Jump to content











Photo
- - - - -

What is the best way to remove files from a hdd?


  • Please log in to reply
4 replies to this topic

#1 Mikorist

Mikorist

    ▂ ▃ █ ▅ ▆

  • Advanced user
  • 737 posts
  •  
    United Nations

Posted 21 March 2007 - 12:15 AM

What is the best way to remove files from a hdd?



FORMAT.COM is an external MS-DOS command, located by default in C:\Windows\Command
Hidden Parameter :
Hidden parameter are not documented by Microsoft and is find by users threw experiments.

1) FORMAT /AUTOTEST :
FORMAT /AUTOTEST checks for the existing format of your disk, unless the /U (UNCONDITIONAL) parameter is also used, and then proceeds with an UNATTENDED DISK(ETTE) FORMAT:

DOES NOT prompt for a volume label!
DOES NOT prompt to format another disk(ette)!
NO delay: NO user intervention!
Ends WITHOUT pausing!
After completion, it DOES display disk space statistics.

2)FORMAT drive: /U :
FORMAT drive: /U performs an UNCONDITIONAL format, which DESTROYS every byte of data on ANY hard disk/floppy by overwriting it with zeroes (hex F6h).

3) FORMAT drive: /SELECT /U :
FORMAT drive: /SELECT /U makes a disk(ette) UNREADABLE by filling the system area (sector 0) with zeroes (hex F6h), due to using these two incompatible options together. All other sectors are left intact



What Google find about this...

From:

http://antionline.co...p/t-235813.html


Interesting is that evry link from this page is dead :cheers:
I put in this 1`st QUOTE 2 true links.....

--------------------------------------------------------------------------------------------------------------------
There are "de-magnetisers" machines (degausser) that are used for disabling drives that have contained top-secret data, and these cost a bundle. However, only using software, you can only have the drive read or write data. The drive heads cannot just "scatter magnetic charges"... how would a head that is designed to read and write individual bits (in block), ie precisely, be able to do that?. Besides, if it were the case, the drive would either need a low level format after that or be filled with bad clusters, ie: be just plain dead.

Here's an extract of DoD 5220.22-M shredding guidlines:

http://www.killdisk.com/dod.htm

chapter8

a. Degauss with a Type I degausser

b. Degauss with a Type II degausser.

c. Overwrite all addressable locations with a single character.

d. Overwrite all addressable locations with a character, its complement, then a random character and verify. THIS METHOD IS NOT APPROVED FOR SANITIZING MEDIA THAT CONTAINS TOP SECRET INFORMATION.


Also, a comparaison of software "shredders" can be found here:
http://www.sdean12.o...n_Shredders.htm
(Check the "Overwrite algorithm" row for wiping technique)

--------------------------------------------------------------------------------------------------------------------

Well, no, IT IS possible:

Overwriting data on disk isn't like filling a closet, it's like writing over used paper... What happens is that when the disk heads write on the platter, it re-aligns magnetite (or whatever magnetic compound they use) in a diffrent direction. However, a single write doesn't manage to get all magnetite (or whatever) particuls re-alligned. So while the majority of particuls will have change directions, there will be a few residual ones that will still be oriented in the previous direction.

So finding out what data was there before means using a more sensible device that can distinguish or detect variations in the magnetic field or such... (That's why whiping software will make multiple writing passes, sometimes with randomized caracter, in order to try and re-allign all particuls). Of course this is hard to do and pretty expensive, but people with enough money and resources (think FBI, CIA, NSA...) could and do have the means to do it. In fact, I remember reading somewhere that it was rumored the NSA (I think) was able to recover data after 27 passes!

--------------------------------------------------------------------------------------------------------------------

When data is written to magnetic media it is written to a magnetic domain. This domain consists of a number of magnetic bits (not to be confused with a data bit 0 or 1) which receive the magnetic charge. Not all of the bits in the magnetic domain will change when the head passes over during the write operation and will retain the magnetic properties from a previous operation. Does this mean that a magnetic domain can contain magnetic bits that are set to a zero and magnetic bits that are set to a one? It certainly does, but if the write operation was setting the bit to a one then the majority are set to a one, strongest at the center of the domain weaker at the edges.

Remember in grade school when you put metal filings on a piece of paper and ran a magnet underneath. Most of the filings lined up and pointed in the same direction, but the ones at the edges didn't all point with the others. The same thing is happening when you write to the hard disk.

Is it easy to peel back these layers to determine what was overwritten? With modern hard disks this is a difficult, costly, and time consuming process but portions of overwritten data can be recovered if it was overwritten or wiped with a single pass process. The minimum process that should be involved in a wipe would be a three pass write. A three pass will make one pass writing 00 followed by it's complement which is an FF and a final pass of random data. It is still possible to recover some data after a 3 pass wipe, but whoever does will want that data very badly and have the $$ to attempt the recovery. Generally a 7 pass wipe will make it near impossible to recover the data and I have never heard of any data being recovered after a Guttman 35 pass wipe. (Disclaimer.. Doesn't mean that those agencies with 3 letter names can't do it but they would really want you bad to go to the expense involved)

--------------------------------------------------------------------------------------------------------------------

Awesome tools:

DBAN: Darik's Boot and Nuke: (free)


Darik's Boot and Nuke ("DBAN") is a self-contained boot floppy that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.
DBAN is a means of ensuring due diligence in computer recycling, a way of preventing identity theft if you want to sell a computer, and a good way to totally clean a Microsoft Windows installation of viruses and spyware. DBAN prevents or thoroughly hinders all known techniques of hard disk forensic analysis.

Download


Eraser: (free)


Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP, Windows 2003 Server and DOS.
Eraser is Free software and its source code is released under GNU General Public License.

The patterns used for overwriting are based on Peter Gutmann's paper "Secure Deletion of Data from Magnetic and Solid-State Memory" and they are selected to effectively remove magnetic remnants from the hard drive.

Other methods include the one defined in the National Industrial Security Program Operating Manual of the US Department of Defence and overwriting with pseudorandom data. You can also define your own overwriting method

Download

#2 Moon Goon

Moon Goon

    Frequent Member

  • Advanced user
  • 270 posts

Posted 26 March 2007 - 03:49 AM

Well, there's best as in "most thorough" and best as in "fastest"

I'd be interested in the middle ground: "Fastest that defeats most data recovery utilities"

Right now Deriks seems to be the most thorough but Partition Magic has been the best middle ground.

Just my opinion. I'd love to hear someone else's experience with "fast but secure enough" utilities.

#3 MedEvil

MedEvil

    Platinum Member

  • .script developer
  • 7771 posts

Posted 26 March 2007 - 02:09 PM

Well, there's best as in "most thorough" and best as in "fastest"

I'd be interested in the middle ground: "Fastest that defeats most data recovery utilities"

Right now Deriks seems to be the most thorough but Partition Magic has been the best middle ground.

Just my opinion. I'd love to hear someone else's experience with "fast but secure enough" utilities.

Partition Magic destroys data? What version?

#4 Moon Goon

Moon Goon

    Frequent Member

  • Advanced user
  • 270 posts

Posted 06 April 2007 - 07:14 PM

Don't remember which versions specifically, but.. I usually see this option in the Windows versions. never seen it on the DOS ones.

#5 MedEvil

MedEvil

    Platinum Member

  • .script developer
  • 7771 posts

Posted 07 April 2007 - 12:09 AM

Don't remember which versions specifically, but.. I usually see this option in the Windows versions. never seen it on the DOS ones.

Ah, that explains it. Have never used the Windows version.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users