Completely clean hard drive

[transam02]

I am looking for a good program to completely clean the hard drive of a couple of work pc's with sensitive material on them that cant be seen again. We are looking to sell them and was needing to clean them and reinstall operating system. If anyone has any suggestions please let me know. I am looking for a freeware if possible. Thanks in advance.

 

[gud4u]

Just do a Google search using key words 'wipe disk'.

Hope this helps!

 

[PTNL]

Disk Eraser has worked well for me on the Windows OS:
http://www.heidi.ie/eraser/

 

[BillLeeLee]

DBAN is a popular one. If the date are really, really sensitive, I'd suggest just destroying the drives.

 

[transam02]

Thanks guys. The data is not really sensitive but sensitive enough not to have just a simple program ring some of it back up you know.

 

[D4rkside]

Darik's Boot and Nuke for sure. Great option.

 

[AMD_Gamer]

thermite

 

[onetwenty8k]

Do the Gutmann 35 pass. I mean if you really know what you're doing with digital forensics, data can still be recovered but if the data is that sensitive, use thermite. I actually have a friend who has a ready setup thermite reaction on his HDDs just in case.

 

[hmz]

Darik's Boot and Nuke for sure. Great option.

+1. Worked as described.

 

[milkweg]

Do the Gutmann 35 pass. I mean if you really know what you're doing with digital forensics, data can still be recovered but if the data is that sensitive, use thermite. I actually have a friend who has a ready setup thermite reaction on his HDDs just in case.

From what I have read it doesn't matter if you do just two passes or 100 passes. Once you overwrite the previous data with random data then it is irretrievable. Maybe using forensics hardware they could retrieve something but I doubt they would get much. With forensics software my guess is they would get nothing of use with even just one pass. The Nixon tapes were erased just once and they have never been able to retrieve anything from them so why would it be any different with a HDD? They are both magnetic media and nothing is burned into a HDD permanently when you write to it. Forensics hardware uses microscopy to see if they can see any data in the substrate layers. What do you think their chances are of being able to read full files doing that? My guess is they would get zero full file data and maybe just snippets of data here and there. It is very expensive to do and only something that is done in extreme cases. For the likes of most of us just one or two passes is all we need to do. That's my take on it anyway but don't take my advice and do as you feel necessary.

 

[Gorankar]

thermite

+10
It's the only way to be sure.

boot and nuke. It can take a while if you have a large drive or numerous drives. Let it run overnight while you are sleeping. Definitely a must use if you are selling the pc or hd or just giving it away to a family member.

 

[GushpinBob]

thermite

QFT!

Iron Oxide + Aluminum Powder + Magnesium + Flame = 2500°F of pure fun!

 

[Whatsisname]

if you're worried about the NSA coming after you or something, you might as well do a bunch of passes lol.

From what I have read it doesn't matter if you do just two passes or 100 passes. Once you overwrite the previous data with random data then it is irretrievable. Maybe using forensics hardware they could retrieve something but I doubt they would get much. With forensics software my guess is they would get nothing of use with even just one pass. The Nixon tapes were erased just once and they have never been able to retrieve anything from them so why would it be any different with a HDD? They are both magnetic media and nothing is burned into a HDD permanently when you write to it. Forensics hardware uses microscopy to see if they can see any data in the substrate layers. What do you think their chances are of being able to read full files doing that? My guess is they would get zero full file data and maybe just snippets of data here and there. It is very expensive to do and only something that is done in extreme cases. For the likes of most of us just one or two passes is all we need to do. That's my take on it anyway but don't take my advice and do as you feel necessary.

 

[transam02]

Thanks for all the info guys. I used the dban with no problem. I think that will be just fine. Its just to be safe .

 

[TechieSooner]

From what I have read it doesn't matter if you do just two passes or 100 passes. Once you overwrite the previous data with random data then it is irretrievable.

You'd think so........
I've never heard a technological reason for how they get it back, but I know it's been done in the past...
General rule of thumb to prevent MOST recovery is 3 passes of random data. Anything more than that, the highest levels of government would have to be determined to get some data off your drive, because most everyone would say screw it by that point.


Thermite? How does he have that setup???
And what the heck does he have on that that he has a thermite reaction ready to go (isn't it kind of dangerous to have that just sitting around like that- what precautions are there??)????????

 

[devman]

From what I have read it doesn't matter if you do just two passes or 100 passes. Once you overwrite the previous data with random data then it is irretrievable. Maybe using forensics hardware they could retrieve something but I doubt they would get much. With forensics software my guess is they would get nothing of use with even just one pass. The Nixon tapes were erased just once and they have never been able to retrieve anything from them so why would it be any different with a HDD? They are both magnetic media and nothing is burned into a HDD permanently when you write to it. Forensics hardware uses microscopy to see if they can see any data in the substrate layers. What do you think their chances are of being able to read full files doing that? My guess is they would get zero full file data and maybe just snippets of data here and there. It is very expensive to do and only something that is done in extreme cases. For the likes of most of us just one or two passes is all we need to do. That's my take on it anyway but don't take my advice and do as you feel necessary.

Not entirely true.

First of all modern HDD don't actually write verbatim to the HDD the data that your storing on it, they sort of use an on the fly compression (its not really compression but its similar concept), which I won't get in to. Point is, writing a 101010101 pattern doesn't exactly show up like that on the HDD.

Second, modern HDDs are self encapsulated subsystems in PCs these days, there are things that they do that can't be accessed or controlled by the PC even at the BIOS level. One of those things is flagging bad sectors and activating new ones from the backup reservoir of sectors. Once a sector has been flagged bad, its done, will never be written to or read from again (unless the drive is disassembled) , so any data thats on it, is there forever.

Then on a forensic level, there is some BS about examining the material around the medium to kind of guess what used to be there, based on signatures of known file types.

The DoD doesn't allow discs that have sensitive material on them to ever be used again for non-classified workstations or servers, for the reasons I stated above. They used to just do whats known as a DoD 5220.22-M wipe, but now classified discs must be wiped then destroyed.

The only sure way to ensure that no data will ever be recovered on a disk is to physically annihilate the medium.

 

[DN]

lol? i want what the data is?/

 

[OldMX]

Another vote for DBAN, or if you're a linux guy, get your favorite live cd, someone recommended this command dd if=dev/random of=/dev/hda

Good luck buddy

 

[milkweg]

if you're worried about the NSA coming after you or something, you might as well do a bunch of passes lol.

I'm not. But anyone who has to have thermite attached to their hard drive ready to blow must either be in the government/military or up to no good.

 

[milkweg]

The only sure way to ensure that no data will ever be recovered on a disk is to physically annihilate the medium.

OK, but everything known about all of this is very secretive and if it was known one way or another for sure then one would think the info would be out there somewhere. I've seen some security people claim that the government is just blowing smoke up our ass with their claims of being able to retrieve all your data once a drive is wiped. They just want us to think they can when the truth is that they can't.

For most people that just want to erase financial info etc. a 3 pass wipe is good enough. 35 passes is just a waste of time, lots of time.

 

[TechieSooner]

OK, but everything known about all of this is very secretive and if it was known one way or another for sure then one would think the info would be out there somewhere.

I'm sure it is... but I'm sure the 100% technical explanation is a bit too complex to understand

That, and the fact I'm sure whoever is writing the software is either A) under contract or B) does such a good job, don't want their algorithms given up.

They just want us to think they can when the truth is that they can't.

For most people that just want to erase financial info etc. a 3 pass wipe is good enough. 35 passes is just a waste of time, lots of time.

AIK some government friends of mine amazed me with what they could get back. I believe they can do it 100%, just takes lots of time and dedication (like I said- either you really want your data back, or the government wants it really badly).

For a home user though 3 passes is quite good enough. If you have any sensitive information you are worried about, physical destruction is about the only way to ensure it is gone.

 

[milkweg]

Well, wish I could test it out in practice but I don't know anyone with that kind of know-how. I know if I wipe files 3 times with random data and then was to do a complete hard drive zero wipe just one time there is no software I have come across that could retrieve any files or even see zero byte file names.

Just out of curiosity, I would love to do that to a HDD and then see what your government friends could retrieve. Ask your friends, if they are so good then why can't they retrieve the lost voice parts on the Nixon tapes.

 

[devman]

Again part of the inability to destroy data completely is well documented based on how modern hard drives function anyway.

 

[TechieSooner]

Ask your friends, if they are so good then why can't they retrieve the lost voice parts on the Nixon tapes.

Different media?

I'm also sure age takes a worse toll on a tape (That's more or less exposed to the external world 24/7) versus a hard drive.

 

[milkweg]

Again part of the inability to destroy data completely is well documented based on how modern hard drives function anyway.

Show me a documented case that proves they have retrieved *usable* data from a HDD that has been properly wiped.
I've never seen any. Just claims that they can.

 

[devman]

Show me a documented case that proves they have retrieved *usable* data from a HDD that has been properly wiped.
I've never seen any. Just claims that they can.

I can't, and there has never been a public demonstration of anyone recovering data beyond 1 wipe. However, its also something that probably wouldn't be advertised if they could anyway so we would never know.

There are no shortage of theories that say it is plausible, and considering how seriously the DoD takes data destruction these days, one might say they know something we don't, but then again it could be smoke screen.

The best advice is, if you have data that you feel is not sufficiently protected by a single wipe, media destruction is the only surefire way to guarantee the data is destroyed, because either way it goes your trusting someone else implementation of technology that is not transparent to you that your data is gone, as opposed to trusting the fact that you just incinerated it

 

[TechieSooner]

I've seen it recovered alright, I obviously can't prove it or something, and this is obviously something they aren't going to go around showing everyone...

It's like many things. Once the secret gets out, folks can work around it... I'm not sure if there exists any software in the "general" world or not, but I'd think this is something the government probably keeps pretty tightly under wraps.

 

[Gorankar]

I've seen it recovered alright, I obviously can't prove it or something, and this is obviously something they aren't going to go around showing everyone...

It's like many things. Once the secret gets out, folks can work around it... I'm not sure if there exists any software in the "general" world or not, but I'd think this is something the government probably keeps pretty tightly under wraps.

That "something the government probably keeps pretty tightly under wraps" would be made public knowledge the very first time it was used in court. "Experts" get cross examined, and one of the ways to discredit the "expert testimony" is to discredit the methodology and science behind the experts testimony. Full disclosure, and experts that understand or could figure out what these experts are doing would be involved. Provided the defense had money, of course.

If they can recover enough usable data after a complete 3 - 7 pass even/odd/random overwrite, they have yet to use it in court, or we would know about it. Even if the records were sealed, it would have been leaked out.

That doesn't mean they don't have the technology to do it, but, well, I think it would have showed up b4 now if they did.

Bottom line is that boot and nuke works, if you are trying to wipe personal info, your pr0n collection, or those e-mails to your girlfriend you would rather your wife did not see. If you are a member of some terrorist outfit or a Columbian drug lord it may be a slightly different story. We won't know for sure til they try to use it in court.

 

[devman]

That "something the government probably keeps pretty tightly under wraps" would be made public knowledge the very first time it was used in court. "Experts" get cross examined, and one of the ways to discredit the "expert testimony" is to discredit the methodology and science behind the experts testimony. Full disclosure, and experts that understand or could figure out what these experts are doing would be involved. Provided the defense had money, of course.

If they can recover enough usable data after a complete 3 - 7 pass even/odd/random overwrite, they have yet to use it in court, or we would know about it. Even if the records were sealed, it would have been leaked out.

That doesn't mean they don't have the technology to do it, but, well, I think it would have showed up b4 now if they did.

Bottom line is that boot and nuke works, if you are trying to wipe personal info, your pr0n collection, or those e-mails to your girlfriend you would rather your wife did not see. If you are a member of some terrorist outfit or a Columbian drug lord it may be a slightly different story. We won't know for sure til they try to use it in court.

Well a lot of the theories are techniques that require "guessing" at the material based on known file signatures once the microscopes come out. It really wouldn't hold up in court anyway, but for intelligence purposes, thats a different story.

Also the information found on the might not be used against you, but might be used as leads to other information that might be used to convict you that they otherwise wouldn't have known about. In which case the recovery method itself wouldn't be under scrutiny.

As for sealed records, maybe it already has been leaked out and you just didn't believe it. The catch-22 of conspiracy theories, even if they are right, people still have to believe it, problem with leaks is there hard to validate.

 

[TechieSooner]

That "something the government probably keeps pretty tightly under wraps" would be made public knowledge the very first time it was used in court.

True. I don't think it ever has been, either...
I cannot remember what I was shown, but I think it was recovered after 4 sweeps. Cannot remember exactly how many, but it was more than just a couple...

Also the information found on the might not be used against you, but might be used as leads to other information that might be used to convict you that they otherwise wouldn't have known about.

I think this is the main application... As computers are generally used to lead to the real crimes anyways, and aren't (most of the time) used for the actual crime.

I, along with everyone else, have no idea how often it's used or anything, all I know is that I've seen it done...

 

[milkweg]

If you have seen it done then tell us how they did it.

 

[TechieSooner]

I've seen it DONE.

Just like you can see a magic trick, or demonstration of a product done. You don't see any behind the scenes stuff or code how it actually works...

And they aren't that willing to go into details, was more of an off-the-record demo.

 

[milkweg]

Couldn't you be killed for that?

 

[FrgMstr]

www.killdisk.com freebie boots off a floppy. will read a lot of raid controllers as well.

 

[Lt.Col.Dehler]

well if your going to re-install the os then just pop in the disk it will ask you which partion and disk to install it on and all u do is click options and format and its wiped.

 

[devman]

well if your going to re-install the os then just pop in the disk it will ask you which partion and disk to install it on and all u do is click options and format and its wiped.

All formating does is blow away the file system and rebuild it. Formatting does nothing to overwrite data (and yes that includes full formats as well).

I have personally recovered mountains of data for clients (when I used to work as a bench tech) who have formatted there hard drives accidentally whilst trying to fix there own computers.

 

[PTNL]

well if your going to re-install the os then just pop in the disk it will ask you which partion and disk to install it on and all u do is click options and format and its wiped.

Thank you for completely missing the point of this thread. And wiping the drive partition table and/or doing a full format is not enough to prevent data recovery, or this thread would've died about 30+ posts ago.




Staying out of the realm of speculation, the "my friend saw this done", and Federal NDA documentation, perhaps a good way to test this out is to approach it from the opposite direction. Why not actually wipe a hard drive, then run it though one of the data recovery tools that are available to users?

Apps from a company like "Disk Internals" will let you install the demo version of their data recovery app to see *if* any data is recoverable. To actually recover the data, you need a valid license key, but they tell you in the demo whether or not the data is recoverable.
www.diskinternals.com

 

[devman]

Thank you for completely missing the point of this thread. And wiping the drive partition table and/or doing a full format is not enough to prevent data recovery, or this thread would've died about 30+ posts ago.


Staying out of the realm of speculation, the "my friend saw this done", and Federal NDA documentation, perhaps a good way to test this out is to approach it from the opposite direction? Why not actually wipe a hard drive, then run it though one of the data recovery tools that are available to users?

Apps from a company like "Disk Internals" will let you install the demo version of their data recovery app to see *if* any data is recoverable. To actually recover the data, you need a valid license key, but they tell you in the demo whether or not the data is recoverable.
www.diskinternals.com

Recovering wiped (read: overwritten with a wipe pattern) data will not be possible from a software level, and I don't think anyone claims that it is.

When people talk about plausibility of recovering harddrive data after a wipe pattern, it gets in to things like magnetic force microscopy.

 

[PTNL]

Recovering wiped (read: overwritten with a wipe pattern) data will not be possible from a software level, and I don't think anyone claims that it is.

When people talk about plausibility of recovering harddrive data after a wipe pattern, it gets in to things like magnetic force microscopy.

Obviously you missed reading the errors in your own previous post, so let me re-state them:

well if your going to re-install the os then just pop in the disk it will ask you which partion and disk to install it on and all u do is click options and format and its wiped.

"Formatting" the drive will not "wipe" the data from it. If you have any further arguments with this, then go experiment on a hard drive of your own, and test out the appropriate product from "Disk Internals" at the link I posted above.

And rest assured, if their product could not do what you claim is impossible from the software level, then I would not have purchased a license key to undo the accidental hard drive formatting an employee at my company did.

 

[devman]

Obviously you missed reading the errors in your own previous post, so let me re-state them:




"Formatting" the drive will not "wipe" the data from it. If you have any further arguments with this, then go experiment on a hard drive of your own, and test out the appropriate product from "Disk Internals" at the link I posted above.

And rest assured, if their product could not do what you claim is impossible from the software level, then I would not have purchased a license key to undo the accidental hard drive formatting an employee at my company did.

I never said Formating a drive would wipe it, I said exactly the opposite.

however attempting to recover data past a wipe pattern would require physical examination of the drive.