security of reformatted truecrypt device

Discussion in 'encryption problems' started by kevvyb2005, Mar 20, 2014.

Thread Status:
Not open for further replies.
  1. kevvyb2005

    kevvyb2005 Registered Member

    Joined:
    Jun 3, 2005
    Posts:
    70
    Location:
    London UK
    I have a treucrypt encrypted device that I have to return for refund so obviously want to ensure thatmy data is secure. Given that the device is encrypted, if I just re-format it presumably any data that is potentially recoverable will still be encrypted so is still as secure as it was before reformatting?
     
  2. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    That is absolutely correct. I am assuming its device based encryption? If so every sector was encrypted so a format won't be any security risk to you.
     
  3. kevvyb2005

    kevvyb2005 Registered Member

    Joined:
    Jun 3, 2005
    Posts:
    70
    Location:
    London UK
    Excellent. Thanks. Yes it was whole device encryption on one of the drives, not on the other.

    So on the one where I have used a container file, do I also have to write zeros to the unencrypted part to maintain data security? Or is it not as simple as that?
     
  4. Palancar

    Palancar Registered Member

    Joined:
    Oct 26, 2011
    Posts:
    1,594
    Related users lesson for those reading along:

    The host file system (the filesystem upon which the file based container is held) can be a security issue. This is discussed in the users manual. If you are using a logging host filesystem such as NTFS it is much more of a concern than non-logging, such as FAT32/ExFat. There are many threads about this over on the TrueCrypt forums.

    e.g. anytime a file is accessed upon an NTFS filesystem things are changed inside of the internal MFT "tables" that are only visible with forensic examination. The filesystem has an internal log and it is being used constantly by the filesystem itself.

    If log change traces of those filesystem logs would create an issue for you, then by all means switch to device based encryption. Hopefully you understand that I am not speaking about anything that is being conducted inside of the encrypted volumes. Once dismounted those present no security risk at all.


    Back to your question: I personally would wipe the filesystem outside of the volume before I handed the drive to anyone else. My practice and its just my way of doing it, is to format to Fat32 and use a custom Eraser FAT32 system wipe. All clusters and headers are completely cleaned. Lots of good ways to do it, I described my way of doing it. I came to that conclusion after viewing the results using Encase post wipe.
     
Loading...
Thread Status:
Not open for further replies.