If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Rate Thread | Display Modes |
#16
|
|||
|
|||
Wipe a hard drive completely
Wolf K wrote:
On 2018-05-08 10:55, Dave wrote: On Tue, 08 May 2018 09:49:51 -0400, Wolf K wrote: On 2018-05-08 05:58, wasbit wrote: "Ed Cryer" wrote in message news I've read recommendations for DBAN; and other for Eraser. Both are small programs; the first runs from a boot CD, the latter within Windows, which, I guess, precludes complete wipe of the System drive. Does anybody do this regularly? If so, what's your favourite? I used DBAN (Darik's Boot and Nuke), booting from CDs, to wipe two 120GB laptops so that they could be given to charity. Each took about 10 hours. Do you know how many over-writes that involved? That's typical of this NG. I defy anyone (even including Good Guy, who is by his own account very intelligent) to recover data after an overwrite of all zero's. Yes I know supposedly the NSA and the whatever the old KBG is these days, can attempt it, as maybe some data recovery outfits might. But nobody getting your old hd or machine can except people here in their dreams. Same goes for cracking TrueCrypt or VeraCrypt. The simplest approach would be to simply use the dd command or do as Paul suggested. I wanted to confirm my arithmetic that at 12GB/hour it looks like just one pass. I used Recuva on an a external drive that had been reformatted twice. It recovered the desired files easily of course, since they had not been overwritten, but it also recovered files that had been deleted weeks earlier, and were therefore at least partly overwritten, and fragments of files from the previous formats, which were certainly overwritten more than once. That being said, I agree with your sentiment that there's a tad or two too much paranoia floating around here. :-) You should at least run "sdelete" to whiten a partition, to prevent the recovery of deleted content via Recuva or similar. In fact, I'd try this, just to prove Recuva can't find anything after this runs. All your un-deleted files (the ones that are supposed to be there), will still be there. (use the -z option to zero white space) https://docs.microsoft.com/en-us/sys...nloads/sdelete sdelete is two pass. The first pass whitens clusters and goes fairly quickly. Like a good dental cleaning, the second pass enters the $MFT and cleans out tiny files trapped in the $MFT crevasses. This takes forever and a day. NTFS has a feature, where if a file is small enough, the payload is stored in the $MFT, rather than wasting a cluster in the regular storage area. Some documentation for sdelete, describes the algorithm used. And that's for cases where you deleted some "delicate" files, and don't want to have to trash the volume, and just want to protect against Recuva analysis by a competitor or curious person. It can take 12 hours to run that, so this is *not* the utility of choice if the police are kicking in the door :-/ If the police are kicking in the door, the preferred method is an FDE drive with encryption-key-based erasure (disk turned into noise, by the instantaneous loss of the encryption key inside the drive). If the encryption key is removed inside the drive, then in an instant, the disk is no longer readable. This is also a suitable method for "donating" drives to a third party. ******* As for "surgical cleaning", such as removing C:, then using "dd.exe" with an offset to overwrite where the partition used to be - yes, this is do-able, but your maths better be first-rate :-) dd.exe has "seek" and "skip" to control the positioning of the reader and writer in the program. Using the whole partition (MBR, aka sector 0) as the origin, you can do the maths in terms of "blocksize" units, to position the writer at a precise sector address, and erase just the partition in question, removing the partition header (the sector with "NTFS" in it), all the way up to the very last sector. (Instructions...) http://www.chrysocome.net/dd (executable) http://www.chrysocome.net/downloads/dd-0.6beta3.zip Even if you don't plan on every using this, you should have a copy :-/ ******* Now, nobody really likes maths. That's why we have Macrium Reflect Free. 1) Make a full backup of the disk, all partitions. 2) Using your maintenance OS, do a "clean all" or a Secure Delete or a DBAN and clean the drive from tip to tail. 3) Using Macrium Emergency Boot CD, reinstall the factory recovery partition. This assumes it is bootable and you know how things are linked together. Then use the F-key at startup, which specifies "please expand the factory content into a new fresh C: for me". And it will be done. It's less mental effort, and since some of the steps would nave to be done with the other method anyway, not that much extra work. As for "erasure pattern", Gutmann debunked the 35-pass thing multiple times. The 35-pass invention was only ever intended for ancient FM and MFM drives of some sort. And was never intended for PRML (partial response maximum likelihood) encoding methods. If you look at MFM (magnetic force microscopy) pictures of modern disk drives, there is no fringing to be seen visually, so multiple passes (for the most part) are a waste of time. With tight geometry, embedded servo, it's no longer an easy thing to apply a "half track offset", like the departmental server I had at work was capable of. "Half track offset" is a feature of disks, where servo is one surface on the bottom platter, and you can remain locked to that servo, while offsetting the heads elsewhere. That was the concept. Using stuff like half track offset would be something you might apply if you didn't have backups, you wanted to get some data back, and had hours of work time to waste on it :-) I think our field service guy may have used it when working elsewhere, but I never needed to do that. https://en.wikipedia.org/wiki/Gutmann_method "some people have treated the 35-pass overwrite technique described ... as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques" That's one of the reasons I like looking up that quote. My favorite erasure pattern is all-zeros. This allows me to "scan" the drive with HxD, for a quick structural inspection, to make sure I didn't screw up some maths or procedural steps. If you use the 35-pass method, the data remnant is "random" and this makes it hard to tell the difference between "clean" areas and "dirty" areas. That's one of the reasons I like a single pass of zeros for cleaning. It makes examination with a hex editor later, easier to do. Paul |
Ads |
#17
|
|||
|
|||
Wipe a hard drive completely
"Wolf K" wrote in message
... On 2018-05-08 05:58, wasbit wrote: "Ed Cryer" wrote in message news I've read recommendations for DBAN; and other for Eraser. Both are small programs; the first runs from a boot CD, the latter within Windows, which, I guess, precludes complete wipe of the System drive. Does anybody do this regularly? If so, what's your favourite? I used DBAN (Darik's Boot and Nuke), booting from CDs, to wipe two 120GB laptops so that they could be given to charity. Each took about 10 hours. Do you know how many over-writes that involved? Sorry, can't remember but I guess it would be either 1 or 3. -- Regards wasbit |
#18
|
|||
|
|||
Wipe a hard drive completely
"Dave" wrote in message
news On Tue, 08 May 2018 09:49:51 -0400, Wolf K wrote: On 2018-05-08 05:58, wasbit wrote: "Ed Cryer" wrote in message news I've read recommendations for DBAN; and other for Eraser. Both are small programs; the first runs from a boot CD, the latter within Windows, which, I guess, precludes complete wipe of the System drive. Does anybody do this regularly? If so, what's your favourite? I used DBAN (Darik's Boot and Nuke), booting from CDs, to wipe two 120GB laptops so that they could be given to charity. Each took about 10 hours. Do you know how many over-writes that involved? That's typical of this NG. I defy anyone (even including Good Guy, who is by his own account very intelligent) to recover data after an overwrite of all zero's. Yes I know supposedly the NSA and the whatever the old KBG is these days, can attempt it, as maybe some data recovery outfits might. But nobody getting your old hd or machine can except people here in their dreams. Same goes for cracking TrueCrypt or VeraCrypt. The simplest approach would be to simply use the dd command or do as Paul suggested. Don't know why you are getting worked up. It was a genuine question from a regular poster. I've answered his enquiry. -- Regards wasbit |
#19
|
|||
|
|||
Wipe a hard drive completely
In article
Ed Cryer wrote: I've read recommendations for DBAN; and other for Eraser. Both are small programs; the first runs from a boot CD, the latter within Windows, which, I guess, precludes complete wipe of the System drive. Does anybody do this regularly? If so, what's your favourite? There is only one tool to use... Macorit Disk Wiper. Select partition or whole drive. And it's free. Ignore old in the tooth DBAN. hxxps://macrorit.com/free-data-wiper.html |
|
Thread Tools | |
Display Modes | Rate This Thread |
|
|