Jump to content











Photo

Software to wipe a systemdrive from Windows?


  • Please log in to reply
164 replies to this topic

#151 ceehoppy

ceehoppy

    Newbie

  • Members
  • 29 posts
  • Interests:Tinkering, DIY - home & cars age:38
  •  
    United States

Posted 22 February 2011 - 05:22 PM

Similarly, running my UFD through the washing machine on "heavy duty" cycle (warm water) & tumble dry had did not sanitize or remove data. I have have yet to determine effectiveness of various brands of laundry detergents & will post with any new updates. :D

#152 steve6375

steve6375

    Platinum Member

  • Developer
  • 5,407 posts
  • Location:UK
  • Interests:computers (!), programming (masm,vb6,C,vbs), OSes, photography,TV,films,guitars
  •  
    United Kingdom

Posted 22 February 2011 - 05:33 PM

Interesting. :smiling9:

I'll have to think about the actual meaning of this :D:

means:

  • we have no idea of what we are doing and threw at a chip a strong magnetic field since we happened to have a degausser around, just for the fun of it.
    or
  • we know for sure that by applying a strong magnetic field powerful eddy currents will be generated, actually so powerful as to damage the chips metal layers, and since this did not happen, the chips have a protection against such eddy currents or we completely missed the point and produced a not strong enough magnetic field and/or no eddy current (or not powerful enough eddy current) was generated.



Yes that amused me too! What perhaps is not so amusing is when you send your old kit to be recycled with guaranteed scrub by the recyclers - how can you be sure they REALLY have scrubbed the SSD memory in it? Also, when you give your old USB flash pen to someone after having 'wiped' it, is it really wiped?

#153 MedEvil

MedEvil

    Platinum Member

  • .script developer
  • 7,771 posts

Posted 22 February 2011 - 05:55 PM

Yes, even burnig, crashing or melting will not really clean any media, because data is indestructable!
Unless of course, you want it to last, then it desintegrates after half a second! :D

:smiling9:

#154 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 10,988 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 22 February 2011 - 06:55 PM

Also, when you give your old USB flash pen to someone after having 'wiped' it, is it really wiped?

I fear ;) that you are falling, as most people normally do, into a conspiracy theory of some kind (even if slightly :)).

I would like to analyze the thing from a different standpoint, if you don't mind :cheers:.

  • If you want to be 100% secure that noone puts their nose into your things, DO NOT WRITE ANYTHING and just memorize them.
  • If you want to be 100% secure that noone puts their nose into the things you have written, don't EVER give anyone access to them.
  • The use of the SH-1 degausser® - though rudimental - has proved over the years to be a very good method of making sure that anything - be it optical, magnetic or solidstate based - will NOT be READ by anyone.

Here is an actual representation of this simple, yet powerful, tool in action :worship::
Posted Image

It produces eddy sledgy© currents that make sure that ANY metal (or non-metal, a clear advantage over a common degausser :D) layer will not be ANYMORE the same as before.

But, if you don't want to go this way, and actually want to mantain the physical integrity of the devices, you need to do some calculations.

  • Amount of actual meaningful and sensitive data actually present on the device (which does not include programs, music, videos, lolcat images, p0rn downloaded that some malware put on the device, etc., etc.), expressed in percentage of the device size (let's take an 8 Gb device for the sake of the example):
    4,387 bytes (scattered over 7 files, each on average 100 Kb) 4,387/8,192,000,000=0.0000005355224609375
  • Amount of possible people to whom you may want to give your old device: 5
  • Average among them that may be interested to your data: 1
  • hence probability of giving to the actual one interested and not to any of the other peeps 1/5=0.2
  • Amount of people in the WORLD capable of:
    • desoldering the chip (without damaging it) from the actual device
    • analyze it with a FPGA (and build/procure such a device) AND have the funds to do so:

      Figure 2 shows the FPGA-
      based hardware we built to extract remnants. It cost
      $1000 to build, but a simpler, microcontroller-based ver-
      sion would cost as little as $200, and would require only
      a moderate amount of technical skill to construct.

    • finding actually ANYTHING (which is NOT AT ALL like looking for known fingerprints):

      Finally, we assemble the fingerprints and analyze them
      to determine if the sanitization was successful. SSDs
      vary in how they spread and store data across flash chips:
      some interleave bytes between chips (e.g., odd bytes on
      one chip and even bytes on another) and others invert
      data before writing. The fingerprint’s regularity makes
      it easy to identify and reassemble them, despite these
      complications.
      Counting the number of fingerprints that
      remain and categorizing them by their IDs allows us to ....

  • let's say (BIG NUMBER!) 10,000 :w00t: out of an estimated population of 6,901,400,000 10/6,901,400= 0,000001449
  • Best result obtained by the good guys for a USB stick: 0.64
Thus:
0.0000005355224609375*0.2*0,000001449*0.64=~ 0,00000000000009932314 or 1*10-14

Taking into account a factor of correction of 1,000,0000 or 1*106 :w00t: for possible errors in the previous calculations, we should get the actual probability as 1*10-8 or 0.00000001
Thus you have a 1-0.00000001=0.99999999 or 99.999999% probability that your secrets will remain so.

I think I will - in my complete unconsciousness and recklessness - sleep well even the night after having given away a half-@§§edly wiped USB stick. :smiling9:

Compare with the known cleaning lady danger :) :
http://reboot.pro/12367/

:cheers:
Wonko

#155 steve6375

steve6375

    Platinum Member

  • Developer
  • 5,407 posts
  • Location:UK
  • Interests:computers (!), programming (masm,vb6,C,vbs), OSes, photography,TV,films,guitars
  •  
    United Kingdom

Posted 22 February 2011 - 08:01 PM

I agree that it is VERY unlikely that any ordinary person would bother to recover the data, but there are two things that you need to consider:

1. It is MUCH easier and cheaper to get at the unerased data on a flash chip than the 'erased' off-track residual data on magnetic platters - and people already seem to be paranoid about HDD residual data hacking...
2. Government agencies expect their drives to be securely wiped before disposal/recycling. This paper shows that the 'wipe' that they currently do is probably not good enough.

Therefore, however unlikely, it is easier and cheaper to hack flash memory than a hard disk - so high-security agencies need to be careful when they dispose of their SSDs. It is possible to clamp a socket over the top of these chips and get instant access.

#156 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 10,988 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 22 February 2011 - 08:35 PM

I agree that it is VERY unlikely that any ordinary person would bother to recover the data, but there are two things that you need to consider:

1. It is MUCH easier and cheaper to get at the unerased data on a flash chip than the 'erased' off-track residual data on magnetic platters - and people already seem to be paranoid about HDD residual data hacking...
2. Government agencies expect their drives to be securely wiped before disposal/recycling. This paper shows that the 'wipe' that they currently do is probably not good enough.

Therefore, however unlikely, it is easier and cheaper to hack flash memory than a hard disk - so high-security agencies need to be careful when they dispose of their SSDs. It is possible to clamp a socket over the top of these chips and get instant access.

WHY? :fine:

I am NOT (and I presume MOST members of boot-land reboot.pro :dubbio:) :
  • Government agencies
  • paranoid people
  • high-security agencies

those are all theories and experimental results that they may need to consider. :fine:

:smiling9:
Wonko

#157 MedEvil

MedEvil

    Platinum Member

  • .script developer
  • 7,771 posts

Posted 22 February 2011 - 09:02 PM

but there are two things that you need to consider:

and people already seem to be paranoid about HDD residual data hacking...

People are not paranoid, because they fear for their data. People are paranoid, because they were made paranoid, by fear mongers!

2 years ago a tv show made an interesting test and asked people on the street, what they were afraid of.
The top 3 were terrorism, earthquakes and tsunamis.

Well the last act of terrorism here in Germany, was more than 30 years ago. Earthquakes in Germany feels like a lorry driving by, if we ever have any at all. And a Tsunami would have a pretty hard time to reach middle Germany were, the questions were asked.

In short, people were afraid of what they were told to be afraid of in the media, not of any real dangers like crossing a busy street or using the car at bad weather.

Most people are just too happy to replace knowledge with blind belief.

:dubbio:

#158 TheRookie

TheRookie

    Newbie

  • Advanced user
  • 156 posts
  • Location:in your mind
  • Interests:computers: (repairing, administration), reading: (technological info), outing: (having a good time), music (electronic, house, instrumental...) and hiking
  •  
    South Africa

Posted 23 February 2011 - 10:43 AM

Hi,

Just chiming in, but not much... unfortunately it aint a free lunch, but...

Advanced functions of O&O TotalErase
As a first in its field, “O&O TotalErase” provides the user with a completely new feature: the fully-integrated “O&O TotalErase Assistant” now allows you
to delete an entire system, including the system partition, with no need for Boot medium. New with Version 4 is the option of exclusively deleting the
system partition whilst excluding other partitions.

I've not seen any other commercial software claim to do this.

:dubbio:

#159 skyide

skyide

    Frequent Member

  • Advanced user
  • 196 posts

Posted 23 February 2011 - 10:56 AM

You may want to read this: http://www.lifehacke...id-state-drive/

#160 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 10,988 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 23 February 2011 - 11:15 AM

You may want to read this: http://www.lifehacke...id-state-drive/

Which is actually what steve6375 posted on #149 :thumbsup:
http://reboot.pro/13601/page__st__148
You may want to read the thread before re-posting the same things. :dubbio:

:cheers:
Wonko

#161 skyide

skyide

    Frequent Member

  • Advanced user
  • 196 posts

Posted 23 February 2011 - 11:38 AM

You may want to read the thread before re-posting the same things. :dubbio:
:cheers:
Wonko


Have you seen the size of this thread? :thumbsup: Still nothing compared to others... but yeah, I should have read it (I posted it at random in the hope it would help others but have no interest in the subject)

#162 MedEvil

MedEvil

    Platinum Member

  • .script developer
  • 7,771 posts

Posted 23 February 2011 - 02:23 PM

O&O TotalErase seem to do exactly, what i was looking for, unfortunately it does not use ATAPI erase.
So no perfect erase and quite slow.
But so far the only solution. Great find, Rookie!

:dubbio:

#163 boxer

boxer
  • Members
  • 2 posts
  •  
    United States

Posted 18 March 2011 - 06:23 PM

To start give East-Tec Eraser at "east-tec.com/consumer/eraser/" a look, very secure erasing, meets and exceeds government and industry standards for the permanent erasure of digital info. I've been using it for years. Then take a look at this project I've been working on, Backtrack4 at "backtrack-linux.org" "Home of the highest rated and acclaimed Linux security distribution to date"

It's free to download and use, it's intended for all audiences from the most savvy security professionals to early newcomers to the information security field. Well documented, The National Security Agency and the Central Security Service and other government bodies use this distro as their main testing platform. BT has indispensable tools related to security, forensics, penetration testing and everything else in between. It far exceeds anything EVER developed commercially and is freely available. BackTrack is the one-stop-shop for all of your security needs.

#164 chillshy

chillshy
  • Members
  • 1 posts
  •  
    United States

Posted 12 July 2011 - 02:07 AM

I am lost....lol

#165 Boot_Monkey

Boot_Monkey

    Frequent Member

  • Advanced user
  • 142 posts
  • Interests:Umm, Bootdisks.
  •  
    Australia

Posted 05 July 2012 - 03:15 AM

No need to disconnect??? Have we found a BIOS yet that you have to disconnect the drive - i.e. that freezes the drive before it boots to MSDOS?

  • Switch off system - switch on system
  • Boot to DOS
  • Run HDDErase


HDDErase sucks balls. Mainly because of the need to change the SATA Mode to ATA. Some machines don't have that option.

Also HDDErase lacks SATA driver support and can't handle frozen drives. You need to reboot and try again.