data wiping
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: data wiping

  1. #1
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324

    data wiping

    I'm "donating" an "old" pc of mine to a group of 6 foreigners to use while they are in the states.

    I met them in my apartment complex. All six of them happen to be the lifeguards at various pools in the surrounding communities. They have no TV or internet connection and have been quite bored in the evening. (our "business office" is closed after 5pm and they can't access it again until the morning. They only have a 1-2hr window of when they can use the internet for email and what have you and they're all "fighting" over the two terminals due to time restrictions)

    They are all very inteligent. All of the guys have a background in electrical eng. and misc. computer programming in .net and whatnot. So, I don't want to take the security by obsecurity approach to this. It just happens that they can make more money here as a life guard than as an electrical eng. or programmer in their country! It amazes me...

    Anyway, the pc I'm donating is a Win2K pIII 1ghz with 256mb ram with a 20 gig hd. This PC *did* have a banking application on it. However, no data should ever have been stored on this PC. IT should all have been on a server. (other than what was in RAM or the pagefile)

    I've removed all applications and user profiles except for the bare minimum. I've combed over the filesystem to make sure that all programs were removed and nothing was left over. I also set the pagefile to clear at shutdown. Then I rebooted a couple of times to clear the pagefile.

    I then copied over a dvd image and copied it several times so it filled the HD (overwriting all data). Then I deleted the ISO images and ran defrag. I then copied all the images back again filling the HD again. When I deleted them the second time, I did it with a program called eraser.
    http://www.heidi.ie/eraser/

    It overwrote the ISOs 7x each with random data. (US DoD 5220.22-M)

    Then I did the wipe slack space (unused disk space) and used the option to overwrite 35x. (Gutmann)

    So, in theory... the freespace where the previous programs resided should have been overwritten 42x by now.

    I've ran several data recovery utilities to make sure that data couldn't be found.

    Every data recovery tool I used (freeware and shareware) was not able to find any data worth while to recover.

    Is there any other steps you'd take before letting them borrow the pc?
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  2. #2
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    Hi phish~

    Yes, load a few games to fill up sufficient HDD space to cover what you used to use. They can always delete them if they need the extra space.

    This is what I call the "psychological approach" Most people would not even consider trying to find what was there previously, or would suspect an older version or another game?

    Coupled with what you have done that leaves "magnetic remnance" and "track overlay" which is not the kind of thing you can do in your bedroom? Anyway you would need to be pretty certain that there was something there to even bother, and you wouldn't be able to use the machine whilst you were doing it?

    I am not entirely happy with the Win2k clearing of the pagefile. I would set that to the minimum (12Mb for Win2k?) then do a defrag, load the games and defrag again, then set it back to whatever. That should make sure that anything relating to your banking app got wiped.

    Other than that, I have "Eraser" on this Win2k box and have never managed to recover anything either.

    Just my views
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  3. #3
    Right turn Clyde Nokia's Avatar
    Join Date
    Aug 2003
    Location
    Button Moon
    Posts
    1,696
    I usually partion the Hard drive. Leave them about 1GB of space on the Windows Partion for them to use, or however much you want to give them - then partion the rest of the hard drive with an ext2/3 file system. Obviously Windows cant read this so is unable to snoop around in it just incase anything is left there.

    Not a major hurdle for someone who is determined to anyalize the Hard drive but for the casual user who downloads a free app to try it out, it may deter them slightly.

    I also reduces the space they have to install such programs on the Windows partion too - couple this with a non administrative account and they wont be able to install a application to anyalize the Hard Drive in the first place.....also maybe password protect the BIOS and set it to boot from the hard drive to prevent them booting from a live CD of any kind.

    Just an extra precaution you can take should you wish is all!
    Drugs have taught an entire generation of kids the metric system.

    http://tazforum.**********.com/

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    Nihil: I've loaded quite a bit on here (office, av, service packs and other updates, spyware protection, etc.) filling up the "missing" space and I've done plenty of defrags. Good idea about resizing the pagefile. I didn't think of that.

    Nokia: Good idea about the repartition. I just had to use gparted the other day and it worked VERY well. However, I've only had to repartition to make drives bigger, not smaller. The one time I did try to make a partition smaller... partition magic fubar'd the job and messed up my install.

    I really didn't want to have to reinstall this machine given all the "work" I've already done to it to erase data. It's worth a try though. Better safe than sorry.

    They should only be using it for email and mailing off digital pics and whatnot. I think one of the guys wanted to put emule or whatever on there to download stuff. We have much better connections here than he has at home. The fastest he can get is 256kbps down on adsl. We did a bench mark on that machine with an open WAP and we got 3.2mb down. He was jumping for joy! lol Knowing that... he'll probably fill the hd with stuff he downloads giving me the result I wanted anyway. haha

    I really hadn't planned to lock down the box or restrict what they can do with it. Afterall, it isn't on my network. I told one of them I'd give them admin and he could create limited user accounts/profiles for the other people.

    I think I've taken reasonable steps to deny recovery of previous data. Only the app was there with maybe some some sensitive data in memory or the pagefile. None of it was actually stored on the HD itself (well, besides the pagefile).
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Greeting's

    Nihil has already mentioned this but I think you should download and run it with your own custom wipe. Also It can clear the paging file at shutdown.

    dban.sourceforge.net
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  6. #6
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    ByTeWrangler: I have used dban in the past. However, it is my understanding that dban kills EVERYTHING on the drive? You boot from the cd and "nuke" the drive.

    That means that I will have to reinstall the OS from scratch. I have neither the OS disk (I have the key) nor the drivers (however, I can download them). Basically... everything I've done already will be for nothing. (as far as installing applications and updates.)

    Am I misunderstood about dbans abilities?

    It is certainly possible. I could get the media after the weekend and download the drivers in the meantime. I was just hoping to avoid it.

    What utilties would you use to see if data could be recovered?
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  7. #7
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    Ok, I've used numberous utilities that search the HD for files that can be recovered.

    Anyone ever use R-Studio? That one seems to be pretty nice. You can view the content of the files it finds. (though, you have to register to recover) It find much more than any of the other shareware utilties I've tried.

    So far, I've only been able to find setup files and materials since the last wipe. Even after scanning the sectors.

    Pretty neat little programs though...
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  8. #8
    StOrM™
    Join Date
    Aug 2004
    Posts
    1,003
    Greeting's

    I'm sorry for posting the link to DBAN, I actually wanted to post link to eraser (eraser.sourceforge.net).

    I'm sorry again. Also you might want to try this to see if any data is still recoverable.

    http://www.x-ways.net/davory/index-m.html
    http://fire.dmzs.com/
    http://www.lnx4n6.be/index.php?sec=D...%26page=bootcd (BOOT CD)
    Parth Maniar,
    CISSP, CISM, CISA, SSCP

    *Thank you GOD*

    Greater the Difficulty, SWEETER the Victory.

    Believe in yourself.

  9. #9
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,191
    Hi Phish~ ,

    Please try this one:

    http://www.officerecovery.com/freeundelete/

    As it says, it is free

    One thing that I did not mention, but will do so for the sake of completeness. Before I started the task, I would have attempted to encrypt the stuff I was going to delete. That would dramatically increase the difficulty of data recovery IMO.

    Just imagine analysing the magnetic remnance and track overlay through however many layers, only to find that the underlying data was seriously encrypted..............I would just love to see their little faces............but I always was a sadistic b*****d

    Incidentally, Gutmann does not overwrite 35 times. If it is used properly it will only do it about 23 times? this is because the patterns depend on the way the HDD works and some are redundant/trivial if you have this information.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  10. #10
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    ByTeWrangler: No worries. I was already using eraser. I use it on all windows boxes that I work on. great little tool. I had thought about dban too... but I didn't want to start from scratch.

    Nihil, I thought about that too... however, I wasn't sure if the uninstall program would work if you did that? It was just the app (and maybe some temp files) I was worried about. I seriously doubt that anyone can get data off here with the limited resources available to civilians?

    I only assumed gutmann overwrites 35x because eraser says 35 passes. Oh well, I used the 7 passes DoD one too.

    Just imagine analysing the magnetic remnance and track overlay through however many layers, only to find that the underlying data was seriously encrypted..............I would just love to see their little faces............but I always was a sadistic b*****d
    Also, going forward, I started using that trucrypt program that irongeek posted a tutorial about. Imagine trying to recover one of those partitions after it's been erased using eraser... Then you have to guess the right password... Even more difficult if there is the "hidden volume".

    Not that I actually have data thats worth being recovered in the manner you speak of.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides