context Problem
Sep 23, 2007
2,007
614
Good old hot, soapy water!
 

desioner

Sustaining L.I.F.E.
Staff member
Super Moderator
Nov 22, 2006
4,873
50,760
I recommend Eraser. It's worked wonders for me. It also allows you to securely empty the trash.
 

guy

(;Θ_Θ)ゝ”
Feb 11, 2007
2,079
43
Eraser is nice, but ever since the newest version, its not quite as configurable as it used to be.

Also, +1 for DBaN if you need to wipe the entire HDD.

Alternatively, just take a sledgehammer to it, toss it in a bonfire, and buy yourself a new drive.
 

Ceewan

Famished
Jul 23, 2008
9,151
17,033
I have to admit, that Dban link caught me by surprise. I went looking through my computer to see if I had an older version still. Dban Version 1.07 still had a floppy disk option, (and that was what was available two or three years ago). I mean I thought that program was dead in the water. The new version is a 10mb .iso file the old version was a 1.86mb .exe file. We are talking serious resurrection here.

I have not looked into the new Eraser but I do know there were problems with the older versions not being able to remove trace data from the operating system. But this is the problem of most file wiping programs. Removing one file does not necessarily remove all traces of that file or its' contents. Yet as far as individual file wiping software goes PGP wipe is probably the most effective/reliable, IMO.

When in doubt guy provides a good solution. Most newer computers have removable hard drives and hard drives are not as expensive as they used to be. Just buying a new one and safely disposing of the old one is always an option.
 

techie

SuupaOtaku
Jul 24, 2008
568
4
Standard LLF (Low Level Formatting) should do the trick in most cases.
Keep in mind, deleting your disk is not illegal. Some applications are prohibited in the UK for example as it may "aid in concealing evidence" as they call it so they make it criminal before the fact to even use certain applications. Now the application I thought of in that case is useless anyway.

Also keep in mind, the cost of recovering any data removed may fall on the incriminated party if thats the case. Also, with electron microscope technology there is a way to "calculate in reverse" the overwrite sequence of any data previously stored up to 1011 times overwritten. Then again this is something the NSA and NASA boys do for recreational fun.

Even DOD 2022 standard overwriting does not work as intended all the time.
I have had the great fortune of working with a guy who did auditing for the DoD and he showed me the application they used.

I then recovered the data "he stated he had deleted" by using a freeware version of a disk/sector recovery application. Then I wrote my own file killer instead and since they his boys at the DoD thought I was no fun to play with anymore :)... wonder why.

So... give this little gadget a try but remember you should possibly overwrite your entire HDD approx 1100 times to make sure you got it right and don't trust a DoD 2022 algorithm.

http://hddguru.com/software/2006.04.12-HDD-Low-Level-Format-Tool/

Edit:

I forgot to mention...

If you're on NTFS keep in mind sectors are 4096 bytes, and any part of a sector not taken up by content in a file is prepopulated by junk from the memory or other places on your disk. This means, you should never overwrite the file in exact bytes, but actually kill the whole sector containing any part of a file.

As such, a file which is 23879 bytes require you overwrite it with
(floor(23879/4096)+1)*4096 bytes.
floor for the non progger means rounded down to even integer.
 

Rollyco

Team Tomoe
Oct 4, 2007
3,556
34
you should possibly overwrite your entire HDD approx 1100 times to make sure you got it right

Where in God's name did you pull that number from? It flies in the face of all current best practices that I'm aware of.

The 2006 NIST (nist.org) Special Publication 800-88 states one pass is all that is needed for modern hard drives.

The 2007 Defense Security Service (dss.mil) Clearing and Sanitization Matrix mandates clearing a hard disk with a single pass.

The 2008 "Overwriting Hard Drive Data: The Great Wiping Controversy" Lecture Notes in Computer Science (Springer Berlin / Heidelberg) analysis of recovery techniques concludes that a single wipe is all that is required for modern drives, and that electron microscopy as a feasible data recovery tool is an urban myth.
 

techie

SuupaOtaku
Jul 24, 2008
568
4
Where in God's name did you pull that number from?

Quoting a former co-worker and checking the most interesting math on the US Patent registration that came alongside his explanation.

Sorry I cannot recall any patent number but it runs along the lines of the following...

Examining a hard disk magnetic surface in a clean room environment in electronic microscope you can derive a possible fragment or whole file segments by considering that a 1 does not write 1 but 0.96 over a 0 and a 0 does not write a 0 but approx. 0.47 over a 1.

Per those specs, I was also told it happens that some more technically inclined offices get contracts to perform said checks and tests.
When I was told of this back in 2001-2002 the price for this service was approx. 11,000 USD per hour.

I would guess that includes the fact the lab doing it has one heck of a setup.

I have not heard of anyone whom has been subjected to this myself, and if I did I would have to assume I shouldn't tell.

But then again if the newer applications seem to think it is ok with one pass, then sure, why not. I prefer to be selectively paranoid in some cases rather than sitting wondering what went wrong.

Perhaps per the same accord, I never heard of a DoD HDD that was sold after they LLF formatted the disk. Nor gave it to any charity.

What in fact happened back in 2001/2002 when I worked with those guys, was that they would DoD 2022 wipe the disks, then LLF format them before they tossed the whole disk in a giant shredder and crushed them.

Now that is excessive paranoia indeed.
 

Rollyco

Team Tomoe
Oct 4, 2007
3,556
34
Every time techie posts about technical matters, God kills a kitten.
 

techie

SuupaOtaku
Jul 24, 2008
568
4
Perhaps...
I would like to say:

a) Substantial criticism does not make a technical feat impossible. I have seen to much to unsubscribe to the possibility.

b)

When data have been physically overwritten on a hard disk it is generally assumed that the previous data are no longer possible to recover. In 1996, Peter Gutmann, a respected computer scientist,[citation needed] presented a paper that suggested overwritten data could be recovered through the use of Scanning transmission electron microscopy.[1] In 2001, he presented another paper on a similar topic.[2] Substantial criticism has followed, primarily dealing with the lack of any concrete examples of significant amounts of overwritten data being recovered.[3][4] To guard against this type of data recovery, he and Colin Plumb designed the Gutmann method, which is used by several disk scrubbing software packages.

Although Gutmann's theory may be correct, there's no practical evidence that overwritten data can be recovered. Moreover, there are good reasons to think that it cannot.


When I read this I think as follows....

examples of significant amounts of overwritten data being recovered. does not imply that NO data can be recovered, but it clearly states by the same accord that some data can be recovered.

Also keeping this in mind when we discuss computer forensics, you have to take in account that convictions may be rendered out of the court proving the fact it is highly probable that the data previously contained is what the accused is stated to have had on the disk per the claims of a prosecutor, and this has nothing to do with the accuracy of the disk wiping or forensics tools used, but rather the fairness or legal rights system where we often see cases closed with convictions for crimes of association.

In other words, only because the data cannot be recovered to 100% or sometimes even 10 %, it is still up to the court system to make use of the data as they deem fit, and unfortunately they often do in many countries to this date.

In fact, pretty much like any other decent data recovery application, one cannot expect to get all degraded data back all the time.

EDIT:

A word from Mr Gutman himself in regards to MFM methods applied to modern / newer media types with high density and perpendicular clusters...

Gutman said:
“Any modern drive will most likely be a hopeless task, what with ultra-high densities and use of perpendicular recording I don’t see how MFM would even get a usable image, and then the use of EPRML will mean that even if you could magically transfer some sort of image into a file, the ability to decode that to recover the original data would be quite challenging.”

In all fairness, yes I do agree it would seem quite impossible (Today, but perhaps not tomorrow), to do this on newer disks, but given the number of people using older disks for bulk hording and storage it would seem fair to say a majority of the media could in fact be target for the said method, when it is older.

Even so the very good article on this topic found at
http://www.anti-forensics.com/disk-wiping-one-pass-is-enough
and...
http://www.anti-forensics.com/disk-wiping-one-pass-is-enough-part-2-this-time-with-screenshots

...does not negate the possibility but also describes the difficulty in rendering usable data in return on recovering the same.


Now if information I have received in the past have been misleading or wrong then so be it, but it still does not mean technology has not been developed which is yet to become public in this field, and that can stand for the former co workers of mine whom I discussed this topic with long ago.


A final edit:

Defense Security Service said:
Data sanitization

DoD 5220.22-M is sometimes cited as a standard for sanitization to counter data remanence. The NISPOM actually covers the entire field of government-industrial security, of which data sanitization is a very small part (about two paragraphs in a 141 page document).[4] Furthermore, the NISPOM does not actually specify any particular method. Standards for sanitization are left up to the Cognizant Security Authority. The Defense Security Service provides a Clearing and Sanitization Matrix (C&SM) which does specify methods.[5] As of the June 2007 edition of the DSS C&SM, overwriting is no longer acceptable for sanitization of magnetic media; only degaussing or physical destruction is acceptable.


So to spare the kittens and Rollyco, whom I respect greatly in regards to technical matters, I will stay out.
 

porkar

New Member
Apr 2, 2007
177
6
What are your opinions on the effectiveness of 'Evidence Eliminator' and 'File Shredder' ?
 

Rollyco

Team Tomoe
Oct 4, 2007
3,556
34
In my opinion any program that runs within Windows is a crap shoot as to whether you're data will truly be unavailable to future forensic analysis. BCWipe is a well regarded tool in this category, as long as you understand that sometimes it's impossible to control where the OS puts your data.
 

Ceewan

Famished
Jul 23, 2008
9,151
17,033
It depends on what you expect from them.

I have not checked on the newest versions of Evidence Eliminator but they had the same issues as Eraser, (not being able to remove operating system files succesfully). Evidence Eliminator is Closed Source as well, which brings into question its' reliablity from a different aspect. Open Source programs are generally more trusted because there is less likely any hidden "surprises", (for want of a better term). This is not to say all Closed Source programs are not trustworthy, far from it, but with Open Source programs the data is available to everyone as proof. Evidence Eliminator is not a program I would reccomend, there are better options.

I remember File Shredder but I admit I am not that familar with it so I can not comment on it.