Jump to content











Photo

Software to wipe a systemdrive from Windows?


  • Please log in to reply
164 replies to this topic

#76 steve6375

steve6375

    Platinum Member

  • Developer
  • 6911 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars, www.easy2boot.com
  •  
    United Kingdom

Posted 16 January 2011 - 03:05 PM

I ultimately went with a striped down NaughtyPE with Eraser as only program installed, as it is easier to talk someone over the phone through a program one knows well.

Sure, but I am sure many other people will be in a similar situation and it does not seem that there is any Windows s/w that will do the job without requiring the end user to make some kind of bootable media. So it would be nice to have a way to do this from Windows. I think there is some sort of lock that prevents this command from being used using Windows API's :hi: so an automatic way to do it just using the hard disk would be good to figure out.

#77 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14726 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 16 January 2011 - 04:15 PM

Probability i had already used something else 100%.

Well, I missed that ;).

But the final output (no report at 68.21% - large majority) was actually correct :hi:, some approximation must be taken into account when using Crystal Balls ;).

:hyper:
Wonko

#78 MedEvil

MedEvil

    Platinum Member

  • .script developer
  • 7771 posts

Posted 16 January 2011 - 05:04 PM

Sure, but I am sure many other people will be in a similar situation and it does not seem that there is any Windows s/w that will do the job without requiring the end user to make some kind of bootable media. So it would be nice to have a way to do this from Windows.

I absolutely agree. If people were able to whipe their HDD easily, less came up with the stupid idea of removing the HDD before selling their old computer.

:hi:

#79 Bladrunner

Bladrunner
  • Members
  • 4 posts

Posted 16 January 2011 - 07:53 PM

I have kind of a stupid question. Does anyone know a disk wiping software, that can be started from within windows to wipe the systemdrive?
Or a solution that exists as a premade floppy image and comes with a gui of some kind?

:hi:


to be honest, there really isnt any absolute safe and sure way of garenteeing a secure wipe - I have worked in a few companies where we conducted forensic recovery and we were always were able to recover a good percentage of wiped data unless the HDD platers were damaged or mechanicaly damaged

The best thing to do is ether keep the HDD or get it incinerated, pulverised or imersed in a bath of sulphuric acid

Do not take anything for granted

http://911blogger.co...coveries-convar


Technolane

#80 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14726 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 16 January 2011 - 08:19 PM

to be honest, there really isnt any absolute safe and sure way of garenteeing a secure wipe - I have worked in a few companies where we conducted forensic recovery and we were always were able to recover a good percentage of wiped data unless the HDD platers were damaged or mechanicaly damaged

By using WHAT? :ph34r:

Or is this also covered by trade secret? :smiling9:

Same question, any actual eveidence, report, paper, court record, *anything* substantiating the quopted statement?

Are you willing - privately if you wish so - to recover *any* meaningful data from a drive I can provide (wiped through the secure erase ATA command)? :thumbup:

:cheers:
Wonko

#81 bobsobol

bobsobol

    Member

  • Members
  • 31 posts
  •  
    United Kingdom

Posted 16 January 2011 - 09:33 PM

@Wonko:

@bobsobol
Again, partition tools deal with partitions.
Disk tools deal with disks. :smiling9:
From the looks of it BootItNG (Commercial) won't wipe a disk (but it will wipe a partition).
Partition Logic definitely WON'T.
Obviously it is unlikely that one uses UNused sectors of the disk to store sensitive data, or, is he/she does, also d@mn well knows how to remove them. :ph34r:

Yes, partition editors work with partitions. Disk editors work with disks, and BootIt NGs main purpose is to be a Boot Manager, so why does it allow you to resize, move, create, delete, copy, clone, backup, change partitions? And why does it allow you to edit the MBR or any other sector of the disk in Hex?

It is commercial, but you only need to pay for it if you use it as your "boot manager" all the other tools are part of a free demo, (free beer, not free speech) with no time limitation what-so-ever.

I wouldn't call it forensically safe, but people who feel lost without a start menu consider the partition "My Computer" shows as "C:" to be their "disk" not a partition, file system, or logical volume on the disk. Certainly, there is no sensitive data they are likely to care about outside of the logical volume anyway... and if you want to zero fill the MBR and EMBR and other areas of the drive, you can do that too. But I think it's overkill.

The requirements that the only media is a floppy drive, and the user needs a GUI like Windows... these tools meet. I'm not sure how complete a "format" Partition Logic does. If it's a "quick format" or "initialize" as Mac calls it, then it's not really sufficient, but may appear so to this user.

@All:
As to wanting to install a program in Windows that will allow you to wipe the disk you booted from, and whether or not there is an API for that in Windows... that's not the point. The point is that whether you use Windows, Mac or Linux you are running a system with a swap file / partition on that disk you want to erase, and any program you run is constantly being swapped back and forth to that file.

If you run Windows 9X you could install a program that would work on the next boot and perform a low-level format before the Win32 kernel is loaded on top of DOS. If you run one of the NT based Windows, there are NT native APIs for directly manipulating the physical disk (before Virtual Memory is set up? I guess, as you can defrag the swap file, registry and MFTs at that point) you would have to write a NT native application, or a DOS native application to do this.

Note Windows is an environment that runs on another kernel / microkernel... whether that be DOS or NT is largely a mute point for this discussion. The only relevance is that you cannot write an NT program and a DOS program in a single file, and you cannot execute such a low level program once the Win32 environment is active... or you tear down the OS while it's running and a BSOD will sooner or later occur. And it will happen before your disk wipe is complete.

The same would apply to Linux, or BSD etc. except that it is not uncommon to use a different disk for the swap partition on Linux. Assuming you installed a Red Hat or Ubuntu (Linux dumbed down to Windows style) type default setup, you would get a Kernel Exception and heap dump error before your wipe operation completed.

If you are using a separate disk for your swap file/partition, a very large amount of your private data is likely to be stored there. (unencrypted passwords, bank details, cookies etc) So I hope you are going to take that disk out before you sell, or you will have to blank that disk after you have NO operating system to boot from at all. XD

Edited by bobsobol, 16 January 2011 - 10:02 PM.


#82 connetport

connetport

    Newbie

  • Members
  • 11 posts
  •  
    France

Posted 17 January 2011 - 12:21 AM

By using WHAT? :ph34r:

Or is this also covered by trade secret? :smiling9:

Same question, any actual eveidence, report, paper, court record, *anything* substantiating the quopted statement?

Are you willing - privately if you wish so - to recover *any* meaningful data from a drive I can provide (wiped through the secure erase ATA command)? :thumbup:

:cheers:
Wonko


@Wonko : What is you evidence too ? A personal blog with a challenge that is not even controlled or with transparent procedures ? A challenge that doesn't even fit a real situation (many more files, knowing what you look for) ? Where are the detailed results of each persons that has tried ? What guarantee us that all the results have been published ?

Explain me that scientist work : http://en.wikipedia..../Gutmann_method ....... would you tell that he likes to loose time ? Same for the US gov by creating the DoD (have money and human resources to spill ?) ... and same all other techniques
Explain me that fact you deny : http://en.wikipedia..../Data_remanence
Explain me the concept of error correction in a hard drive knowing that if you have a bad cluster there is nothing you can do about ?
Explain me how companies like this : http://www.datatechl...-data-recovery/ exist and can retrieve your data even if it has been damaged by burn or flood ?

#83 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14726 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 17 January 2011 - 09:35 AM

Explain me that scientist work : http://en.wikipedia..../Gutmann_method ....... would you tell that he likes to loose time ? Same for the US gov by creating the DoD (have money and human resources to spill ?) ... and same all other techniques
Explain me that fact you deny : http://en.wikipedia..../Data_remanence
Explain me the concept of error correction in a hard drive knowing that if you have a bad cluster there is nothing you can do about ?
Explain me how companies like this : http://www.datatechl...-data-recovery/ exist and can retrieve your data even if it has been damaged by burn or flood ?


Please READ the Gutmann article. :smiling9:
And specifically the two epilogues, the article is here:
http://www.cs.auckla...secure_del.html
it is written in almost plain English (exception made for the gratuitious use of the adjective palimpsestuous) and surely is the actual expression of the Author (or at least it is more like it than what a commenter may have written on Wikipedia)

Please READ the page you linked to:
http://www.datatechl...-data-recovery/
find in it "wipe", "00'ed", or similar terms.

What they advertise on that page is partly "normal" data recovery on working drives, and partly "advanced" data recovery from not working drives (transplanting platters/heads/motors/PCB, etc). BOTH activities are well documented (and BTW forget about anything like 100% rate of success in Data Recovery of a damaged hard disk).

JFYI, the internet is full of people that advertise doing miracles with lost data, but only a very few actually mantain what they promise - and I was never able to find anyone even promising to recover data from a wiped drive.

The point, as seen here:
http://reboot.pro/2683/
http://reboot.pro/2683/page__st__12
is that I would like to see ANY evidence that ANY data has EVER been recovered from a wiped hard disk (a modern one, NOT one of the old MFM/RLL low density one that were used some 20 years ago).

If you prefer, SINCE I am not able to find anywhere a single reliable evidence, article, whitepaper, theory of operation, report and, since all what I could find reliable in the form of theories, reports, whitepapers, academical research, personal field experience, etc. lead to the fact that such a feat is impossible, THEN I believe that such thing is not possible, BUT, as said, I will happily change opinion as soon as I find what I am looking for (should it actually exist).

A few things I can add as corollary (and of course you are free and welcome to NOT believe them :ph34r:):
  • no software on earth (and in the known near stars) can retrieve data from a wiped hard disk
  • in the case of very old technology hard disk a MFM has been used successfully, with an excruciating slowness, to rebuild a probability map with around 50% confidence - ie very near the result of coin tosses (the cost of a Magnetic Force Microscope is something in the several tens thousands dollars/few hundred thousand ones)
  • it is well possible that FBI, CIA, NSA and similar Government agencies have new technologies we cannot even imagine that are capable to recover at least partially some data - so, if you are a terrorist, or anyway involved in international or federal criminal activities your wiped data may be at risk, and in such cases you should physically destroy the device if you want to be sure


:thumbup:
Wonko

#84 steve6375

steve6375

    Platinum Member

  • Developer
  • 6911 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars, www.easy2boot.com
  •  
    United Kingdom

Posted 17 January 2011 - 10:21 AM

HDDErase test results

OK - Good news is that under Win 7, running a script to install grub4dos and copy over boot image and menu.lst to C: works no problem.
2nd good news is that the hdd reboots and runs grub4dos menu
3rd good news is that HDDErase runs and sees hard disk

BUT - I used an Intel DQ45CB board and HDDErase reported that the HDD password had been locked by the BIOS and so it could not set the password 'idrive' and so could not run the secure erase. It offered to try to clear this but it did not work. To get round this I unplugged the HDD power cable and plugged it back in again and then answered Y to try to reset the BIOS HDD password. This worked and I rebooted back to grub4dos menu and ran HDDErase - now the hard disk is erasing.

So HDDErase looks like it is really of no use as an 'in situ' method of wiping a hard disk for the average user as you have to disconnect the power from the hard disk to get it to work.
[Edit]Actually the instructions said to reboot and later they said 'hard' reboot - I missed that! If you switch off and on again after it tries to reset the password, the HDD password is successfully reset on my system!
[/Edit]


However, I also included a DBAN iso image (loaded to memory) in the grub4dos menu, so the user could use this instead if HDDErase does not work.

If anyone is interested, I will post the files and cmd script on my website when I have tested it a bit more. (Tutorial #25)

PS. 2.5" 250GB HDD took 82 mins to erase using HDDErase.

#85 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14726 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 17 January 2011 - 10:51 AM

However, I also included a DBAN iso image (loaded to memory) in the grub4dos menu, so the user could use this instead if HDDErase does not work.

If anyone is interested, I will post the files and cmd script on my website when I have tested it a bit more.

PS. 2.5" 250GB HDD took 82 mins to erase using HDDErase.

Sure, do post your files and result, they are always a resource. :thumbsup:

The 82 minutes sounds just "right".
82x60=4920 s => 250,000,000,000/4920=÷50,813,008 bytes/s or if you prefer around 100,000 sectors/sec

Of course a comparison on the SAME board and with the SAME hard disk using a software only solution like DBAN (single pass) would be useful.

Also there may differences due to HPA/DCO present in some (most) drives.

About the ATA password, yes, it may be a BIG nuisance, if I recall correctly there are techniques methods to avaoid disconnecting the power, but anyway they won't work on *all* disks/BIOSes.

:smiling9:
Wonko

#86 connetport

connetport

    Newbie

  • Members
  • 11 posts
  •  
    France

Posted 17 January 2011 - 01:31 PM

Please READ the Gutmann article. :thumbsup:
And specifically the two epilogues, the article is here:
http://www.cs.auckla...secure_del.html
it is written in almost plain English (exception made for the gratuitious use of the adjective palimpsestuous) and surely is the actual expression of the Author (or at least it is more like it than what a commenter may have written on Wikipedia)

Please READ the page you linked to:
http://www.datatechl...-data-recovery/
find in it "wipe", "00'ed", or similar terms.

What they advertise on that page is partly "normal" data recovery on working drives, and partly "advanced" data recovery form not working drives (transplanting platters/heads/motors/PCB, etc). BOTH activities are well documented (and BTW forget about anything like 100% rate of success in Data Recovery of a damaged hard disk).

JFYI, the internet is full of people that aqdvertise doing miracles with lost data, but only a very few actually mantain what they promise - and I was never able to find anyone even promising to recover data from a wiped drive.

The point, as seen here:
http://reboot.pro/2683/
http://reboot.pro/2683/page__st__12
is that I would like to see ANY evidence that ANY data has EVER been recovered from a wiped hard disk (a modern one, NOT one of the old MFM/RLL low density one that were used some 20 years ago).

If you prefer, SINCE I am not able to find anywhere a single reliable evidence, article, whitepaper, theory of operation, report and, since all what I could find reliable in the form of theories, reports, whitepapers, academical research, personal field experience, etc. lead to the fact that such a feat is impossible, THEN I believe that such thing is not possible, BUT, as said, I will happily change opinion as soon as I find what I am looking for (should it actually exist).

A few things I can add as corollary (and of course you are free and welcome to NOT believe them :smiling9:):

  • no software on earth (and in the known near stars) can retrieve data from a wiped hard disk
  • in the case of very old technology hard disk a MFM has been used successfully, with an excruciating slowness, to rebuild a probability map with around 50% confidence - ie very near the result of coin tosses (the cost of a Magnetic Force Microscope is something in the several tens thousands dollars/few hundred thousand ones)
  • it is well possible that FBI, CIA, NSA and similar Government agencies have new technologies we cannot even imagine that are capable to recover at least partially some data - so, if you are a terrorist, or anyway involved in international or federal criminal activities your wiped data may be at risk, and in such cases you should physically destroy the device if you want to be sure


;)
Wonko


Have you really read the article of gutmann and in particular the two parts you mention ? read it closely. "near zero" is not zero and Gutmann is expert in data erasure .... And as I told you : 1 - after a 0fill you can't retrieve 100% of your data and you must know what you are looking for (in gutmann assumption you don't know what you are looking for).
If that second condition doesn't exist : 0fill can be considered as a "weak" secure wiping (as you have near zero possibility to retrieve data).

I have no more than a bunch of wiping techniques that say the same at various years. For giving you the proof of my personal experience : I can't because when I had to do it I was thinking about something else .... like retrieving most of the information. And I think that's the same for anyone who did it ... In my case, last time I did it, it was a 4 complete day procedure.

Why such denial ? because you don't find a paper officially recognized that say it so ? Do you need a paper to tell you that jumping from a cliff is mortal ? Do you need a paper to explain you that if you fall on the face with a knife in the nose you can surely die or suffer serious damage ?

Returning to the secure wipe :
There is science, hard drive specifications (by the way the error corrections exists because you can have disturbance in the magnetic field made by the neighbors of your data and the magnetic residues on that place), there is papers ..... in your side there is only blogs and some developers that does do some misleading advertising for their software (knowingly or not) ....
If you think about it, What I and other tell you is the part that is most commonly proven and accepted : not yours.

It you know what you are looking for there is a lot more things to do :
File system : ntfs ...... so you can know all the combinations of the ntfs and look after where it begins by finding one clue that match with a NTFS pattern
a docx file is a xml file, it has a pattern too : you can fill the gap (data loss) and retrieve the rest .....


I forgot one big thing (on windows world) : your drive must be defragmented ........ high fragmentation (over 10%) is a good way to keep his data secured, even after a 0 fill.... due to the fact that it's the file system that keep the parts together and that information is surely lost.

Edited by Antoine RODRIGUEZ, 17 January 2011 - 02:06 PM.


#87 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14726 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 17 January 2011 - 02:06 PM

Thanks for the hints about NTFS and .docx - very advanced techniques :unsure: I really had no idea about them. :worship:
and WOW ! :thumbsup: "Patterns" in files? That's incredible! You mean that you can recognize a given file even without it's extension?
http://mark0.net/soft-trid-e.html
:smiling9:

Can you please point me to some of the papers you have "on your side" ( as opposed to "my side" worthless blog posts)?

BTW, an interesting thing is the CMRR documentation of the mentioned program, here is a small excerpt from it:

Nondestructive Data Erasure
Sanitization of data on a hard disk drive is not a simple task. Deleting a file merely removes its name from the directory structure’s special disk sectors. The user data remains in the drive data storage sectors where it can be retrieved until the sectors are overwritten by new data. Reformatting a hard disk drive clears the file directory and severs the links between storage sectors, but the user data remains and can be recovered until the sectors are overwritten. Software utilities that overwrite individual data files or an entire hard drive are susceptible to error or malicious virus attack, and require constant modifications to accommodate new hardware and evolving computer operating systems.

It is difficult for external software to reliably sanitize user data stored on a hard disk drive. Many commercial software packages are available using variations of DoD 5220, making as many as 35 overwrite passes. But in today’s drives, multiple overwrites are no more effective than a single overwrite. Off-track overwrites could be effective in some drives, but there is no such drive external command for a software utility to move heads offtrack. And even three overwrites can take more than a day to erase a large capacity hard disk drive. In busy IT facilities, such time is often not available and IT personnel are likely to take short cuts.

DoD 5220 overwriting has other vulnerabilities, such as erasing only to a drive’s Maximum Address, which can be set lower than its native capacity; not erasing reallocated (error) blocks; or miss extra partitions. External overwrites cannot access the reallocated sectors on most drives, and any data once recorded is left on these sectors. These sectors could conceivably be recovered and decoded by exotic forensics. While enterprise-class drives and drive systems (SCSI/FC/SAS/iSCSI) allow software commands to test all the user blocks for write and read ability, mass market drives (PATA/SATA) cannot read, write, or detect reassigned blocks since they have no logical block address for a user to access.

The Secure Erase (SE) command was added to the open ANSI standards that control disk drives, at the request of CMRR at UCSD. The ANSI T13.org committee oversees the ATA interface specification (also called IDE) and the ANSI T10.org committee governs the SCSI interface specification.

Secure erase is built into the hard disk drive itself and thus is far less susceptible to malicious software attack than external software utilities.

The SE command is implemented in all ATA interface drives manufactured after 2001 (drives with capacities greater than 15 GB), according to testing by CMRR. A standardized internal secure erase command also exists for SCSI drives, but is optional and not currently implemented in SCSI drives tested.

Secure erase is a positive easy-to-use data destroy command, amounting to “electronic data shredding.” Executing the command causes a drive to internally completely erase all possible user data record areas by overwriting, including g-list records that could contain readable data in reallocated disk sectors (sectors that the drive no longer uses because they have hard errors).

SE is a simple addition to the existing “format drive” command present in computer operating systems and storage system software, and adds no cost to hard disk drives. Because the Secure Erase command is carried out within hard disk drives, no additional software is required either.

Secure erase does a single on-track erasure of the data on the disk drive, after technical testing at CMRR showed that multiple on-track overwrite passes gave no additional erasure.

Secure erase has been approved by the U.S. National Institute for Standards and Technology (NIST), Computer Security Resource Center . NIST document 800-88 approves SE at a higher security level than external software block overwrite utilities like as Norton Government Wipe, and it meets the legal requirements of HIPAA, PIPEDA, GLBA, and Sarbanes-Oxley.


Software overwrite utilities running in protected execution environments (e.g. running inside file system hardware like RAID arrays or inside secure computers) could be verified secure under NIST 800-88. For the most sensitive data, the government requires physical destruction of drives.

Drive manufacturers today are pursuing higher security secure erase (including secret data), via in-drive data encryption (see below)

Bolded by me what I see as most relevant.
Of course all this is meaningless ;), since they are - as said - probably financed by some Government Agencies to falsely give a sense of security to people. :cheers:

About falling from the cliff, however, if all people that I have ever seen bouncing off a cliff and all footage of them, and all witnesses reports showed that they bounced back unharmed, yes, I would need something to make me think it is dangerous.

Anyway, no need to make this thing biggger or longer than it really is :cheers:, we have different opinions :ranting2: and it will be tough, if not impossible, that any of us will change his mind without possibly some evidence and possibly even with it ;) .

:cheers:
Wonko

#88 steve6375

steve6375

    Platinum Member

  • Developer
  • 6911 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars, www.easy2boot.com
  •  
    United Kingdom

Posted 17 January 2011 - 02:35 PM

See YouTube at time 2:25 and 5:06 onwards

Here is a pro who does jobs for the FBI, etc. saying that he cannot recover data if it has been overwritten.

Re HDDERASE experiment:
P.S with DBAN the same 2.5" 250GB drive took 3.5hrs (instead of 85 mins with HDDErase).

#89 connetport

connetport

    Newbie

  • Members
  • 11 posts
  •  
    France

Posted 17 January 2011 - 02:52 PM

@Wonko : I agree with your conclusion. It's impossible, for the moment, to have an hard proof that gives one part right. Even if I do the experiment myself or yourself.

@Steve : I don't believe a lot those who say : "I am a hacker", "I am from the FBI", "I am a super secret agent", .... in general it's the ones that just use and overuse their job title (if real) to make some money. However your video is right, in a situation like his it's impossible to retrieve the data because he don't know what he is looking for.


In order not to confuse or mislead someone that reads now : All the methods that we said over there are wiping method/tools (less the format command). All methods will severely and permanently damage your data. It's only the secure part where we don't agree.
For wiping your hard drive you need to write in all parts of your hard drive. DD, gutmann, DoD, the wipe function of the hard drive, .... are all valid to wipe your data.

However, wiping your data must be done with real security matters : (no one will care about your images, music, computer use, ....).
Wiping doesn't give you speed and it doesn't gives you the right to change it from used to new.

Wiping is only a security matter.

#90 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14726 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 17 January 2011 - 02:54 PM

Here is a pro who does jobs for the FBI, etc. saying that he cannot recover data if it has been overwritten.

Wouldn't he *also* be payed by FBI and part of the conspiracy? :thumbsup: ;)

P.S with DBAN the same 2.5" 250GB drive took 3.5hrs (instead of 85 mins with HDDErase).


Q.E.D. :smiling9:

@Antoine RODRIGUEZ
Good, we agree to disagree. ;)

WARNING: in some rare cases this may prove as dangerous as jumping off a cliff.
Anyone not familiar with G.K. Chesterton might enjoy reading "The paradoxes of Mr. Pond":
http://en.wikipedia....xes_of_Mr._Pond

particularly the one titled "When Doctors Agree":
http://gutenberg.net...s05/0500421.txt

:cheers:
Wonko

#91 steve6375

steve6375

    Platinum Member

  • Developer
  • 6911 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars, www.easy2boot.com
  •  
    United Kingdom

Posted 17 January 2011 - 05:39 PM

NUKE is available - see end of tutorial here - you can completely wipe your hard drive from within Windows (it automatically installs grub4dos and reboots to wipe the HDD).

The NUKE.CMD script could probably be improved and I have not tested it on a system with more than one drive. It is still not foolproof as the user could nuke his HD0 and then wonder why he cannot reboot to nuke his HD1!!!

So it really is best for single-drive systems.

If anyone wants to improve Nuke.cmd please do so! The use of RMPartUSB is only to list the hard drives in the system (but not any USB drives). There is probably a better way but I wanted to test RMPartUSB in a real situation (and found a bug!).

P.S. Actually the instructions said to reboot and later they said 'hard' reboot - I missed that! If you switch off and on again after it tries to reset the password, the HDD password is successfully reset on my system! So maybe it is OK after all! They should say in plain English 'NOW SWITCH OFF YOUR SYSTEM' - especially for the older guys who only have a few brain cells still firing like me! :thumbsup:



#92 connetport

connetport

    Newbie

  • Members
  • 11 posts
  •  
    France

Posted 17 January 2011 - 07:07 PM

Steve, about your DQ45CB trouble ..... I have not used that board specifically but I've manipulated various Intel Board so I have some stupid questions ....
Have you disabled in the BIOS the following :
- Virus protection
- The intel TPM ?
- Any DEP protections such as the NX bit (if available)

Intel Boards come always overprotected in comparison of the regular boards .... Intel tries always to avoid obvious schemes that can lead you to be jailed in a rootkit without knowing it.

#93 cdob

cdob

    Gold Member

  • Expert
  • 1437 posts

Posted 17 January 2011 - 10:47 PM

I used an Intel DQ45CB board and HDDErase reported that the HDD password had been locked by the BIOS

Yes, that's a BIOS safety feature.
Imagine any application can send a ATA password or a ATA secure erase.
A average end user won't be amused.
That's a good default setting. A BIOS should allow to lower this setting.

There is a hint "Windows XP SP3 is sending the ATA Security Freeze Lock Command"
http://social.techne...1c-8693be591caf

Contrary, I get running XP SP3:

hdparm.exe -I /dev/hda
Security:
Master password revision code = 65534
supported
not enabled
not locked
not frozen
not expired: security count
supported: enhanced erase

Sorry real security erase not done, that's borrowed hardware.

Unresolved still: Does secure erase works at runnning windows?
https://ata.wiki.ker...TA_Secure_Erase
http://hdparm-win32.dyndns.org/hdparm/
Anyone hardware to test?


@MedEvil
http://www.heise.de/...nst-289866.html

#94 forensicator

forensicator
  • Members
  • 1 posts
  •  
    Italy

Posted 17 January 2011 - 10:53 PM

GaiJin WipeDisk is what you're looking for:

- portable (no installation)
- runs in Windows
- easy to use
- supports 14 wiping techniques
- erases physical and logical disks
- overwrites the information sector-wise
- freeware

Best Regards
Paolo

#95 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14726 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 17 January 2011 - 11:22 PM

steve6375, if I may, you should add that HDDErase - actually the ATA SafeErase command - ALSO (and UNLIKE most if not all software based solution) can and will wipe the g-list and sectors not normally accessible by the "normal" user.

and I still think that an explicit password in the grub4dos menu may be an additional, recommended safety measure to avoid "accidental" erasure by less experienced users ;). (you know, kids, matches,....:cheers:)

:ranting2:
Wonko

#96 steve6375

steve6375

    Platinum Member

  • Developer
  • 6911 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars, www.easy2boot.com
  •  
    United Kingdom

Posted 17 January 2011 - 11:42 PM

re. password - I thought about this, but what if the user forgets the password? - he/she now cannot boot to Windows (possibly) or erase the disk. If he has no other computer then he cannot make a boot USB or CD.
No one has anything to gain by erasing a disk and a virus could not spread this way...

Kids - matches - don't do that! -> burnt fingers

Kids - matches - secret password -> Cool! --> burnt fingers

#97 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 14726 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 17 January 2011 - 11:55 PM

re. password - I thought about this, but what if the user forgets the password? - he/she now cannot boot to Windows (possibly) or erase the disk. If he has no other computer then he cannot make a boot USB or CD.
No one has anything to gain by erasing a disk and a virus could not spread this way...

Kids - matches - don't do that! -> burnt fingers

Kids - matches - secret password -> Cool! --> burnt fingers

I was thinking more to a "neutral" install of grub4dos with a preset of (open/accessible) entries with the common chainloading commands for windows versions (or to the PBR of Active partition) and a password protected one for the SecureErase thingy...

Something like "I already run the command, but I changed idea/forgot to backip vital data/whatever, is there a way to get back to Windows".... ;)

About the forgotten password - on second thought - it doesn't need to be "secret", it can also be something actually printed to screen, like:

Please type: YES-me-want-delete-disk

that any living being with an adequate number of neurons can understand and execute, but that avoids cat-typing kind of input :cheers:

Actual expected sequence:
Kids -> matches -> don't do that! -> plainview password/Warning -> Cool! -> burnt fingers -> See, I had told you!


:ranting2:
Wonko

#98 steve6375

steve6375

    Platinum Member

  • Developer
  • 6911 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars, www.easy2boot.com
  •  
    United Kingdom

Posted 18 January 2011 - 12:16 AM

menu.lst already has entries for boot from hdd0,0 hdd0,1 hdd0,2 and hd1 - see screenshot at end of page.
Re. password in menu - I guess one more would not hurt, hopefully they would realise when it did not reboot to Windows that something serious has happened though...

#99 DarkPhoeniX

DarkPhoeniX

    Frequent Member

  • Team Reboot
  • 452 posts
  • Location:In the middle of nowhere
  • Interests:Interesting Things
  •  
    South Africa

Posted 18 January 2011 - 12:32 AM

If you want a "drop erase" software like a program you see in a movie
Where the protagonist wipes all the data on his hard drives seconds before the cops smashes down the door
here is some websites i found:
http://www.stellarin...ser-windows.php
http://www.deletefil...-Disk-Data.html

#100 steve6375

steve6375

    Platinum Member

  • Developer
  • 6911 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars, www.easy2boot.com
  •  
    United Kingdom

Posted 18 January 2011 - 07:51 AM

first one is from a boot CD (as far as I can make out)
2nd one just wipes data files not the system files




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users