Quick question: poor man's disk wipe?

Okay, let's say you got an external HDD formatted in FAT32, and you want
to make data unrecoverable on the drive. So let's say you don't want to
go through an hours long security wipe, overwriting all sectors on the
drive. Would simply reformatting the drive into an NTFS file system be
enough to make data unrecoverable for the vast majority of file and
partition recovery apps? I'm not talking NSA-level security, just
security against regular civilian recovery apps available for Windows.

--
Sent from Giganews on Thunderbird on my Toshiba laptop

On Tue, 20 Jun 2017 17:13:28 -0400, Yousuf Khan wrote:

Okay, let's say you got an external HDD formatted in FAT32, and you want
to make data unrecoverable on the drive. So let's say you don't want to
go through an hours long security wipe, overwriting all sectors on the
drive. Would simply reformatting the drive into an NTFS file system be
enough to make data unrecoverable for the vast majority of file and
partition recovery apps? I'm not talking NSA-level security, just
security against regular civilian recovery apps available for Windows.

No.

--
Wildman GNU/Linux user #557453
The cow died so I don't need your bull!

On 06/20/2017 02:13 PM, Yousuf Khan wrote:
Okay, let's say you got an external HDD formatted in FAT32, and you want
to make data unrecoverable on the drive. So let's say you don't want to
go through an hours long security wipe, overwriting all sectors on the
drive. Would simply reformatting the drive into an NTFS file system be
enough to make data unrecoverable for the vast majority of file and
partition recovery apps? I'm not talking NSA-level security, just
security against regular civilian recovery apps available for Windows.


Hi Yousuf,

No, reformatting won't remove your data from someone who
it reading it sector by sector. It only updates the file tables.

If you want to dispose of it, whack it with a hammer.

For the fastest full overwrite, boot into a Linux Live
disk and use "dd" with "if=/dev/zero" as your source.
Linux has all the cool tools.

And don't take too much heed in those myths about
overwriting several times. It is an urban myth. Doesn't
make a bit of difference. Just overwrite it once.
Hint: if you could write outside the tracks, the vendors
would do it to increase their drive's capacity.

HTH,
-T

Yousuf Khan wrote:
Okay, let's say you got an external HDD formatted in FAT32, and you want
to make data unrecoverable on the drive. So let's say you don't want to
go through an hours long security wipe, overwriting all sectors on the
drive. Would simply reformatting the drive into an NTFS file system be
enough to make data unrecoverable for the vast majority of file and
partition recovery apps? I'm not talking NSA-level security, just
security against regular civilian recovery apps available for Windows.


Diskpart and Disk Management always list the disks in the same
order, but one of them starts at zero, the other starts at one.
Be careful. I keep a copy of Disk Management open while working
with diskpart in a Command Prompt window.

diskpart
list disk --- verify you're selecting the correct disk!!!
select disk n
clean all --- comes with no warning!!! It just does it.
exit

To verify you're "on the correct disk", you can

diskpart
list disk
select disk n
list partition
select partition 0
detail partition --- dumps some info about the partition, to the screen
Can help you verify you are "on target"
select partition 1 --- you can only select partitions which exist
detail partition
....

It takes about 7.4 hours to erase a modern 4TB drive. Scale accordingly.

*******

diskpart runs at disk speed

secure erase runs at disk speed

dd (Windows or Linux) runs 13MB/sec (no parameters), 39MB+/sec with 4096 or larger byte blocks
New drives like 4096, old drives like larger blocks

gddrescue (Linux) is adaptive, and runs at disk speed (-b8m)

If you're a Windows user, diskpart is your friend.

You can review performance using perfmon.msc and select the
Physical Disk counter. You'll need to set the graph scale
to 20000, to handle up to 200MB/sec disk drives. I use this
when crafting "dd" commands, to verify I've tuned them well.
On an OS like Windows 10, the Task Manager has all the disk
speed graph you need.

http://www.chrysocome.net/downloads/dd-0.6beta3.zip

I also use the "factor" program. There is a Windows port
(GNUWin32). It can factor the total size of a drive, and it helps
you pick block sizes for dd that divide evenly into the total
disk size. This prevents a few bytes at the end of the drive,
from not getting erased. The reason for being careful... is malware.
If you're convinced malware is capable of storing stuff outside
of any possible partitions, then erasure to the bitter end is
called for. For example, you could back up with Macrium,
erase to the bitter end, then restore, so a malware is robbed
of something it stored at the end. If there is a root kit
present, you'd probably want to switch OSes at that point.

diskpart is good enough - just be careful with it. That's true
of any erasure program.

Paul

On Tue, 20 Jun 2017 17:13:28 -0400, Yousuf Khan wrote:
Would simply reformatting the drive into an NTFS file system be
enough to make data unrecoverable for the vast majority of file and
partition recovery apps?

No. But there's a non-default option in the FORMAT command to
overwrite all free space on the drive. It can take a looooooooong
time, though.

--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://BrownMath.com/
http://OakRoadSystems.com/
Shikata ga nai...

On Tue, 20 Jun 2017 19:22:45 -0400, Paul wrote:
diskpart
list disk --- verify you're selecting the correct disk!!!
select disk n
clean all --- comes with no warning!!! It just does it.
exit

That's no faster than doing it with FORMAT, is it? I would think the
bottleneck would be getting the writes through the disk controller
and onto the disk, not compute power.


--
Stan Brown, Oak Road Systems, Tompkins County, New York, USA
http://BrownMath.com/
http://OakRoadSystems.com/
Shikata ga nai...

On 6/20/2017 2:13 PM, Yousuf Khan wrote:
Okay, let's say you got an external HDD formatted in FAT32, and you want
to make data unrecoverable on the drive. So let's say you don't want to
go through an hours long security wipe, overwriting all sectors on the
drive. Would simply reformatting the drive into an NTFS file system be
enough to make data unrecoverable for the vast majority of file and
partition recovery apps? I'm not talking NSA-level security, just
security against regular civilian recovery apps available for Windows.


Have you ever heard of the expression "quick and dirty"? In this case,
quick is indeed dirty in that you really do not get security via a quick
erase.

--
David E. Ross
http://www.rossde.com

Consider:
* Most state mandate that drivers have liability insurance.
* Employers are mandated to have worker's compensation insurance.
* If you live in a flood zone, flood insurance is mandatory.
* If your home has a mortgage, fire insurance is mandatory.

Why then is mandatory health insurance so bad??

Stan Brown wrote:
On Tue, 20 Jun 2017 19:22:45 -0400, Paul wrote:
diskpart
list disk --- verify you're selecting the correct disk!!!
select disk n
clean all --- comes with no warning!!! It just does it.
exit

That's no faster than doing it with FORMAT, is it? I would think the
bottleneck would be getting the writes through the disk controller
and onto the disk, not compute power.



The secret to using a disk, is not the compute power,
it's the tuning for max speed.

If you use "dd" with no arguments, it uses bs=512 and
the drive writes one sector at a time. Once the disk command
rate hits around 10000 commands a second, that's enough to
hit the interrupt limiter in the OS.

If the block size is made larger, you get a bit more bandwidth
from it.

The block size chosen, should ideally divide evenly into
the total disk size.

Now, what's interesting, is modern drives don't seem to like
a block size like 221184 bytes, but instead prefer 4096 or
8192 bytes. Older drives on the other hand, seem to hate 4096
and you don't get very good speed. You actually have to tweak
the command, for best results.

Some of the software (the kind that does not rigidly adhere
to the old design ideas), that software will do test writes and
"adapt" the transfer size, to get the best transfer rate.

I would have to do some ProcMon work, to determine whether
diskpart is using an adaptive technique. You can trace
rather large computer operations - I captured an entire Macrium
backup once, over a period of 20 minutes, and the ProcMon64 log
was 9GB large. So if you want to study how the more intelligent
methods work, you can. ReadFile and WriteFile are logged in
ProcMon. (Note that, with Windows, there is always some I/O
operation that escapes logging, so don't expect to find
everything you need. When that happens now, I no longer
act surprised.)

Paul

On 20/06/2017 22:13, Yousuf Khan wrote:
Okay, let's say

The best poor man's bum wipe is to get some free tissues from McDonalds
and use them. However, I suspect your Pakistani government may not
allow an American Corporation to operate in your country so your second
best option is to use any available grass in your fields. Most
Pakistanis are still living in caves and so they should also have some
grass growing in their back yard.




--
With over 500 million devices now running Windows 10, customer
satisfaction is higher than any previous version of windows.

On 6/20/2017 5:26 PM, KenW wrote:
Ccleaner can do that.

How? I've never seen that feature in Cclean!

On 6/20/2017 5:54 PM, T wrote:
No, reformatting won't remove your data from someone who
it reading it sector by sector. It only updates the file tables.

I realized that, that's why I said, "I'm not talking about NSA-level"
wipe. Just enough to prevent a partition undelete, and therefore a file
undelete.

If you want to dispose of it, whack it with a hammer.

No, definitely don't want to whack it with a hammer, want to reuse
afterwards. Future reuse will automatically take care of overwriting
previous data, of course, but I want previous data locations to be
unknown. Thinking a change in filesystem formats would scramble up the
locations of previous data, making it impossible to restore, except by
sector-by-sector analysis.

Yousuf Khan

On 6/20/2017 5:13 PM, Yousuf Khan wrote:
Okay, let's say you got an external HDD formatted in FAT32, and you want
to make data unrecoverable on the drive. So let's say you don't want to
go through an hours long security wipe, overwriting all sectors on the
drive. Would simply reformatting the drive into an NTFS file system be
enough to make data unrecoverable for the vast majority of file and
partition recovery apps? I'm not talking NSA-level security, just
security against regular civilian recovery apps available for Windows.


Look at Eraser: https://eraser.heidi.ie/

On 06/20/2017 05:47 PM, Yousuf Khan wrote:
On 6/20/2017 5:54 PM, T wrote:
No, reformatting won't remove your data from someone who
it reading it sector by sector. It only updates the file tables.

I realized that, that's why I said, "I'm not talking about NSA-level"
wipe. Just enough to prevent a partition undelete, and therefore a file
undelete.

If you want to dispose of it, whack it with a hammer.

No, definitely don't want to whack it with a hammer, want to reuse
afterwards. Future reuse will automatically take care of overwriting
previous data, of course, but I want previous data locations to be
unknown. Thinking a change in filesystem formats would scramble up the
locations of previous data, making it impossible to restore, except by
sector-by-sector analysis.

Yousuf Khan

Hi Yousuf,

Well, if yo use it enough, you will eventually overwrite everything,
but it will take a while.

I have had to use the dd method on some weird Windows formatted
disks before as they were not readable by the OS. This happens
to me a lot when a take a Frankenstein the Elder (w8) disk and
try to do an install of Windows 7 on it. dd it is! Some
Apple formats do this too.

There are some Windows utilities out there that will scramble
all the empty space on your disk. I have one, but I forgot
what it is called. I can look it up for you if you wish.

-T

Yousuf Khan on Tue, 20 Jun 2017 17:13:28
-0400 typed in alt.windows7.general the following:
Okay, let's say you got an external HDD formatted in FAT32, and you want
to make data unrecoverable on the drive. So let's say you don't want to
go through an hours long security wipe, overwriting all sectors on the
drive. Would simply reformatting the drive into an NTFS file system be
enough to make data unrecoverable for the vast majority of file and
partition recovery apps? I'm not talking NSA-level security, just
security against regular civilian recovery apps available for Windows.

Quick and dirty, delete all files you do not want to be restored.
Then download music, movies, install a game or two (like Civilization
or other disc-hog" games).. Play games and make multiple saves.
Then copy those files into another directory. Repeat until drive is
full. Everythign has been overwritten.
Delete the root directory - overwriting just it.

No, it is not "fast" - but it is cheap and reasonably effective.

IF you really do not want to have anyone access the data, ever -
bake over a charcoal fire.
--
pyotr filipivich
Next month's Panel: Graft - Boon or blessing?

Yousuf Khan wrote:

Okay, let's say you got an external HDD formatted in FAT32, and you want
to make data unrecoverable on the drive. So let's say you don't want to
go through an hours long security wipe, overwriting all sectors on the
drive.

A security wipe (1 pass random data) is probably faster than a format.
Since this is an "external HDD", the unidentified hardware interface may
be slower than hooking the HDD to an internal SATA port.

Would simply reformatting the drive into an NTFS file system be
enough to make data unrecoverable for the vast majority of file and
partition recovery apps?

No. Formatting does NOT touch the data in the previously allocated
clusters. All that data is still there after a format. Formatting lays
down a new file system, not destroy what was in the old file system.
That's why there are tools that make data recovery possible whether you
deleted the file, formatted the partition, or repartitioned the drive.

I'm not talking NSA-level security, just
security against regular civilian recovery apps available for Windows.

The Gutmann (35 pass) was only intended against ancient MFM technology
of HDDs. 1 pass of pseudo-random data is sufficient. Do 2 passes if
you want. Beyond that and you're just wasting time and energy.

https://en.wikipedia.org/wiki/Gutmann_method#Criticism

http://docs.bleachbit.org/doc/shred-...ipe-disks.html
Myths and Legends

1 pass is sufficient. I really doubt you have anything the NSA is
interested in. You don't need more than 2 passes of pseudo random
patterns to wipe a drive to make it impossible for a lab to perform
forensics recovery.

There are LOTS of free drive wipe tools. I've use Heidi's Eraser (but
disabled its startup program since I wipe on demand and don't want
prompts or auto-cleaning) where I just did 2 passes. I'm now using the
secure delete already included in Peazip (zip tool) that uses random
data and configured for 2 passes.

The FBI, CIA, and NSA don't go dumpster diving to see what they happen
to find in the landfill. They target someone's computer. They'll get
at your data from your computer (overtly through confiscation or
covertly through infection, dongles, and other means), not from your
trash. Similarly, they don't dumpster dive to get at your bank
statement.

If you're not interested in reusing the HDD or giving it to someone else
then don some safety glasses, drill out the retaining screws, drill
through the platters, and if you're really insecure then use a torch
(oxy+propane or oxy+acetylene) on the remaining platters. Then
optionally enjoy some therapeutic fun with a sledge.