Category Archives: hard drive wiping

Securely erase individual files

As I might have previously mentioned1) 2), pressing “delete” in Windows (or on Linux or Macs) does not remove the file from the hard drive. The only thing that happens is that in the big list of files, the entry for that file is removed, so that the operating system knows that if it wants to, it can go ahead and write to the place on the hard drive where that file used to be stored. Now, you can wipe the entire hard drive if needed, but is there any way of securely removing individual files?

Short answer: No.

For the long answer, read on below.

Continue reading

Advertisements

1 Comment

Filed under hard drive wiping, NSA, operating systems, security, software, Windows Vista

Securely erase hard drives

In a previous post I wrote about disk wiping tools. If you haven’t read that article, I suggest reading it before reading this one. Also, this article is written with the assumption that the reader has a fair amount of technical knowledge.

The reasons for wanting to wipe a hard disk drive are many:

  • You might expect a visit by NSA-SCS.
  • You might suspect a rootkit infestation.
  • You might wish to sell your old computer or throw it away and you don’t want your anyone else to get a hold of your private data 1).
  • Same as above, only for companies, hospitals, law firms or anyone else with legal obligation to prevent the spreading of sensitive data.
  • You’re simply paranoid.

Whatever your reasons are, you need to make sure that the data that used to be on your hard drive are gone, hence the need for a disk wiping tool.

But as mentioned in my previous post, wiping tools – that is; block erase wiping tools (BEWTs) – have certain limitations:

  • Hidden data areas (HPA/DCO) might not be wiped, possibly leaving rootkits in place (although probably non-functional).
  • Blocks marked as bad by the hard drive itself are not wiped (blocks marked as bad by the operating system only will be wiped). This information is possible to recover using exotic forensic techniques 2).

In addition to these two previously mentioned limitations, the following apply:

  • When data is overwritten (block erased), the old data on the hard drives might leave magnetic information on off-track areas of the hard drive. BEWTs have no way of erasing this off-track information. This information is theoretically possible to recover using exotic forensict techniques. 3)
  • On modern, high-capacity drives, multiple overwrites are no more effective than a single overwrite. 4)
  • BEWTs are suseptible to malware attacks. 5)
  • Using BEWTs takes time. Following the old DoD 5220.22-M directive of 3 consecutive wipes might take as much as 24 hours on a 250GB disk. BEWTs can exceed the DoD standard and wipe a drive as many as 35 times, leaving the computer used for wiping non-operational for weeks.
  • When you’ve run a BEWT, you have little posibility of verifying that a complete wipe has taken place; that all user accessible areas has been wiped. You’ll have to rely on the information that the BEWT gives you.

Enter Security Erase
Lately there’s been some hype about the relatively new ATA command addition called Secure Erase (part of the ATA Security Feature Set), from now on refered to as “ATA-SE”. ATA-SE is an ATA command (SECURITY ERASE UNIT) built into hard drive firmware that, if executed, orders the hard disk drive to wipe itself. Using software similar to BEWTs (boot disk with an ATA command program) you can trigger this built-in function, wiping your hard drive. Alternatively, you can use the same program to simply lock the hard drive rendering it useless, so that only a wipe (or providing the correct password) can unlock the drive to make it usable again 6). If you have a disk drive produced 2001 or later (with a capacity of 15GB or higher) there’s a 99% chance that your hard drive implements ATA-SE.

But what’s the hype about?

Continue reading

12 Comments

Filed under ATA, data forensics, data recovery, encryption, hard drive wiping, hard drives, Ibas, NSA, security

Can God Create a Rock So Heavy Even He Can’t Lift It?

Relax, this hasn’t turned into a religious blog, I’m simply drawing a parallel to one of the best data recovery companies out there, Norwegian Ibas. Ibas are experts on recovering lost or hidden data. And it’s amazing how often they succeed. Take a look at this charred wreck of a burnt PC1):

Burned PC 

On this particular PC 100% data was recovered.

What’s this got to do with you, you ask? Or with Gawd, for that matter?

Well, if you have sensitive data that you do not want anyone to find, let alone be able to read then companies like Ibas (or NSA, for that matter) are your worst nightmare. If the data has ever been stored on your computer these guys can probably find it. Pressing “Delete”, formatting the disk or using “fdisk” or similar tools will NOT do the job. If you have data that you want to get rid of, you need something serious.

Hence the God analogy – Ibas know how to treat the data so that they themselves cannot recover it. Enter: ExpertEraser

Continue reading

3 Comments

Filed under data forensics, data recovery, DBAN, hard drive wiping, hard drives, Ibas, NSA, privacy, security, software