Erase Private Data

Hello,
A friend of mine wants to delete all data (everything: files, programs, OS, etc.) from his laptop Hard Disk such that the data on the disk cannot be retrieved.
What software/ technique can we use to make this happen?
Please also suggest if the disk could be used to do a fresh install after this exercise.
Many thanks,
Yagyesh
15 answers Last reply
More about erase private data
  1. There are numerous programs out there to erase drives from 1-35 passes. Yes, after you have wiped the drive you can reinstall an OS.
  2. We used BCWipe for this a lot when I was in the Army. but just lookup secure erase and you should find many options.
  3. Sdelete is a great, free utility for that purpose:
    http://technet.microsoft.com/en-us/sysinternals/bb897443
  4. Thank you all so much for your help!
    I would be interested to try out "SDelete" first, as it "implements the Department of Defense clearing and sanitizing standard DOD 5220.22-M", like the utility "BCWipe" suggested by slhpss. And is free to use!

    But, it says as per its developer Mark Russinovich, "Note that SDelete securely deletes file data, but not file names located in free disk space." So my question is that once I start using the disk after formatting it freshly, and installing the OS onto it - would the "file names located in free disk space" also be overwritten? Or, you'd suggest some other way to do this please?

    Thanks a lot!
    Yagyesh
  5. Use the -c option

    usage: sdelete [-p passes] [-s] [-q] <file or directory> ...
    sdelete [-p passes] [-z|-c] [drive letter] ...
    -a Remove Read-Only attribute
    -c Clean free space
    -p passes Specifies number of overwrite passes (default is 1)
    -q Don't print errors (Quiet)
    -s or -r Recurse subdirectories
    -z Zero free space (good for virtual disk optimization)
  6. well if you use bcwipe... use the one called total wipeout (used to be called bcwipepd) it's a bootable disk (it's free too) and allows you to wipe the entire disk since you will not be booted into an OS. I assume sdelete has a similar option though i haven't used that product as much.

    if memory serves me correctly you could also make a BartPE disk and this has a secure erase utility built in. You could also check out a few of the "rescue" linux distros and see if they have secure wipe built in... im sure many do.

    I was looking for an awesome recovery CD I used to have... check out Hirens BootCD... the site is a nightmare to navigate but the disk has every utility you will need for anything.
  7. Thank you all for all your help!
    He decided to replace the disk with a new one. As I understood that only Degaussing and Crushing the Hard Disk are fool proof ways. It is possible to recover the data when deleted using other ways like Overwriting using BCWipe or SDelete, or using Secure Erasing, or even other ways.
    But I highly appreciate your time for answering my question, as it gave me a good place to start to learn more on Data Recovery.
    Thanks again.
    Yagyesh
  8. yagyesh said:
    Thank you all for all your help!
    He decided to replace the disk with a new one. As I understood that only Degaussing and Crushing the Hard Disk are fool proof ways. It is possible to recover the data when deleted using other ways like Overwriting using BCWipe or SDelete, or using Secure Erasing, or even other ways.
    But I highly appreciate your time for answering my question, as it gave me a good place to start to learn more on Data Recovery.
    Thanks again.
    Yagyesh


    that's a very extreme method considering the US Gov't allows disks to be reused if they are wiped with random data 7 times...

    the recovery methods to get data back after 7 wipes would be exorbitantly expensive.... is your "friend" really the CIA or NSA? sounds paranoid
  9. If you wipe the drive 35 times it can't be recovered in any way. So I guess I am wondering what he is talking about. Granted the 35 pass wipe takes a while but there is no method to recover data off of it.
  10. Darik's nuke and boot boot and nuke is also very good.

    http://www.dban.org/about
  11. ahnilated said:
    If you wipe the drive 35 times it can't be recovered in any way. So I guess I am wondering what he is talking about. Granted the 35 pass wipe takes a while but there is no method to recover data off of it.


    it does not take a 35 pass wipe....


    Quote:
    Feasibility of recovering overwritten data

    Peter Gutmann investigated data recovery from nominally overwritten media in the mid-1990s. He suggested magnetic force microscopy may be able to recover such data, and developed specific patterns, for specific drive technologies, designed to counter such.[2] These patterns have come to be known as the Gutmann method.

    Daniel Feenberg, an economist at the private National Bureau of Economic Research, claims that the chances of overwritten data being recovered from a modern hard drive amount to "urban legend".[3] He also points to the "18½ minute gap" Rose Mary Woods created on a tape of Richard Nixon discussing the Watergate break-in. Erased information in the gap has not been recovered, and Feenberg claims doing so would be an easy task compared to recovery of a modern high density digital signal.

    As of November 2007, the United States Department of Defense considers overwriting acceptable for clearing magnetic media within the same security area/zone, but not as a sanitization method. Only degaussing or physical destruction is acceptable for the latter.[4]

    On the other hand, according to the 2006 NIST Special Publication 800-88 (p. 7): "Studies have shown that most of today’s media can be effectively cleared by one overwrite" and "for ATA disk drives manufactured after 2001 (over 15 GB) the terms clearing and purging have converged."[1] An analysis by Wright et al. of recovery techniques, including magnetic force microscopy, also concludes that a single wipe is all that is required for modern drives. They point out that the long time required for multiple wipes "has created a situation where many organisations ignore the issue all together – resulting in data leaks and loss. "[5]


    http://en.wikipedia.org/wiki/Data_remanence

    http://www.anti-forensics.com/disk-wiping-one-pass-is-enough

    http://www.anti-forensics.com/disk-wiping-one-pass-is-enough-part-2-this-time-with-screenshots
  12. slhpss said:
    it does not take a 35 pass wipe....


    Quote:
    Feasibility of recovering overwritten data

    Peter Gutmann investigated data recovery from nominally overwritten media in the mid-1990s. He suggested magnetic force microscopy may be able to recover such data, and developed specific patterns, for specific drive technologies, designed to counter such.[2] These patterns have come to be known as the Gutmann method.

    Daniel Feenberg, an economist at the private National Bureau of Economic Research, claims that the chances of overwritten data being recovered from a modern hard drive amount to "urban legend".[3] He also points to the "18½ minute gap" Rose Mary Woods created on a tape of Richard Nixon discussing the Watergate break-in. Erased information in the gap has not been recovered, and Feenberg claims doing so would be an easy task compared to recovery of a modern high density digital signal.

    As of November 2007, the United States Department of Defense considers overwriting acceptable for clearing magnetic media within the same security area/zone, but not as a sanitization method. Only degaussing or physical destruction is acceptable for the latter.[4]

    On the other hand, according to the 2006 NIST Special Publication 800-88 (p. 7): "Studies have shown that most of today’s media can be effectively cleared by one overwrite" and "for ATA disk drives manufactured after 2001 (over 15 GB) the terms clearing and purging have converged."[1] An analysis by Wright et al. of recovery techniques, including magnetic force microscopy, also concludes that a single wipe is all that is required for modern drives. They point out that the long time required for multiple wipes "has created a situation where many organisations ignore the issue all together – resulting in data leaks and loss. "[5]


    http://en.wikipedia.org/wiki/Data_remanence

    http://www.anti-forensics.com/disk-wiping-one-pass-is-enough

    http://www.anti-forensics.com/disk-wiping-one-pass-is-enough-part-2-this-time-with-screenshots


    Have you ever done data recovery? Have you ever been in a court case where they recovered information off a hard drive? Either way, 1 pass is NOT enough. I have done data recovery and you can get stuff off the hard drive very easy if it only has 1 pass.
  13. ahnilated said:
    Have you ever done data recovery? Have you ever been in a court case where they recovered information off a hard drive? Either way, 1 pass is NOT enough. I have done data recovery and you can get stuff off the hard drive very easy if it only has 1 pass.


    Really? cause I'm a rocket surgeon.... isn't the internet wonderful... you can be anything you want... with a FORMAT you can get anything back super easy.... if you write all 0's to a disk it is impossible...
  14. Not impossible, just very hard. Not "very easy" at all.

    If it was impossible, the wipe standards for DoD would be one pass. And this is not some internet thing I picked up, I was actually in the military and worked at NSA for a while during a re-training.

    What ends up happening is that the magnetic fields on the disk when you do a over write pass do not always line up exactly where the old data went, so you can, using some pretty pricy equipment and a lot of work, find out where the old magnetic data is, and reconstruct it. A bit like writing something on a paper, erasing it, and writing over that. You can still see the indents in the paper where the old writing was, maybe some old marks from the old writing, etc...

    Now you take that paper and you write over it 3-4-5 times, makes it a lot harder to pick out the old marks from the new.
  15. I was in the military... and as we all know the military works on antiquated ideas.... and they have even lowered the number of passes required... a SIPR to NIPR drive move only requires one pass now and used to require 7... the thing is it has been determined that even using an electron scanning microscope you can't determine with certainty the position of the previous bit. it was thought that a 1 being over written with a 1 could actually be measured like a 1.05 and a 0 being over written by a 1 could be measured closer to a .95, but even with the equipment and testing it was shown that it's not reliable, and even if 1 bit is off then the entire file could easily become corrupted that is if you could some how manage to take the imaging of billions of microscopic disk sectors and create meaningful data from it...
Ask a new question

Read More

Hard Drives Storage