Securing Non-Critical Data by Manually Filling HD

Discussion in 'privacy general' started by Phil Energie, Jul 14, 2011.

Thread Status:
Not open for further replies.
  1. Phil Energie

    Phil Energie Registered Member

    Joined:
    Jul 14, 2011
    Posts:
    3
    Apologies if this question has already been answered. I did spend some time looking for it, but couldn't see it (either here or via google).

    I need to take my computer to an engineer for some repair work, but don't want him prying into my private files. I understand that if I just move the files to an external hard drive (which I have done), it will still be possible to view my data on the computer. Given that I only need a cheap and cheerful solution, can I just fill the hard drive of my computer with non-private stuff and then delete most of that?

    Thanks in advance for your help!
     
  2. hugsy

    hugsy Registered Member

    Joined:
    May 22, 2010
    Posts:
    167
    you can use ccleaner (if you have windows) and just overwrite the empty space with it after you have deleted private data.
     
  3. x942

    x942 Guest

    Try Eraser or as mentioned CCleaner. Both work great. I use a DOD - 3 pass wipe but that is technically over kill as on modern hard drives there is NO way to recover data after a Zeroing out. I like to "future proof" my wipe though in case 5 years from now it's not enough.:thumb: I also (working in the private sector) have to adhere to FIPS standards.
     
  4. Dude111

    Dude111 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    212
    I have always been confused with that myself!

    If a disk is formatted,HOW CAN ANYTHING BE RECOVEREDo_O

    All the track and sectors have been wiped clear!


    For example when i format my commodore64 disk,all the sectors are set to

    "Kaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
    aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
    aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
    aaaaaaaaaaaaaaa
    aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
    aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa"

    255 Bytes per sector..... Its gotta be the same on any disk format right?


    HOW IS STUFF STILL ABLE TO BE GOTTON??
     
  5. Baserk

    Baserk Registered Member

    Joined:
    Apr 14, 2008
    Posts:
    1,317
    Location:
    AmstelodamUM
    According to some researchers, ones and zero's, after having been wiped to zero's, can be retrieved.
    For instance; '0-1-1-1-0-1' will be zero'd into (surprise!) just zero's; '0-0-0-0-0-0'.
    However, researchers have claimed that the zero's that used to be ones aren't exactly 0 but can be read more like 0.001.
    So that the previous pattern could be read like '0-0.001-0.001-0.001-0-0.001'.

    Using a 'magnetic force scanning tunneling microscope', it's possible to 'record' these not-exactly-zero's.
    Thus you would be able to have an image of 0's and 0.001's, which would in turn allow you create a file of ones and zero's which then can be 'reverse-calculated' against all the different erasing techniques (and multitude of possible outcomes) which in turn should allow you to see a/the original pattern of zero's and ones.

    But that's according to some researchers.
    And based on HDD's from medieval times when 100 MB was A LOT.
    Modern HDD's have much higher density (compare 100MB to 500GB) which increases the difficulty of reading overwritten data enormously.
    So, it's very doubtfull that it's even feasible with modern HDD's and anyway, you would need a bloody expensive microscope and a super-computer for calculations.
    But read about it in a paper from Gutmann (who coined the Gutmann 35-pass); link
    And read this article that says recovering 6 bits (6 BITS!), isn't exactly the same as recovering a HDD; link.
     
  6. x942

    x942 Guest

    Also like to note that to use magnetic force scanning tunneling microscope you have to recover each bit individually. This means that recovering one character (2 bits) is twice as hard. This also means that if even one bit is off you have an entirely different character. If you use full disk encryption even one wrong character changes everything meaning the data could NEVER be recovered even with the key/password.

    Zero if you need a quick secure wipe, use NSA 7 pass or Guttman if you have time for it. If using DBAN I would use the PRNG Stream with 10 passes. It's even more secure than guttman at that setting. (The data is more random as guttman uses uses a scheme like NSA and DOD.)
     
  7. chiraldude

    chiraldude Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    157
    Just to insert a bit of perspective here...
    Unless the computer technician is a NSA agent, he won't be taking Phil's hard drive apart and scanning it with AFM.

    The main issue here is that it is impossible to remove 100% of your private data from a windows computer without formatting and reinstalling the OS.
    You can use things like CCleaner etc. but there will always be some unique data scattered around the file system that could be used to learn something about the user.
    If you are paying someone to work on your computer, why not wipe the drive and have him reinstall the OS? A reputable computer repair shop should include the clean OS install in the price.
     
  8. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,046
    Depends on how you format. A simple format just deletes the track 0 stuff, like the partition table. To windows the disk is brand new, but the bytes in the sectors are still intact. That's why partition recovery software can work.

    In fact the first two sectors of the NTFS drive are stored at the end of the partition. If you know what you are doing and have the tools, you can copy those two sectors back to the proper place and you have your whole disk back.

    Pete
     
  9. x942

    x942 Guest

    Law Enforcement has been using these techniques on Disks for years. No repairshop technician would have the money for one though.

    Technically speaking: Zeroing out data IS enough. The likely hood of being able to recover anything even with advanced Force Microscopy is slim. If you are paranoid or want to future proof it than use DOD or NSA (or PRNG Streams). This makes it truly impossible to recover data with our current level of technology.
     
  10. Dude111

    Dude111 Registered Member

    Joined:
    Sep 30, 2008
    Posts:
    212
    I think if your able to access the disk itself AND WIPE A MAGNET OVER IT that might clear everything also.... (Then just reformat)

    I have cleared my C64 disks this way.....
     
  11. chiraldude

    chiraldude Registered Member

    Joined:
    Jul 3, 2010
    Posts:
    157
    C64? You mean Commodore 64o_O
    You can't erase a modern hard disk with a hand held magnet. The magnetic field strength required is like 1000 times stronger than any magnet you could find. You would need a MRI machine with a superconducting magnet coil.
     
  12. Hungry Man

    Hungry Man Registered Member

    Joined:
    May 11, 2011
    Posts:
    9,148
    If you remove the magnetic shielding I think it would be enough.
     
  13. Phil Energie

    Phil Energie Registered Member

    Joined:
    Jul 14, 2011
    Posts:
    3
    Hey thanks for all the replies guys. I didn't think I had any replies because I thought I had posted the message so that I would be informed of replies via email, but obviously not because I've just logged in and seen all this insightful wisdom. I'm going to try CCleaner.
     
  14. Spooony

    Spooony Registered Member

    Joined:
    Apr 30, 2011
    Posts:
    514
    When you format it it just deletes the index entry pointing to the files. The data is still there. A quick recovery of the index.dat file with ptd and everything is back under 10 min.

    OP use DBAN wipe it

    bad idea
     
  15. J_L

    J_L Registered Member

    Joined:
    Nov 6, 2009
    Posts:
    8,516
    To receive emails, go to Thread Tools > Subscribe to this Thread.
     
  16. x942

    x942 Guest

    What's bad about CCleaner? Or are you referring to wiping the whole disk? In which case I agree DBAN it.
     
  17. Phil Energie

    Phil Energie Registered Member

    Joined:
    Jul 14, 2011
    Posts:
    3
    Finally got some free time, so I downloaded Ccleaner and ran it (didn't want to use DBAN because there is non-personal data that I do not want to delete, along with various programs I want to keep). Am I right in assuming, however, that Ccleaner has not done anything about the personal data that I previously moved off the drive and that this will still be very easy to browse by tech person who is feeling nosy (just as if I had simply deleted the files from the drive and emptied the recycle bin)?

    Thanks Phil
     
    Last edited: Jul 30, 2011
Loading...
Thread Status:
Not open for further replies.