Jump to content











Photo

Encrypt Your Sensitive Data before Wiping It !


  • Please log in to reply
63 replies to this topic

#1 Jamal H. Naji

Jamal H. Naji

    Frequent Member

  • Tutorial Writer
  • 178 posts
  •  
    United States

Posted 28 October 2010 - 11:08 AM

There’s a known fact that it is impossible to permanently destroy data just by formatting a hard drive. It doesn't matter if you use Windows formatting or pay for a commercial disk formatting program or use any free alike software. It won’t work.

 

In its essence formatting a drive is the same as deleting files in Windows and then removing them off Recycle Bin. Just a small bits of information (links to files) are removed but the files still reside on the hard drive and it is very easy to recover them using either commercial solution or one of the free powerful applications for data recovery out there on the net. That's why you may want to use a powerful software specialized in hard drive data wiping, to shred the drive partition beyond any possible recovery, BUT the big question will always be, is that enough?

 

The answer was always proven as simply NO! Read This article by PC WORLD (Hard Drives Exposed) to see how much data can be recovered from your hard drive!

As a proven method, wiping the hard drive should be your second step, not the first step, so what is the first step?

The first step is the perfect and ultimate GO SAFE & GREEN solution other than physically destroying your hard drive with a sledge hammer and increase the earth pollution, is to ENCRYPT that hard drive before engaging any wipe method, so it is not possible to recover any data after encrypting and then wiping it, and all what will be recovered is an encrypted unreadable nonesence files that is impossible to know what it is and impossible to decipher.

 

This is what I personally do, before I get rid of an old hard drive by donating it or by passing it to a friend, or selling it on eBay, or even if I want to use the same hard drive again as a clean and empty hard drive with no previous data on it, and today I am going to show you how:

We are going to download my preferred free, and surprisingly so powerful programs that I personally use in my daily routine, to make a demonstration in this tutorial, of course you can use different free or commercial software later for this purpose, but for now we are going to use the following, good luck:

1- Download TrueCrypt (3.3 MB) from HERE, it’s a free powerful open source disk encryption software, execute the (TrueCrypt Setup 7.0a.exe) and choose to extract the program to a folder on your desktop, we will use this method so to use the program as portable, without installation, and for easy access directly to the needed files inside that folder.

0001iv.jpg

002ecc.jpg

2- Download Hard Drive Eraser 2.0 from HERE, it’s a portable one icon program and very light (617 KB), yet very reliable and powerful tool to securely wipe any hard drive with 4 different methods of your choice (write zeros, DOD 5220-22.M-military grade 3-passes, 4 passes US Army method, and Peter Guttman 32 passes), and uses FAT, FAT32, NTFS format methods.

3- I am going to use a 4 GB thumb drive for this demonstration, and I am going to put different types of files on it, and see in the end what will I get back of them after encrypting then destroying them – this is what the data inside the thumb drive looks like now-:

001dpy.jpg

4- Now I will format that drive with NTFS so I can encrypt it with True crypt, after format I open the folder (TrueCrypt) and execute (TrueCrypt Format.exe ) with elevated privileges(Run as administrator) since am working from Windows 7 in this tutorial:

002akm.jpg

5- The wizard will start and I will choose Encrypt a non-system partition/drive and click on Next:

004jto.jpg

6- Next screen I choose Standard TrueCrypt Volume:

005qhj.jpg

7- Next screen I browse to the thumb drive and mark the never save history option, then I hit the Next button:

006wu.jpg

8- Next screen I choose Encrypt Partition in Place and I hit Next button:

007sh.jpg

9- Next screen I receive a warning, I hit Yes to proceed:

008kg.jpg

10- Next screen I get the chance to choose the Encryption Algorithm, and the Hash Algorithm, I just keep them on default, they are more than sufficient, and I hit Next button:

009uv.jpg

11- Next screen I will not choose a password, instead I will be more wicked, and am going to let the program generate a super complicated key for me so nobody ever (rest assured) will know what is the key to decipher any recovered data in this thumb drive, mark the use key files, and hit the Key files button, as you see in picture below:

010la.jpg

12- Next screen click on Generate Random Key file:

011gkl.jpg

13- Next screen I hover the mouse over those “MATRIX” numbers for a minute or so before I hit Generate and Save Key file:

012ta.jpg

14- Next I will have to save the key file on desktop, I will use it next step, and I will name it keys:

013fv.jpg

15- Key file created successfully, click OK:

014jro.jpg

16- Next is to add that key file I saved on desktop, and click OK:

015exb.jpg

17- Now just hit Next:

016tt.jpg

18- Next screen mark the Display pool content, and hover again over those “MATRIX” moving numbers randomly for another minute or so before you hit next button:

017cv.jpg

19- Next screen keep the Wipe method to the default (None) because we are not going to wipe the disk now, we do that later, so hit Next:

018do.jpg

20- Now click Encrypt button:

019mt.jpg

21- A warning pop up informing you that during encryption you will not be able to use that drive, click Yes:

020ky.jpg

22- The encryption will start and will take more than an hour for a 4 GB, almost 10 hours for a 500 GB, but it’s worth the wait:

021ep.jpg

23- When done you have to click OK & OK for the next 2 warnings, then click on Finish to close and Exit the program:

022sy.jpg

023me.jpg

024sb.jpg

24- Now the drive is encrypted and cannot be used or opened without using TrueCrypt program and providing the key you encrypted the drive with, but since we do not want to decrypt the drive, but we need to destroy the data inside forever, and make any recoverable data inside that disk unreadable at all, so first thing we need to format the drive again, so right click on that thumb drive and format it with what you prefer, Fat,Fat32,NTFS, it’s your choice, after that, start the Hard Disk Eraser Program, be careful to choose the thumb drive and not any other drive in your pc by mistake, and mark the quick format, and keep the default NTFS, and DOD method of wiping the disk, and click START button:

028lz.jpg

25- A confirmation window, click on Yes:

029ik.jpg

26- Another confirmation window ask me to input the word ERASE in capital letters and hit the OK button to proceed:

030jm.jpg

27- The program will start formatting then wiping the drive, if you see an error message, stop the program and close to exit, then go reformat the thumb drive again:

031ofx.jpg

28- After you formatted the thumb drive again and started the eraser, if you see that the Volume label is BLANK, then you know everything is going fine, and the wiping of the drive is properly functioning:

032ys.jpg

29- Wiping a 4 GB drive shouldn’t take long, maybe less than an hour or so, or maybe more depending on the health status of that drive, and the speed and power of your PC too:

033ie.jpg

30- When done you should see Erasing Disk Completed, so you can close the program to exit:

034vo.jpg

31- Now your thumb drive is completely encrypted and wiped off any usable or readable data, so even if there is a possibility of data recovery, no one ever can decipher that recovered data, I am going to test this by using a really powerful data recovery software that can recover even encrypted data, it’s a $140 single license software from Disk Internals, I will use their latest & ultimate program ( Disk Internals Partition Recovery 3.7 ) and put that thumb drive to a government like test:

041fq.jpg

32- The result is what you see in picture below, nothing but junk unreadable files, and we are done with this tutorial after we succeeded in our mission:

042yy.jpg

============================================================
cm10468x60webanimation.gif
============================================================
My Other Topics & Tutorials HERE
============================================================
Free Security Check-Ups
Many computer security vendors offer free computer security checks for your computer. Visit this link to check your computer for known viruses, spyware, and more and discover if your computer is vulnerable to cyber attacks.
============================================================

Attached Files


  • joe dreck likes this

#2 Brito

Brito

    Platinum Member

  • .script developer
  • 10616 posts
  • Location:boot.wim
  • Interests:I'm just a quiet simple person with a very quiet simple life living one day at a time..
  •  
    European Union

Posted 28 October 2010 - 11:20 AM

Never used truecrypt before but after following your screenshots I feel more confident to try out.

I've caught a small typo on "Download Hard Drive Eraser 2.0 form"

Very good tutorial.

:D

#3 dog

dog

    Frequent Member

  • Expert
  • 236 posts

Posted 28 October 2010 - 11:29 AM

That's why you may want to use software specialized in hard drive data wiping, to shred the drive partition beyond any possible recovery, but the big question, is that enough? The answer was always proven as simply NO!

That article says that formatting is not enough to wipe data, not that specialized wiping software isn't.
I'd try again with just a single pass, flash memory has a finite life after all.

#4 Jamal H. Naji

Jamal H. Naji

    Frequent Member

  • Tutorial Writer
  • 178 posts
  •  
    United States

Posted 28 October 2010 - 11:32 AM

Thank you Nuno, also there's an official PDF file inside the extracted folder, that explains also with screen shots about more options.thank you again.

#5 steve6375

steve6375

    Platinum Member

  • Developer
  • 7566 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films
  •  
    United Kingdom

Posted 28 October 2010 - 11:36 AM

OK - it is true that running Windows/DOS format will not erase your data. But using a hard disk wipe program will erase all data. It is totally unnecessary to encrypt the drive before wiping it and a waste of time (but does add security if it is lost or stolen whilst you have an OS on it).

Also, you are in a false sense of security if you think encrypting the drive and then Windows formatting it afterwards protects all your data (as described above by Jamal). This is only true if you have never used or reformatted the drive before. Encryption only encrypts the files and NOT the unused sectors. So if you have used the drive previously and then reformatted the drive and then encrypt it, some unencrypted sectors will still be on the disk from the previous OS install.

The only way to be sure is to erase all sectors using a disk wipe program (e.g. Blancco) before you reformat, add the OS and encrypt - or before you 'recycle' the system.

I wrote an AutoIT program to do a 'write 00s to all sectors' wipe which runs under WinPE v2/v3 to do just this.

#6 evilgoat

evilgoat

    Newbie

  • Members
  • 24 posts
  • Location:tg-mures
  •  
    Romania

Posted 28 October 2010 - 12:31 PM

there are a few different programs out there that have the "write zeroes" option and that's what you want to use to totally, irrecoverably wipe a hard disk.

this whole "data can never be totally erased" thing is just computer voodoo, while it is true that most operating systems and even formating programs only substitute the beginning of files with code that tells the file system that empty space follows, formatting with "write zeroes" sets every bit on the hard disk to 0.

on a side-note some people out there think that shift-delete in windows does the same and writes zeroes where the selected file used to be on the hard disk, this is not true, shift-delete just directly removes files on systems where the recycle bin is enabled rather then moving them to the recycle bin first but files deleted this way are recoverable.

#7 Shirin Zaban

Shirin Zaban

    Frequent Member

  • Tutorial Writer
  • 423 posts
  • Location:Tehran
  • Interests:1_Making Unattended and Customized XP<br /><br />2_Making different types of Bootable and Multiboot CD/DVD<br /><br />3_Like to learn more about grub and grub4DOS
  •  
    Iran

Posted 28 October 2010 - 12:50 PM

Hi Dear jamal

Very good and useful tutorial

shirin zaban

#8 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 28 October 2010 - 01:24 PM

Tutorial is very nice. :)

What is illustrated in it is absolutely unneeded. :D

A wiped hard disk CANNOT be recovered by ANY means known to the public. (this excludes the military, NSA, CIA, FBI and similar security agencies, though I strongly doubt even they could )

The above is a very strong statement, and requires to be proven wrong by facts.

I won't take "I know a friend that has a cousin that has a MFM and actually does that" as a proof of the inaccuracy of the above statement.

I am willing to provide an old hard disk which, after being completely wiped, has a short text file saved on it and then wiped again with a single pass of 00's (ALL that is needed to make data UNrecoverable).

If anyone manages to recover the text, I'm going to pay him/her US $ 100.00 (that's the most I can afford :D).

In other terms, I am willing to re-open privately The Great Zero Challenge:
http://16s.us/zero/

http://www.forensicf...m...opic&t=2065
http://www.forensicf...m...opic&t=3387

ALL the literature available and EVERY single documented test ever published (besides each and every direct experiment carried on) has proved that a single 00's wiping PASS is ENOUGH.

As always everyone is perfectly free to lose some time encrypting data before wiping it or doing multiple passes and over-stress their hard disk as much as they like :D, but it's a futile (and foolish) exercise.

Recovery of wiped data is a myth.

Besides, a hard disk and a memory stick are two completely different beasts, and they CANNOT be exchanged. (but data is NOT recoverable on EITHER type of Mass Storage Device, anyway).

:)
Wonko

#9 steve6375

steve6375

    Platinum Member

  • Developer
  • 7566 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films
  •  
    United Kingdom

Posted 28 October 2010 - 03:11 PM

Agree 100%! The number of times a customer has come to us saying 'please can you recover my data - it is REALLY IMPORTANT' and we have gone to several specialist firms and even the HDD manufacturers - all with the same result - it cannot be done. I understand that with special off-track heads and a clean room and 1000's of hours, you might possibly get some bit of data which is theoretically possible - but I have not heard of any real life way to recover data once it has been overwritten.

P.S. The only way to be really safe is to smash the drive. Hard disks can re-allocate sectors if they get read/write errors on them. So theoretically, some of these unused, slightly faulty reallocated sectors could still be on your hard disk even though you erase 'all' accessible sectors. Most HDDs have spare sectors for this re-allocation purpose and it is not uncommon for HDDs to re-allocate sectors (aka growing the GLIST).

#10 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 28 October 2010 - 06:08 PM

P.S. The only way to be really safe is to smash the drive. Hard disks can re-allocate sectors if they get read/write errors on them. So theoretically, some of these unused, slightly faulty reallocated sectors could still be on your hard disk even though you erase 'all' accessible sectors. Most HDDs have spare sectors for this re-allocation purpose and it is not uncommon for HDDs to re-allocate sectors (aka growing the GLIST).

NO. :)

Guess why HDerase (and ONLY HDerase) is suggested for SECURE deletion? :)
(which by the way is also the fastest thing around?)

http://cmrr.ucsd.edu...cureErase.shtml

http://cmrr.ucsd.edu...EraseReadMe.txt
Some of the FAQ's:

Q: Is there government approval for secure erase, that meets current federal and
state lows, like Sarbanes-Oxley, the Health Information Portability and
Accountability Act (HIPAA), the Personal Information Protection and Electronic
Documents Act (PIPEDA), the Gramm-Leach-Bliley Act (GLBA), and California Senate
Bill 1386?

A: According to federal data sanitization document NIST 800-88, acceptable
methods include executing the in-drive Secure Erase command, degaussing a drive,
and physical destruction.

Q: What are HPA and DCO areas?

A: HPA is an acronym for Host Protected Area. A HPA is a portion of sectors at
the end of the hard drive that can not be addressed by the user. Normally this
area is used to store hard drive diagnostic or recovery type software, but any
type of data may reside in this area. DCO is an acronym for Device Configuration
Overlay. Similar to a HPA, a DCO represents a portion at the end of the hard
drive that is not user addressable. Both these areas are NOT overwritten when
a windows format, secure/enhanced erase, or any other overwrite method is
performed. In order for these areas to be erased they have to be first removed,
and only then can the entire drive be erased (see the following question).
***Note: In our testing some drives overwrite the HPA when a secure erase is
performed, but most drives do not erase this area when a secure erase is
performed. CMRR contends that HPA erasure is not mandatory because user data is
not stored there; however HDDerase offers erasure of both areas for maximum erase
security.


Q: Can hdderase.exe erase the host protected area (HPA) or the device
configuration overlay area (DCO)?

A: Yes. A message will appear if a HPA and/or DCO exist(s) on the selected
drive and prompt the user if he/she wants the areas to be erased. Accepting
removes the HPA and/or DCO via set max address (ext) and device configuration
restore commands, respectively. A subsequent secure erase will then erase the
entire drive. Declining leaves the HPA and/or DCO intact, and a subsequent
secure erase may or may not erase over the HPA/DCO, depending on the manufacturer.
CMRR Secure Erase protocol requires erasure only of all user-accesible records.
If your drive is locked by a non-HDDerase password and if either option 3, 4, 5,
or 6 is chosen, then the HPA and/or DCO will NOT be detected or reset.
***Note: the device configuration restore command disables ANY settings
previously made by a device configuration set command--thereby placing the drive
in its factory default state.


Obviously this applies ONLY to ATA/SATA Hard disk devices.

:D
Wonko

#11 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 28 October 2010 - 07:31 PM

I've been using Truecrypt for years on regular and USB media to keep all my stuff from being stolen or lost.

To each it's own. :)

Out of curiosity :D at which category do you belong?:
http://www.boot-land...?...c=9297&st=7


Or maybe I missed a few ones? :D

:)
Wonko

#12 M8R-d4kps4

M8R-d4kps4
  • Members
  • 2 posts
  •  
    United States

Posted 28 October 2010 - 10:32 PM

sorry guys that are against encryption you lose !! jamal is absolute right in his post and you all wrong against him and you need to gain more experience in computers her is some education for you guys http://www.howtogeek...our-hard-drive/

#13 steve6375

steve6375

    Platinum Member

  • Developer
  • 7566 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films
  •  
    United Kingdom

Posted 28 October 2010 - 10:50 PM

This post is about encrypting a drive before you wipe it. I am not against encryption, in fact I would recommend it. It is just that encrypting a drive and then formatting it as outlined by the OP does NOT ensure all data is destroyed.

#14 Jamal H. Naji

Jamal H. Naji

    Frequent Member

  • Tutorial Writer
  • 178 posts
  •  
    United States

Posted 28 October 2010 - 11:44 PM

Dear All,
thank you Nuno Brito, Shirin Zaban, Steve6375, M8R-d4kps4, Wonko the Sane, Rootman, dog, evilgoat, whether with me or against me, I would like to say some facts and proven methods:

Fact #1- Wiping the HDD with any method or all methods one after another starting with the Zeros is a good job but as I said is not enough and is a waste of time, because you have to repeat and repeat and repeat every method several times to corrupt the data completely and still in the end unsure if your drive has some files that can be recovered.

Fact #2- Encrypting the HDD as a whole will encrypt the drive as a whole and not part of it or just part of the data inside it, and the encrypted drive becomes inaccessible whatsoever without the program used to encrypt it and without the password used to encrypt it, and any attempt to brute force break that password will leave you with a corrupted unrecoverable junk useless data.

Fact #3- You need to have one or some or all the following qualifications(Certified Computer Forensics Examiner (CCFE) , Certified Information Systems Security Professional (CISSP), Computer Hacking Forensic Investigator (CHFI), ECSA - EC-Council Certified Security Analyst, Certified Information Technology Professional (CITP), or a member in the High Tech Crime Investigation Association (HTCIA) or equivalent, with 5 years experience at least in data recovery and forensic evidence, to go against the facts in my tutorial.

Fact #4- I am not here to challenge anyone at all in Facts, because facts already have been challenged before they became facts, so take what I said or leave it, its up to you, but for me am done with any further replies on this topic.

Wish you all good luck, and thank you again.

#15 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 29 October 2010 - 07:08 AM

Fact #1- Wiping the HDD with any method or all methods one after another starting with the Zeros is a good job but as I said is not enough and is a waste of time, because you have to repeat and repeat and repeat every method several times to corrupt the data completely and still in the end unsure if your drive has some files that can be recovered.

As soon as anyone will prove he/she recovered ANY data after a single 00 wipe, that may become a fact.
Right now it's a myth, debunked by the same guy that started it all, Mr. Gutmann:
http://www.cs.auckla...secure_del.html

Epilogue
In the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data. In fact performing the full 35-pass overwrite is pointless for any drive since it targets a blend of scenarios involving all types of (normally-used) encoding technology, which covers everything back to 30+-year-old MFM methods (if you don't understand that statement, re-read the paper). If you're using a drive which uses encoding technology X, you only need to perform the passes specific to X, and you never need to perform all 35 passes. For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do. As the paper says, "A good scrubbing with random data will do about as well as can be expected". This was true in 1996, and is still true now.

Looking at this from the other point of view, with the ever-increasing data density on disk platters and a corresponding reduction in feature size and use of exotic techniques to record data on the medium, it's unlikely that anything can be recovered from any recent drive except perhaps a single level via basic error-cancelling techniques. In particular the drives in use at the time that this paper was originally written are long since extinct, so the methods that applied specifically to the older, lower-density technology don't apply any more. Conversely, with modern high-density drives, even if you've got 10KB of sensitive data on a drive and can't erase it with 100% certainty, the chances of an adversary being able to find the erased traces of that 10KB in 80GB of other erased traces are close to zero.
...

Further Epilogue
...
Any modern drive will most likely be a hopeless task, what with ultra-high densities and use of perpendicular recording I don't see how MFM would even get a usable image, and then the use of EPRML will mean that even if you could magically transfer some sort of image into a file, the ability to decode that to recover the original data would be quite challenging. OTOH if you're going to use the mid-90s technology that I talked about, low-density MFM or (1,7) RLL, you could do it with the right equipment, but why bother? Others have already done it, and even if you reproduced it, you'd just have done something with technology that hasn't been used for ten years. This is why I've never updated my paper (I've had a number of requests), there doesn't seem to be much more to be said about the topic.


Fact #3- You need to have one or some or all the following qualifications(Certified Computer Forensics Examiner (CCFE) , Certified Information Systems Security Professional (CISSP), Computer Hacking Forensic Investigator (CHFI), ECSA - EC-Council Certified Security Analyst, Certified Information Technology Professional (CITP), or a member in the High Tech Crime Investigation Association (HTCIA) or equivalent, with 5 years experience at least in data recovery and forensic evidence, to go against the facts in my tutorial.

This is bull§hit.
Certification(s) have nothing to do with this.

Fact #4- I am not here to challenge anyone at all in Facts, because facts already have been challenged before they became facts, so take what I said or leave it, its up to you, but for me am done with any further replies on this topic.

Facts, yes :) , myths, no :).

Come on, I am not asking that much :D, I would like to have only some appropriate reports and test results that show that anything has ever been recovered from a wiped modern hard disk, AND someone that will take (and win) the challenge.

And of course encryption, if used properly and for what it is meant for is a good thing. :D

@M8R-d4kps4
Point was not at all against encryption, it was only confuting the need (but also the opprtunity) to encrypt data before wiping it in order to lessen the chances of recovering them.
You cannot lessen 0 chances. :)


:D
Wonko

#16 evilgoat

evilgoat

    Newbie

  • Members
  • 24 posts
  • Location:tg-mures
  •  
    Romania

Posted 29 October 2010 - 11:03 AM

please correct me where you think i'm wrong:

- HDDs record data by magnetizing ferromagnetic material directionally, to represent either a 0 or a 1 binary digit. and the entire hard disk is made up of these small, locally magnetized zones, which are then logically grouped into clusters and so on.
- any form of data on the hard disk is represented by octets of 1 and 0s called bytes. one byte is equal to one character as defined by different character encoding schemes like ascii for example.
so setting every bit on a hard drive to 0 will "erase" all data.

i can back up these claims, if you disagree or believe it's not the entire picture please back up your own claims with the exact mechanism that would allow the data to be recovered. stating that it's a "fact" that it can dosn't really mean much, i've heard similar stories as well but don't forget the world we are living in. so as long as someone dosn't come up with a solution that works at least in theory (never mind the real world) i'm sticking to knowledge i can actually reference.

#17 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 29 October 2010 - 11:14 AM

i can back up these claims, if you disagree or believe it's not the entire picture please back up your own claims with the exact mechanism that would allow the data to be recovered. stating that it's a "fact" that it can dosn't really mean much, i've heard similar stories as well but don't forget the world we are living in. so as long as someone dosn't come up with a solution that works at least in theory (never mind the real world) i'm sticking to knowledge i can actually reference.

To be more exact, someone came up with this theory in 1996 (the said Mr. Peter Gutmann) and notwithstanding the fact that there are very few reliable and documented reports that the theory ever worked in practice, everyone assumed that it was possible (without taking into account that the tools and devices needed costed at the time in the order of several tens if not hundred thousands US $, and the time to actually recover a probabilistic map of previous data through the use of a Magnetic Force Microscope makes the practice VERY unlikely to be used "commonly").

Anyway, now the Author of the theory himself has publicly stated that his theory (again let alone the practice) does NOT apply to the new generation (which actually means a couple of generations) of modern hard disks.

In other words, before we had a valid theory and a shaky at best positive feedback from practice.
Now we don't even have the theory.

The idea of wiping also the not normally accessible areas of the HD, might be an enhancement to the "simple" 00'ing of user accessible areas, see previous links to Secure Erase.
In any case truecrypt (or any other filesystem encryption program) will never be able to access these areas.


:)
Wonko

#18 steve6375

steve6375

    Platinum Member

  • Developer
  • 7566 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films
  •  
    United Kingdom

Posted 29 October 2010 - 01:02 PM

so setting every bit on a hard drive to 0 will "erase" all data.


It does not work like that. You cannot write a 0 or a 1 to a hard disk, you have a flux reversal which may or may not occur at a specific time in a data stream. See here then click on the RLL link and then the PRML link

Standard read circuits work by detecting flux reversals and interpreting them based on the encoding method that the controller knows has been used on the platters to record bits. The data signal is read from the disk using the head, amplified, and delivered to the controller. The controller converts the signal to digital information by analyzing it continuously, synchronized to its internal clock, and looking for small voltage spikes in the signal that represent flux reversals. This traditional method of reading and interpreting hard disk data is called peak detection.


So you don't write 1's or 0's to the magnetic surface, you just write a stream of pulses (flux reversals) but in different places on the 'track'. There is no such thing as writing 0's to a hard disk in practice. Depending on the encoding technique used by the disk drive chips, writing all 8 bits of 0's could end up as a pulse stream of 1__1__1 and writing 8 bits of 1's could end up as a pulse stream of 1_1_____ 1 (where a space represents a time interval where no flux change is present and a 1 indicates a flux change).

#19 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 29 October 2010 - 01:37 PM

So you don't write 1's or 0's to the magnetic surface, ....

Actually on modern hard disks you even use perpendicular recording:
http://en.wikipedia....cular_recording

So, even if you actually wrote 1's and 0's you cannot read them optically as you can only view them from the top....

This is nice :D:
https://www1.hitachi...rAnimation.html

@Rootman
The whole point is that more than one pass is NOT needed.
You can always do the whole 35 passes of the original Gutmann paper, but it would anyway be futile (and foolish).

In layman's terms, you cannot apply your knowledge and experience on gasoline engines to nuclear reactors (they are different :)).


The several passes had (some) sense on the old MFM and RLL drives, lost all this sense with PRM and EPRML, and now makes NO sense whatever with perpendicular recording.

Please, spend some time in updating your knowledge:
http://www.anti-fore...-pass-is-enough

I’m sure you’ve heard of DBAN or Darik’s Boot and Nuke. Most people who work in IT have. This is because it works and it is very effective. You can pop the CD in, go through a few menu’s and then leave the machine running while DBAN does all the work. It can wipe every hard disk connected to the system in succession. There are options to do more than one pass, which you should avoid unless you don’t mind waisting your time.

http://www.anti-fore...ith-screenshots

As said the cmm Secure erase is FASTER than DBAN, actually faster than anything else, as it uses the hard disk internal routines to do the wiping.

:D
Wonko

#20 Master of Disaster

Master of Disaster

    Member

  • Members
  • 62 posts
  •  
    Monaco

Posted 29 November 2010 - 01:48 AM

graet tutorilal jamal.. :) I believe this the perfect way to really make any data irrecoverable at all.. two thumbs up.. :D

#21 breaker

breaker

    Frequent Member

  • Advanced user
  • 114 posts
  •  
    United States

Posted 29 November 2010 - 07:46 AM

As said the cmm Secure erase is FASTER than DBAN, actually faster than anything else, as it uses the hard disk internal routines to do the wiping.

:)
Wonko


Thanks for the link to that.

MHDD is also very fast as it also communicates directly to the HDD controller, but erase is only one feature.

I will give HDDerase a try!

Also, it is funny how certain agencies of the US Government require certain wipe routines on hard drives, but manage to leak information like a sieve!

Here is a good overview of data remanence (spell check flagged this word, but it is correct), and why recovery after a wipe is Urban Legend:

http://en.wikipedia..../Data_remanence
http://www.merriam-w...onary/remanence

:D

breaker

#22 Master of Disaster

Master of Disaster

    Member

  • Members
  • 62 posts
  •  
    Monaco

Posted 29 November 2010 - 10:15 AM

according to the Wikipedia article it proves that jamal was right about encryption cuz any other method is not complete secure except encryption and physical destroy of hard disk..as i read

*(One challenge with an overwrite is that some areas of the disk may be inaccessible, due to media degradation or other errors. Software overwrite may also be problematic in high-security environments which require stronger controls on data commingling than can be provided by the software in use. The use of advanced storage technologies may also make file-based overwrite ineffective.)

*(Peter Gutmann investigated data recovery from nominally overwritten media in the mid-1990s. He suggested magnetic force microscopy may be able to recover such data, and developed specific patterns, for specific drive technologies, designed to counter such.[2] These patterns have come to be known as the Gutmann method.(means erasing the disk 35 times according to his method-so how much time u think will needed?)

*(They point out that the long time required for multiple wipes "has created a situation where many organisations ignore the issue all together – resulting in data leaks and loss)


*(As of November 2007, the United States Department of Defense considers overwriting acceptable for clearing magnetic media within the same security area/zone, but not as a sanitization method. Only degaussing or physical destruction is acceptable for the latter.)

*(Degaussing often renders hard disks inoperable, as it erases low-level formatting that is only done at the factory during manufacturing. It is possible, however, to return the drive to a functional state by having it serviced at the manufacturer. Degaussed floppy disks can generally be reformatted and reused with standard consumer hardware.)

so in the end encryption is the ultimate solution and guarantee for data destroy forever (if we exclude physical destroy of hard drives):

*(Encrypting data before it is stored on the medium may mitigate concerns about data remanence. If the decryption key is strong and carefully controlled (i.e., not itself subject to data remanence), it may effectively make any data on the medium unrecoverable. Even if the key is stored on the medium, it may prove easier or quicker to overwrite just the key, vs the entire disk.)

good job jamal :D

#23 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 29 November 2010 - 10:25 AM

*(Encrypting data before it is stored on the medium may mitigate concerns about data remanence. If the decryption key is strong and carefully controlled (i.e., not itself subject to data remanence), it may effectively make any data on the medium unrecoverable. Even if the key is stored on the medium, it may prove easier or quicker to overwrite just the key, vs the entire disk.)

English must be a really difficult language.

Encrypting data BEFORE it is stored is OK, i.e. you use day by day encrypted data, this is safer than using non-encrypted data, and it mitigates data remanence, i.e. if you DO NOT wipe the HD is anyway unlikely that your data can be read/decrypted.
Encrypting data before wiping it is pointless, as it is IMPOSSIBLE to recover data after a single wipe.

:D
Wonko

#24 steve6375

steve6375

    Platinum Member

  • Developer
  • 7566 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films
  •  
    United Kingdom

Posted 29 November 2010 - 10:39 AM

None of that says that data can be recovered after it has been overwritten!

Encryption is not 100% secure. It may be difficult and take a long time to crack, but it can theoretically be done. Wiping all sectors on a disk is unrecoverable (or can you cite a case where someone has recovered data?). The data on an encrypted disk can still be read - it just cannot be easily decoded but who knows what will happen in a few years when someone can use parallel/cloud supercomputers to analyse a 300GB image file of an encrypted hard disk in just a few minutes and decrypt it all?

#25 breaker

breaker

    Frequent Member

  • Advanced user
  • 114 posts
  •  
    United States

Posted 29 November 2010 - 10:40 AM

On the other hand, according to the 2006 NIST Special Publication 800-88 (p. 7): "Studies have shown that most of today’s media can be effectively cleared by one overwrite" and "for ATA disk drives manufactured after 2001 (over 15 GB) the terms clearing and purging have converged."[1] An analysis by Wright et al. of recovery techniques, including magnetic force microscopy, also concludes that a single wipe is all that is required for modern drives. They point out that the long time required for multiple wipes "has created a situation where many organisations ignore the issue all together – resulting in data leaks and loss. "[5]


I tend to agree with this statement from the wiki.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users