Jump to content











Photo

Software to wipe a systemdrive from Windows?


  • Please log in to reply
164 replies to this topic

#51 sambul61

sambul61

    Gold Member

  • Advanced user
  • 1568 posts
  •  
    American Samoa

Posted 15 January 2011 - 04:48 PM

A neighbor and friend, who moved away a few months ago, called me, because he wants to sell his old computer and remembered, me telling him about wiping a hdd rather than smashing it.

Haven't that U-Tube guy told that selling a used (presumably wiped) HDD is a bad idea anyway? :thumbsup:

#52 bobsobol

bobsobol

    Member

  • Members
  • 31 posts
  •  
    United Kingdom

Posted 15 January 2011 - 04:57 PM

@sambul61: Yes, but he's talking about DoD / FBI / CIA / Hospitals / Lawyers / Bank Managers and people who have "private and confidential" files on their system which could cost a lot of money in suits for public release of private data belonging to others.

You know when you don't tick the box to allow an organisation to share your personal info with others? That stuff.

My guess is that this is someones home computer, and they don't want their family photos, porn trail, credit card transactions and software license keys getting sold with the PC.

Forensic analysis is too expensive to retrieve such petty data.

It's not like he's got plans for a secret U.S. experimental Fighter Jet, Undercover Operatives personnel records or Al Queda bombing run plans on it. lol

#53 sambul61

sambul61

    Gold Member

  • Advanced user
  • 1568 posts
  •  
    American Samoa

Posted 15 January 2011 - 05:14 PM

I understand. Though it includes also bank web passwords & sensitive browser cookies, etc., interesting for data sellers browsing EBay for fresh meat.

Cybercrime Grit & Grime

Btw, no-one seems to mention downloading one of the above ISO's, saving it to hard disk, adding Grub4DOS to BCD Boot Menu, and booting the ISO to RAM to wipe the HD thus meeting or exceeding published DoD data wipe standards. :thumbsup:

#54 bobsobol

bobsobol

    Member

  • Members
  • 31 posts
  •  
    United Kingdom

Posted 15 January 2011 - 05:22 PM

Yea... but TBH even emptying Bill Gates private bank account doesn't cover the cost of recovering data from a full format and sifting through all the messed up data that remains. (not quick format, that is too easy)

How are you going to put Grub3DOS and an ISO on to a floppy?

If you mean installing it to the hard disk you want to wipe, how are you going to get that off again ready to sell the PC? Will it wipe it's self while running from the RAM drive? (maybe)

It can be done... but again, I think it will be technically beyond someone who can't live without a start menu. lol Unless you can package it up with a setup program which does all the dirty work for you.

I don't know of a pre-made package like that. I know how *I* could do it, but I don't know how I would tell a lUser how to do it.

#55 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14757 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 15 January 2011 - 05:39 PM

@bobsobol
Again, partition tools deal with partitions.
Disk tools deal with disks. :ph34r:
From the looks of it BootItNG (Commercial) won't wipe a disk (but it will wipe a partition).
Partition Logic definitely WON'T.
Obviously it is unlikely that one uses UNused sectors of the disk to store sensitive data, or, is he/she does, also d@mn well knows how to remove them. :cheers:

@sambul61
Why selling an old hard disk (once wiped) would be a bad idea? :thumbsup:
Are we once again on the Urban Myth of recovering data from a simple, single, 00 pass on a hard disk? :unsure:
If yes :ph34r:, time to update your tinfoil hat:
http://reboot.pro/13177/


Just for the record, the HDDErase is part of the UBCD:
http://www.ultimatebootcd.com/
together with many other wiping tools.

:cheers:
Wonko

#56 sambul61

sambul61

    Gold Member

  • Advanced user
  • 1568 posts
  •  
    American Samoa

Posted 15 January 2011 - 06:02 PM

time to update your tinfoil hat: http://reboot.pro/13177/

Hi Wonko,

Welcome back from yet another vacation... Can you answer these questions to keep your hat secured from a Mediterranean Sea breeze blow? :)

#57 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14757 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 15 January 2011 - 07:20 PM

Hi Wonko,

Welcome back from yet another vacation... Can you answer these questions to keep your hat secured from a Mediterranean Sea breeze blow? :)


Well, you cannot pretend an answer to ALL questions, but if these are the questions, it's easy.

Which are the actual questions? :unsure:
These? :w00t:

why would a forensic recovery expert actively promote a wipe system via a major media channel like U-Tube that may result in him being left out of work and income?

Scott A. Moulton is a forensic expert, a hacker, a known participant to DEFCON, who knows what motivates him? :unsure:
Maybe he is a good guy, helping other good guys to prevent nosy peeps looking into thir private data (and - as a collateral damage - also teach the bad guys how to save their butt).


If wiped by ATA Secure Erase data is not recoverable by any means, would he talk about it on every corner thus encouraging even the most stupid criminal to wipe their data?

Sure :), it's all a conspiracy to make people wipe drives UNsecurely. :cheers:
And of course the ATA standard was made on purpose to allow FBI, the CIA and NSA to peek inside your precious files.
And the thing is SO secret :ph34r: that no actual evidence of recovering even a single byte, even after a single pass (even a plain dd if=nul like one) was EVER published. :ph34r: (besides the well known and remained UNaccepted great zero challenge, a link to which was already posted):
http://hostjury.com/...ains-unaccepted

And...who finances CMRR research efforts & publications (including these for public consumption) to begin with?

As above, FBI, CIA and NSA.
Oww, comeon. it's a University, the University of San Diego:
http://www.ucsd.edu/
(possibly also Mr. Arnold Schwarzenegger financed them as Governor of California :))

:cheers:
Wonko

#58 Ilia Fomin

Ilia Fomin
  • Members
  • 1 posts
  •  
    Russian Federation

Posted 15 January 2011 - 07:26 PM

hddscan can write zeros on system drive under loaded system, but when it coming to system files-system halt, and you can't wipe drive to the end.

#59 sambul61

sambul61

    Gold Member

  • Advanced user
  • 1568 posts
  •  
    American Samoa

Posted 15 January 2011 - 07:49 PM

Wonko,

Thanks for clarifying your view. I don't think you're well familiar with applied research financing in US Universities. :) As to publishing recovery results by the above Labs, do you know what's happening now with WikiLeaks? Plus one still needs to have data to publish (and be brave enough to disclose it publicly often against the state secrets law), which presumes someone has blown a wistle - don't you think so? :cheers:

However, I agree all that has quite remote relation to this thread starter's particular needs, and any popular method of cleaning the drive will work OK for him.

#60 connetport

connetport

    Newbie

  • Members
  • 11 posts
  •  
    France

Posted 15 January 2011 - 08:30 PM

Please don't show that false challenge again or take it as a proof.

The challenge doesn't even take a real situation : 2 files, 1 folder ......... Who, in a real world, buy a hard drive, put 2 files into a folder and then wipe his hard drive ?

Zero Fill does permanently damage most of your data .... but not all.

What is sure is that :
100% of file names are lost
95% of your file structure (folders) are lost
between 50 to 80% of your data is not possible to recover.

The challenge fails because there is not enough data inside the hard drive.

The FAT and the file system being lost you obviously lost all names (and extensions) : so the folder is impossible to retrieve and also the file names.

However, you still can possibly retrieve the files knowing what they are.

Just try yourself : take one hard drive, do the zero fill and then scan it with a tool like easus data recovery pro and you'll see.

Also I know it from a personal point of view because I've already done it but I knew what I was looking for.

There is an old news where the pentagon decided to not donate his old computer anymore due to a little child that retrieved some nuclear codes. Since then the computers are now all destroyed.

#61 MedEvil

MedEvil

    Platinum Member

  • .script developer
  • 7771 posts

Posted 15 January 2011 - 09:30 PM

First i like to thank everyone for helping. You're great!

Now let me clear up some of the speculations.
- Yes the user in question is a two handed mouse pusher. :cheers:
- The computer has only one HDD and on this is obviously also Windows.
- The whole drive and not just the empty space have to be wiped, to also destroy any data kept in registry and files in windows folder. Did i mention that the user has no idea about Windows internals? :ph34r:
- The computer does have a CDVD drive. But i already had a CD solution and was looking for an even simpler solution.
I ultimately went with a striped down NaughtyPE with Eraser as only program installed, as it is easier to talk someone over the phone through a program one knows well.


If your friend has a Windows Vista/7/2008+ DVD there is a disk wipe tool built in with a 4-pass DoD wipe option.

Dohh! That's probably the solution i should have gone with. Simply guiding him over telephone. If i just knew! :)

The: http://cmrr.ucsd.edu...cureErase.shtml

Is actually the BEST (in the sense of faster, and ACTUALLY validated) way.

The reason is that it doesn't (like most other solutions) use any actual "external software", but rather it initiates an INTERNAL command residing inside the actual drive, part of the ATA (BOTH "P-ATA" and "S-ATA" drives have this internal command) standard.

The internal HDD command was actualy the reason for me believing, that there has to be a version that works from a floppy. After all, how big can a program be, that sends a single command to a HDD? :ph34r:

I know how *I* could do it, but I don't know how I would tell a User how to do it.

Yep, that's always the problem. How do i put my brain into the users head. :)


:)

#62 TheRookie

TheRookie

    Newbie

  • Advanced user
  • 156 posts
  • Location:in your mind
  • Interests:computers: (repairing, administration), reading: (technological info), outing: (having a good time), music (electronic, house, instrumental...) and hiking
  •  
    South Africa

Posted 15 January 2011 - 09:55 PM

Hi,

I don't have the exact solution to a problem like this, however, just some ideas.

Have you played around with backup programs, specificly, drive snapshot, or perhaps acronis true image?
Yes?
Well, did you see how these programs can actually restore a system image after a simple restart?
i.e.
you've already made a backup with one of the mentioned programs to another partition on your drive.
And just after the backup a virus struck, leaving you left only to reinstall windows.
(because you only have the windows disk at hand), no other boot disks to help you.)
so you reinstall windows, reinstall the program and restore the image, once it requests to restart the pc, you see that the image is being restored.
and after the restoration is complete, it restarts again, leaving you where you last left off.
So, I don't think its impossible to have something like this, I guess just the right developers are needed.
or perhaps any developer who might take some inspiration from the above example.

#63 costinel

costinel

    Newbie

  • Members
  • 12 posts

Posted 15 January 2011 - 10:34 PM

[...]
Btw, no-one seems to mention downloading one of the above ISO's, saving it to hard disk, adding Grub4DOS to BCD Boot Menu, and booting the ISO to RAM to wipe the HD thus meeting or exceeding published DoD data wipe standards. :)


I think you might have missed my reply with exact these steps

anyway, good he had a cd. problem's gone, but i think theoretical discussion will go on to the perfect idiot-proof one-click solution :cheers:

#64 MedEvil

MedEvil

    Platinum Member

  • .script developer
  • 7771 posts

Posted 15 January 2011 - 10:46 PM

but i think theoretical discussion will go on to the perfect idiot-proof one-click solution :cheers:

I would really like that, cause there are more id friends. :)

:ph34r:

#65 sambul61

sambul61

    Gold Member

  • Advanced user
  • 1568 posts
  •  
    American Samoa

Posted 16 January 2011 - 12:57 AM

Why don't you send your friend a link to this thread to his complete amusement? Until he'll express his final choice here, it will go on along the spiral. :)

#66 connetport

connetport

    Newbie

  • Members
  • 11 posts
  •  
    France

Posted 16 January 2011 - 02:55 AM

The internal HDD command was actualy the reason for me believing, that there has to be a version that works from a floppy. After all, how big can a program be, that sends a single command to a HDD? :)



Medevil : what is the brand of the hard drive ? That function is given in any diagnostic tool of the brand witch normally fits in a floppy. Some are graphical with mouse. You can consult the list of those programs in the ultimate boot cd program list here : http://www.ultimatebootcd.com/ ..... you'll see that Fujitsu has it's own eraser. Each program you see there are downloadable separately and most of them fits on a floppy.

Best regards,

#67 b01100110

b01100110
  • Members
  • 7 posts
  •  
    United States

Posted 16 January 2011 - 04:17 AM

I have kind of a stupid question. Does anyone know a disk wiping software, that can be started from within windows to wipe the systemdrive?
Or a solution that exists as a premade floppy image and comes with a gui of some kind?

:)


if want to save time on the reload try secure clean by white canyon. it has worked well for me. I hope this helps.

#68 Karl1982

Karl1982

    Member

  • Members
  • 41 posts
  •  
    United States

Posted 16 January 2011 - 04:50 AM

I have kind of a stupid question. Does anyone know a disk wiping software, that can be started from within windows to wipe the systemdrive?
Or a solution that exists as a premade floppy image and comes with a gui of some kind?

:)


My suggestion is to use TrueCrypt, an open-source software capable of full disk encryption. You can use it to encrypt the entire drive, partition tables included. It also fills free space with random bits which become indistinguishable from the actual encrypted data. It's as good as securely wiped. You can even continue to use the system while this is taking place, and just forget your password when you're done with it.

If you aren't encrypting the active Windows OS partition (or you're running non-Windows or running TrueCrypt from bootable media), I believe it also has some options for multi-pass random fill of the entire volume or disk.

http://www.truecrypt.org/

#69 mkruger

mkruger
  • Members
  • 5 posts
  •  
    United States

Posted 16 January 2011 - 07:32 AM

@MedEvil

The CMRR HDDErase utility can run from a bootable DOS disk. In fact, that's the only way it runs (the ISO uses DOS emulation). But I don't know if I would recommend this utility to anyone non-technical unless you're also willing to walk them through it.

But anyway...I gave the program a try on a 30GB Western Digital disk. The erase operation completed in 15 minutes. That's remarkably fast.

For others....courtesy of Wikipedia....

HDDerase is a freeware utility that securely erases data on hard drives using the security erase unit command built into the firmware of ATA and SATA drives manufactured after 2001.[1] HDDerase was developed by the Center for Magnetic Recording Research at the University of California San Diego. It differs from other file deletion programs such as Darik's Boot and Nuke which attempt to erase data using block writes, and therefore cannot access certain portions of the hard drive. The internal firmware secure erase command can access data that is no longer accessible through software, such as bad blocks.[2]

HDDerase is recommended as a disk drive purging method in NIST Special Publication 800-88.[3]

In a nutshell, there are only three ways to truly erase a disk -

1) Physical destruction
2) Degaussing
3) Internal Secure Erase

#70 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14757 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 16 January 2011 - 09:38 AM

Please don't show that false challenge again or take it as a proof.

.....

However, you still can possibly retrieve the files knowing what they are.

Any and I mean *ANY* actual EVIDENCE of that? :)

Just try yourself : take one hard drive, do the zero fill and then scan it with a tool like easus data recovery pro and you'll see.

Sure, I did it a few tens of times, using not only easeus, but even MUCH better software and NEVER found one single byte.
Please do understand that there is documented evidence that NO SOFTWARE on earth can retrieve any valuable data after a single 00 wipe.
The point of the discussion, if you read attentively avaiable sources, is whether *OTHER* means, like a Magnetic Force Microscope can read anything from a wiped platter.

Also I know it from a personal point of view because I've already done it but I knew what I was looking for.

Good :ph34r:.
You manage what all the actual "experts" (boith amateurs and professional), including the peep that actually started it all, failed.


There is an old news where the pentagon decided to not donate his old computer anymore due to a little child that retrieved some nuclear codes. Since then the computers are now all destroyed.


Any actual document to prove the above?
Meaning exactly what you wrote that a child has put his hands on a "pentagon" computer and he managed to retrieve a "nuclear code"? :)

Maybe you could spend a little time reading this thread:
http://www.msfn.org/...e-deletionwipe/
where some references are actually given, and particularly the original paper by Peter Gutmann as recently amended and integrated with BOTH the "Epilogue" and "Further Epilogue":
http://www.cs.auckla...secure_del.html

The invitation to update the material for your tin-foil hat, extends to you of course :ph34r::
http://reboot.pro/13177/

The internal HDD command was actualy the reason for me believing, that there has to be a version that works from a floppy. After all, how big can a program be, that sends a single command to a HDD? :cheers:

Actually it IS a floppy.
Point is that it has no GUI, it's a DOS based CLI program.
And as said, it is also readily available inside the UBCD, together with many more.
If you just download the file from the given site, you may find inside the .zip a file called HDDEraseReadMe.txt, which contains this snippet:

III. Creating a boot disk
--------------------------
* To make a floppy DOS boot disk
Download and run DOS 6.22 boot disk maker from www.bootdisk.com/bootdisk.htm.
Erase the two Qbasic files from the created floppy to make enough room to copy
HDDerase.exe onto the disk.


WHAT is the problem?

The HDDERASE.EXE is 72786 bytes in size.


:)
Wonko

#71 steve6375

steve6375

    Platinum Member

  • Developer
  • 6935 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars, www.easy2boot.com
  •  
    United Kingdom

Posted 16 January 2011 - 12:21 PM

Re. HDDErase

Would it be possible to do this starting from a booted Windows system (no other media involved)?

1. Copy FDD.IMA file + menu.lst file + grldr to C:\ (hard disk you want to erase)
2. Install grub4dos to MBR of hard disk under Windows
3. Reboot - grub4dos runs - menu.lst - loads FDD.IMA in memory using map --mem /FDD.IMA (fd0)
4. Run HDDErase and wipe HDD

#72 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14757 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 16 January 2011 - 12:33 PM

Re. HDDErase

Would it be possible to do this starting from a booted Windows system (no other media involved)?

1. Copy FDD.IMA file + menu.lst file + grldr to C:\ (hard disk you want to erase)
2. Install grub4dos to MBR of hard disk under Windows
3. Reboot - grub4dos runs - menu.lst - loads FDD.IMA in memory using map --mem /FDD.IMA (fd0)
4. Run HDDErase and wipe HDD


Maybe yes, maybe no. :hyper:
Theoretically, yes ;) , in practice it needs to be tested :hi:.
BTW step 2 would be functionally equivalent if you add a line to boot.ini invoking grldr. (or an entry to BCD invoking grldr.mbr)

Now, we do have a member subject (Medevil which BTW is also a programmer and should be quite familiar with DOS thingies) that has asked what was suggested to carry a disk wiping operation for his neighbour, maybe he would like to carry the experiment and report?

Probabilities are estimated (by me ;)) as follows:
  • No, he will use something else 32.76%
  • No, he will use the approach you suggested but won't report success (if any) 35.45%
  • No, he will use the approach you suggested but won't report failure (if any) 0%
  • Yes, he will use the approach you suggested and will report success (if any) 15.36%
  • A suffusion of yellow 16.43%

Let's wait and see what happens.

JFYI, my new signature on other Forums:

- In theory there is no difference between theory and practice, but in practice there is. -

;)

:cheers:
Wonko

#73 steve6375

steve6375

    Platinum Member

  • Developer
  • 6935 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars, www.easy2boot.com
  •  
    United Kingdom

Posted 16 January 2011 - 12:48 PM

I can try it tomorrow.

The point is that this can be scripted to work from Windows (at least as far as running HDDErase) and so could be made very simple for anyone wanting to erase their hard disk completely. Obviously the user would need to type in something like 'YES PLEASE NUKE MY HARD DISK' to confirm before installing (though the menu.lst could also have a boot from Hdd 0 entry just in case they wanted to go back to Windows or the HDDErase did not work)...

#74 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14757 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 16 January 2011 - 01:03 PM

I can try it tomorrow.

Good. :thumbup:

The point is that this can be scripted to work from Windows (at least as far as running HDDErase) and so could be made very simple for anyone wanting to erase their hard disk completely.

Yep :hi: , though as soon as you (or anyone else) will publish something to this effect, you will have a number of people coming out whining that they deleted the WRONG hard disk by mistake. ;)
I presume it should be limited to single hard disk PC only (or a rather STRICT checking routine should be implemented) :hyper:

Obviously the user would need to type in something like 'YES PLEASE NUKE MY HARD DISK' to confirm before installing (though the menu.lst could also have a boot from Hdd 0 entry just in case they wanted to go back to Windows or the HDDErase did not work)...

We can use the grub4dos password (hashed for additional security) to this effect. ;)

The only problem I see with this approach is IF (but it won't normally happen UNLESS a power surge/blackout happens to a desktop PC not connected to an UPS or to a laptop connected to mains but WITHOUT battery or to a laptop relying on a - failing - battery only WITHOUT connection to mains) the procedure only partially runs.
I.e. you could well have:
  • an unbootable system
  • no way to check if the procedure completed successfully

Such an event would reduce the actual security level of the procedure from 100% (OK, let's say from VERY NEARLY 100% to avoid MFM and conspiracy fanboys) to 0% (or - even worse - to "a suffusion of yellow" :cheers:).
I have no data to even guess what would happen if the procedure is interrupted, it is even possible that the disk drive may become "locked" and may need hardware tools to be unblocked. ;)

:cheers:
Wonko

#75 MedEvil

MedEvil

    Platinum Member

  • .script developer
  • 7771 posts

Posted 16 January 2011 - 02:34 PM

Probabilities are estimated (by me :hi:) as follows:
[list]

[*]No, he will use something else 32.76%

Probability i had already used something else 100%.

I ultimately went with a striped down NaughtyPE with Eraser as only program installed, as it is easier to talk someone over the phone through a program one knows well.


;)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users