Parted Magic + dban will not erase data from HDD?

Discussion in 'privacy technology' started by Phil McCrevis, May 15, 2012.

Thread Status:
Not open for further replies.
  1. Phil McCrevis

    Phil McCrevis Registered Member

    Joined:
    Mar 25, 2012
    Posts:
    97
    Location:
    US
    I was over at a good friends house this last weekend, he and his wife had a BBQ and invited me and some of his other friends over. There was one guy there that I had never met and after talking to him for a little bit I find out that he works for a computer forensics company and actually does recovery work.

    He talked for a bit about some of the interesting things he's come across while recovering data from drives. At one point I asked him if his company has every recovered data from a wiped drive and he told me that they can recover data no matter how a HDD is wiped. Said that physical destruction is the only way to keep data from being recovered.

    I told him my method for wiping data before selling/donating any personal computer and he claimed that his company could retrieve most if not all data even after a through wipe. o_O My method for wiping any personal PC before selling/donating is as follows: first I run parted magics internal secure erase command "enhanced" method and secondly after that finishes I run dban 2.2.6 dod 7-pass. HDD's have no bad sectors and do not show any errors while running dban.

    I was under the impression after doing quite a bit of research on wiping drives that even one pass from dban or similar programs would make data on a drive unrecoverable. Was this guy telling me the truth or just full of crapola?
     
  2. No_script

    No_script Registered Member

    Joined:
    May 12, 2012
    Posts:
    97
    Depends... If he works for NSA just assume they can recover it with ease. If he works for the local council he's full of ****.

    Use BCWipe Total WipeOut instead of DBAN, It "can wipe Host Protected Area (HPA) on hard drives" & "identify the number of sectors hidden by the Device Configuration Overlay (DCO) function (present since ATA-6 standard) and can wipe the DCO hidden sectors."

    DBAN can't do those 2 things
     
  3. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    He's FOS. Cool guy points at a party with "look what I know"... JMHO. You should have given him Peter Gutmann's number (who has since stated that on modern drives, one pass is enough).

    Good gouge on 'Total Wipe Out'...didn't know it could do the HPA and DCO...pretty cool.

    PD
     
  4. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Not true, the same principles apply here. To the OP, the only way I can see data still being kept is if bad sectors were present that have been blocked off, or if the devices he examined, the person in question had wrote data into the HPA/DCO of the drive...otherwise the steps you mentioned are enough to wipe a non-solid-state drive.
     
  5. Phil McCrevis

    Phil McCrevis Registered Member

    Joined:
    Mar 25, 2012
    Posts:
    97
    Location:
    US
    Thanks for the replies/info, was kinda thinking he was full of sheet just not 100% sure. Went ahead and got BCwipe to try.
     
  6. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    It depends on the type of drive. If it is a solid-state, he might be telling the truth. If it is a typical ERPML spin drive, he is full of it. You aren't going to recover any significant data after a spin drive has been overwritten, it's just not possible. The laws of physics sort of prohibit it.
     
  7. Phil McCrevis

    Phil McCrevis Registered Member

    Joined:
    Mar 25, 2012
    Posts:
    97
    Location:
    US
    He said that he could recover data from a regular HDD after it had been wiped.
     
  8. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
  9. secquestions

    secquestions Registered Member

    Joined:
    Jul 28, 2012
    Posts:
    1
    Location:
    USA
    Thanks to all for these comments. I wanted to ask: What about things like HDDErase that is supposed to use the secure erase command, doesn't that take care of HPA and DCO as well?
     
  10. PaulyDefran

    PaulyDefran Registered Member

    Joined:
    Dec 1, 2011
    Posts:
    1,163
    http://tinyapps.org/docs/wipe_drives_hdparm.html

    PD
     
  11. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,101
    I wonder if after a hdd is wiped, if it is possible to also wipe the firmware on the hdd?

    Anyone know?

    I assume that if the data on the hdd is wiped and then the firmware - not even NSA would be able to do a forensic recovery because with the firmware wiped (it would also include the map of bad sectors on the hdd), that at best any recovery would be speculative at best and not be foolproof due to plausible deniability.

    Of course, this is all conjecture on my part as I really do not know.

    -- Tom
     
  12. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    id say if you dont have any bad sectors wich dban wont even complete then anyhow , you should be good to go , if thou for any reason dban does not complete succesfully youll have to get BCWipe Total WipeOut or similar program as already suggested
     
  13. EncryptedBytes

    EncryptedBytes Registered Member

    Joined:
    Feb 20, 2011
    Posts:
    449
    Location:
    N/A
    Not sure why people keep putting the NSA into some form of "Cyber God" status here...that being said yes you can corrupt/go after the firmware of drives, but that is only if you don't intend to use them again. There are several firmware erasing options I personally recommend:

    Option 1: You can perform a rotational /linear swing technique on the device

    Option 2: There is also an attraction/repulsion method

    Option 3: Last my personal favorite

    All 3 options are guaranteed to help remove any firmware left on your hard drive. ;) Option 4 requires a thermonuclear device and the entire first season of Macgyver.
     
  14. happyyarou666

    happyyarou666 Registered Member

    Joined:
    Jan 29, 2012
    Posts:
    802
    same i was thinking not good idea to remove the firmware if wanted to be used again xD
     
  15. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,101
    The question of firmware removal/wiping can also be followed up by flashing a new alternative firmware onto the hdd in order to use it again independent of the original firmware.

    -- Tom
     
Loading...
Thread Status:
Not open for further replies.