Jump to content











Photo

Encrypt Your Sensitive Data before Wiping It !


  • Please log in to reply
63 replies to this topic

#51 Master of Disaster

Master of Disaster

    Member

  • Members
  • 62 posts
  •  
    Monaco

Posted 29 November 2010 - 08:40 PM

Nuno, u r absolutely right about every word u said..but i beg ur pardon and also Icecube..this is not the subject we r having all this conversation about..the subject is the best method to destroy a data on a hdd..and the final reply that no one after that replied against was this one where all the rejections is why using wipe if encryption is enough:

u need to read this agian..its very clear that jamal wanted us to wipe the data to eliminate any of the following concerns no matter how minor the possebility is
by using wipe after encrypt is to close any possible gap of what mentioned below=
(Cold boot attacks are one of the few possible methods for subverting a whole-disk encryption method, as there is no possibility of storing the plain text key in an unencrypted section of the medium. However, even this is unlikely and difficult to execute in a non-laboratory situation, as a cold boot attack requires immediate network access to the computer and is only possible within several minutes or even seconds of the system being depowered, depending on the kind of random access memory used. Even then there is still the possibility of the key itself being scrambled or otherwise protected, which may make even this method fail.
Other side-channel attacks, like the use of hardware-based keyloggers or acquisition of a written note containing the decryption key, may offer a greater chance to success, but do not rely on weaknesses in the cryptographic method employed. As such, their relevance for this article is minor)

then after that i mentioned that jamal's method might be emplemented in top gov security agencies as the best method to destroy data once and for all as the next best method to destroying a data on a hdd..but later came icecube and talked about security breach..and with respect this is not our topic we r talking about or the tutorial of jamal is talking about..we stoped last thing on a joke by dog with a funny reply..but later came icecube and things messed up in no related replies..sorry for this..with respect to all.

Edited by Master of Disaster, 29 November 2010 - 08:42 PM.


#52 sambul61

sambul61

    Gold Member

  • Advanced user
  • 1568 posts
  •  
    American Samoa

Posted 30 November 2010 - 01:34 AM

I've a couple of dummy questions:

- what's wrong with encrypting access to the drive and/or data before accessing it and wiping with 0s?
- where is the evidence that one pass zeroed data CANNOT be recovered? :cheers:

What's this battle is all about? Why don't leave that choice to the drive owner? Do we know, what equipment HD makers use in their labs? What software is available to "agencies"? If one method has proven to fail data recovery, another method can possibly be found. This discussion is abstract at best, as well as some pubs on the topic. Nobody had proven that recovery of overwritten data is impossible in principle. All legal talk in docs is only about sufficient destruction level for a particular user group. All tech talk is about insufficient sensitivity of similar class equipment to read erased (zeroed) data back. Basically, the same set of tech standards & specs was relied on in attempting data recovery, that was used in writing the original data. Who said, its always that way? :cheers:

Edited by sambul61, 30 November 2010 - 02:17 AM.


#53 Master of Disaster

Master of Disaster

    Member

  • Members
  • 62 posts
  •  
    Monaco

Posted 30 November 2010 - 02:05 AM

sambul61 ur absolutly right..agree with u totally..jamal in this tutorial came up with a method of (encrypt then wipe) beacuse what ur saying is totally right and is proved and documented as facts here in wikipedia:
http://en.wikipedia..../Data_remanence
the article in wikipedia proves that only encryption can destroy data with very very little minor chances of recovery( cold boot attack and side channel attacks)..so becauese of that very very minor little chance of recovery of encrypted data by those 2 attacks jamal came up with the method of wiping hdd after encryption so to eleminate any file recovery by any chance and by any means possible ..he was totally right according to the facts in wikipedia..thats what i was telling everybody in all this replies. :cheers:

Edited by Master of Disaster, 30 November 2010 - 02:18 AM.


#54 steve6375

steve6375

    Platinum Member

  • Developer
  • 7566 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films
  •  
    United Kingdom

Posted 30 November 2010 - 05:49 PM

sambul61 ur absolutly right..agree with u totally..jamal in this tutorial came up with a method of (encrypt then wipe) beacuse what ur saying is totally right and is proved and documented as facts here in wikipedia:
http://en.wikipedia..../Data_remanence
the article in wikipedia proves that only encryption can destroy data with very very little minor chances of recovery( cold boot attack and side channel attacks)..so becauese of that very very minor little chance of recovery of encrypted data by those 2 attacks jamal came up with the method of wiping hdd after encryption so to eleminate any file recovery by any chance and by any means possible ..he was totally right according to the facts in wikipedia..thats what i was telling everybody in all this replies. :)

from your wiki link...

Feasibility of recovering overwritten data
Peter Gutmann investigated data recovery from nominally overwritten media in the mid-1990s. He suggested magnetic force microscopy may be able to recover such data, and developed specific patterns, for specific drive technologies, designed to counter such.[2] These patterns have come to be known as the Gutmann method.
Daniel Feenberg, an economist at the private National Bureau of Economic Research, claims that the chances of overwritten data being recovered from a modern hard drive amount to "urban legend".[3] He also points to the "18½ minute gap" Rose Mary Woods created on a tape of Richard Nixon discussing the Watergate break-in. Erased information in the gap has not been recovered, and Feenberg claims doing so would be an easy task compared to recovery of a modern high density digital signal.
As of November 2007, the United States Department of Defense considers overwriting acceptable for clearing magnetic media within the same security area/zone, but not as a sanitization method. Only degaussing or physical destruction is acceptable for the latter.[4]
On the other hand, according to the 2006 NIST Special Publication 800-88 (p. 7): "Studies have shown that most of today’s media can be effectively cleared by one overwrite" and "for ATA disk drives manufactured after 2001 (over 15 GB) the terms clearing and purging have converged."[1] An analysis by Wright et al. of recovery techniques, including magnetic force microscopy, also concludes that a single wipe is all that is required for modern drives. They point out that the long time required for multiple wipes "has created a situation where many organisations ignore the issue all together – resulting in data leaks and loss. "[5]

Also, if you believe (without any shred of evidence and despite the references above saying it is practically impossible even using magnetic force microscopy) that recovery of overwritten data is or may be possible, how does encrypting sensitive data on a hard disk make it safe? Surely the same technique could be used to recover the unencrypted original remnant data???


I am sorry but I see no logic in your assertions?

#55 ceehoppy

ceehoppy

    Newbie

  • Members
  • 29 posts
  • Interests:Tinkering, DIY - home & cars age:38
  •  
    United States

Posted 30 November 2010 - 07:43 PM

WOW!! I've never seen a topic polarize a forum quite this way before. If you want to know which method is "better" then someone should apply forensic recovery techniques to drives treated with one, then the other. Until that time, you can find quotes & statistics, & interpret them, as you wish to support either view. (In car talk linguo we call that "bench racing")
It's your time, your drive- do what you're going to do. If you're that concerned about someone pulling info off an old drive, physically destroy before disposal.

#56 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 30 November 2010 - 08:02 PM

Let's see if it is possible to explain the logic (or assumed logic) behind my reasoning.

I have my reasons to believe that nothing can be retrieved from a hard disk after a single 00's wipe pass.

This is "my" theory (as well as that of a number of security experts - including the guys at http://cmrr.ucsd.edu/ :)).

Let's assume that it is FALSE :cheers: , and that ONE (or more) levels "below" can be retrieved, somehow.

Now, in jamal's tutorial we have THREE levels:
  • original data
  • encrypted data
  • 00's (wiping)

jamal suggests that once the "current" level is #3, someone can always get to level #2.

Now, since there is a relationship (the encryption algorithm and it's password or hash) between level #2 and level #1, noone can say if there is someone else capable of unencrypting the data in level #2 and get to level #1.

In other words, the presumed security is ENTIRELY relying on the encryption algorithm.

Then, it makes little sense to also wipe the hd.

Besides, as much as there is NO evidence of any data EVER retrieved from level n-1, if you believe that it is possible, there is no logical reason why you should believe that level n-2 is not also recoverable (or level n-3, etc.)

On the other hand, if there is no certainty of the encryption being unbreakable, it would make much more sense to use at level #2, instead of encrypted data, completely RANDOM data, i.e. something that has NO connection with the underlying level #1, which by the way is part of the original Gutmann's recommendations and of DoD 5220.22-M/NISPOM:
http://www.zdelete.com/dod.htm
http://www.usaid.gov...00/d522022m.pdf
http://en.wikipedia....ecurity_Program

If "my" theory is TRUE, then it is completely UNNEEDED to encrypt the data since nothing can be retrieved below "current level".

So, you need to take your choice:
  • if you believe that nothing can be retrieved below current level n (i.e. level n-1), you just need to wipe the disk.
  • if you believe that something can be retrieved below current level, you should make damn sure that contents of level n-1 has NO connection whatsoever with contents of level n-2 (random data is evidently a better choice than encrypted data)
  • if you believe that data can be recovered from a number of levels below, you have no choice but Degauss or destroy physically the media or use the whole set of 35 passes - in the words of the mentioned Mr. Peter Gutmann:
    http://www.cs.auckla...secure_del.html

    some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data.

(and cross your fingers, hold tight your rabbit's foot and hope)

:cheers:
Wonko

#57 sambul61

sambul61

    Gold Member

  • Advanced user
  • 1568 posts
  •  
    American Samoa

Posted 30 November 2010 - 09:30 PM

How ppl can believe in something they have no awareness about true state of? :) What choice do they have...

It sounds quite reasonable to replace encryption with random data writing anyway. On the other hand, if only part of info can be restored after being zeroed, cracking encryption sounds a lot less feasible (while cracking random data fruitless).

Whatever the user opts for, its always better to zero data before getting rid of your hard drive rather than format it, delete content or just do nothing. :cheers: I agree that the Tutorial would be easier to comprehend without excessive pictures highlighting obvious.

Edited by sambul61, 30 November 2010 - 10:08 PM.


#58 barin6588

barin6588

    Newbie

  • Members
  • 12 posts

Posted 30 November 2010 - 10:20 PM

السيد جمال تحية طيبة - أنا من المعجبين بمواضيعك الممتازة وأسلوبك الآنيق بالكتابة والتحليل وتدعم مواضيعك بشكل ممتاز بالصور التوضيحية - كذلك كما الاحظ ان مواضيعك تسبب النقاش الكبير نظرا للنظريات التي تطرحها جريئة وواقعية وتبدو من خبرتك الكبيرة والفريدة في عدد منها-أنا بالحقيقة أعرفك شخصيا فقد ألتقينا في أبريل من عام 2006 في مايكروسوفت لبنان-حيث أستمعت ألى محاضرتك التي ألقيتها في تطبيق الوندوز فيستا والآوفيس 2007 على الحاسبات والخاصة بالمحترفين-حيث كنت أنا رئيس قسم الحماية من القرصنة لمايكروسوفت لبنان والشرق الاوسط وباكستان-لاادري هل تذكرني-وتعرفت اليك حينها وأبديت لك اعجابي بك كخبير المعلوماتية العراقي وعلمك واسلوبك الرائع في حينها-لا ادري هل لازلت في لبنان مقيم ام انت في الولايات المتحده كما ارى من العلم الامريكي جانب اسمك-يسعدني اللقاء بك مرة ثانيه-وزادك الله علما

#59 Jamal H. Naji

Jamal H. Naji

    Frequent Member

  • Tutorial Writer
  • 178 posts
  •  
    United States

Posted 30 November 2010 - 10:27 PM

السيد جمال تحية طيبة - أنا من المعجبين بمواضيعك الممتازة وأسلوبك الآنيق بالكتابة والتحليل وتدعم مواضيعك بشكل ممتاز بالصور التوضيحية - كذلك كما الاحظ ان مواضيعك تسبب النقاش الكبير نظرا للنظريات التي تطرحها جريئة وواقعية وتبدو من خبرتك الكبيرة والفريدة في عدد منها-أنا بالحقيقة أعرفك شخصيا فقد ألتقينا في أبريل من عام 2006 في مايكروسوفت لبنان-حيث أستمعت ألى محاضرتك التي ألقيتها في تطبيق الوندوز فيستا والآوفيس 2007 على الحاسبات والخاصة بالمحترفين-حيث كنت أنا رئيس قسم الحماية من القرصنة لمايكروسوفت لبنان والشرق الاوسط وباكستان-لاادري هل تذكرني-وتعرفت اليك حينها وأبديت لك اعجابي بك كخبير المعلوماتية العراقي وعلمك واسلوبك الرائع في حينها-لا ادري هل لازلت في لبنان مقيم ام انت في الولايات المتحده كما ارى من العلم الامريكي جانب اسمك-يسعدني اللقاء بك مرة ثانيه-وزادك الله علما


اهلا بك أستاذ علي-بكل تأكيد أذكرك-وكيف أنسى شخصية رائعه ومهمة وطيبة مثل جنابكم الكريم--أهلا بك في هذا الموقع المهم الذي يضم خيرة الخبراء في العالم بمجال المعلوماتيه والبرامجيات واتمنى لك وقتا ممتعا ومفيدا معنا..وأشكرك الشكر الكبير على أهتمامك وكلماتك الطيبة بمواضيعي التدريبية التي أقدمها..بالنسبة لي أنا مقيم حاليا في الهند ولكن اتردد نعم على الولايات المتحده ثلاث او اربع مرات بالسنة لحضور بعض المؤتمرات المهمه فيها..أكرر لك شكري وترحيبي بك..ويمكنك مراسلتي دائما من المسنجر الجانبي لهذا الموقع ان احببت ان تسئلني عن اي اشياء خاصة..مرحبا بك سيدي الكريم

#60 Jamal H. Naji

Jamal H. Naji

    Frequent Member

  • Tutorial Writer
  • 178 posts
  •  
    United States

Posted 30 November 2010 - 10:41 PM

Dear all, I would really thank you for all your replies and inputs, it really enriched this subject with great expertise that each one of you have, I do appreciate all what you said, and I really do take them into consideration and practice them in my work, regardless if I agree with them or not, and regardless the results are identical to your knowledge or not, because the first thing I consider is that very valuable knowledge you all have that any one at all can benefit from. I just would like to add a little acknowledgement here that this tutorial is intended for beginners not for experts, beginners like business men, or normal users that would like to replace their PCs or HDDs for any reason, and they need to make sure nothing personal is left behind in their PCs, so I find it ideal to do what I mentioned in my tutorial, that by default comes with lots of step by step pictures, so to make things easy for them, actually not just normal users will benefit from this tutorial with all its pictures, but also professionals in the calibre of Nuno Brito, you can refer to his input early in this forum about this subject, simply because many of us maybe have not went thru testing some programs, and those pictures will definitely help. Thank you all again, your input in this subject really satisfied me and made me more knowledgeable.

#61 steve6375

steve6375

    Platinum Member

  • Developer
  • 7566 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films
  •  
    United Kingdom

Posted 14 May 2020 - 05:57 PM

To implement a cold boot attack on a 32-bit or 64-bit MBR system see http://rmprepusb.blo...attack-now.html



#62 Guest_AnonVendetta_*

Guest_AnonVendetta_*
  • Guests

Posted 14 May 2020 - 07:26 PM

I don't get this.....it shouldn't be necessary to encrypt anything before wiping. Just do a single pass zerofill, all data should be utterly destroyed. Or, if you're really paranoid, you can do a 3 pass zerofill like the 3 letter agencies do before discarding drives for physical destruction. Although in practice, noone has ever proven that anything more than a single pass is effective. Doing more than one is really a "just in case" thing. In short, overkill.

#63 life is system32

life is system32

    Newbie

  • Members
  • 10 posts
  •  
    Canada

Posted 25 May 2020 - 06:03 AM

There’s a known fact that it is impossible to permanently destroy data just by formatting a hard drive. It doesn't matter if you use Windows formatting or pay for a commercial disk formatting program or use any free alike software. It won’t work.

 

In its essence formatting a drive is the same as deleting files in Windows and then removing them off Recycle Bin. Just a small bits of information (links to files) are removed but the files still reside on the hard drive and it is very easy to recover them using either commercial solution or one of the free powerful applications for data recovery out there on the net. That's why you may want to use a powerful software specialized in hard drive data wiping, to shred the drive partition beyond any possible recovery, BUT the big question will always be, is that enough?

 

The answer was always proven as simply NO! Read This article by PC WORLD (Hard Drives Exposed) to see how much data can be recovered from your hard drive!

As a proven method, wiping the hard drive should be your second step, not the first step, so what is the first step?

The first step is the perfect and ultimate GO SAFE & GREEN solution other than physically destroying your hard drive with a sledge hammer and increase the earth pollution, is to ENCRYPT that hard drive before engaging any wipe method, so it is not possible to recover any data after encrypting and then wiping it, and all what will be recovered is an encrypted unreadable nonesence files that is impossible to know what it is and impossible to decipher.

 

This is what I personally do, before I get rid of an old hard drive by donating it or by passing it to a friend, or selling it on eBay, or even if I want to use the same hard drive again as a clean and empty hard drive with no previous data on it, and today I am going to show you how:

We are going to download my preferred free, and surprisingly so powerful programs that I personally use in my daily routine, to make a demonstration in this tutorial, of course you can use different free or commercial software later for this purpose, but for now we are going to use the following, good luck:

1- Download TrueCrypt (3.3 MB) from HERE, it’s a free powerful open source disk encryption software, execute the (TrueCrypt Setup 7.0a.exe) and choose to extract the program to a folder on your desktop, we will use this method so to use the program as portable, without installation, and for easy access directly to the needed files inside that folder.

0001iv.jpg

002ecc.jpg

2- Download Hard Drive Eraser 2.0 from HERE, it’s a portable one icon program and very light (617 KB), yet very reliable and powerful tool to securely wipe any hard drive with 4 different methods of your choice (write zeros, DOD 5220-22.M-military grade 3-passes, 4 passes US Army method, and Peter Guttman 32 passes), and uses FAT, FAT32, NTFS format methods.

3- I am going to use a 4 GB thumb drive for this demonstration, and I am going to put different types of files on it, and see in the end what will I get back of them after encrypting then destroying them – this is what the data inside the thumb drive looks like now-:

001dpy.jpg

4- Now I will format that drive with NTFS so I can encrypt it with True crypt, after format I open the folder (TrueCrypt) and execute (TrueCrypt Format.exe ) with elevated privileges(Run as administrator) since am working from Windows 7 in this tutorial:

002akm.jpg

5- The wizard will start and I will choose Encrypt a non-system partition/drive and click on Next:

004jto.jpg

6- Next screen I choose Standard TrueCrypt Volume:

005qhj.jpg

7- Next screen I browse to the thumb drive and mark the never save history option, then I hit the Next button:

006wu.jpg

8- Next screen I choose Encrypt Partition in Place and I hit Next button:

007sh.jpg

9- Next screen I receive a warning, I hit Yes to proceed:

008kg.jpg

10- Next screen I get the chance to choose the Encryption Algorithm, and the Hash Algorithm, I just keep them on default, they are more than sufficient, and I hit Next button:

009uv.jpg

11- Next screen I will not choose a password, instead I will be more wicked, and am going to let the program generate a super complicated key for me so nobody ever (rest assured) will know what is the key to decipher any recovered data in this thumb drive, mark the use key files, and hit the Key files button, as you see in picture below:

010la.jpg

12- Next screen click on Generate Random Key file:

011gkl.jpg

13- Next screen I hover the mouse over those “MATRIX” numbers for a minute or so before I hit Generate and Save Key file:

012ta.jpg

14- Next I will have to save the key file on desktop, I will use it next step, and I will name it keys:

013fv.jpg

15- Key file created successfully, click OK:

014jro.jpg

16- Next is to add that key file I saved on desktop, and click OK:

015exb.jpg

17- Now just hit Next:

016tt.jpg

18- Next screen mark the Display pool content, and hover again over those “MATRIX” moving numbers randomly for another minute or so before you hit next button:

017cv.jpg

19- Next screen keep the Wipe method to the default (None) because we are not going to wipe the disk now, we do that later, so hit Next:

018do.jpg

20- Now click Encrypt button:

019mt.jpg

21- A warning pop up informing you that during encryption you will not be able to use that drive, click Yes:

020ky.jpg

22- The encryption will start and will take more than an hour for a 4 GB, almost 10 hours for a 500 GB, but it’s worth the wait:

021ep.jpg

23- When done you have to click OK & OK for the next 2 warnings, then click on Finish to close and Exit the program:

022sy.jpg

023me.jpg

024sb.jpg

24- Now the drive is encrypted and cannot be used or opened without using TrueCrypt program and providing the key you encrypted the drive with, but since we do not want to decrypt the drive, but we need to destroy the data inside forever, and make any recoverable data inside that disk unreadable at all, so first thing we need to format the drive again, so right click on that thumb drive and format it with what you prefer, Fat,Fat32,NTFS, it’s your choice, after that, start the Hard Disk Eraser Program, be careful to choose the thumb drive and not any other drive in your pc by mistake, and mark the quick format, and keep the default NTFS, and DOD method of wiping the disk, and click START button:

028lz.jpg

25- A confirmation window, click on Yes:

029ik.jpg

26- Another confirmation window ask me to input the word ERASE in capital letters and hit the OK button to proceed:

030jm.jpg

27- The program will start formatting then wiping the drive, if you see an error message, stop the program and close to exit, then go reformat the thumb drive again:

031ofx.jpg

28- After you formatted the thumb drive again and started the eraser, if you see that the Volume label is BLANK, then you know everything is going fine, and the wiping of the drive is properly functioning:

032ys.jpg

29- Wiping a 4 GB drive shouldn’t take long, maybe less than an hour or so, or maybe more depending on the health status of that drive, and the speed and power of your PC too:

033ie.jpg

30- When done you should see Erasing Disk Completed, so you can close the program to exit:

034vo.jpg

31- Now your thumb drive is completely encrypted and wiped off any usable or readable data, so even if there is a possibility of data recovery, no one ever can decipher that recovered data, I am going to test this by using a really powerful data recovery software that can recover even encrypted data, it’s a $140 single license software from Disk Internals, I will use their latest & ultimate program ( Disk Internals Partition Recovery 3.7 ) and put that thumb drive to a government like test:

041fq.jpg

32- The result is what you see in picture below, nothing but junk unreadable files, and we are done with this tutorial after we succeeded in our mission:

042yy.jpg

============================================================
cm10468x60webanimation.gif
============================================================
My Other Topics & Tutorials HERE
============================================================
Free Security Check-Ups
Many computer security vendors offer free computer security checks for your computer. Visit this link to check your computer for known viruses, spyware, and more and discover if your computer is vulnerable to cyber attacks.
============================================================

 

 

There’s a known fact that it is impossible to permanently destroy data just by formatting a hard drive. It doesn't matter if you use Windows formatting or pay for a commercial disk formatting program or use any free alike software. It won’t work.

 

In its essence formatting a drive is the same as deleting files in Windows and then removing them off Recycle Bin. Just a small bits of information (links to files) are removed but the files still reside on the hard drive and it is very easy to recover them using either commercial solution or one of the free powerful applications for data recovery out there on the net. That's why you may want to use a powerful software specialized in hard drive data wiping, to shred the drive partition beyond any possible recovery, BUT the big question will always be, is that enough?

 

The answer was always proven as simply NO! Read This article by PC WORLD (Hard Drives Exposed) to see how much data can be recovered from your hard drive!

As a proven method, wiping the hard drive should be your second step, not the first step, so what is the first step?

The first step is the perfect and ultimate GO SAFE & GREEN solution other than physically destroying your hard drive with a sledge hammer and increase the earth pollution, is to ENCRYPT that hard drive before engaging any wipe method, so it is not possible to recover any data after encrypting and then wiping it, and all what will be recovered is an encrypted unreadable nonesence files that is impossible to know what it is and impossible to decipher.

 

This is what I personally do, before I get rid of an old hard drive by donating it or by passing it to a friend, or selling it on eBay, or even if I want to use the same hard drive again as a clean and empty hard drive with no previous data on it, and today I am going to show you how:

We are going to download my preferred free, and surprisingly so powerful programs that I personally use in my daily routine, to make a demonstration in this tutorial, of course you can use different free or commercial software later for this purpose, but for now we are going to use the following, good luck:

1- Download TrueCrypt (3.3 MB) from HERE, it’s a free powerful open source disk encryption software, execute the (TrueCrypt Setup 7.0a.exe) and choose to extract the program to a folder on your desktop, we will use this method so to use the program as portable, without installation, and for easy access directly to the needed files inside that folder.

0001iv.jpg

002ecc.jpg

2- Download Hard Drive Eraser 2.0 from HERE, it’s a portable one icon program and very light (617 KB), yet very reliable and powerful tool to securely wipe any hard drive with 4 different methods of your choice (write zeros, DOD 5220-22.M-military grade 3-passes, 4 passes US Army method, and Peter Guttman 32 passes), and uses FAT, FAT32, NTFS format methods.

3- I am going to use a 4 GB thumb drive for this demonstration, and I am going to put different types of files on it, and see in the end what will I get back of them after encrypting then destroying them – this is what the data inside the thumb drive looks like now-:

001dpy.jpg

4- Now I will format that drive with NTFS so I can encrypt it with True crypt, after format I open the folder (TrueCrypt) and execute (TrueCrypt Format.exe ) with elevated privileges(Run as administrator) since am working from Windows 7 in this tutorial:

002akm.jpg

5- The wizard will start and I will choose Encrypt a non-system partition/drive and click on Next:

004jto.jpg

6- Next screen I choose Standard TrueCrypt Volume:

005qhj.jpg

7- Next screen I browse to the thumb drive and mark the never save history option, then I hit the Next button:

006wu.jpg

8- Next screen I choose Encrypt Partition in Place and I hit Next button:

007sh.jpg

9- Next screen I receive a warning, I hit Yes to proceed:

008kg.jpg

10- Next screen I get the chance to choose the Encryption Algorithm, and the Hash Algorithm, I just keep them on default, they are more than sufficient, and I hit Next button:

009uv.jpg

11- Next screen I will not choose a password, instead I will be more wicked, and am going to let the program generate a super complicated key for me so nobody ever (rest assured) will know what is the key to decipher any recovered data in this thumb drive, mark the use key files, and hit the Key files button, as you see in picture below:

010la.jpg

12- Next screen click on Generate Random Key file:

011gkl.jpg

13- Next screen I hover the mouse over those “MATRIX” numbers for a minute or so before I hit Generate and Save Key file:

012ta.jpg

14- Next I will have to save the key file on desktop, I will use it next step, and I will name it keys:

013fv.jpg

15- Key file created successfully, click OK:

014jro.jpg

16- Next is to add that key file I saved on desktop, and click OK:

015exb.jpg

17- Now just hit Next:

016tt.jpg

18- Next screen mark the Display pool content, and hover again over those “MATRIX” moving numbers randomly for another minute or so before you hit next button:

017cv.jpg

19- Next screen keep the Wipe method to the default (None) because we are not going to wipe the disk now, we do that later, so hit Next:

018do.jpg

20- Now click Encrypt button:

019mt.jpg

21- A warning pop up informing you that during encryption you will not be able to use that drive, click Yes:

020ky.jpg

22- The encryption will start and will take more than an hour for a 4 GB, almost 10 hours for a 500 GB, but it’s worth the wait:

021ep.jpg

23- When done you have to click OK & OK for the next 2 warnings, then click on Finish to close and Exit the program:

022sy.jpg

023me.jpg

024sb.jpg

24- Now the drive is encrypted and cannot be used or opened without using TrueCrypt program and providing the key you encrypted the drive with, but since we do not want to decrypt the drive, but we need to destroy the data inside forever, and make any recoverable data inside that disk unreadable at all, so first thing we need to format the drive again, so right click on that thumb drive and format it with what you prefer, Fat,Fat32,NTFS, it’s your choice, after that, start the Hard Disk Eraser Program, be careful to choose the thumb drive and not any other drive in your pc by mistake, and mark the quick format, and keep the default NTFS, and DOD method of wiping the disk, and click START button:

028lz.jpg

25- A confirmation window, click on Yes:

029ik.jpg

26- Another confirmation window ask me to input the word ERASE in capital letters and hit the OK button to proceed:

030jm.jpg

27- The program will start formatting then wiping the drive, if you see an error message, stop the program and close to exit, then go reformat the thumb drive again:

031ofx.jpg

28- After you formatted the thumb drive again and started the eraser, if you see that the Volume label is BLANK, then you know everything is going fine, and the wiping of the drive is properly functioning:

032ys.jpg

29- Wiping a 4 GB drive shouldn’t take long, maybe less than an hour or so, or maybe more depending on the health status of that drive, and the speed and power of your PC too:

033ie.jpg

30- When done you should see Erasing Disk Completed, so you can close the program to exit:

034vo.jpg

31- Now your thumb drive is completely encrypted and wiped off any usable or readable data, so even if there is a possibility of data recovery, no one ever can decipher that recovered data, I am going to test this by using a really powerful data recovery software that can recover even encrypted data, it’s a $140 single license software from Disk Internals, I will use their latest & ultimate program ( Disk Internals Partition Recovery 3.7 ) and put that thumb drive to a government like test:

041fq.jpg

32- The result is what you see in picture below, nothing but junk unreadable files, and we are done with this tutorial after we succeeded in our mission:

042yy.jpg

============================================================
cm10468x60webanimation.gif
============================================================
My Other Topics & Tutorials HERE
============================================================
Free Security Check-Ups
Many computer security vendors offer free computer security checks for your computer. Visit this link to check your computer for known viruses, spyware, and more and discover if your computer is vulnerable to cyber attacks.
============================================================

 

"There’s a known fact that it is impossible to permanently destroy data just by formatting a hard drive. It doesn't matter if you use Windows formatting or pay for a commercial disk formatting program or use any free alike software. It won’t work." How can it be recovered? I have tried Recuva and other programs but many times it doesnt show much, after the drive has been overwritten,.
 



#64 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 25 May 2020 - 12:03 PM

"There’s a known fact that it is impossible to permanently destroy data just by formatting a hard drive. It doesn't matter if you use Windows formatting or pay for a commercial disk formatting program or use any free alike software. It won’t work." How can it be recovered? I have tried Recuva and other programs but many times it doesnt show much, after the drive has been overwritten,.
 

Known by whom? :w00t:

 

Try using any Vista or later format WITHOUT the /q or quick switch and then try recovering anything (with Recuva or whatever other tool).

 

Also, you cannot format a hard drive (disk) only a partition or volume (what gets a drive letter in Windows).

 

And of course you can do a single pass of 00's both on the volume partition and to the hard drive (whole disk) with third party tools.

 

:duff:

Wonko






1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users