Complete Data Wipe

[demon2004]

is there a free program that will let me whipe my hard drive so that data can't be found

[synaesthetic]

A really big hammer.

[scr]

A classic, time-tested trick would be to put your hard drive into a bucket of acid. (No, seriously.)

[synaesthetic]

Jests aside, depending on how determined one is, it can be very difficult to completely erase the data on a hard disk without destroying the hard disk.

If you have data on the hard drive that is of questionable legality it may be a good idea to destroy the disk and take the loss. ^^;

[Renegade334]

One that completely erases a hard drive? And free at that? Uh-huh...

Had it not been for that last part I would have offered LSoft's Active@ KillDisk, which offers a range of wiping standards such as GOST, U.S. DOD 5220.22-M, HMG IS5, VSITR, NCSC-TG-025 or Gutmann, to name a few. Contrarily to its free version, which only has the minimalistic one-pass zero standard, it performs quite well (it has two options, wipe and kill: the former destroys data that should've been erased but still registers under the surface - all the while keeping existing and perfectly legit files intact - and the latter is what you're asking for: burning the entire surface until nothing remains)...but, here's the cinch: it's shareware.

Anyway, short of magnetizing your HDD to death or dumping it in a bucket of aqua regia as (jokingly) advised above, the best and more thorough data disposal algorithm would be Gutmann, which rewrites each sector a whopping 35 times until it is impossible to retrieve the original data. But if you have, say, a 250/500/1,000 Gb drive to 'sanitize'...then you're in for a LONG period of wait. Oh, yeah...very long. And, as synaesthetic suggested, I don't know how much impact this practice (hopefully not a frequent one) will have on the hardware's life expectancy.

But is there an application that does a 7-pass algorithm or more, for free? I'm afraid I don't know any. DOD-5220.22-M (3-pass) seems to be a good compromise and some popular applications such as WinZip 14 or CCleaner already use it (CCleaner even offers Gutmann), but only for local/temp file disposal, not drive wiping.

[hobbes_fan]

http://www.dban.org/
Offers both DOD and Gutmann wipes

I mean honestly thermite/complete physical destruction of the platters is the only 100% safe way. But to be honest you're averge crook isn't going to have the tools or the patience to recover data from something that's been wiped 3/4 times. Let alone if the drive was encrypted previously then they're in for a wait - more likely years unless they're packing a CRAY XT5 somewhere. It'd take an ungodly amount of time with little to no reward. There are easier ways to scam people than to do an investigation of a physical hard disk at a forensic level.

[synaesthetic]

Unless he's trying to hide from the FBI. ^^;

[Renegade334]

Well, it's also useful if you've got spyware/virii running rampant on your disks and the malware refuses to keel over- had one such case not that long before...or he's giving the drive away and wants to get rid of data such as paypal receipts and whatnot. Or indeed, he's got a guilty conscience and the IRS/FBI/NSA/ATF is hounding him.


As for me, a three-pass wipe (DOD 5220.22-M) is good enough. Gutmann is only appropriate if you have a severe case of paranoia as well as too much time on your hands. I'm not sure the intense workload is good for the HDD life expectancy either.

[Tiberium Wolf]

Lol... Why do u need to be so extreme to wipe all data? Did u do something illegal? If yes I suggest u turn yourself in to the police. It's the right thing to do.

[hobbes_fan]

Quote:

Originally Posted by synaesthetic

Unless he's trying to hide from the FBI. ^^;

Then he's got bigger problems. IP logs if stuff has been downloaded, hell even ram can be analysed, if it's an SSD then who knows how they do it. 9/10 if a government agency is after you and it gets this far as to analysing physical media then you can bet that there's a mountain of evidence already and they're just looking for the nail in the coffin. A warrant to seize property requires a fair bit of work to even get that far.

I upgrade my pc's quite regularly and I sell the old gear to offset the cost. I do my banking on these pc's, and I keep scanned copies of my documents like licenses, credit cards, tax returns and the like. It makes stuff easier to to cancel or request a replacement when you can provide specific documents if required. I would never ever sell a hard drive unless I wiped it 3-4 times using a secure method like DOD5220.22 or Gutmann. If you've ever used even the basic freeware data recovery software then you'd seethat it's quite easy to recover data using normal formats.

[chikorita157]

Hmmm... I don't see a reason why would you want to do a encrypted erase of the whole HD, unless you do something illegal... Usually erasing the data from the HD and zeroing it out is usually enough to prevent recovery of data... if you are more paranoid, you can do a 7 or 36 pass of zeroing out data... it will sure prevent any recovery of data using of file recovery tools.

Note that data recovery is currently impossible for SSDs since the tools are not out there to recover files from those discs but may in the future.

[hobbes_fan]

It's common practice for banking, financial and medical institutions when they migrate to new gear, at least for the ones I've worked for and that's on top of the already encrypted original data.

Actually if you read up on how an SSD writes and reads data then it is easier to do it. Wear levelling algorithims in particular make it a lot harder to do a secure deletion. Physical hacks have been demonstrated to be able to "read" what was thought to be securely deleted data. Like cold boot attacks and other hardware attacks

[mg1942]

Quote:

Originally Posted by synaesthetic

A really big hammer.

that's too barbaric
how bout a really powerful magnet?

[felix]

Quote:

Originally Posted by mg1942

that's too barbaric
how bout a really powerful magnet?

Too costly and troublesome... you know man discovered fire for a reason.

[jpwong]

Quote:

Originally Posted by mg1942

that's too barbaric
how bout a really powerful magnet?

$5 vs like $10,000+? I'll take the hammer thank you very much

But in all reality, physically destroying the disks is the only cost effective method (unless you're talking vast quantities) to ensure your data isn't out there for the world to see.

[Claies]

The only way to stop specialized hardware from analyzing your disks is to have specialized hardware that will destroy them. When I say destroy, I mean the disk can no longer be called one. Short of that, there's nothing you can do to the line of a "complete" wipe.

Conventionally, if you want to stop the people who don't really really want your data, you can try to boot into Linux and use the command:
dd if=/dev/zero of=/dev/hda

with root privileges. This will attempt to write over every part of the entire drive with zeroes.

[Renegade334]

Quote:

Originally Posted by Claies

Conventionally, if you want to stop the people who don't really really want your data, you can try to boot into Linux and use the command:
dd if=/dev/zero of=/dev/hda

with root privileges. This will attempt to write over every part of the entire drive with zeroes.

A one-pass zero wipe? How well does that fare against software like, say, Recuva, Active@File Recovery, GetDataBack, R-Studio or TestDisk?

I once used the Wipe function in Active@Kill Disk to clean the free space, unused clusters and MFT areas (it doesn't touch the legit/existing data, though) with the aforementioned DOD-5220.22-M standard, but the in-built HEX editor still managed to find things that should've been nuked (mostly ZIP archives, but it appears the data is garbled enough to thwart full content recovery) MONTHS ago, even after several wipes.

The only time I had a serious need for A@KD was to make sure a certain infected file (which a friend - whose sense of security I trusted overmuch - lent me and ended up creating a duplicate WinLogon) was absent from the platters. It seems to have done the job but I think that unless you go for the overkill Gutmann, some...clues will persist on the disk, though they'll be heavily corrupted. Even more if the said disk was encrypted prior to the wipe.

[Claies]

Quote:

Originally Posted by Renegade334

A one-pass zero wipe? How well does that fare against software like, say, Recuva, Active@File Recovery, GetDataBack, R-Studio or TestDisk?

Useless. Slightly more sophisticated and probably just as worthless is this:
dd if=/dev/urandom of=/dev/hda
dd if=/dev/zero of=/dev/hda

Which writes your hard drive with pseudorandom (aha!) bits, and then writes that over with zeroes.

I don't remember where, but some suggest running this several times to ensure that it doesn't miss a few bits (not sure how that makes sense, I need to find a couple papers). I haven't read extensively into this, but apparently the magnetic properties of the platter itself can be analyzed in a clean room for past overwrites. Software isn't going to solve that problem. If people really really want it more than you really want to destroy it, they'll get it.

This is how you destroy a drive. As I said, you shouldn't be able to call it a drive in the end.
http://driveslag.eecue.com/

[SirJeannot]

for the ones just wanting to do it using windows, i would recommend eraser. pretty handy, especially the feature to clean only free space
same erasing "standards" as dban are available.

http://eraser.heidi.ie/