Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




1304 posts

Uber Geek


#153817 8-Oct-2014 20:19
Send private message

Hi all,
My PC is going to a new home, complete with it's two HD's and two SSD's. Normally, I would destroy disks to ensure my data was unreadable but this time they are remaining intact and will go to the new owner (family member) as a fully working machine, Windows 7 installed. He will be taking it to Aussie and will potentially need to grant access at the border.
Sooo... I need to remove all my data and santise the disks. I've recovered data from formatted disks myself so am aware that deleting, overwriting, and reformatting before reinstalling Windows is not enough to ensure my data has completely gone. Never having done this before, I need some advice on how to remove all traces of me from these drives. I contemplated destroying the drives and replacing with new but this is money I can't afford (and it seems a waste when the drives are relatively newish). Any tips on how to santise please?

Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
734 posts

Ultimate Geek

Subscriber

614 posts

Ultimate Geek

Trusted
Lifetime subscriber

  #1150235 8-Oct-2014 20:24
Send private message

You can give dban (www.dban.org) a try.

If you are not afraid of Linux, try secure erase for ATA (https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase).

 
 
 
 


5699 posts

Uber Geek

Trusted
Lifetime subscriber

  #1150238 8-Oct-2014 20:31
Send private message




Chorus has spent $1.4 billion on making their xDSL broadband network faster and even more now as they are upgrading their rural Conklins. If your still stuck on ADSL or VDSL, why not spend $195 on a master filter install to make sure you are getting the most out of your connection?
I install - Naked DSL, DSL Master Splitters, VoIP, data cabling and general computer support for home and small business.

 

Cel-Fi supply and installer - boost your mobile phone coverage legally
Rural Broadband RBI installer for Ultimate Broadband and Full Flavour

 

Need help in Auckland, Waikato or BoP? Click my email button, or email me direct: [my user name] at geekzonemail dot com


5361 posts

Uber Geek

Trusted
Microsoft

  #1150286 8-Oct-2014 21:22
Send private message

Grant access at the border??

6434 posts

Uber Geek


  #1150288 8-Oct-2014 21:28
Send private message

Nuke the disk from orbit.


....it's the only way to be sure

509 posts

Ultimate Geek

Lifetime subscriber

  #1150324 8-Oct-2014 22:49
Send private message

Wow – what was on them that you are so paranoid about - and that you would not want border authorities to see?





1892 posts

Uber Geek


  #1150347 9-Oct-2014 01:53
Send private message

stocksp: Wow – what was on them that you are so paranoid about - and that you would not want border authorities to see?


Why does this even matter?  This question seems to pop up every time someone asks about securing a hard drive.  It's a legitimate practice and more people should learn how.  There are also lots of reasons.  I wouldn't want some random customs specialist imaging my drive on his lunch break so he could rummage through my business outlines and intellectual property.  Potentially stealing assets that took hundreds of hours to develop.  Or even looking at pictures of my family and friends.  Gaining access to stored passwords and other information that could compromise any of my online accounts like email, dropbox, forums...etc...

...To be honest.  This is the first I've heard of "granting access" at the boarder.  The very idea of some busy customs officer wanting to waste their time setting up my computer or removing my drive for analysis just seems stupid.

Which begs the question....If I "granted access" and files were encrypted, or even a thumb drive or CD...What if there were encrypted files on that?  Would the media be destroyed or held for further analysis?

--

In terms of securely erasing data off of metal media.  There are various tools that will scrub the drive with a series of 1's and 0's to counter the ghosting phenomenon and ensure all data is over-written.  However, this still isn't a guarantee, which is why the best policy is still destruction.

One tool I once used was a diagnostic application called TuffTest.  It had a media test function which read and wrote to the drive aggressively until you decided to stop it.  I've never been able to recover anything after a media test.

If the data on the drive is worth 10's or 100's of thousands of dollars and security is a major concern, $200.00 for a new drive and keeping the older one does not seem like much of an expense anymore.





Sometimes what you don't get is a blessing in disguise!

 
 
 
 




1304 posts

Uber Geek


  #1150354 9-Oct-2014 02:33
Send private message

stocksp: Wow – what was on them that you are so paranoid about - and that you would not want border authorities to see?

 

It's not paranoia, just common sense. I will no longer be using the drives so my data will be elsewhere. Once they have left my control I don't want ANYONE being able to see, or copy, business files, passwords, confidential client files, or anything of personal or professional nature. Some files relating to business activities would disclose information entrusted to me by clients and I doubt they would want commercially-sensitive information viewed by anyone either, so I have a duty of care to them. 



1304 posts

Uber Geek


  #1150355 9-Oct-2014 02:47
Send private message

DravidDavid: 
...To be honest.  This is the first I've heard of "granting access" at the boarder.  The very idea of some busy customs officer wanting to waste their time setting up my computer or removing my drive for analysis just seems stupid.

Which begs the question....If I "granted access" and files were encrypted, or even a thumb drive or CD...What if there were encrypted files on that?  Would the media be destroyed or held for further analysis?


It's standard practise at borders now to have to power on devices to prove they are genuine devices. Any border control officer pretty much anywhere can "request" access to any electronic device to check what is on it. I had an Australian customs officer go through my Kindle two years ago in a random check. I don't know what for because he wouldn't tell me. At the Canadian border in June I saw someone have his laptop taken away. He was given paperwork and told he would get it back in 4-6 weeks. Why, I don't know, but checks are happening and I've never seen that before.

I'm not so concerned about border checks but I don't know who may end up looking at these drives once I no longer own them. If the guy whose taking it ever needs to get it serviced, or needs data recovery, I want to make sure nothing of mine hangs around. He wants it as it is, with all four drives. Due to the cost factor, I don't want to destroy these drives only to have to then pay out for four more. 

I will take the advice given here and do everything I can to make my data unrecoverable. Signatures will still get left behind but I doubt that anyone will ever be doing any serious forensics on them. 

5361 posts

Uber Geek

Trusted
Microsoft

  #1150357 9-Oct-2014 03:14
Send private message

Elpie:
stocksp: Wow – what was on them that you are so paranoid about - and that you would not want border authorities to see?

It's not paranoia, just common sense. I will no longer be using the drives so my data will be elsewhere. Once they have left my control I don't want ANYONE being able to see, or copy, business files, passwords, confidential client files, or anything of personal or professional nature. Some files relating to business activities would disclose information entrusted to me by clients and I doubt they would want commercially-sensitive information viewed by anyone either, so I have a duty of care to them. 


you should really be running local encryption on the drives then, what if someone broke into the house and stole your desktop

BitLocker built into Windows makes this simple.

When you pass on the drives, you can just yank out your protector key and the data is unobtanium

3372 posts

Uber Geek

Subscriber

  #1150383 9-Oct-2014 06:20
Send private message

Elpie: I will take the advice given here and do everything I can to make my data unrecoverable. Signatures will still get left behind but I doubt that anyone will ever be doing any serious forensics on them. 


I believe the idea that overwritten data even if only once can be recovered is urban myth. The much easier task of recovering the erased sections of audio "Watergate" tape from Nixon's office hasn't been done yet. If a drive marked sectors as damaged and replaced them from the pool of spares they wouldn't be available for overwriting but if there were enough to contain contiguous data the drive is failing. That is probably the real issue "what do you do with a faulty drive that you can't write to?"

83 posts

Master Geek


  #1150423 9-Oct-2014 08:46
Send private message

+1 for dban

Used to use it when we were repurposing machines for sale.

7 times overwrite/wipe is usually good enough.

If people have enough money, they can probably get most of the data back after 7 overwrites (of random data), but it gets VERY expensive for them.

1892 posts

Uber Geek


  #1150538 9-Oct-2014 10:57
Send private message

Bung: I believe the idea that overwritten data even if only once can be recovered is urban myth. The much easier task of recovering the erased sections of audio "Watergate" tape from Nixon's office hasn't been done yet. If a drive marked sectors as damaged and replaced them from the pool of spares they wouldn't be available for overwriting but if there were enough to contain contiguous data the drive is failing.


It is very hard, very expensive and not always possible, but it is possible to retrieve some data after it has been over-written.  When people are recovering data after over-writing they are not plugging it in to a regular computer to run CCleaner,  They are reading the exposed disk directly with an electronic oscilloscope to pick up 1's and 0's to put them together.  As mentioned earlier.  When a disk over-writes information it never writes it in the same place and leaves behind some sort of ghost of the old data.  This can be countered with multiple passes of writing data, which I highly recommend.  But you can never be 100% sure.

I believe it has been made easier with SSDs simply due to the way the SSDs allocate data and the way it shifts around.  You can never really truly delete something.  There is always a fragment left somewhere which may lead to another somewhere else.  Someone correct me if I'm wrong, I did read that years ago, it may be different now.

Bung:
That is probably the real issue "what do you do with a faulty drive that you can't write to?"


Destroy it physically.  There are crushing devices specifically designed to cripple hard drives to the extent that they cannot be recovered.  I believe it sends a pin through the case splitting the disks, case, and circuit board on the bottom pretty much destroying the internals and flattening the drive.

TL;DR: A single or double random data write pass on a drive will stop a 12 year old plugging your drive in and recovering anything usable by a regular windows computer.  But if a data recovery specialist had the correct equipment, I wouldn't be so sure there would be nothing left behind.

Better safe than sorry I say.  I ran over-writes on drives for 24/48 hours depending on the size of the drive.  Usually managed 5 to 8 passes in that time frame with the software I used.





Sometimes what you don't get is a blessing in disguise!

3372 posts

Uber Geek

Subscriber

  #1150561 9-Oct-2014 11:18
Send private message

"

 

Current Research

 

Fortunately, several security researchers presented a paper [WRIG08] at the Fourth International Conference on Information Systems Security (ICISS 2008) that declares the “great wiping controversy” about how many passes of overwriting with various data values to be settled: their research demonstrates that a single overwrite using an arbitrary data value will render the original data irretrievable even if MFM and STM techniques are employed.

 

The researchers found that the probability of recovering a single bit from a previously used HDD was only slightly better than a coin toss, and that the probability of recovering more bits decreases exponentially so that it quickly becomes close to zero.

 

Therefore, a single pass overwrite with any arbitrary value (randomly chosen or not) is sufficient to render the original HDD data effectively irretrievable."  http://www.infosecisland.com/blogview/16130-The-Urban-Legend-of-Multipass-Hard-Disk-Overwrite.html

Just in case that research is a smokescreen spread by the NSA to hide their true capabilities I think anyone with the resources to recover overwritten data from a modern high density drive would just arrange for Elpie's new computer to be stolen or give her a room on Cuba and ask her to retype it all.




1892 posts

Uber Geek


  #1150594 9-Oct-2014 12:03
Send private message

Bung: " Current Research Fortunately, several security researchers presented a paper [WRIG08] at the Fourth International Conference on Information Systems Security (ICISS 2008) that declares the “great wiping controversy” about how many passes of overwriting with various data values to be settled: their research demonstrates that a single overwrite using an arbitrary data value will render the original data irretrievable even if MFM and STM techniques are employed. The researchers found that the probability of recovering a single bit from a previously used HDD was only slightly better than a coin toss, and that the probability of recovering more bits decreases exponentially so that it quickly becomes close to zero. Therefore, a single pass overwrite with any arbitrary value (randomly chosen or not) is sufficient to render the original HDD data effectively irretrievable."  http://www.infosecisland.com/blogview/16130-The-Urban-Legend-of-Multipass-Hard-Disk-Overwrite.html

Just in case that research is a smokescreen spread by the NSA to hide their true capabilities I think anyone with the resources to recover overwritten data from a modern high density drive would just arrange for Elpie's new computer to be stolen or give her a room on Cuba and ask her to retype it all.


Thanks for posting this.  Interesting considering I've heard about criminal cases where near destroyed or securely erased data has been retrieved and used against said person.  I don't have any specific examples...But I'm sure I've heard of it being done before.

I still say better safe than sorry.  If the data is worth more to you than a new drive, it's best to just outright destroy it and buy another one.





Sometimes what you don't get is a blessing in disguise!

 1 | 2
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic




News »

Freeview On Demand app launches on Sony Android TVs
Posted 6-Aug-2020 13:35


UFB hits more than one million connections
Posted 6-Aug-2020 09:42


D-Link A/NZ extends COVR Wi-Fi EasyMesh System series with new three-pack
Posted 4-Aug-2020 15:01


New Zealand software Rfider tracks coffee from Colombia all the way to New Zealand businesses
Posted 3-Aug-2020 10:35


Logitech G launches Pro X Wireless gaming headset
Posted 3-Aug-2020 10:21


Sony Alpha 7S III provides supreme imaging performance
Posted 3-Aug-2020 10:11


Sony introduces first CFexpress Type A memory card
Posted 3-Aug-2020 10:05


Marsello acquires Goody consolidating online and in-store marketing position
Posted 30-Jul-2020 16:26


Fonterra first major customer for Microsoft's New Zealand datacentre
Posted 30-Jul-2020 08:07


Everything we learnt at the IBM Cloud Forum 2020
Posted 29-Jul-2020 14:45


Dropbox launches native HelloSign workflow and data residency in Australia
Posted 29-Jul-2020 12:48


Spark launches 5G in Palmerston North
Posted 29-Jul-2020 09:50


Lenovo brings speed and smarter features to new 5G mobile gaming phone
Posted 28-Jul-2020 22:00


Withings raises $60 million to enable bridge between patients and healthcare
Posted 28-Jul-2020 21:51


QNAP integrates Catalyst Cloud Object Storage into Hybrid Backup solution
Posted 28-Jul-2020 21:40



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.