Low level format

[nihil]

I'm assuming that since you say you worked for the military that you obviously had a legitimate IT department and things such as network storage devices and monetary resources that could be put toward useful devices.

I am afraid that is a widely held misconception.

Actually, I worked for an arms manufacturer but my military colleagues had more or less the same story. For us, if something was not a requirement of the projects (stuff we could bill customers for) it was at the bottom of the food chain. For the military if it was not to improve "fighting efficiency" it was more or less the same. So that meant no spare servers and no spare decent computers.

Cipher would have been out of the question anyway........ they were still running NT 4.0 SP6a

If you compare rebooting every machine with a special disc that you have to interact with to removing the hard drive and sticking it in a hot-swappable storage device, I think it would be faster to remove the hard drive. You wouldn't really be doing 20 at once, if you had to sit down at each machine in order to interact with the program that wipes it.

Actually no. The software took a few seconds to burn to a floppy disk, so making 20 didn't take long. All you had to do was insert the floppy and turn the machine on and it would boot to it. You got a "do you really want to do this?" and gave it a "Y" then moved on to the next machine.

These were old PI boxes so no sata drives.

With all of this said, however, we still have to go back to the original question. He really just wanted to hear examples of software packages that could be used to make data unrecoverable.

Maybe I read too much into the question. When he asked about a low level format to DoD standards I took it to mean that he wanted to securely overwrite the whole drive.

Hence:

The one pass you mentioned that you do earlier would hardly be considered military-level security.

Exactly, but that is all the manufacturers formatting tools will do. Like I said if it is just a repair job that is what I use.

Index.dat Analyzer is the free product I was suggesting you look at. It shows you some of the stuff Windows has left on your drive.

eNcase is the flagship forensics data gathering tool. It is used by police departments and accepted in courts throughout the World.

Your computer only has one hard drive? Are you living in the stone ages?

Nope, that is actually a typical set-up for a secure environment. Normally the user wouldn't even be able to directly access the local HDD, they have to work on servers, so there is no need for anything other than one drive and one partition.

I guess you didn't factor in getting the CD or even having to create the CD... silly...

Not a problem I would have thought. The software will fit on a 3.5" floppy. I only said CD/DVD because modern machines generally don't have a floppy drive.

Owned... http://img71.imageshack.us/my.php?image=ownedzg0.jpg Now that we all know who the computer expert is here, I wonder if I should even continue.

I don't see the relevance of that. Sure you can turn off pagefile.sys What you cannot turn off is the fact that XP, 2000 and Vista are virtual memory systems. They will use it and there is nothing you can do to prevent this, they will just make their own arrangements "behind your back".

You do realize that you can just click the radio button, right, rather than telling everyone to edit their registry?

Errr I didn't say use regedit, however editing the Registry is what you actually do, however you decide to do it.

In fact, in a secure environment this setting should be part of the standard build, and users should have no access to the Registry.

Do you honestly sit there and wait for the machine to finish, or do you use another machine?

Yes and Yes. Not everyone has rocket science machines particularly in commercial and institutional environments. Overwriting large files and folders can take a while and is best done in dedicated mode. Please note that I did say:

..... in particular when you are wiping a whole disk.

I guess you're living in a fantasy world where you can only have a system drive on your computer and that drive is one big system partition...

Not a fantasy World, a secure World. The concept of least empowerment, and the users can only do what they absolutely need to be able to do. You have an image of the installation and if anything goes wrong you just re-image it.

Of course I am making the assumption that if you are interested in secure wiping you must be dealing with a system that handles sensitive data? In which case this would be the architecture I would expect to see.