If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Rate Thread | Display Modes |
#1
|
|||
|
|||
Quick question: poor man's disk wipe?
Okay, let's say you got an external HDD formatted in FAT32, and you want
to make data unrecoverable on the drive. So let's say you don't want to go through an hours long security wipe, overwriting all sectors on the drive. Would simply reformatting the drive into an NTFS file system be enough to make data unrecoverable for the vast majority of file and partition recovery apps? I'm not talking NSA-level security, just security against regular civilian recovery apps available for Windows. -- Sent from Giganews on Thunderbird on my Toshiba laptop |
Ads |
#2
|
|||
|
|||
Quick question: poor man's disk wipe?
On Tue, 20 Jun 2017 17:13:28 -0400, Yousuf Khan wrote:
Okay, let's say you got an external HDD formatted in FAT32, and you want to make data unrecoverable on the drive. So let's say you don't want to go through an hours long security wipe, overwriting all sectors on the drive. Would simply reformatting the drive into an NTFS file system be enough to make data unrecoverable for the vast majority of file and partition recovery apps? I'm not talking NSA-level security, just security against regular civilian recovery apps available for Windows. No. -- Wildman GNU/Linux user #557453 The cow died so I don't need your bull! |
#3
|
|||
|
|||
Quick question: poor man's disk wipe?
On 06/20/2017 02:13 PM, Yousuf Khan wrote:
Okay, let's say you got an external HDD formatted in FAT32, and you want to make data unrecoverable on the drive. So let's say you don't want to go through an hours long security wipe, overwriting all sectors on the drive. Would simply reformatting the drive into an NTFS file system be enough to make data unrecoverable for the vast majority of file and partition recovery apps? I'm not talking NSA-level security, just security against regular civilian recovery apps available for Windows. Hi Yousuf, No, reformatting won't remove your data from someone who it reading it sector by sector. It only updates the file tables. If you want to dispose of it, whack it with a hammer. For the fastest full overwrite, boot into a Linux Live disk and use "dd" with "if=/dev/zero" as your source. Linux has all the cool tools. And don't take too much heed in those myths about overwriting several times. It is an urban myth. Doesn't make a bit of difference. Just overwrite it once. Hint: if you could write outside the tracks, the vendors would do it to increase their drive's capacity. HTH, -T |
#4
|
|||
|
|||
Quick question: poor man's disk wipe?
Yousuf Khan wrote:
Okay, let's say you got an external HDD formatted in FAT32, and you want to make data unrecoverable on the drive. So let's say you don't want to go through an hours long security wipe, overwriting all sectors on the drive. Would simply reformatting the drive into an NTFS file system be enough to make data unrecoverable for the vast majority of file and partition recovery apps? I'm not talking NSA-level security, just security against regular civilian recovery apps available for Windows. Diskpart and Disk Management always list the disks in the same order, but one of them starts at zero, the other starts at one. Be careful. I keep a copy of Disk Management open while working with diskpart in a Command Prompt window. diskpart list disk --- verify you're selecting the correct disk!!! select disk n clean all --- comes with no warning!!! It just does it. exit To verify you're "on the correct disk", you can diskpart list disk select disk n list partition select partition 0 detail partition --- dumps some info about the partition, to the screen Can help you verify you are "on target" select partition 1 --- you can only select partitions which exist detail partition .... It takes about 7.4 hours to erase a modern 4TB drive. Scale accordingly. ******* diskpart runs at disk speed secure erase runs at disk speed dd (Windows or Linux) runs 13MB/sec (no parameters), 39MB+/sec with 4096 or larger byte blocks New drives like 4096, old drives like larger blocks gddrescue (Linux) is adaptive, and runs at disk speed (-b8m) If you're a Windows user, diskpart is your friend. You can review performance using perfmon.msc and select the Physical Disk counter. You'll need to set the graph scale to 20000, to handle up to 200MB/sec disk drives. I use this when crafting "dd" commands, to verify I've tuned them well. On an OS like Windows 10, the Task Manager has all the disk speed graph you need. http://www.chrysocome.net/downloads/dd-0.6beta3.zip I also use the "factor" program. There is a Windows port (GNUWin32). It can factor the total size of a drive, and it helps you pick block sizes for dd that divide evenly into the total disk size. This prevents a few bytes at the end of the drive, from not getting erased. The reason for being careful... is malware. If you're convinced malware is capable of storing stuff outside of any possible partitions, then erasure to the bitter end is called for. For example, you could back up with Macrium, erase to the bitter end, then restore, so a malware is robbed of something it stored at the end. If there is a root kit present, you'd probably want to switch OSes at that point. diskpart is good enough - just be careful with it. That's true of any erasure program. Paul |
#5
|
|||
|
|||
Quick question: poor man's disk wipe?
On Tue, 20 Jun 2017 17:13:28 -0400, Yousuf Khan wrote:
Would simply reformatting the drive into an NTFS file system be enough to make data unrecoverable for the vast majority of file and partition recovery apps? No. But there's a non-default option in the FORMAT command to overwrite all free space on the drive. It can take a looooooooong time, though. -- Stan Brown, Oak Road Systems, Tompkins County, New York, USA http://BrownMath.com/ http://OakRoadSystems.com/ Shikata ga nai... |
#6
|
|||
|
|||
Quick question: poor man's disk wipe?
On Tue, 20 Jun 2017 19:22:45 -0400, Paul wrote:
diskpart list disk --- verify you're selecting the correct disk!!! select disk n clean all --- comes with no warning!!! It just does it. exit That's no faster than doing it with FORMAT, is it? I would think the bottleneck would be getting the writes through the disk controller and onto the disk, not compute power. -- Stan Brown, Oak Road Systems, Tompkins County, New York, USA http://BrownMath.com/ http://OakRoadSystems.com/ Shikata ga nai... |
#7
|
|||
|
|||
Quick question: poor man's disk wipe?
On 6/20/2017 2:13 PM, Yousuf Khan wrote:
Okay, let's say you got an external HDD formatted in FAT32, and you want to make data unrecoverable on the drive. So let's say you don't want to go through an hours long security wipe, overwriting all sectors on the drive. Would simply reformatting the drive into an NTFS file system be enough to make data unrecoverable for the vast majority of file and partition recovery apps? I'm not talking NSA-level security, just security against regular civilian recovery apps available for Windows. Have you ever heard of the expression "quick and dirty"? In this case, quick is indeed dirty in that you really do not get security via a quick erase. -- David E. Ross http://www.rossde.com Consider: * Most state mandate that drivers have liability insurance. * Employers are mandated to have worker's compensation insurance. * If you live in a flood zone, flood insurance is mandatory. * If your home has a mortgage, fire insurance is mandatory. Why then is mandatory health insurance so bad?? |
#8
|
|||
|
|||
Quick question: poor man's disk wipe?
Stan Brown wrote:
On Tue, 20 Jun 2017 19:22:45 -0400, Paul wrote: diskpart list disk --- verify you're selecting the correct disk!!! select disk n clean all --- comes with no warning!!! It just does it. exit That's no faster than doing it with FORMAT, is it? I would think the bottleneck would be getting the writes through the disk controller and onto the disk, not compute power. The secret to using a disk, is not the compute power, it's the tuning for max speed. If you use "dd" with no arguments, it uses bs=512 and the drive writes one sector at a time. Once the disk command rate hits around 10000 commands a second, that's enough to hit the interrupt limiter in the OS. If the block size is made larger, you get a bit more bandwidth from it. The block size chosen, should ideally divide evenly into the total disk size. Now, what's interesting, is modern drives don't seem to like a block size like 221184 bytes, but instead prefer 4096 or 8192 bytes. Older drives on the other hand, seem to hate 4096 and you don't get very good speed. You actually have to tweak the command, for best results. Some of the software (the kind that does not rigidly adhere to the old design ideas), that software will do test writes and "adapt" the transfer size, to get the best transfer rate. I would have to do some ProcMon work, to determine whether diskpart is using an adaptive technique. You can trace rather large computer operations - I captured an entire Macrium backup once, over a period of 20 minutes, and the ProcMon64 log was 9GB large. So if you want to study how the more intelligent methods work, you can. ReadFile and WriteFile are logged in ProcMon. (Note that, with Windows, there is always some I/O operation that escapes logging, so don't expect to find everything you need. When that happens now, I no longer act surprised.) Paul |
#9
|
|||
|
|||
Quick question: poor man's disk wipe?
On 20/06/2017 22:13, Yousuf Khan wrote:
Okay, let's say The best poor man's bum wipe is to get some free tissues from McDonalds and use them. However, I suspect your Pakistani government may not allow an American Corporation to operate in your country so your second best option is to use any available grass in your fields. Most Pakistanis are still living in caves and so they should also have some grass growing in their back yard. -- With over 500 million devices now running Windows 10, customer satisfaction is higher than any previous version of windows. |
#10
|
|||
|
|||
Quick question: poor man's disk wipe?
On 6/20/2017 5:26 PM, KenW wrote:
Ccleaner can do that. How? I've never seen that feature in Cclean! |
#11
|
|||
|
|||
Quick question: poor man's disk wipe?
On 6/20/2017 5:54 PM, T wrote:
No, reformatting won't remove your data from someone who it reading it sector by sector. It only updates the file tables. I realized that, that's why I said, "I'm not talking about NSA-level" wipe. Just enough to prevent a partition undelete, and therefore a file undelete. If you want to dispose of it, whack it with a hammer. No, definitely don't want to whack it with a hammer, want to reuse afterwards. Future reuse will automatically take care of overwriting previous data, of course, but I want previous data locations to be unknown. Thinking a change in filesystem formats would scramble up the locations of previous data, making it impossible to restore, except by sector-by-sector analysis. Yousuf Khan |
#12
|
|||
|
|||
Quick question: poor man's disk wipe?
On 6/20/2017 5:13 PM, Yousuf Khan wrote:
Okay, let's say you got an external HDD formatted in FAT32, and you want to make data unrecoverable on the drive. So let's say you don't want to go through an hours long security wipe, overwriting all sectors on the drive. Would simply reformatting the drive into an NTFS file system be enough to make data unrecoverable for the vast majority of file and partition recovery apps? I'm not talking NSA-level security, just security against regular civilian recovery apps available for Windows. Look at Eraser: https://eraser.heidi.ie/ |
#13
|
|||
|
|||
Quick question: poor man's disk wipe?
On 06/20/2017 05:47 PM, Yousuf Khan wrote:
On 6/20/2017 5:54 PM, T wrote: No, reformatting won't remove your data from someone who it reading it sector by sector. It only updates the file tables. I realized that, that's why I said, "I'm not talking about NSA-level" wipe. Just enough to prevent a partition undelete, and therefore a file undelete. If you want to dispose of it, whack it with a hammer. No, definitely don't want to whack it with a hammer, want to reuse afterwards. Future reuse will automatically take care of overwriting previous data, of course, but I want previous data locations to be unknown. Thinking a change in filesystem formats would scramble up the locations of previous data, making it impossible to restore, except by sector-by-sector analysis. Yousuf Khan Hi Yousuf, Well, if yo use it enough, you will eventually overwrite everything, but it will take a while. I have had to use the dd method on some weird Windows formatted disks before as they were not readable by the OS. This happens to me a lot when a take a Frankenstein the Elder (w8) disk and try to do an install of Windows 7 on it. dd it is! Some Apple formats do this too. There are some Windows utilities out there that will scramble all the empty space on your disk. I have one, but I forgot what it is called. I can look it up for you if you wish. -T |
#14
|
|||
|
|||
Quick question: poor man's disk wipe?
Yousuf Khan on Tue, 20 Jun 2017 17:13:28
-0400 typed in alt.windows7.general the following: Okay, let's say you got an external HDD formatted in FAT32, and you want to make data unrecoverable on the drive. So let's say you don't want to go through an hours long security wipe, overwriting all sectors on the drive. Would simply reformatting the drive into an NTFS file system be enough to make data unrecoverable for the vast majority of file and partition recovery apps? I'm not talking NSA-level security, just security against regular civilian recovery apps available for Windows. Quick and dirty, delete all files you do not want to be restored. Then download music, movies, install a game or two (like Civilization or other disc-hog" games).. Play games and make multiple saves. Then copy those files into another directory. Repeat until drive is full. Everythign has been overwritten. Delete the root directory - overwriting just it. No, it is not "fast" - but it is cheap and reasonably effective. IF you really do not want to have anyone access the data, ever - bake over a charcoal fire. -- pyotr filipivich Next month's Panel: Graft - Boon or blessing? |
#15
|
|||
|
|||
Quick question: poor man's disk wipe?
Yousuf Khan wrote:
Okay, let's say you got an external HDD formatted in FAT32, and you want to make data unrecoverable on the drive. So let's say you don't want to go through an hours long security wipe, overwriting all sectors on the drive. A security wipe (1 pass random data) is probably faster than a format. Since this is an "external HDD", the unidentified hardware interface may be slower than hooking the HDD to an internal SATA port. Would simply reformatting the drive into an NTFS file system be enough to make data unrecoverable for the vast majority of file and partition recovery apps? No. Formatting does NOT touch the data in the previously allocated clusters. All that data is still there after a format. Formatting lays down a new file system, not destroy what was in the old file system. That's why there are tools that make data recovery possible whether you deleted the file, formatted the partition, or repartitioned the drive. I'm not talking NSA-level security, just security against regular civilian recovery apps available for Windows. The Gutmann (35 pass) was only intended against ancient MFM technology of HDDs. 1 pass of pseudo-random data is sufficient. Do 2 passes if you want. Beyond that and you're just wasting time and energy. https://en.wikipedia.org/wiki/Gutmann_method#Criticism http://docs.bleachbit.org/doc/shred-...ipe-disks.html Myths and Legends 1 pass is sufficient. I really doubt you have anything the NSA is interested in. You don't need more than 2 passes of pseudo random patterns to wipe a drive to make it impossible for a lab to perform forensics recovery. There are LOTS of free drive wipe tools. I've use Heidi's Eraser (but disabled its startup program since I wipe on demand and don't want prompts or auto-cleaning) where I just did 2 passes. I'm now using the secure delete already included in Peazip (zip tool) that uses random data and configured for 2 passes. The FBI, CIA, and NSA don't go dumpster diving to see what they happen to find in the landfill. They target someone's computer. They'll get at your data from your computer (overtly through confiscation or covertly through infection, dongles, and other means), not from your trash. Similarly, they don't dumpster dive to get at your bank statement. If you're not interested in reusing the HDD or giving it to someone else then don some safety glasses, drill out the retaining screws, drill through the platters, and if you're really insecure then use a torch (oxy+propane or oxy+acetylene) on the remaining platters. Then optionally enjoy some therapeutic fun with a sledge. |
Thread Tools | |
Display Modes | Rate This Thread |
|
|