I am trying to get a list of the best low level DoD standard format tools... I wanna try them then run helix and other data recovery programs to find out what one is the best... Who wants to help?
Printable View
I am trying to get a list of the best low level DoD standard format tools... I wanna try them then run helix and other data recovery programs to find out what one is the best... Who wants to help?
IBM/Lenovo recommends a tool called Secure Data Disposal... I have never used it, but you can find it at:
http://www-307.ibm.com/pc/support/si...docid=TVAN-SDD
Cheers!
Westin
Well, you can't do a low level format with a modern hard drive, and formatting does not overwrite your data unless you do a full one in Vista, which I believe overwrites with one pass of zeros.
You might like to try this tool:
http://www.heidi.ie/eraser/
I didn't know you couldn't do a low level format on newer drives... That seems strange to me, but now that I think of it I never did one on a newer machine. I have been playing around with it in class but only on older P3 dells. But I am going to look into it some more.
Basically you are warned not to, or you might trash your HDD if you use an inappropriate tool.
Wikipedia:
EDIT:Quote:
Low-level formatting (LLF) of hard disks
User instigated low-level formatting (LLF) of hard disks was common in the 1980s. Typically this involved setting up the MFM pattern on the disk, so that sectors of bytes could be successfully written to it. With the advent of RLL encoding, low-level formatting grew increasingly uncommon, and most modern hard disks are embedded systems, which are low-level formatted at the factory with the physical geometry dimensions and thus not subject to user intervention.
Please check this link. Whilst there are tools that might be described a "low level format" they actually are not in the traditional sense.
http://www.ariolic.com/activesmart/l...el-format.html
I don't know about low level formating but, I use this: http://dban.sourceforge.net/ tool when I am recycling a hard drive. It is a boot disk that allows several options for wiping a hard disk.
"dban" is "Darik's Boot and Nuke". It is very good for wiping a whole drive but not if you just want individual files and folders. It is actually packaged with the "eraser" application I linked to.;)
There is a utility built into Windows that will do this for you. Check out the Cipher utility. It writes over the chosen directory 3 times. You'll want to delete anything on the directory that you want to write over.
http://support.microsoft.com/default.aspx/kb/315672
I am always a little wary of applications that run in Windows.
Don't forget slack space/cluster tips and the dreaded page file ;)
I'm the opposite. I'd trust a Windows app over something custom any day. All Cipher does is overwrite unused space on a hard drive. If you have an empty drive, it will write over the entire disk 3 times and with different characters each time. It's really that simple. lol Why would you need anything else? Many of those hard drive-manufacturer applications only write over the drive once with ones and zeros. Cipher's actual purpose is to be used as an encryption utility, so what better way than to use it to mask your unused hard drive space?
Anyway, don't knock it until you've tried it. It's free and works for all hard drives, rather than just a specific brand. ;) I really doubt that one of those free apps will be able to retrieve anything useful from a drive that has been 'ciphered'.
Yes, that is what they are intended to do prior to reinstalling an OS. However, they boot from media and overwrite the whole drive.Quote:
Many of those hard drive-manufacturer applications only write over the drive once with ones and zeros.
My comment on MS applications (cipher) is that they run from within Windows, so Windows must be loaded and booted. That means it has created a page file, log files, temporary files and God knows what. Those are not classed as "unused" and are not overwritten.
My methodology would be:
1. Run CCleaner (3 passes)
2. Tweak the Registry to empty the page file on shutdown.
3. Reboot from a CD and run a utility like eraser to wipe the unused space (which will now include the page file you just emptied ;))
The real problem with Windows is getting rid of stuff that it is using, like the index and page files. CCleaner submits a job to do some of this on next bootup, but does not clear the page file.
If I am recycling/redeploying I just use Darik's Boot & Nuke (dban) launched from removable media. This wipes everything, including BillyWindoze :D Actually, you need to do that because it could be illegal to dispose of a machine with one of your corporate licenced copies of Windows on it. Certainly selling it to a third party would be.
For simple repair/re-installations I only overwrite once, and prefer to use the HDD manufacturer's software, as that generally checks for drive problems at the same time............. no point reinstalling onto a borked drive?
I think you're trying too hard to find flaws in it. Ok, you say that there are indexes and a page file, but why would there be on a second drive that's added to the machine? There's nothing to index. Windows uses whatever directory is allocated as a page file. It doesn't just start adding page file space to every hard drive that is added to the system. Perhaps you're confused in thinking that people will only ever be trying to delete their system drive? Do you realize how easy it is to insert a second drive, even if it has Windows installed on it, and delete the entire drive, including indexes and page file space?
Besides, remember that we're talking about making data unrecoverable. The primary reason for trying these solutions is to find out which one is best. I can guarantee you that three passes with Cipher will be better than one pass with any other garbage. lol
As far as indexes go, who really cares if there are indexes pointing to files and folders that no longer exist, even if you were just trying to do this to a system drive? You can also set Windows to not use a page file at all. This would then allow you to overwrite it completely. What's more is that the page file only stores what would be stored in memory, but obviously there was not enough RAM to handle it. I suppose you could have a sensitive file stored there, but then we can still wipe it out if we turn off page file.
The awesome part is that you don't have to reboot in order to take care of it. You can multi-task, rather than just sitting and waiting for a silly third-party app to get finished hogging your entire machine.
i've used cipher on numerous occasions, especially when your working on a system that does not have internet access or if hardware has been locked down.
Instead of mucking around enabling optical drives etc you can just go straight into a Dos Prompt type a few commands and it's taken care off.
Off course disabling system restore and doing a restart and turning of paging comes in handy.
Go here and get this:
http://www.systenance.com/
Index.dat Analyzer
Why? anything that runs in Windows is flawed by definition, because Windows has booted, recorded information, and locked files.Quote:
I think you're trying too hard to find flaws in it.
Because Windows gets up to all sorts of things behind your back ;) Also, I am not assuming more than one drive or partition.Quote:
but why would there be on a second drive that's added to the machine?
Obviously not................ I guess that I don't have enough experience.:rolleyes:Quote:
Do you realize how easy it is to insert a second drive, even if it has Windows installed on it, and delete the entire drive, including indexes and page file space?
I can tell you that it is a lot more difficult than just booting from CD/DVD or floppy though. That is my entire point regarding loading the operating system first. Windows applications cannot be relied upon in this matter.;)
Please use Google and research a product called "eNcase" I think that this might give you a better insight.Quote:
As far as indexes go, who really cares if there are indexes pointing to files and folders that no longer exist
OH! REALLY? booting Windows 98SE are we?Quote:
You can also set Windows to not use a page file at all.
You cannot "turn off" paging file in Windows XP. Also, why would you want to (assuming that you have even the vaguest idea of how the Windows operating system works?).
If you set the Registry to delete the pagefile contents on shutdown, and follow the steps I suggested in an earlier post, you will be OK. Trust me, I have worked to finance and defence sector requirements for over 20 years............ I do know the rules.
Have you really read this post? You don't need to "multitask" when you are deleting data.............. in particular when you are wiping a whole disk.Quote:
You can multi-task, rather than just sitting and waiting for a silly third-party app to get finished hogging your entire machine.
:cool:
I always liked BC Wipe v3. Been running it for years. It installs on any version
of Windows, even Vista (couldn't believe it). Wipe free space, slack space, swap
files. Also encrypts swap files.
I think we are getting slightly confused here, the OP's original request was:
Which implies to me that he wants to wipe an entire drive to military security standards.Quote:
I am trying to get a list of the best low level DoD standard format tools...
I do not believe that there is anything that runs from within Windows that will do that. It has to run from a different drive to be compliant. The easiest way to do that is to boot from a floppy, CD or USB and run the application from there.
Sure, if you want to preserve the OS and wipe everything else, then you would take a different approach and use tools like BC Wipe and Eraser. Now, whilst you can use the same number of passes and methodology with these tools they would not be compliant because you are not wiping everything.
The reason I suggested Eraser is it has an option to create a bootable Nuking disk.
A straight disk wiper is here:
http://www.roadkil.net/program.php?ProgramID=14
Does anybody else get a kick outta witnessing nihil put someone in their place? :DQuote:
Originally Posted by nihil
._._._.
I know I do! :p
Why would I go to the trouble of downloading a third party app when Cipher can already handle it? 0.oQuote:
Originally Posted by nihil
That sounds like a Linux/Unix fanboy spouting nonsense to me...Quote:
Why? anything that runs in Windows is flawed by definition, because Windows has booted, recorded information, and locked files.
Behind my back? I am well aware of how to get rid of anything that I don't want traced, so what would I care about them recording things that can help applications run more efficiently?Quote:
Because Windows gets up to all sorts of things behind your back ;)
Your computer only has one hard drive? Are you living in the stone ages?Quote:
Also, I am not assuming more than one drive or partition.
LMAO Easier than plugging in a SATA drive, eh? You can even plug them in while it's running, depending on your setup. I guess you didn't factor in getting the CD or even having to create the CD... silly...Quote:
Obviously not................ I guess that I don't have enough experience.:rolleyes:
I can tell you that it is a lot more difficult than just booting from CD/DVD or floppy though. That is my entire point regarding loading the operating system first. Windows applications cannot be relied upon in this matter.;)
Yet another product? I wasted my time going to the first site, so why don't you just tell me about this one?Quote:
Please use Google and research a product called "eNcase" I think that this might give you a better insight.
Owned... http://img71.imageshack.us/my.php?image=ownedzg0.jpg Now that we all know who the computer expert is here, I wonder if I should even continue.Quote:
OH! REALLY? booting Windows 98SE are we?
You cannot "turn off" paging file in Windows XP. Also, why would you want to (assuming that you have even the vaguest idea of how the Windows operating system works?).
You do realize that you can just click the radio button, right, rather than telling everyone to edit their registry? lol I guess you do now... You should probably consider retiring...Quote:
If you set the Registry to delete the pagefile contents on shutdown, and follow the steps I suggested in an earlier post, you will be OK. Trust me, I have worked to finance and defence sector requirements for over 20 years............ I do know the rules.
Do you honestly sit there and wait for the machine to finish, or do you use another machine? Either way you answer here, I again win...Quote:
Have you really read this post? You don't need to "multitask" when you are deleting data.............. in particular when you are wiping a whole disk.
:cool:
I'm still waiting to see it. It looks to me as if Nihil doesn't know much about Windows at all...Quote:
Does anybody else get a kick outta witnessing nihil put someone in their place?
I guess that you didn't know that Windows could do it? roflQuote:
I do not believe that there is anything that runs from within Windows that will do that. It has to run from a different drive to be compliant. The easiest way to do that is to boot from a floppy, CD or USB and run the application from there.
http://img176.imageshack.us/my.php?image=owned2uq8.jpg
I guess you're living in a fantasy world where you can only have a system drive on your computer and that drive is one big system partition... Those snap-in SATA cables are just so easy! =)
The one pass you mentioned that you do earlier would hardly be considered military-level security.Quote:
Which implies to me that he wants to wipe an entire drive to military security standards.
Well that wasn't really my intention.
From what Briz212 was asking it sounds like he is doing some research maybe even a project.
It would be advisable to keep it as realistic as possible IMO. A few years ago I was involved with wiping some 800 computers at our Electronic Warfare & Countermeasures Division. Naturally that had to be done to our MoD standards.
We could do them 20 at a time so just made 20 floppies with the wiping software on it and booted from those. Can you imagine unscrewing, removing the hard drive, slaving it to another computer then reassembling the original PC 800 times :D
I just checked Win2000 and that won't let you set a zero swap file either.
In the days of 9x if you changed the pagefile setting to manually chosen and fixed, it created a new file in windows\system\ or the root directory. That meant that you could wipe the old file which might have sensitive data. That doesn't work with 2000 and XP.
As a programmer, I can tell you that it would be just as easy to run a script 20 times in order to wipe 20 hard drives at once. You would just be opening 20 instances of the command prompt. If you could do 20 machines at once and those 20 machines could connect to 3 extra drives each, then you could cipher 60 drives at once, rather than 20. I'm assuming that since you say you worked for the military that you obviously had a legitimate IT department and things such as network storage devices and monetary resources that could be put toward useful devices.
That script, in the form of a batch file, could also easily run the cipher script. You wouldn't even have to alter any registry keys, if you added the drives to a network storage device or even to another computer that booted from another drive. If you compare rebooting every machine with a special disc that you have to interact with to removing the hard drive and sticking it in a hot-swappable storage device, I think it would be faster to remove the hard drive. You wouldn't really be doing 20 at once, if you had to sit down at each machine in order to interact with the program that wipes it.
With Altiris, deploying software is as easy as drag-and-drop, so you could technically wipe your entire organization at once, let alone only 800 machines.
As for slaving the drives, I haven't found that to be necessary with my SATA drives. Older PATA systems are probably more of a pain, however.
With all of this said, however, we still have to go back to the original question. He really just wanted to hear examples of software packages that could be used to make data unrecoverable. Cipher is great at doing that, regardless of the steps it requires. Obviously every method requires a process, and it's all a matter of personal preference. It's okay for you to think that your way is great, but that is no reason to say that this Windows utility is not on equal footing. It's easier and does a better job, from where I'm standing, but try it for yourself, if you want. Just don't knock it until you try it. :)
I am afraid that is a widely held misconception.:DQuote:
I'm assuming that since you say you worked for the military that you obviously had a legitimate IT department and things such as network storage devices and monetary resources that could be put toward useful devices.
Actually, I worked for an arms manufacturer but my military colleagues had more or less the same story. For us, if something was not a requirement of the projects (stuff we could bill customers for) it was at the bottom of the food chain. For the military if it was not to improve "fighting efficiency" it was more or less the same. So that meant no spare servers and no spare decent computers.
Cipher would have been out of the question anyway........ they were still running NT 4.0 SP6a
Actually no. The software took a few seconds to burn to a floppy disk, so making 20 didn't take long. All you had to do was insert the floppy and turn the machine on and it would boot to it. You got a "do you really want to do this?" and gave it a "Y" then moved on to the next machine.Quote:
If you compare rebooting every machine with a special disc that you have to interact with to removing the hard drive and sticking it in a hot-swappable storage device, I think it would be faster to remove the hard drive. You wouldn't really be doing 20 at once, if you had to sit down at each machine in order to interact with the program that wipes it.
These were old PI boxes so no sata drives.
Maybe I read too much into the question. When he asked about a low level format to DoD standards I took it to mean that he wanted to securely overwrite the whole drive.Quote:
With all of this said, however, we still have to go back to the original question. He really just wanted to hear examples of software packages that could be used to make data unrecoverable.
Hence:
Exactly, but that is all the manufacturers formatting tools will do. Like I said if it is just a repair job that is what I use.Quote:
The one pass you mentioned that you do earlier would hardly be considered military-level security.
Index.dat Analyzer is the free product I was suggesting you look at. It shows you some of the stuff Windows has left on your drive.
eNcase is the flagship forensics data gathering tool. It is used by police departments and accepted in courts throughout the World.
Nope, that is actually a typical set-up for a secure environment. Normally the user wouldn't even be able to directly access the local HDD, they have to work on servers, so there is no need for anything other than one drive and one partition.Quote:
Your computer only has one hard drive? Are you living in the stone ages?
Not a problem I would have thought. The software will fit on a 3.5" floppy. I only said CD/DVD because modern machines generally don't have a floppy drive.Quote:
I guess you didn't factor in getting the CD or even having to create the CD... silly...
I don't see the relevance of that. Sure you can turn off pagefile.sys What you cannot turn off is the fact that XP, 2000 and Vista are virtual memory systems. They will use it and there is nothing you can do to prevent this, they will just make their own arrangements "behind your back".Quote:
Owned... http://img71.imageshack.us/my.php?image=ownedzg0.jpg Now that we all know who the computer expert is here, I wonder if I should even continue.
Errr I didn't say use regedit, however editing the Registry is what you actually do, however you decide to do it.Quote:
You do realize that you can just click the radio button, right, rather than telling everyone to edit their registry?
In fact, in a secure environment this setting should be part of the standard build, and users should have no access to the Registry.
Yes and Yes. Not everyone has rocket science machines particularly in commercial and institutional environments. Overwriting large files and folders can take a while and is best done in dedicated mode. Please note that I did say:Quote:
Do you honestly sit there and wait for the machine to finish, or do you use another machine?
Quote:
..... in particular when you are wiping a whole disk.
Not a fantasy World, a secure World. The concept of least empowerment, and the users can only do what they absolutely need to be able to do. You have an image of the installation and if anything goes wrong you just re-image it.Quote:
I guess you're living in a fantasy world where you can only have a system drive on your computer and that drive is one big system partition...
Of course I am making the assumption that if you are interested in secure wiping you must be dealing with a system that handles sensitive data? In which case this would be the architecture I would expect to see.
Basically you're talking about how to be secure with ancient parts. I guess that works for you, and perhaps that's why you're so against Windows also. You're still in that mindset created from long ago and just haven't moved forward with the times. That's great and all, but not really applicable anymore. Now people do have storage devices, SATA drives, and floppies are a thing of the past. I'm fairly certain that this guy was looking for a solution that fit current times, but only he could say for sure.
As for turning off the page file in Windows XP, you very clearly said that it couldn't be done. I showed you the method for doing so in a screen shot. That is the relevance. Also, if you shut off page file, Windows will not still use it 'behind your back' anymore than it will go over the maximum page file size if you have a maximum set. Regardless, if you boot with a Windows Operating System on one drive, you can wipe a Windows Operating System on another drive and nothing will prevent you from wiping the files. ;)
Even if you didn't learn anything, I'm sure others did. :)
Well, the original poster did say:
They don't support SATA ;)Quote:
I have been playing around with it in class but only on older P3 dells.
So,
would be about right, other than that he seems to be doing some sort of software testing project rather than wanting to be "secure" as such?Quote:
Basically you're talking about how to be secure with ancient parts.
If my assumption is correct, and it is an academic exercise, then I would say he wants a variety of solutions and doesn't really care if they actually work or not. Either result is OK for a project.Quote:
I'm fairly certain that this guy was looking for a solution that fit current times, but only he could say for sure.
The purpose of that feature is to allow you to remove and replace a corrupt page file. You cannot turn virtual memory off, it will merely create its own and use that. That is how Windows XP/2000 work, they are virtual memory systems. Basically it is a case of no VM, no Windows.Quote:
As for turning off the page file in Windows XP, you very clearly said that it couldn't be done. I showed you the method for doing so in a screen shot. That is the relevance. Also, if you shut off page file, Windows will not still use it 'behind your back' anymore than it will go over the maximum page file size if you have a maximum set.
If you read into the context of that sentence, he has been playing around with it in class, meaning that it's not serious. When he uses it the way he wants to, it will be serious, which means that it won't be on those P3's he's playing around with...Quote:
Originally Posted by nihil
It's probably for learning which one is best, as he stated, I would imagine. 0.oQuote:
Originally Posted by nihil
lol It's funny that you say you can't turn it off, yet there's that screen shot clearly showing the 'No Page File' choice... >.> Okay, so then how do you remove and replace a page file, if you can't turn it off? That's what I thought... Looks like you can turn it off... or maybe Windows will suddenly lock it down in the middle of your replacement process because you go over your RAM limit? No page file really does mean no page file, on the hard drive at least... >.> Whenever you disable the page file, the amount of page file space necessary for your apps to run will then be used in RAM. In other words, that amount of RAM will be specifically dedicated as a page file and can't be used for anything else.Quote:
Originally Posted by nihil
Look at the bottom post here:
http://www.experts-exchange.com/OS/M..._23199493.html
or check out this blog here:
http://www.codinghorror.com/blog/archives/000422.html
Can't you just admit that you are wrong?
For all intents and purposes, we've been talking about the page file on the hard drive, as that's what you're saying cannot be wiped. You have said repeatedly that the page file cannot be turned off. You imply that Windows will secretly allocate another part of your hard drive as a page file, since it needs it, but this is simply not true. The page file on the hard drive can be turned off. If you do not have enough RAM, the system will crash. Windows will not take it upon itself to use the hard drive.
nihil is incapable of admitting he is wrong. I actually saw him apologize for mistyping once, but he went on to explain how different keyboards...
meh
"Strictly speaking Virtual Memory is always in operation and cannot be “turned off.” What is meant by such wording is “set the system to use no page file space at all.”
maybe there are two rights here...:blast:
--more or less ;)
Glad to see that you now realize that I am right, which makes your post entirely wrong also. I bet you feel like a real idiot that stuck his nose in something it didn't belong, and now are having trouble eating your own words.
Thank you for giving me the fuel I needed to prove that I am right beyond any shadow of a doubt. I'm always up for a battle of wits. I don't lose. Even when I'm wrong, my logical thought process is far more advanced than the average person that just takes someone else's word for it.
Btw, there are multiple forum posts in the Microsoft site that mentions specifically not shutting off the page file. If they are telling people not to, that means that you can... Just FYI. Yes, the OS will still use memory as its page file, but now we're just arguing semantics. The fact is that I was right in the context we were discussing. Out of context, I guess you can say he was technically right also. Then again, there will always be ways to twist words around so that they make you look more favorable. :) I'm an expert in many areas.
I admit i am not an expert. But I ask you a simple question: when you use internet explorer, browse and then clear your history, can you tell me the additional number of places in Windows that you will have to manually clean to REALLY get rid of the history?
An article on securityfocus said that at least 13 additional places are where your history will be saved. In addition to that I had found some other location in registry where the history was trying hard to remain in the present.
I think eNcase is something worth a watch. please do reserach on the thing.
And I do not know why would one try to completely remove data using any OS which is installed on to the disk. There are enough live OSes (most from the Linux stable) that will just run off the RAM and clean the disk without leaving any hint on the computer itself. The whole idea of using an installed OS for that thing is something I do not understand.
EDIT: In addition to what I have said, i too think that nihil is unable to admit that he was wrong at a point. I am not sure about the enterprise setup and all such things.... I am still a student in a college. but then as far as I know about the virtual memory thing is: Page file and RAM are both a part of the VM systems. If you disable the page file, there is no harm. The fact is that after disabling, followed by a reboot, you can just delete the pagefile just as you would delete any other (hidden+system+secure) file.
I am not here to cross upon you two guys (even though the IE history thing does sound like I am trying to cross off itPro). I am just telling you an idea (which I am actually not sure about, due to the zero experince) is that why not use a Live OS rather than the installed ones. Afterall all you needfor a wipe off are the starting and ending sector nos of the partition.
As a programmer, I can tell you that it doesn't matter whether the program is stored on a hard drive, a CD, or a floppy. It will still run in memory, regardless of whether or not the OS is running. The real point is that what is necessary to perform the cleanup is already available in Windows. If you feel as though your utility is more special because it isn't copyrighted by Windows, then more power to you. Personally, I'll pick convenient, easy, professional, and supported software every time. Windows just happens to offer something that fits well within all of those categories.
We're talking about removing data in a way that it can not be traced. If you want to get down to real security, we'd be talking about what sort of hammer we would use to destroy the platters with and then what oven we would use to melt down the scrap with, but then we couldn't reuse the disk.
If enWatch is used in forensics, then isn't it trying to recreate lost data, rather than to destroy it?
see the running of the tool was not my point. Of course I too know that nothing runs from disk it runs from memory. But by the rukles of an Os, you cannot remove the OS itself when it is running (at least Windows wont allow you!). So Why not leve the OS and run ONLY from memory (wihout having any concern with whether the OS is ther r not on the DISK!)!
I'll give you some reasons.
1. You might want to keep your OS, programs, and other files in tact. You might just want to wipe part of the disk.
2. You might want to wipe 5+ drives at once on the same machine, all while working on other tasks, on the same machine.
3. You might want to wipe your network storage devices that houses 100 drives, and I don't think it would be a good idea to restart a server to do so...
4. You might want to wipe all of the sensitive folders and all of the deleted data on everyone's C drive at once, even if there are 20,000 machines in the company. It would be ridiculous to reboot all 20,000 machines. Let's see you use your old technology for that. ;) In fact, let's see you repeat the process every month. Suddenly Cipher is a breeze in comparison... Set it up once and click a couple times for every time after that...
You might be able to do the first with a bootable disk, but you won't be able to do the second without using an entirely different machine.
The methods are comparable, but, at the end of the day, Cipher will allow you to use a machine while wiping extra drives attached to it. Not only that, but it goes over the disk 3 times, and you can run it as many times as you like for even more passes.
Big egos are big shields for lots of empty space. -Diana Black
"Great spirits have always found violent opposition from mediocrities. The latter cannot understand it when a man does not thoughtlessly submit to hereditary prejudices but honestly and courageously uses his intelligence." - Albert Einstein
OK I agree. I am a home user and I never thought about working as well as wiping data. moreover from my perspective, having two machines, I neglected the second point completely.
Well, I agree cipher can do the job! But why are you guys fighting?
lol Here's why we're fighting.
Me: "Hey all! Check out this software. It's really cool and will get the job done.'
Others: "That's crap. It's a Windows app. Enough said."
Me: "No it's not. It can wipe more drives faster, even at a business level, makes 3 passes instead of just one, and allows you to use your machine while doing it."
Others: "It's crap. It's a Windows app. This old technology is better. It can wipe the entire drive."
Me: "Cipher can wipe the entire drive too. In fact, you can just add a few drives to your machine and wipe them all at once. The only drive you won't be able to wipe is the system drive that booted Windows, and that can be partially wiped too. All other drives will be wiped completely, even if they have an operating system. You just have to delete anything that you want to be wiped, and you can delete the entire drive at once."
Others: "Cipher can't wipe the page file because the page file can't be shut off. You're a noob."
Clueless Cheerleader: "Yea, put the noob in his place!"
Me: "Here's screenshots proving that you don't know what you're talking about. Hope you enjoyed being schooled by an expert..."
Others: "Oh, that screen shot does show an off button, but you can't really turn it off."
Me: "When it comes to being able to wipe the drive, you can... Technically the page file can't be shut off completely, but that's a technicality and really has nothing to do with wiping hard drives, since RAM is used as the page file..."
That's a fair summary.
lol
That's why.
I edited the post I created on 06/04/08 07:36 PM as well. I don't want people getting the idea that Cipher can only be used by a home user. XD I learned about Cipher when someone was using it at work! lol
Hmmm,
"Old Technology" ?
Cipher: September 2003
Dban: April 2007
Eraser: January 2008
Do you seriously believe that? :shocked:Quote:
"When it comes to being able to wipe the drive, you can... Technically the page file can't be shut off completely, but that's a technicality and really has nothing to do with wiping hard drives, since RAM is used as the page file..."
With NT 4.0SP6a and Windows 2000SP4 you get a warning that Windows is creating a temporary pagefile. 12Mb in the case of NT and 20Mb in the case of 2000. XP reports none, but Vista defaults to 8Mb. Either Windows is going two steps forwards and one step back, or it is just a quirk in the reporting?
Obviously those amounts are totally inadequate to run Windows and Windows applications so it must use RAM in the majority of cases. I have yet to see any definitive evidence that it only uses RAM. If it can be proven that it only uses RAM, then all would be well and good, but without that proof I prefer to use methods that are demonstrably compliant.
The question would arise as to where Windows would create those temporary files. Suppose a worst case scenario and it creates them in the old page file area. OK I will assume that it overwrites all the area so that would allow for a pretty secure situation.
A possible work around might be to have the page file in a separate partition or drive. I haven't tried it, but when Windows defaults to something it generally does it in C:\
This is similar to the problem of setting Windows to clear the page file on shutdown. It will backfill with zeros apart from the bits that are still in use on shutdown. However it is a single overwrite, so neither would comply with DoD 5220-22-M requirements.
As for the actual wiping:
1. Wiping an entire drive is trivial. You just boot from external media. This includes another computer, and run your wiping application of choice.
2. Wiping files and folders is equally trivial. You can do that with any suitable utility from within the operating system.
3. As I see things, the only area of doubt is the page file. The method that is guaranteed is to boot from external media and run the wiping application from there.
Also, let's not forget laptops. When wiping the whole drive it is generally far easier to insert a CD than it is to remove the drive.
Nobody said that. The concern was that it runs from within the operating system. As it is a Windows application, that is Windows. Remember that Linux and other operating systems also use virtual memory, and I would expect the same reservations would apply to them.Quote:
"That's crap. It's a Windows app. Enough said."
Incidentally, it is not recommended to run Windows without a page file. At the very least you should use the "minimum allowed". OK, that is a bit of a misnomer as it is the amount required for a kernel dump.
5.25 Floppy Disk: 1976Quote:
Hmmm,
"Old Technology" ?
Cipher: September 2003
Dban: April 2007
Eraser: January 2008
3.5 Floppy Disk: 1980
;)
Yes. Besides, if Windows does indeed set a default amount of space on the hard disk that is necessary for the kernel, it will not be sensitive files that you're trying to wipe. You are so caught up in the fact that you can't overwrite Windows files while Windows is running, but you aren't seeing the point where it isn't necessary to hide system files that anyone with a computer can see... We're talking about wiping data.Quote:
Do you seriously believe that?
If you want to wipe Windows too, then add the physical drive to another machine, or use a boot disk. Either can be done, and it's a matter of preference. The amount of time taken for either is comparable, and either one could be faster, depending on the environment and the situation. Also, if you're reinstalling Windows, then it will not be a big deal to leave it there and just wipe everything else... If you're serious about using software to eliminate any trace of data that is on a drive, Windows is not what you're worried about. A format will take care of Windows, and no software is necessary for that either. If you want to format and totally get rid of all of the data, then your method would be better. As I said earlier, it really just depends on the environment and the situation.
While that is true, if the purpose is to wipe it, then it's necessary to turn it off. I would agree that it should be turned back on afterwards, unless you really want to waste a lot of RAM.Quote:
Incidentally, it is not recommended to run Windows without a page file. At the very least you should use the "minimum allowed". OK, that is a bit of a misnomer as it is the amount required for a kernel dump.
You believe that your method and software is better. I believe that it depends on the situation.
I don't believe the software I suggested is "better", it is just that the OP did ask for alternatives for his experimentation and I believe that we have complied with this request, and given him a variety?Quote:
You believe that your method and software is better. I believe that it depends on the situation.
I agree with the second part of your comment. Unfortunately the OP was a little sketchy in defining his environment and requirements?
I am not a Windows basher or Linux fanboy. I very rarely use any OS apart from Windows other than on boot disks. Hell, I even have Windows 2.03 running on an HP 286 over DOS 5.0!!!!!
You do not know me so perhaps I should explain that I am into old (legacy) IT stuff as a hobby. Just like some people are into old automobiles or motorbikes.
Hey! now ya talkin my language. I have an old Digital Venturis PI/133 which has both drives so that I can convert from one medium to the other :DQuote:
5.25 Floppy Disk: 1976
3.5 Floppy Disk: 1980
I agree, so I had better come clean, so to speak, and say that my real concern is how the hell do I convince an auditor that this is the case?Quote:
Yes. Besides, if Windows does indeed set a default amount of space on the hard disk that is necessary for the kernel, it will not be sensitive files that you're trying to wipe. You are so caught up in the fact that you can't overwrite Windows files while Windows is running, but you aren't seeing the point where it isn't necessary to hide system files that anyone with a computer can see... We're talking about wiping data.
Wouldn't it be nice if MS would publish a KB explaining exactly is going on? Then we could just refer auditors to it, and it would be up to them to prove otherwise?:D
At the moment it is self-evident that my method will comply 100%, and that the software is pretty much irrelevant from this aspect so long as it does its job, which is basically to overwrite stuff with 0's and 1's.
The basic problem is that we have to prove to auditors that we are policy compliant, rather than they have to prove that we are not?
Now that I have "outed myself" and declared my true interests your comments would be appreciated.
Incidentally, we are not "fighting" we were having an "argument"
Over here (UK) we would define:
Discussion: People talking about something without having a particular viewpoint or conviction.... sort of like "brainstorming".
Argument: People with a viewpoint that they will put forwards and defend against counter arguments or viewpoints.
Altercation: Fun, this is the flame war, as we say in net terminology. Certainly no logic required, and I don't think that you have to stick to the topic in hand? This is "fighting" as we see it over here.:lildevil:
I think the whole conversation breaks down to one simple discussion:
You do not know what Windows is doing versus Windows can be trusted and that boils down to an indirect way of discussing either that Windows is the greatest **** on earth, even worse than those software using it or that open source is better than Closed source.
I got what intended to . you can enjoy your fights. best of luck to both the parties lol! :))
Hey, jockey my friend, you couldn't be more wrong.
This is certainly NOT a *Nix vs Windows debate. It is about processes and their supporting procedures in a security context.
We are really talking about an organisation with a security policy, and an officer of that organisation having to apply the policy, and prove to external auditors that this has been done.
Now, the approach that I suggested would pass the auditors, but, because we don't really know enough about the inner workings of Windows, we cannot prove the validity of the other approach.
That is the dilemma.
:)