Jump to content











Photo

Fast erasing of running local system.


  • Please log in to reply
7 replies to this topic

#1 joakim

joakim

    Silver Member

  • Team Reboot
  • 912 posts
  • Location:Bergen
  •  
    Norway

Posted 28 July 2013 - 09:47 PM

Just came to think about how one would or could erase the local system volume (of your live and running Windows) as fast as possible. A strange scenario one may think..

 

But for verify obscure security reasons. Lets say have the erasing start within a few seconds, and with minimum interaction needed.

 

Maybe it is safe to assume one would have to reboot, at a minimum, in order to boot into something different capable of overwriting the disk. But how do it fast?

 

Options:

  • Have a BCD or boot.ini entry for booting an alternative OS (from iso perhaps). DBan or something else preconfigured.
  • Anything else?

 

On the other hand, one could have booted a livecd/winpe or encrypted system volume, where all necessary would be a "power off operation". But lets say this does not count for the moment, or is not an option.

 

I believe a native application http://technet.micro...s/bb897447.aspx can be coded to achieve the goal. If that's true, though I am not sure yet, then you don't need to boot into a different OS, since all it takes is one executable into systemdir and modification of one registry value (which can be easily automated). I am tempted to try this, but would like some opinions and thoughts on the matter first.



#2 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15185 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 29 July 2013 - 10:13 AM

The best we could came up at the time with is represented here:

http://reboot.pro/to...e-from-windows/

Do check the whole thread but "final" product is here:

http://reboot.pro/to...ndows/?p=119538

 

But this is about "wiping" the whole thingy (this won't be that much fast) as the above method (which is the fastest one, as it uses the internal ATA Safe Erase commands) will however take at least a couple of hours.

 

Now something one could think of (in order to speed up things) would be to wipe only relevant parts of the filesystem and files or, more specifically start by wiping the most "sensitive" parts, so that the effectiveness of the wiping is proportional to the time "available" for the wiping.

 

To be blunt :w00t:, when the Feds knock on the door :ph34r: and you initiate instantly the "whatever", all would depend on the time you can gain before they pull the cord from mains and/or remove the battery ..... ;).

 

:cheers:

Wonko



#3 joakim

joakim

    Silver Member

  • Team Reboot
  • 912 posts
  • Location:Bergen
  •  
    Norway

Posted 29 July 2013 - 04:02 PM

The best we could came up at the time with is represented here:

http://reboot.pro/to...e-from-windows/

Do check the whole thread but "final" product is here:

http://reboot.pro/to...ndows/?p=119538

 

But this is about "wiping" the whole thingy (this won't be that much fast) as the above method (which is the fastest one, as it uses the internal ATA Safe Erase commands) will however take at least a couple of hours.

 

Now something one could think of (in order to speed up things) would be to wipe only relevant parts of the filesystem and files or, more specifically start by wiping the most "sensitive" parts, so that the effectiveness of the wiping is proportional to the time "available" for the wiping.

 

To be blunt :w00t:, when the Feds knock on the door :ph34r: and you initiate instantly the "whatever", all would depend on the time you can gain before they pull the cord from mains and/or remove the battery ..... ;).

 

:cheers:

Wonko

1. Nice discussion in those links.

2. That's also one of the things I thought of, to make something intelligent, like going for the parts that make the most damage to FS first. Things like MFT and first sector per cluster etc.

3. At least the Feds would have an incentive to not pull the cord immediately, as memory/decrypted disks likely would be valuable to them.

4. Will do some tests on my native app theory.



#4 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15185 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 29 July 2013 - 04:36 PM

The point (IMNSHO) is that - apart from the fun of exploring native apps, etc. and doing (seemingly) cool things, what would be the actual use of such a tool?

 

I mean a strong degausser or good ol' thermite are already (or should be) widely used by those that are actually in the condition of being knocked on the door by the Feds (or local Police/ehatever) and those are FAST.

 

There are BTW other ways:

This one can be - besides bought for a "fair" enough amount of money:

http://www.bustadrive.com/index.html

http://photos.pcpro....ustadrive22.jpg

shamelessly copied and re-created DIY from some scrap metal parts and a US $ 20/40 worth hydraulic bottle jack.

 

 

On the other hand if the idea is to protect privacy when you sell an old hard disk/storage device, then you do have a few hours time for a "proper" wiping.

 

Personally I would rate the usefulness of a software tool capable of deleting *some* data in anything more of a bunch of seconds as useful as the "Drone Shield" (example of a hardware device with NO or near to none actual usefulness):

http://www.msfn.org/...ering-overhead/

 

:cheers:

Wonko



#5 joakim

joakim

    Silver Member

  • Team Reboot
  • 912 posts
  • Location:Bergen
  •  
    Norway

Posted 29 July 2013 - 09:01 PM

Native apps is interesting to explore, and maybe not useful. Still fun to mess with. Have compiled something for a test which works on nt5.x, but the nt6.x is not solved yet. It is strange considering the priviliged level the code is running in. Maybe autochk does some magic. Need more disassembling.



#6 DarkPhoeniX

DarkPhoeniX

    Frequent Member

  • Team Reboot
  • 452 posts
  • Location:In the middle of nowhere
  • Interests:Interesting Things
  •  
    South Africa

Posted 29 July 2013 - 09:53 PM

An alternative to Whipping is Encrypting

I have a Drive Partitioned With Some Sensitive DATA (Passwords)at work with Bit-locker

 

But if you have the time proper whipping can be Guaranteed



#7 saddlejib

saddlejib

    Frequent Member

  • Advanced user
  • 270 posts
  •  
    United Kingdom

Posted 29 July 2013 - 10:12 PM

Search was and science being what it is (progressive):

'sublevel extraction of magnetic imprint hard drives.'



#8 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15185 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 30 July 2013 - 11:04 AM

Search was and science being what it is (progressive):

'sublevel extraction of magnetic imprint hard drives.'

Not to be confused with "sub-atomic extraction of fluff from senseless statements through cathodic deionization". :ph34r:

 

In order to use this technique however at least a part of the statement needs to be non-senseless and non-fluff :whistling:.

 

@DarkPhoenix

JFYI, there is a lot of data about wiping hard disks, but there are AFAIK very few experiments involving whipping them, either meaning of it :dubbio:.

 

 

:cheers:

Wonko






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users