Jump to content











Photo

Software to wipe a systemdrive from Windows?


  • Please log in to reply
164 replies to this topic

#26 rog

rog
  • Members
  • 9 posts
  •  
    France

Posted 15 January 2011 - 01:54 AM

well

lets explain it better

erase native windows system drive under windows is just not possible
when erase means zero-fill (write every clusters to 0)

so we need to run the erase/wipe soft out of native windows (dos/linux)
you can boot on pxe/floppy/cd/usb and run the tool (my favorite is mhdd and active kill disk)

mhdd has a grafical interface i first launch a scan command to check the hd health
then erase command
then another scan command with destructive option and time out to 1
then another scan command with remap option

on a correct hd the speed is over 30MB/S

then for people talking about low level formatting

this just doesn't exists anymore

low level format on very old hard drive is stripping the hd plate magnetic cover
i have heard this is not allowed from firmware anymore

people talking about low level format means zero fill and its not so easy to recover

regards

rog

Edited by rog, 15 January 2011 - 01:55 AM.


#27 sambul61

sambul61

    Gold Member

  • Advanced user
  • 1568 posts
  •  
    American Samoa

Posted 15 January 2011 - 01:54 AM

Quite interesting experience sharing so far in Data Wiping. Anyone is brave enough to comment on how selecting such wipe soft parameters as "sector size" affects wipe speed and completeness of data erasure?

#28 costinel

costinel

    Newbie

  • Members
  • 12 posts

Posted 15 January 2011 - 01:55 AM

Well the answer to his question in complete form is 'no, sorry, not really possible'.

Any software that can do a atapi secure erase is the best/fastest hard disk erase there is. One pass, *every* physical sector erased. In fact there is no other way to delete data that is on re-allocated sectors. All that dod stuff is pretty useless if it doesn't do the re-allocated sectors.

MHDD and Victoria can do it fine. There is a MHDD floppy boot disk. Google 'MHDD' or use Hiren's boot cd (it has a gui! Kind of.)

R


i think he only wants to clean it before giving it away.
either dd-based things or ata erase will do
the question is how to do this when you don't have anything but the windows install and a floppy drive.

since he did not mention a cd, my solution gives him a one-chance shot. by loading linux into ram from the very same hard drive, he will be able to either dd or issue ata security erase.

#29 droider

droider
  • Members
  • 4 posts
  •  
    United States

Posted 15 January 2011 - 01:59 AM

Try http://eraser.heidi.ie/

#30 costinel

costinel

    Newbie

  • Members
  • 12 posts

Posted 15 January 2011 - 02:00 AM

Quite interesting experience sharing so far in Data Wiping. Anyone is brave enough to comment on how selecting such wipe soft parameters as "sector size" affects wipe speed and completeness of data erasure?

this comes from empirical experience rather than calculus, but i've noticed the best throughput with dd bs=16M or bs=32M

#31 connetport

connetport

    Newbie

  • Members
  • 12 posts
  •  
    France

Posted 15 January 2011 - 02:03 AM

HDD Low Level Format Tool is a freeware utility for low-level hard disk drive formatting.

* Supported interfaces: S-ATA (SATA), IDE (E-IDE), SCSI, USB, FIREWIRE. Big drives (LBA-48) are supported.
* Supported Manufacturers: Maxtor, Hitachi, Seagate, Samsung, Toshiba, Fujitsu, IBM, Quantum, Western Digital.
* The program also supports low-level formatting of FLASH cards using a card-reader.

This freeware Low Level Format utility will erase, Low-Level Format and re-certify a SATA, IDE or SCSI hard disk drive with any size of up to 281 474 976 710 655 bytes. Will work with USB and FIREWIRE external drive enclosures. Low-level formatting of Flash Cards is supported too. Low Level Format Tool will clear partitions, MBR, and every bit of user data. The data cannot be recovered after using this utility. The program utilizes Ultra-DMA transfers when possible.

WARNING: After running this free low level format tool, the whole disk surface will be fully erased.
Therefore, data restoration will be impossible after using this utility!

http://hddguru.com/s...el-Format-Tool/


I insist that, after a low level formating, data restoration is possible.
A low formating puts 0 in any sectors of the hard drive.

However, the hard drive being magnetic (i suppose that it's not a SSD or Flash based drive), data restoration is possible via magnetic residual ...... Any classic hard drive is magnetic and the hard drive, in each part of him, must manage what we call comonly "errors" .... those errors are due to the old datas that are stored on the hard drive, he recognize which is the real one thanks to the "force" of the value (the olders value being weaker).
So a simple tool of 50 USD can retrieve your old data by reading those errors and discarding the real one (zeros in the case of low formating)

It is said that you must write up to 7 times on the same place to totally erase the older values ....... however that data depend on the hard drive brand and model. So if you want to securely erase the hard drive you must at least do 7 times the low formating process and it's quite long ....... that's why I suggest DBAN that writes specials values that "wipe/encrypts" the possible older values.

#32 costinel

costinel

    Newbie

  • Members
  • 12 posts

Posted 15 January 2011 - 02:12 AM

I insist that, after a low level formating, data restoration is possible.
[...]
So a simple tool of 50 USD can retrieve your old data by reading those errors and discarding the real one (zeros in the case of low formating)
[...]


stop it, please. there's no single data recovery which has been performed after a full dd with zeros. period.

http://hostjury.com/...ains-unaccepted

read this before attempting to reply. everyone else who attempts to reply with yada-yada seven levels of magic minimum overwrite please read above.

#33 rog

rog
  • Members
  • 9 posts
  •  
    France

Posted 15 January 2011 - 02:20 AM

sure

lets explain a little more

low level formatting = strip last magnetic layer and doesn't exist anymore

format = create a new magnetic layer
wipe/erase/zero-fill = write on an existing magnetic layer

zero-fill makes data unrecoverable on the writed magnetic layer ==> of course the new value is 0

using some forensic tools you may be able to get data from magnetic underlayer but not on actual layer

i hope it helps

regards

rog

#34 hakkafusion

hakkafusion
  • Members
  • 3 posts
  •  
    Canada

Posted 15 January 2011 - 02:27 AM

hirens 10.6 or ultimate bootcd -> dban
otherwise, i find that just copy data you dont need ie. tv shows and fill the whole drive would work too, since it overwrites all existing/leftover bytes on the old drive. actually that's what i've done lately instead of using dban lol

#35 droider

droider
  • Members
  • 4 posts
  •  
    United States

Posted 15 January 2011 - 02:40 AM

Additional Reading
http://en.wikipedia....ecurity_Program
http://storagesecret...d-secure-erase/
http://cmrr.ucsd.edu...cureErase.shtml
http://www.jetico.com/wiping-bcwipe/

#36 homes32

homes32

    Gold Member

  • .script developer
  • 1030 posts
  • Location:Minnesota
  •  
    United States

Posted 15 January 2011 - 02:45 AM

Hey Medevil,

I made a slightly modified dban iso you are welcome to use/tweak.
its as about as easy as you can really get for a non experienced user while still employing some safeguards.
just boot the CD and type the confirmation phrase.
if you wish edit in the iso and comment out the following lines to remove the interactive option if you like to be extra dummy proof.

ISOLINUX.CFG - comment out the following lines with #

LABEL  dban

KERNEL dban.bzi

APPEND nuke="dwipe" silent

Warning.txt - remove the following line

  * Type 1fdban17 to start dban in interactive mode.

Posted Image
dban-2.2.6_i586_Homes32_Custom.iso

I haveen't seen any program that lets you start wiping from inside windows.

regards,
Homes32

#37 objsys

objsys
  • Members
  • 1 posts
  •  
    Ireland

Posted 15 January 2011 - 03:16 AM

If your friend is trying to sell the laptop with the OS still installed (i.e. no hardship re-installing the OS) and isn't unduly concerned what content may still be on the laptop (e.g. pr0n etc) then "CCLeaner" may be adequate.

. Uninstall all programs not relevant to sale from "Control Panel".
. Delete any non relevant files (docs, spreadsheets etc backed up first of course)
. Install and run CCLeaner. This will clear caches, unused registry entries, unused disk space and more.

Otherwise, if a complete wipe is required then most of the suggestions provided by others are sound.

#38 balzanto

balzanto
  • Members
  • 5 posts
  •  
    United States

Posted 15 January 2011 - 03:31 AM

If you want to erase files only then put Eraser Portable on a USB and have at it. You can also erase free space with Eraser. Remove all applications using Control Panel or Uninstalls, use Eraser on My Docs, temp files, caches, and other users files, use Eraser to wipe free space.

If you want to wipe the entire disk, create a WinPE and Diskpart CLEAN -all, or add HDD Wipe from http://hddguru.com/s...-HDD-Wipe-Tool/, boot and run.

#39 rasker

rasker

    Newbie

  • Members
  • 23 posts
  • Location:London, UK
  •  
    United Kingdom

Posted 15 January 2011 - 03:58 AM

not sure what happened but the forum seems to have lost my last post.

Just to say that all these software tools mentioned (dban etc) are from a bye gone era when there was no direct access to the drive's firmware and no standard to tell a drive to erase itself. They do not wipe a drive completely. The most secure erase is the ATAPI secure erase function carried out by the drive firmware. This atapi command can only be accessed by tools like MHDD, Victoria and linux's hdparm. It is also the fastest as it is carried out by the drive itself in a single pass without having to pass data back and forth to the PC. If anything is 'faster' then it is not erasing the *whole* drive.

Check out the talks by Scott Moulton on hard disk recovery on you tube to get the complete low down on why this is so.

Particularly the series "10 things about hard drives"


#40 mkruger

mkruger
  • Members
  • 5 posts
  •  
    United States

Posted 15 January 2011 - 05:18 AM

The Center for Magnetic Recording Research has an ATA Secure Erase freeware download that contains an ISO file that can be burned to disk. I have not used it, but quickly skimmed their PDF explanation of their method. It sounds quite good.

http://cmrr.ucsd.edu...cureErase.shtml

Edited by mkruger, 15 January 2011 - 05:19 AM.


#41 was_jaclaz

was_jaclaz

    Finder

  • Advanced user
  • 7100 posts
  • Location:Gone in the mist
  •  
    Italy

Posted 15 January 2011 - 11:03 AM

Yep. :thumbsup:

The:
http://cmrr.ucsd.edu...cureErase.shtml

Is actually the BEST (in the sense of faster, and ACTUALLY validated) way.

The reason is that it doesn't (like most other solutions) use any actual "external software", but rather it initiates an INTERNAL command residing inside the actual drive, part of the ATA (BOTH "P-ATA" and "S-ATA" drives have this internal command) standard.

If you prefer - apart from the initial triggering command - no data actually goes through the OS and through the disk drive interface and data cable, everything is done internally, this - expecially on PATA drives makes a HUGE speed difference.

Of course other software may use the same approach, but AFAIK most of the suggestion till now use their own "External" procedures.

There is NO need whatsoever to do ANYTHING but a single "wipe" pass with 00's and most software can do this.

For the record, the way the "normal" Format command under windows has changed:
under NT/2K/XP/2003 the Format command NEVER wipes a drive
under Vista :ph34r:/2008/7 the Format command ALWAYS wipes a drive UNLESS th e/q switch is specified

Please understand that UNLIKE the mentioned tools the Format command operates on Drives (NOT on Disks - whole disks) so using it under Vista :ph34r:/2008/7, without the /q switch will wipe the Volume or partition and a very small amount of data (hidden sectors and unpartitioned space) will NOT be wiped.

:cheers:
jaclaz

#42 betrand

betrand

    Frequent Member

  • Advanced user
  • 467 posts
  •  
    France

Posted 15 January 2011 - 02:23 PM

Use hxd, open disk, readable, select block (all), paste/ replace with FF.
Or am I wrong?

#43 sschnee

sschnee
  • Members
  • 1 posts
  •  
    Germany

Posted 15 January 2011 - 02:25 PM

Install Truecrypt. Start "Truecrypt Format.exe" in installation Folder of Truecrypt with Parameter /N (make a link to this program and add the parameter, then start it).

Encrypt the drive/partition you want delete with a long password (15 chars or more). You can also encrypt the system drive with Windows on it.

Forget the password. Now the system is secure erased.

Works with gui and in a running Windows.

sschnee

#44 billonious

billonious

    Silver Member

  • .script developer
  • 528 posts
  • Location:greezeland
  • Interests:curiosity

Posted 15 January 2011 - 02:32 PM

my liking on the free version of Active Kill Disk . Both windows & dos executables. The dos one can be installed either in flashpen or in floppy. Friendly gui, pretty safe & easy.

#45 rasker

rasker

    Newbie

  • Members
  • 23 posts
  • Location:London, UK
  •  
    United Kingdom

Posted 15 January 2011 - 02:37 PM

These are all ways to format or otherwise clear a drive. They provide no gaurantees that the drive is erased thus they don't securely erase the drive. User data still potentially exists on the drive (admittedly it's probably very hard to access). The only method that should be used to erase a drive is the ata secure erase method.

Please watch the series of video's I have linked above.

#46 betrand

betrand

    Frequent Member

  • Advanced user
  • 467 posts
  •  
    France

Posted 15 January 2011 - 02:39 PM

From dosboot floppy (you could launch it in ram from hd0/grub), use ptsde editor, very simple, you can probably select whole block, replace/ fill FF or 00.

#47 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14789 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 15 January 2011 - 03:04 PM

Carpenter's comparison needed. :thumbsup:

To drive a nail into a wooden plank you can use:
  • a hammer
  • your bare hands
  • your head
  • your mental powers (if any)
  • a rock
  • a 15 Ton hydraulic jack and a dedicated contrasting structure
  • etc.

If you try ALL of them, you will see that the simplest one (the specific tool created EXACTLY for that purpose - in cooperation with nail manufacturers and professional users) is the most quick, handy, and effective.

AGAIN, all ATA compliant devices have an internal command to do the wiping.
This is faster, and guarantees an effective wiping of the disk (not of a drive or partition or volume, but of the WHOLE disk).

:ph34r:
Wonko

#48 bobsobol

bobsobol

    Member

  • Members
  • 31 posts
  •  
    United Kingdom

Posted 15 January 2011 - 03:41 PM

I can't believe nobody's mentioned these two (or maybe I missed them).

First

Prerequisites, as I understand them:-
  • Must work with a GUI
  • Must work from the drive you are erasing (not possible)...
    or
  • from a floppy disk.

Inferences:-
  • There seems to be no optical drive
  • There are no USB ports. (or, if there are they aren't bootable)
  • There is no mention of a second system to place the drive in, so we assume he hasn't got one.
  • There is no mention of Network boot options, so we have to assume there is not PXE capable boot server on his network.
  • He's not asking for a "secure wipe". I presume he just doesn't want someone else working on his profile with all his settings.
  • Maybe he just wants to keep his OS license, and the buyer should get their own OS.

For most of us, this sounds like a tall to impossible order. However, back in the days of DOS we used to Del C: and the hard disk would be blank. (Forensic analysis could get a lot of data back, but to the average to highly skilled user the drive is wiped. Re-Partitioning would render any attempt to "Unformat" kinda pointless too. You could get fragments of files, but what they where meant to be is often anyone's guess. That's where the forensic expert comes in.

There are still at least 2 GUI based, Windows "like" tools which will boot from a floppy disk, and perform a reformat / re-partition for *FREE*. No money asked. Because of the "floppy disk" limitation, they are *NOT* Linux or Windows PE based. (Even something like DSL "Damn Small Linux" had difficulty doing this sort of thing in a GUI.) They come with their own minimal OS, on the floppy.

Here are my suggestions:-
  • Terrabyte Unlimited BootIt NG. Posted Image
    Actually designed as a boot manager, and installable (if desired) from the floppy. But also comes with quite a powerful Windows 2000 like GUI and very competent drive and partition manager built in.(Installing to your boot record is when you should "pay" for it, until then everything works in the demo from floppy.)
  • VisOpSys or rather it's "Partition Logic" partition manager.
    Posted Image
    Which comes with VisOpSys, but is also available with a minimal OS boot floppy to reduce the download, and complexity. (Sounds just the trick doesn't it)

Either of these should meet both your friends technical skill, and hardware limitations. :thumbsup:

Edited by bobsobol, 15 January 2011 - 04:03 PM.


#49 sambul61

sambul61

    Gold Member

  • Advanced user
  • 1568 posts
  •  
    American Samoa

Posted 15 January 2011 - 04:10 PM

This U-Tube & CMRR discussion about allegedly "approved" OR "supported" OR "initiated" by "Government" ATA Secure Erase, and its absolute potency in making a wiped disk unrecoverable reminds me similar talks not so long ago about security of new PGP releases. :thumbsup:

PGP: Backdoors and Key Escrow
PGP, Pellicano and "password-divining system"

An interesting question: why would a forensic recovery expert actively promote a wipe system via a major media channel like U-Tube that may result in him being left out of work and income? If wiped by ATA Secure Erase data is not recoverable by any means, would he talk about it on every corner thus encouraging even the most stupid criminal to wipe their data? And...who finances CMRR research efforts & publications (including these for public consumption) to begin with?

#50 bobsobol

bobsobol

    Member

  • Members
  • 31 posts
  •  
    United Kingdom

Posted 15 January 2011 - 04:34 PM

If security was the issue, I'd say take the drive out and pass a degaussing rod over it in a circular motion for 15 - 20 mins.

A cheap degaussing rod can be made by splitting the coils of a domestic transformer, housing it in a Tandy Project box, (so you don't electrocute your self) and powering the remaining coil up.

I'm working on the idea that "security" and "forensic analysis" is not the issue here, Ease of use by someone who can't work without a graphical UI is the issue. Someone who can't work a BIOS settings screen, let alone the many console based UIs. Someone who would probably just about manage a Mac after a couple of month, but would probably never get their head around even KDE, let alone Gnome or Enlightenment.

--- EDIT ---
So, I've looked at "SecureErase", and if this command is on my drive (and with no optical and no USB I'm guessing this drive is pre y2K and may well not have this command anyway) why do I need to download an ISO to execute it? Why isn't there a button or jumper on my hard disk to activate it without a PC attached?

Also, how is this guy supposed to "burn" this ISO, let alone boot it with no Optical drive, and no USB boot? Where is the floppy disk, or setup.exe for Windows running from the drive he wants to erase?

I'm not saying this isn't a good thing. "SecureErase" looks great. It's fast and probably as secure as ZeroFil or what-ever. It would have to pass DoD standards, anyway. But it doesn't seem to be available in a format the OP can actually use. It's both overkill, and over-complex.

Edited by bobsobol, 15 January 2011 - 04:51 PM.





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users