Erasing your data before dumping your drive

[Clocker]

I read an interesting article in PC World while waiting for a flight at the airport.

If you are using Windows 2000/XP/Vista they recommended you encrypt the contents of your drive folders (except for the Windows and some other directories) using Windows Explorer before formatting and the selling the drive (or trashing it or whatever). That way, if someone revives your data using some unformat programs or whatever, the data will still be encrypted. Seems like a quick and easy way to make the data almost impossible to get if you are using Windows & NTFS. At least it's faster that some of those other data shredding programs that seem to take hours to complete. But, how secure is the encryption?

Thoughts?

 

[Handruin]

It sounds like a good idea, but it would only be as strong as the password given in windows. If they restore the entire system, what stops them from booting windows and getting at the data that way?

 

[ddrueding]

I just take a hammer to it before I throw it away; or give it to a friend who won't try and get the data.

 

[LunarMist]

That does nix for the empty space. There are plenty of simple drive cleaners that are enough to prevent recovery by other than sophisticated forensic means and they should be complete overnight. In the latter case physical destuction of the drive is safest. But what terrible things are on your drive that anyone would bother to spend thousands or hundreds of thousands of dollars to recover?

 

[sechs]

How is this more secure or faster than writing series of 0s and 1s to the disk?

 

[Clocker]

How is this more secure or faster than writing series of 0s and 1s to the disk?

It would be faster because you don't have to wait hours for the process to complete. I never said it was more secure.

 

[Tannin]

Simple method: format the drive (quick format if you like) then fill it up with data: 10,000 copies of your desktop wallpaper, anything, just so long as you fill the drive up with useless data. Once a given sector is overwritten, no normal person can recover anything, not even an uber-geek. You might be able to take it to a mega-tech place where they might be able to read stuff off it using equipment that only NASA and the FBI can afford, but don't count on it.

BTW, since when did anybody here get rid of a hard drive? I just fill them up and then buy more of them. I always have room for an extra backup of my data.

 

[sechs]

It would be faster because you don't have to wait hours for the process to complete. I never said it was more secure.

So, it's not more secure.

What kind of drives do you have this it takes hours to securely erase them?

 

[Sol]

Isn't there a secure erase system suposedly built into the ata standard? I remember reading about it in conjunction with the hard drive password protect feature. The idea being that you can irevocably set a flag in the drive and it will refuse to function at all until it has been given and completed the ERRASE UNIT command.
I believe the purpose was to allow the recovery of password protected drives (i.e you don't have the password but if you let the drive errase itself totally then you can use it anyway).
You still need the master drive password to do it though so it's of limited use for getting old ebayed drives running.

Anyway the ERRASE UNIT command is supposed to be the fastest way to securely toast your data because it's built into the drive and can overwrite everything in the most efficient manner for that drive. Also if your really lazy you could just lock the drive in it's highest security mode and give it the ERASE PREPARE command then sell it with the master password. If I understand the process right it would be impossible to get at the data without taking the drive apart (or maybe guessing the user password but that supposedly takes weeks unless the password is absolute rubbish) since even the master password will only give you the power to securely errase everything.

Of course you need some sort of utility to give the drive these commands but once you do as long as you leave it plugged in to the power it will quietly (or loudly as the case may be) errase itself... Or that's the theory anyway...

 

[Clocker]

So, it's not more secure.

What kind of drives do you have this it takes hours to securely erase them?

http://www.cipherserver.com/phpbb2/viewtopic.php?t=280

Looks like 5 hours for a 80-100GB disk is pretty standard.

Encrypting and then formating is more secure than just formating. Adds another layer of protection. Worth it for the few seconds it would take if you don't want to wait for DoD-grade wiping.

Ignore Post Re-Activated!

I think Sol has the right idea.

 

[mubs]

For the paranoid (me), I think encrypting + secure wiping is a good idea. For me the time taken to secure erase is no big deal; just let it run overnight.

 

[Handruin]

Yeah, but as I mentioned before, even if you encrypt, what stops someone from restoring everything and booting into windows? Then they have access to all your data.

 

[mubs]

For the paranoid (me), I think encrypting + secure wiping is a good idea.

Assuming your post was in response to mine, Handruin. BTW, It won't let me post just the quote; says message too short, enter at least one character. That's new for me.

 

[Handruin]

Yes, sorry about that. My comment was more specific to Clocker, but you are right. If you encrypt and secure wipe (man thought sounds weird), it would be better. But I'd argue there is no point in encrypting because if someone got around the secure wipe...they could boot the machine and get at your data, no?


=======
You're right, the forum sees it as an empty post if you only quote without text. Just put a "." if you need to do it next time, and I'll go look and see if there is a way around that for the future.

 

[P5-133XL]

If you encrypt and secure wipe (man thought sounds weird), it would be better. But I'd argue there is no point in encrypting because if someone got around the secure wipe...they could boot the machine and get at your data, no?

Lets face it, if someone has the knowledge and capability of bypassing a secure wipe, then the odds are, they also have the knowledge and capability to get through encryption too.

But really, a secure wipe is almost always good enough. In situations that they are not, why are you being foolish by allowing the drive out of your possession: Just physically destroy it.

The real purpose of encryption is to protect the data when the drive has been lost, stolen, or otherwise prying eyes rather than getting an extra lay of protection when you sell the drive. For unplanned events like this, just don't keep your certificates/keys on the encrypted drive but on something removable like a thumb drive or a floppy. Very important: Don't forget to remove the keys/certificates when you are not actually using the computer. That way, unless they are really determined, the data is basicly worthless to whomever gets ahold of it.

 

[mubs]

I've never used encryption on Windows systems, but everything I've read about it says that if you don't know the pw, it's next to impossible to get the data back. Merc has posted a bit in the past on NTFS encryption.

AFAIK, using a DoD grade eraser that goes physically (ignoring the file system format) from the beginning to end of the drive should itself be quite secure, with only NSA type people being able retrieve some data off the faint ghostly residual energy of the data.

If both encryption and secure wipe are done, I think you should be good. As somebody said, you and I (and folks here) should have nothing to worry about.

Re. the single character in the post issue, thanks, but it's so trivial, don't bother. There's a bazillion ways to spend your time more usefully.

 

[ddrueding]

Does the drive contain sensitive data?

Yes: Open drive, physically break platters and discard pieces into different waste bins after burning.

No: Sell on E-bay and forget about it.

 

[mubs]

Many years ago, I did dismantle one drive for the heck of it - an 80MB Conner 3.5". It was really hard to get the screws off. And there is an uber powerful magnet inside that will pinch real bad. Be warned it ain't an easy task.

 

[Sol]

If your going to open the drive, and you don't need it to be a) functional or b) photogenic afterwards then a screwdriver just doesn't seem like the right tool... I'd suggest a power drill, angle grinder or oxy' torch... A plasma torch, laser cutter or large calibre firearm would be even better if you have access to one.
Dropping the platters into caustic soda and seeing how much of the magnetic material you can etch off could be fun too, with the added bonus that the still intact totally unrecoverable platters should then be usable as pot holders or to chock up table legs etc...

 

[sechs]

http://www.cipherserver.com/phpbb2/viewtopic.php?t=280

Looks like 5 hours for a 80-100GB disk is pretty standard.

I guess if you're running stuff that pokey, it shouldn't be surprising when anything takes hours.

 

[Splash]

AFAIK, using a DoD grade eraser that goes physically (ignoring the file system format) from the beginning to end of the drive should itself be quite secure...

"Darik's BOOT AND NUKE" (a.k.a. -- DBaN, now at version 1.07) will do all of that -- for FREE. You can select from various methods of data sanitising, such as the DOD 3-pass or DOD 7-pass. Every sector is overwritten.

Just download the ISO from SourceForge, burn the ISO image to a CD-R, and you'll have a bootable CD-R with DBaN. The bootable CD-R loads an X86 Linux mini-root and the application. Works beautifully with ATA and SCSI hard drives.


http://sourceforge.net/project/showfiles.php?group_id=61951

 

[mubs]

Yes, Splash, that's the tool I've used in the past. His FAQ's quite funny too.

 

[Adcadet]

"Darik's BOOT AND NUKE" (a.k.a. -- DBaN, now at version 1.07) will do all of that -- for FREE. You can select from various methods of data sanitising, such as the DOD 3-pass or DOD 7-pass. Every sector is overwritten.

Just download the ISO from SourceForge, burn the ISO image to a CD-R, and you'll have a bootable CD-R with DBaN. The bootable CD-R loads an X86 Linux mini-root and the application. Works beautifully with ATA and SCSI hard drives.


http://sourceforge.net/project/showfiles.php?group_id=61951

Nice program! And now with SATA support, too.

Q: Does DBAN have SATA support?

A: Yes, the current release has full SATA support.

If DBAN does not detect a SATA controller running in native mode, then run the controller setup program and enable the "legacy PATA support" option. (ie: "Push <F2> to enter setup" when the computer starts.)

SATA drivers for new computers will be added to DBAN as they are published for Linux. Drivers for Microsoft Windows are incompatible with DBAN and cannot be added to DBAN.