Low level format - Page 3
Page 3 of 5 FirstFirst 12345 LastLast
Results 21 to 30 of 41

Thread: Low level format

  1. #21
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    I'm assuming that since you say you worked for the military that you obviously had a legitimate IT department and things such as network storage devices and monetary resources that could be put toward useful devices.
    I am afraid that is a widely held misconception.

    Actually, I worked for an arms manufacturer but my military colleagues had more or less the same story. For us, if something was not a requirement of the projects (stuff we could bill customers for) it was at the bottom of the food chain. For the military if it was not to improve "fighting efficiency" it was more or less the same. So that meant no spare servers and no spare decent computers.

    Cipher would have been out of the question anyway........ they were still running NT 4.0 SP6a

    If you compare rebooting every machine with a special disc that you have to interact with to removing the hard drive and sticking it in a hot-swappable storage device, I think it would be faster to remove the hard drive. You wouldn't really be doing 20 at once, if you had to sit down at each machine in order to interact with the program that wipes it.
    Actually no. The software took a few seconds to burn to a floppy disk, so making 20 didn't take long. All you had to do was insert the floppy and turn the machine on and it would boot to it. You got a "do you really want to do this?" and gave it a "Y" then moved on to the next machine.

    These were old PI boxes so no sata drives.

    With all of this said, however, we still have to go back to the original question. He really just wanted to hear examples of software packages that could be used to make data unrecoverable.
    Maybe I read too much into the question. When he asked about a low level format to DoD standards I took it to mean that he wanted to securely overwrite the whole drive.

    Hence:

    The one pass you mentioned that you do earlier would hardly be considered military-level security.
    Exactly, but that is all the manufacturers formatting tools will do. Like I said if it is just a repair job that is what I use.

    Index.dat Analyzer is the free product I was suggesting you look at. It shows you some of the stuff Windows has left on your drive.

    eNcase is the flagship forensics data gathering tool. It is used by police departments and accepted in courts throughout the World.

    Your computer only has one hard drive? Are you living in the stone ages?
    Nope, that is actually a typical set-up for a secure environment. Normally the user wouldn't even be able to directly access the local HDD, they have to work on servers, so there is no need for anything other than one drive and one partition.

    I guess you didn't factor in getting the CD or even having to create the CD... silly...
    Not a problem I would have thought. The software will fit on a 3.5" floppy. I only said CD/DVD because modern machines generally don't have a floppy drive.

    Owned... http://img71.imageshack.us/my.php?image=ownedzg0.jpg Now that we all know who the computer expert is here, I wonder if I should even continue.
    I don't see the relevance of that. Sure you can turn off pagefile.sys What you cannot turn off is the fact that XP, 2000 and Vista are virtual memory systems. They will use it and there is nothing you can do to prevent this, they will just make their own arrangements "behind your back".

    You do realize that you can just click the radio button, right, rather than telling everyone to edit their registry?
    Errr I didn't say use regedit, however editing the Registry is what you actually do, however you decide to do it.

    In fact, in a secure environment this setting should be part of the standard build, and users should have no access to the Registry.

    Do you honestly sit there and wait for the machine to finish, or do you use another machine?
    Yes and Yes. Not everyone has rocket science machines particularly in commercial and institutional environments. Overwriting large files and folders can take a while and is best done in dedicated mode. Please note that I did say:

    ..... in particular when you are wiping a whole disk.
    I guess you're living in a fantasy world where you can only have a system drive on your computer and that drive is one big system partition...
    Not a fantasy World, a secure World. The concept of least empowerment, and the users can only do what they absolutely need to be able to do. You have an image of the installation and if anything goes wrong you just re-image it.

    Of course I am making the assumption that if you are interested in secure wiping you must be dealing with a system that handles sensitive data? In which case this would be the architecture I would expect to see.
    Last edited by nihil; June 4th, 2008 at 08:36 AM.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  2. #22
    Member
    Join Date
    May 2008
    Posts
    34
    Basically you're talking about how to be secure with ancient parts. I guess that works for you, and perhaps that's why you're so against Windows also. You're still in that mindset created from long ago and just haven't moved forward with the times. That's great and all, but not really applicable anymore. Now people do have storage devices, SATA drives, and floppies are a thing of the past. I'm fairly certain that this guy was looking for a solution that fit current times, but only he could say for sure.

    As for turning off the page file in Windows XP, you very clearly said that it couldn't be done. I showed you the method for doing so in a screen shot. That is the relevance. Also, if you shut off page file, Windows will not still use it 'behind your back' anymore than it will go over the maximum page file size if you have a maximum set. Regardless, if you boot with a Windows Operating System on one drive, you can wipe a Windows Operating System on another drive and nothing will prevent you from wiping the files.

    Even if you didn't learn anything, I'm sure others did.
    Last edited by itPro; June 4th, 2008 at 12:39 PM.

  3. #23
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Well, the original poster did say:

    I have been playing around with it in class but only on older P3 dells.
    They don't support SATA

    So,

    Basically you're talking about how to be secure with ancient parts.
    would be about right, other than that he seems to be doing some sort of software testing project rather than wanting to be "secure" as such?

    I'm fairly certain that this guy was looking for a solution that fit current times, but only he could say for sure.
    If my assumption is correct, and it is an academic exercise, then I would say he wants a variety of solutions and doesn't really care if they actually work or not. Either result is OK for a project.

    As for turning off the page file in Windows XP, you very clearly said that it couldn't be done. I showed you the method for doing so in a screen shot. That is the relevance. Also, if you shut off page file, Windows will not still use it 'behind your back' anymore than it will go over the maximum page file size if you have a maximum set.
    The purpose of that feature is to allow you to remove and replace a corrupt page file. You cannot turn virtual memory off, it will merely create its own and use that. That is how Windows XP/2000 work, they are virtual memory systems. Basically it is a case of no VM, no Windows.
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #24
    Member
    Join Date
    May 2008
    Posts
    34
    Quote Originally Posted by nihil
    I have been playing around with it in class but only on older P3 dells.
    They don't support SATA
    If you read into the context of that sentence, he has been playing around with it in class, meaning that it's not serious. When he uses it the way he wants to, it will be serious, which means that it won't be on those P3's he's playing around with...

    Quote Originally Posted by nihil
    If my assumption is correct, and it is an academic exercise, then I would say he wants a variety of solutions and doesn't really care if they actually work or not. Either result is OK for a project.
    It's probably for learning which one is best, as he stated, I would imagine. 0.o

    Quote Originally Posted by nihil
    The purpose of that feature is to allow you to remove and replace a corrupt page file. You cannot turn virtual memory off, it will merely create its own and use that. That is how Windows XP/2000 work, they are virtual memory systems. Basically it is a case of no VM, no Windows.
    lol It's funny that you say you can't turn it off, yet there's that screen shot clearly showing the 'No Page File' choice... >.> Okay, so then how do you remove and replace a page file, if you can't turn it off? That's what I thought... Looks like you can turn it off... or maybe Windows will suddenly lock it down in the middle of your replacement process because you go over your RAM limit? No page file really does mean no page file, on the hard drive at least... >.> Whenever you disable the page file, the amount of page file space necessary for your apps to run will then be used in RAM. In other words, that amount of RAM will be specifically dedicated as a page file and can't be used for anything else.

    Look at the bottom post here:
    http://www.experts-exchange.com/OS/M..._23199493.html

    or check out this blog here:
    http://www.codinghorror.com/blog/archives/000422.html

    Can't you just admit that you are wrong?

    For all intents and purposes, we've been talking about the page file on the hard drive, as that's what you're saying cannot be wiped. You have said repeatedly that the page file cannot be turned off. You imply that Windows will secretly allocate another part of your hard drive as a page file, since it needs it, but this is simply not true. The page file on the hard drive can be turned off. If you do not have enough RAM, the system will crash. Windows will not take it upon itself to use the hard drive.
    Last edited by itPro; June 4th, 2008 at 02:47 PM.

  5. #25
    THE Bastard Sys***** dinowuff's Avatar
    Join Date
    Jun 2003
    Location
    Third planet from the Sun
    Posts
    1,250
    nihil is incapable of admitting he is wrong. I actually saw him apologize for mistyping once, but he went on to explain how different keyboards...

    meh
    09:F9:11:02:9D:74:E3:5B8:41:56:C5:63:56:88:C0

  6. #26
    Senior Member C:\Saw's Avatar
    Join Date
    Jan 2008
    Posts
    125
    "Strictly speaking Virtual Memory is always in operation and cannot be “turned off.” What is meant by such wording is “set the system to use no page file space at all.”



    maybe there are two rights here...

    --more or less
    Last edited by C:\Saw; June 4th, 2008 at 07:27 PM.
    "...to give correctly is to give them what they need from us, for it would not be skillful to bring gifts to anyone that are in no way needed."
    --Socrates

    *Einstein Would Be Proud*

  7. #27
    Member
    Join Date
    May 2008
    Posts
    34
    Glad to see that you now realize that I am right, which makes your post entirely wrong also. I bet you feel like a real idiot that stuck his nose in something it didn't belong, and now are having trouble eating your own words.

    Thank you for giving me the fuel I needed to prove that I am right beyond any shadow of a doubt. I'm always up for a battle of wits. I don't lose. Even when I'm wrong, my logical thought process is far more advanced than the average person that just takes someone else's word for it.

    Btw, there are multiple forum posts in the Microsoft site that mentions specifically not shutting off the page file. If they are telling people not to, that means that you can... Just FYI. Yes, the OS will still use memory as its page file, but now we're just arguing semantics. The fact is that I was right in the context we were discussing. Out of context, I guess you can say he was technically right also. Then again, there will always be ways to twist words around so that they make you look more favorable. I'm an expert in many areas.
    Last edited by itPro; June 4th, 2008 at 09:11 PM.

  8. #28
    Senior Member
    Join Date
    Aug 2006
    Location
    India
    Posts
    289
    I admit i am not an expert. But I ask you a simple question: when you use internet explorer, browse and then clear your history, can you tell me the additional number of places in Windows that you will have to manually clean to REALLY get rid of the history?

    An article on securityfocus said that at least 13 additional places are where your history will be saved. In addition to that I had found some other location in registry where the history was trying hard to remain in the present.

    I think eNcase is something worth a watch. please do reserach on the thing.

    And I do not know why would one try to completely remove data using any OS which is installed on to the disk. There are enough live OSes (most from the Linux stable) that will just run off the RAM and clean the disk without leaving any hint on the computer itself. The whole idea of using an installed OS for that thing is something I do not understand.


    EDIT: In addition to what I have said, i too think that nihil is unable to admit that he was wrong at a point. I am not sure about the enterprise setup and all such things.... I am still a student in a college. but then as far as I know about the virtual memory thing is: Page file and RAM are both a part of the VM systems. If you disable the page file, there is no harm. The fact is that after disabling, followed by a reboot, you can just delete the pagefile just as you would delete any other (hidden+system+secure) file.

    I am not here to cross upon you two guys (even though the IE history thing does sound like I am trying to cross off itPro). I am just telling you an idea (which I am actually not sure about, due to the zero experince) is that why not use a Live OS rather than the installed ones. Afterall all you needfor a wipe off are the starting and ending sector nos of the partition.
    Last edited by jockey0109; June 4th, 2008 at 10:46 PM.
    "Everything should be made as simple as possible, but not simpler."

    - Albert Einstein

  9. #29
    Member
    Join Date
    May 2008
    Posts
    34
    As a programmer, I can tell you that it doesn't matter whether the program is stored on a hard drive, a CD, or a floppy. It will still run in memory, regardless of whether or not the OS is running. The real point is that what is necessary to perform the cleanup is already available in Windows. If you feel as though your utility is more special because it isn't copyrighted by Windows, then more power to you. Personally, I'll pick convenient, easy, professional, and supported software every time. Windows just happens to offer something that fits well within all of those categories.

    We're talking about removing data in a way that it can not be traced. If you want to get down to real security, we'd be talking about what sort of hammer we would use to destroy the platters with and then what oven we would use to melt down the scrap with, but then we couldn't reuse the disk.

    If enWatch is used in forensics, then isn't it trying to recreate lost data, rather than to destroy it?

  10. #30
    Senior Member
    Join Date
    Aug 2006
    Location
    India
    Posts
    289
    see the running of the tool was not my point. Of course I too know that nothing runs from disk it runs from memory. But by the rukles of an Os, you cannot remove the OS itself when it is running (at least Windows wont allow you!). So Why not leve the OS and run ONLY from memory (wihout having any concern with whether the OS is ther r not on the DISK!)!
    "Everything should be made as simple as possible, but not simpler."

    - Albert Einstein

Similar Threads

  1. Windows Error Messages
    By cheyenne1212 in forum Miscellaneous Security Discussions
    Replies: 7
    Last Post: February 1st, 2012, 01:51 PM
  2. Debate about Data Recovery after Format.
    By helloworid in forum Newbie Security Questions
    Replies: 10
    Last Post: April 30th, 2004, 08:27 PM
  3. Low Level Format
    By Death_Knight in forum Hardware
    Replies: 17
    Last Post: January 2nd, 2004, 03:00 AM
  4. how do i low level format?
    By hexadecimal in forum AntiOnline's General Chit Chat
    Replies: 7
    Last Post: June 14th, 2003, 07:51 PM
  5. Batch File Tut
    By Badassatchu in forum Non-Security Archives
    Replies: 1
    Last Post: November 23rd, 2001, 10:13 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides