What is the command which completely erases sensitive data on a Windows (XP) NTFS hard drive?
Also, I get confused between FORMAT and FDISK.
Gerald
++++++++++++++++++++++++++++++
You might mean this:
http://www.microsoft.com/technet/sysinternals/utilities/SDelete.mspx
Other sites suggest that it is OK for XP.
As you can see, secure deletion is not trivial. Many programs use temporary files which they delete when they close. The data may remain in the disk's free space. Also, when you save a file, some programs will write a new file, delete the old one and rename the new one to the old name.
Peter Lancashire, Düsseldorf
++++++++++++++++++++++++++++++
None of the commands from Windows will completely erase all data from the disc; you need to run a utility such as DBAN (Darik's Nuke and Boot) free download from here: http://dban.sourceforge.net/ run it from floppy or CD.
Another way is to use the disc manufacturer's low level formatter. Or download a copy of the "Ultimate Boot CD" as most disc manufacturer's LL formatters are on the disc.
Free download from here: http://www.ultimatebootcd.com/
All of these need to be booted at startup. If you have more than one disc in the computer, disconnect the ones that you do not want to erase, and be warned that once you have used any of the foregoing you, as an individual, will not be able to recover any data that was on the disc.
That is not to say that the authorities would not be able to recover any data forensically; they would be able to. If you need to know how contact me privately.
If you use the high level format command from Windows I can guarantee that the data will remain on the disc, and I have tools that will recover that data.
Neither of these commands [FORMAT and FDISK] will erase the data, so it will be recoverable.
Barry Thompson
++++++++++++++++++++++++++++++
If you do use this high level format and then carry on using the disc, gradually filling it up with other info, does the original data still exist 'underneath' as it were? I remember an ADFS utility called 'scrub' I think, which claimed to replace deleted files with noughts in order to eliminate the info.
Edward Naish
++++++++++++++++++++++++++++++
Computer Shopper (April 2007!) says that a program called HDD Wipe Tool from http://hddguru.com should do this. i.e. overwrite the "empty" areas with other data.
Hwyl!
Brynmor Owen
++++++++++++++++++++++++++++++
OK if you intend to re-use the disk - but if it might fall into the hands of the unscrupulous. Put a "Black and Decker" through the middle.
Reason - there will always be 'old' data at the sides of the tracks which is not completely erased or overwritten.
John Evans Mijas Winchester
++++++++++++++++++++++++++++++
The other data will overwrite areas that previously contained data, but the cluster tips will still have data which can be recovered.
I use a program called Eraser: I don't delete files I erase them. The space previously occupied by data is overwritten; the number of times the space is overwritten is settable in the program from one, three, seven or thirty-five times. Version 5.82 available free from: http://www.heidi.ie/eraser/
Barry Thompson
++++++++++++++++++++++++++++++
My installation of PGP has a data eraser function built in. It claims that most users will be "okay" with one to three passes; it then goes on to say that the security of the data on the drive can be increased by increasing the number of passes further. It claims that 26 passes is about as good as it gets and the increase in security of your old (and now very much wiped data) for 27 passes is negligible. It's allegedly military grade disk formatting, but I tend to take that sort of thing with a pinch of salt.
My friend who was part of OXCERT and now works for Deutche Bank IT security response team has informed me that not all disk eraser software is born equal. Merely formatting with 0's is not enough. No matter how many times you pass over the disk. You have to have software that writes random data in random patterns where each pass is different from the last. He reliably informs me that, if using just 0's, data can be recovered no matter how many passes the drive has undergone... I'm sceptical on that point, but he assures me it is correct although I'd like to think that it just makes the number of passes too high to bother rather than impossible to completely wipe.
The disk forensics toys he has access to are, I have to say awesome. I have several disk recovery tools that have proved good, but the kit he has costs an order of magnitude more than what I would be willing to spend. If my kit is good, his is better (I am going green just thinking about it... :) ) after all, you get what you pay for...
Paul Vernon
++++++++++++++++++++++++++++++
Both Eraser and DBAN write random data to the discs and both have settings within the program to choose how many passes are made. The tools that I have cannot recover data when these tools have been used.
Barry Thompson
++++++++++++++++++++++++++++++
I've used DBan to wipe a hard drive for somebody that intended to give away their old PC and she didn't want her old data on the drive for obvious reasons.
I'd be interested to know if Paul's friend's software could recover data after DBan had wiped a drive.
Paul, is there any software he'd recommend to do the job of wiping a drive?
Chris Walker
++++++++++++++++++++++++++++++
I think the point that is being made is that short of physically destroying the disc there isn't a surefire way to destroy all trace of data from all possibility of recovery.
Simply deleting files (or formatting or FDISKing a disc), as everyone knows, leaves the data on the drive and just removes the references to it. Access the disc sectors directly and - with a bit of work - it is possible to re-build these files. Indeed it's a technique I used myself back in the days of DFS to "hack" Revs off its copy-protected floppy (for the purposes of changing the driver names, you understand, not so that it could be copied :-).
Also modern operating systems tend to use a lot of scrap files and will have disc-based virtual memory so although you may delete the "working copy" of a file, there may be fragments - or more - of it laying about elsewhere.
Deleting files and then writing new files of the same or greater size doesn't work because of the above and because the drive electronics may allocate the new file to a different part of the disc, and even if it doesn't:
Overwriting the deleted file's data with new data will work for most domestic circumstances, but I (as an interested bystander) can see two techniques which could forensically recover this data, depending on the age of the original file and the number of times it has been overwritten with different data.
Firstly (and I know HDDs don't really work this way anymore, but I'm sure the principle still stands), consider a cassette recorder with a broken erase head. If you record over an already-recorded cassette with a new signal you don't just hear the new signal, you hear the old one "underneath". It is quieter than the new one, but it is still there.
Likewise with a disc. I can imagine that it is possible to take the (analogue) output of the drive's read head directly to some kind of recording device. This recording will contain a "mix" of both new and old data.
Also take the drive's own output, which will only contain the newer data. From this data you can re-create the signal that the new data would have recorded and subtract it from the raw signal you previously obtained. What is left is old data.
This method presumably becomes less reliable the more the old data is overwritten in the same way that repeatedly recording over a cassette, even with a broken erase head, will eventually reduce the original signal to the level of the tape's noise. Hence these so-called secure deletion programmes offering you a variety of overwriting passes. I suspect that the number of passes required to prevent this method of recovery depends to a large extent on the age of the data you wish to overwrite, the age of the drive and the exact technology used to record data on the disc. Presumably some methods are more robust than others.
The second method I can see working forensically, but not in a domestic setting, relies on mechanical imperfections in the disc drive. A track of data written to disc has a finite width (and depth these days) and the head used to record that data must be less than that width in order to avoid overwriting adjacent tracks. The read head (assuming it is separate) could be substantially narrower to ensure that it always stays well within the written data.
Over time it is possible that the exact placing of these written tracks varies. If some time elapses between the old data being written and the new data overwriting it, it is entirely possible that the new data won't completely overwrite the old because its track isn't in exactly the same place. This won't bother the read head because it is narrow enough to stay within the bounds of both tracks, but if you could manually adjust the position of that read head it might be possible to read the "edges" of the track which might contain more of the old data than the new, allowing you to recover some of it. Not all, I suspect, but if you are in the business of needing to recover data that badly, anything is better than nothing.
I dare say there are other methods which can be used, so long as you have a relatively intact disc platter, and that includes one with a hole drilled through it (what about the bits you haven't drilled through?)
But physically removing the platters and smashing them into myriad pieces with a heavy object must surely destroy all chances of recovering any of that data.
Not that this is necessarily relevant to the original query; a similar one was posted on AoL (which may have prompted Gerald to post here I suppose) and IIRC all that poster wanted was to ensure that should someone happen across her broken laptop in future they couldn't recover sensitive data from the drive. Physically removing the drive from the laptop seemed to me to be the best option and if the drive is still working, why not continue to use it in another machine? It could quite easily slot into a desktop machine with the appropriate adaptor and maybe be a useful backup repository or even just a second physical drive to take some of the pressure of the main drive.
Martin Angove
++++++++++++++++++++++++++++++
Security should always be measured against how much anyone is likely to pay to crack it. If you didn't have steel shutters at your windows when you used the computer you don't need the equivalent when you dispose of the hard drive. For most of us a cycle of zeroes/random entries and re-use is more than sufficient.
John Cartmell
++++++++++++++++++++++++++++++
I think the point may be that unless the person searching for information knows that there is important information on a disk (or in shredded waste) it simply will not be worth their time and energy to search for it after a conventional disk wipe or shredding.
But if someone with highly confidential information is disposing of a computer, it is always possible that he or she may have inadvertantly let that information on disposal get into the wrong hands (in the office or pub). In this case the hammer or drill seems justified since someone could target the disposal and search for the data.
John Evans Mijas Winchester
++++++++++++++++++++++++++++++
Used machines sent to Nigeria, amongst other destinations, are almost routinely checked for any useful data on arrival. Bank accounts have been accessed as a result.
Frank
++++++++++++++++++++++++++++++
In a TV programme in the autumn last year on identity theft, a reporter from the UK went to an African country, probably Nigeria; he purchased several hard drives that were on sale to the general public. The drives had not been wiped and the reporter was able with some assistance to recover personal data from the discs and then visit the previous owners of the computers from which the drives had been removed.
In all cases the computers had been taken to the local council's recycling site for recycling. The council did not recycle them in the UK; instead they were shipped to Africa.
Barry Thompson
++++++++++++++++++++++++++++++