Just how far does one has to go to erase?

Discussion in 'privacy technology' started by HandsOff, Oct 1, 2005.

Thread Status:
Not open for further replies.
  1. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    GerardWil mentions:

    "Eraser is an advanced security tool (for Windows), which allows you to completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns. Works with Windows 95, 98, ME, NT, 2000, XP and DOS.
    Eraser is Free software and its source code is released under GNU General Public License.

    The patterns used for overwriting are based on Peter Gutmann's paper "Secure Deletion of Data from Magnetic and Solid-State Memory" and they are selected to effectively remove magnetic remnants from the hard drive.

    Other methods include the one defined in the National Industrial Security Program Operating Manual of the US Department of Defence and overwriting with pseudorandom data. You can also define your own overwriting methods.

    http://www.heidi.ie/eraser/features.php
    "


    First of all, although I no that it is true, I am still pretty amazed that old data that has been overwritten can be retrieved. But surely, not if it has been over written more than one time?! I have a tool that uses this method: I writes all 0's then all 1's to the file being erased, and repeats this however many times you like. My thinking is that more than 3 times would be overkill, wouldn't it?


    -HandsOff
     
  2. SevieO

    SevieO Guest

    Hi Hands,

    Overkill to who ? If it's Jo Blogs who gets your old PC, then 3 should be fine.

    If it's the Men in Black etc, then you need at least the minimum Gutmann 35 passes to be sure ( ish )

    Don't forget just wiping files securely is one thing, but what about all those traces and fragments in the scrap files etc. Also System Restore and the Swap File have lots of data in them too and need similar attention.

    Also there's those Index Dat Files and User Data Files etc etc to consider !

    If you use NTFS then that's a minefield in itself.

    I suppose it all depends on what a person needs to do for whatever reason/s !

    The only way to be 100% your sure your clean is to get a new HD.


    StevieO
     
  3. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi all

    feel free to jump in and correct me here if I'm off base but as I understand it tools like eraser are useless because even files that have supposedly been wiped with these tools there still recoverable which gives a false sense of security

    see in the course of writing Trouble With Un-Welcome Malware How To Cleaning And Securing Your Computer sticky found at the spyblocker forums I tried out eraser and I'm sorry to say it failed miserably against the restoration found here http://www.geocities.jp/br_kato/index.html

    now maybe its just I did something wrong no doubt someone will be able to confirm is this is the case but I was still able to recover files and most erasing tools I have tried out have also failed to beat restoration and in most cases iv been able to recover the test file maybe not 100% intact but none the less the fact that I've even been able to partially recover files that where supposedly unrecoverable points to a serious flaw in the way these programs work

    so although id still recommend the use of these programs because it makes life harder for any nosey people poking around if you really want your files to be unrecoverable then as i see it the only real way is to physically destroy your drive
     
  4. Beef

    Beef Guest

    > I tried out eraser and I'm sorry to say it failed miserably against the restoration found here http://www.geocities.jp/br_kato/index.html <

    by: Bethrezen



    Definitely Bethrezen must have done something in-correctly. The tool listed by Bethrezen is hardly a top notch file recovery program an certainly is no match for the likes of Eraser. Just tested this issue an the program totally failed to recover any files removed by Eraser.

    Steve said it best. There are many places that need to be PROPERLY cleaned prior to using Eraser or any Eraser type of product. Unfortunately many people have no idea what to look for or what to remove so must depend on Products that will do the job for them. However, its not always the case that any one particular product will search and distroy ALL the things that need removing prior to a proper erasing.
    For the most part Seven (7) wipes with Eraser will make the wiped files un-recoverable by the average local agency and many three letter agencies. Here its more a matter of time and expense. Again as Steve stated Thirty Five (35) wipes will insure much greater chance of total erasing. Local agencies usually can easily recover files wiped Four (4) or Five (5) times. The average computer user can do the same simply by using a good file recovery program. There is always the question of what is being used to recover Data: is it a File Recovery Program or a Microscope.
    Perhaps the question would be better in focus to request Others to provide links to really good cleaning tools. Remember, don't expect any Wiper to clean what has not been removed. Thats YOUR job......
    Obviously there appears to be alot of bad information floating on the internet regarding WIPING so be very careful to whom you listen to. Many of the old Timers that once use to post here at Wilders have went their way. With them went a great deal of security information. I've notice that Steve does give good advice although I don't know him personally he does seem knowledgeable.
     
  5. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    677
    Location:
    Blasters worm farm
    Hello Bethrezen, I've used Eraser and Restoration2514 for many years. Could you tell me how you ran eraser ? there's no way restoration can recover anything wiped with eraser except a worthless 0 length .WIP file.

    I just finished formating a drive and restoration2514 see's nothing, Eraser Gutmann 35 pass does a lot more than a format.

    I agree with Beef, IMO Restoration 2514 is weak even with regular deleted files.
     
  6. justcurious

    justcurious Guest

    Just curious if anyone who's posting here actually read the paper by Peter Gutmann on Secure Deletion? Here it is if you haven't. http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
    In his paper he himself even states :

    "In fact performing the full 35-pass overwrite is pointless for any drive since it targets a blend of scenarios involving all types of (normally-used) encoding technology, which covers everything back to 30+-year-old MFM methods (if you don't understand that statement, re-read the paper)."

    "For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do. As the paper says, "A good scrubbing with random data will do about as well as can be expected". This was true in 1996, and is still true now."

    So the 35 Gutmann pass is a waste of time according to Peter Gutmann himself. About the best you can do, short of complete hard drive destruction, is a few random passes. The extra 30 (or so) passes are a waste of time. If you don't believe me, read the paper yourself (link at top).
     
  7. FastGame

    FastGame Registered Member

    Joined:
    Jan 15, 2005
    Posts:
    677
    Location:
    Blasters worm farm
    I read that years ago, thanks for the refresher :)

    This was also included in the writing....

    " For this reason it is effectively impossible to sanitise storage locations by simple overwriting them, no matter how many overwrite passes are made or what data patterns are written. However by using the relatively simple methods presented in this paper the task of an attacker can be made significantly more difficult, if not prohibitively expensive"

    How hard would recovery be if the drive was encrypted before erasing ?
     
  8. Bethrezen

    Bethrezen Registered Member

    Joined:
    Apr 16, 2002
    Posts:
    546
    hi

    it was quite some time ago so I don't actually remember but I believe I used it as it comes installed (default settings)

    however as any good investigator would do Ill go back and have another go and check that my comments are in fact correct and see if I still get the same results with the latest version of eraser and will let you know
     
  9. Beef

    Beef Guest

    Hardrives and Storage has changed dramatically since that "Paper" was written an its far past time for newer information to be presented but thats not likely to happen.
    There are numerous factors that affect erasing, even temperture, an for sure encryption is another. However, the amount of Wipes used is not disputed. Normally I can retrive up to Five (5) wipes but not over that amount using recovery programs. To wipe five times or forty times isn't that really a matter of what the User decides makes him feel comfortable an not so much as what extra wipes will achive?
    A person who has computers confiscated will no doubt feel less stress after wiping 35 times. In fact, I can see where many three letter agencies would just love to convice the public not to wipe more than a couple of times......it sure would make their jobs alot easier.....retriving information for convictions or whatever. So what purpose does it serve....other than to the benefit of Agencies.....to not wipe more than a couple of times?
    In Real Time, Real Life, seven wipes at the very lease is usually enough an anything less is foolish.
    What others do is not of my concern....nor what they believe or do not believe. So there is no argument on my part. But you can bet my computers are wiped throughly nightly.........an has yet to have anything recovered from their harddrives. An yes, many times they are wiped 35 times......an yes I read the "Paper" an yes my harddrives will continue being wiped 35 times
     
  10. Beef

    Beef Guest

    Have got to be on my way elsewhere now but want to make a brief comment before leaving.
    One thing I've noticed is the noted absence of information or discusion on LOCKING YOUR COMPUTERS. Remember Layered Security........every computer should have a program installed that denies access. Then if bypassed other programs also will need to be bypassed......Say "NO" an mean it!
     
  11. HandsOff

    HandsOff Registered Member

    Joined:
    Sep 16, 2003
    Posts:
    1,946
    Location:
    Bay Area, California
    I'll start by saying that I don't have very sensitive data to have to protect, but my gut feeling is that so long XP and IE and WMP are on a computer It would be hard to feel any confidence that any given information might not just be stored locally elsewhere, or worse yet, already been uploaded into some external data base. I'm not saying for sure this is happening. I just imagine it is a lot more likely than someone having to piece together shredded files.

    My objective is not 100% security. It is merely to be as secure as possible, without sacrificing inordinate amounts of time and money. Someone here at Wilders pointed out that the simple process of regular defragmenting actually is very helpful in making files less susceptable to easy recovery. This I do. In all of the years I have had a computer, I can say that I have never used the recycle bin. That must help, and for me it is quite painless. If you don't have a safety net, you'd be surprised how seldom you fall! Among the other things I do is to have a program that runs at each startup and empties the index.dat files. I also have erased all of the ADS (alternate data streams) from my computer. These are also pretty painless.

    The most compelling time to really shred information is if you are, say, giving your old computer (or donating it). I'm sort of old fashioned. If I were throwing it away, i'd physically destroy the drive. (Yes, I actually do this. Anyway I have always enjoyed seeing what makes something tick. And I always have uses for the rare earth magnets). This is just sheer speculation, but let's say I was giving a drive away...to someone very smart. I would definitely use one that schreds from a boot disk. maybe the zero fill tools from the drive manufacturer. I find it significant how much time it takes to zero fill a drive, and I have to question any method that does not take at least that long. (possibly hours)

    For protecting files while I am using the computer. I feel encryption is the strongest possibility. Locking the computer is good, but I guess professionals get around this, but your average snooper might not. I don't like XP's system of tying the log in password to the screensaver password. The log-in passwords are somewhat susceptable to password retrieval. What is needed is a good old stand alone. I am looking for a good encryptor with drive locking, but I really don't know how to compare them. Also, a replacement for whatever tries to store form data. This is a hard area because there are performance penalties.

    I wonder if they will ever make a drive that has a build in, mechanical secure eraser. That, could be a real solution!


    -HandsOff
     
Loading...
Thread Status:
Not open for further replies.