/ Completely erasing data from a hard disk

This topic has been archived, and won't accept reply postings.
JamButty - on 05 Apr 2014
Hi, I'm looking to get rid of an old desktop PC but the hard disk has been used online and had data related to banks etc.
Is there a simple process to completely erase data from a hard disk so I can sell it with the PC, or am I better off destroying it?
I believe just reformatting or deleting is not sufficient?

Thanks

Karl Wooffindin - on 05 Apr 2014
In reply to JamButty:

Hi,

I've used this in the past and found it works really well.

http://www.dban.org

Cheers,
Karl
crayefish - on 05 Apr 2014
In reply to JamButty:

Use cCleaner (free software); it its many tools it has a hdd wiper... can do anything from a single pass to a Gutmann 35 pass overwrite. Though for your case I think a 7 pass wipe would be more than enough.
The Lemming - on 05 Apr 2014
In reply to JamButty:

How paranoid are you?

A few years ago I experimented with an old hard drive that I thought I had wiped clean to see what I could recover. I was able to find stuff that was years old that had previously been deleted before I wiped the drive clean.

You can wipe your drive clean and hope that the drive does not fall into the hands of one very dedicated individual who wants to snoop for sh1ts and giggles.

The best way to wipe your drive clean is with one of these

http://www.argos.co.uk/static/Product/partNumber/7106062.htm?CMPID=GS001&_$ja=cgid:7915409567|ts...
elsewhere on 05 Apr 2014
In reply to JamButty:

No need to destroy it, just overwrite (dban) Recovery of data once overwritten was possible decades ago but probably not at current disk densities.
If somebody really wanted your data they would have hacked or stolen your pc by now rather than try to recover data after disposal.
ex0 - on 05 Apr 2014
In reply to JamButty:
Just format it. It's nonsense that meaningful data can be retrieved from a single swipe, much less 'data related to banks' (which I assume means something like banking cookies??) since no bank stores useful data on client machines, I'd be shocked if any online shopping sites did either.
Post edited at 12:02
mullermn - on 05 Apr 2014
In reply to ex0:

You need to be careful with formatting - in the vast majority of cases this does not remove data, only the index that allows your operating system to find it again. You can regenerate index information and recover the files.

You need to overwrite the data using one of the tools mentioned, however one pass will be fine - the multiple overwrites is overkill for domestic use on modern hardware.
Jim Fraser - on 05 Apr 2014
In reply to JamButty:


This is what you want

http://eraser.heidi.ie/

I have used it in the past for cleaning disks that companies and individuals have donated to charities.

Older versions are also out there in the wild if the machine concerned does not have XP SP3 or later.

Typically, 5.8.8 works with Win98.
http://www.oldapps.com/eraser.php?old_eraser=2 [The correct link reads "Eraser 5.8.8 (10.71 MB)"]


No bu115h1t. No taking over your machine. Good control of settings. Good choice of methods.
Jim C - on 05 Apr 2014
In reply to JamButty:
Going by the recent TV programme relating to companies who bought second hand phones, and had a privicy policy that promised 'everything ' was professionally wiped, I I would bin it.

Pros were able to take almost all the second hand phones, identify the owners then even sat down with them and gave them a file of personal and financial information, scary , these were big companies apparently using professional wiping software that you would not be cost effective to obtain.

Cheaper and safer to smash it and put a new one in for sale. Other more savvy posters may disagree, but I would not chance it, as it looks like the software us not 100% , and if not used properly it does not do what it is intended to do.

I was chatting to the guys down at the local council dump, and they have to lock up old broken pc's as they have been approached by people to sell them , and when they refused, they then tried to break in to steal them. Not hard to guess what they are after when you are aware of these issues.
ex0 - on 05 Apr 2014
In reply to mullermn:

And if he was destroying DATA i'd agree with you, but it sounds like he's doing nothing more than removing internet history. If that's the case, there's nothing that could be done with THOSE files anyway, so he doesn't need to go to the trouble of nuking the drive.
Jim Fraser - on 05 Apr 2014
In reply to Jim C:

A lot of that is about minimum wage thick plonkers who cannot be bothered. Pay peanuts, get monkeys.

If you use one of the recognised multi-pass and multi-format protocols then the cost of useful data recover quickly becomes prohibitive and soon becomes impossible.

Eraser's method choices range from 1 to 35 passes and most are 3 or 7 passes. Local authorities and government departments have been happy for me to use certain 3-pass methods for property and engineering data.

For specific files, it is possible to go in with a hex editor and make a mess manually but there is no point when you can press a button and pour another coffee. You can also use a hex editor to check an address before and after erasing to examine the effect. That's not something I have done for some time since you soon realise you are pointlessly looking at nothing.
JamButty - on 05 Apr 2014
In reply to JamButty:

Thanks all for comments, just tried the eraser, but it wanted a newer version of windows (I'm on 98), so I've taken out the harddrive to connect to my other PC and try and erase it from there.

Perhaps I am paranoid, I don't understand it enough. All I know is I regularly used this PC to access bank accounts and other websites. I even had a doc file with all my passwords on it (yes I know.....!)
So I think to wipe it is probably my safest bet.

Ta

j0ntyg on 05 Apr 2014
In reply to JamButty:

Take the HDD out and destroy it, then you are sure. You are upgrading so your old pc is probably worth close to nothing. The HDD can be replaced with a new, probably better one for little money by the buyer. So can the operating system. You may have difficulties selling the old PC. I upgraded to this PC three years ago. The old one was a decent machine but none of the local computer traders were interested. They only wanted lap tops. So I gave it to charity after removing the HDD.

armus on 05 Apr 2014
In reply to JamButty:

Also for the future, look at Bitdefender antivirus. Whenever you log onto a bank or retail website, it automatically switches you to a secure server.

mgco3 - on 05 Apr 2014
In reply to JamButty:

The only way to be 100% sure is to physically destroy the disc. Usually by power drill right through case and out the other side.

Even after the drive platters have had most of the oxide coating removed from the surfaces by orbital sander it is still possible to recover data.

I dont think anyone would go to all that trouble (at least not to get at my 10.96 in my online Santander account) but how sure do you want to be?
ex0 - on 05 Apr 2014
In reply to mgco3:
Unless you had the user/passwd written down in a notepad doc on the desktop you could give the disk to pretty much anyone in the country and none of them could access your bank account.

The level of paranoia here is bonkers.
Post edited at 20:12
Choss on 05 Apr 2014
In reply to JamButty:

I use a Hammer to wipe my Drives.
mgco3 - on 05 Apr 2014
In reply to ex0:
I would be happy to take your disc from your PC / Laptop and enlighten you.

I have been in IT for 40 years(and 4 days) and can recall the times we used to use a fluid that was a suspension of very fine iron particles in a hydrocarbon to physically reveal the magetic code in mag stripes on cards etc.

I have , personally, recovered data from disc drives that were maliciously "wiped" by people to hide their tracks. In the early days of UNIX we used to debug and correct corrupt i-nodes on disc drives which is the equivalent of changing individual bytes within a disc sector.

Believe me. There is no such thing as paranoia when it comes to security of data.
Post edited at 20:47
Ridge - on 05 Apr 2014
In reply to Choss:

> I use a Hammer to wipe my Drives.

Cutting Torch was the approved military solution a few years back. Another vote for destroying the disc, after wiping it.
elsewhere on 05 Apr 2014
In reply to Ridge:
It seems such a waste to destroy the hard disk, just wipe it. The risk is negligible after wiping (overwrite) and recycling compared a laptop getting nicked or lost prior to disposal.
Post edited at 21:23
ads.ukclimbing.com
Jim Fraser - on 05 Apr 2014
In reply to mgco3:

Surely delete is an FAT change and wiped might be little more or at best between 2 and 16 bytes changed.
mgco3 - on 05 Apr 2014
In reply to Jim Fraser:

FAT??? Your age is showing Jim!! FAT(32) went out with the abacus, Microsoft use NTFS now. You are right about the bytes changed.

Even a full disc format will leave sufficient residiual flux changes in the underlying oxide layers so that the data can still be retrieved.

Difficult and slow but not impossible.

Jack B on 05 Apr 2014
In reply to JamButty:
If you just delete all files, or do a format, then recovering the files would take me an hour or two (depending on disk size). Comercial recovery 10-30.

If you break up the chippery on the drive, but not the platters, recovery is in the 400 region. I could maybe do it myself, but it would take days of careful work and buying some special parts/tools.

If you break the platters into coin-sized bits, recovery needs a high-spec research quality microscope. Cost will be many thousands. Only a few government labs are thought to have done this successfully.

If you break the platters into a fine powder (0.01mm grains), melt them down etc. the data is unrecoverable.

If you overwrite the data once, with random data (by using one of the above mentioned tools in single pass mode), it may or may not be possible to recover some of the data. It would need a research quality microscope even better than the one mentioned above, and the success rate would depend on the age and type of drive. As far as I know this has never been done, and the cost would likely be 5 or 6 figures.

If you overwrite the data with several passes of random data (using one of the mentioned tools in multi-pass mode) the data is unrecoverable. There may be a few scraps of data left in areas of the drive that are damaged and therefore automatically left unused, but they won't amount to much.

If your drive is new enought to support ATA Secure Erase, that is very effective. If your drive is from a win98 machine, it's probably too old.

In your case, just formatting the drive is probably adequate. But if you want peace of mind use one of the tools mentioned above. DBAN is my tool of choice. Despite the disclaimers on its homepage (put there to try and sell blancco's commercial offering) it is simple and effective.
Post edited at 21:57
wintertree - on 05 Apr 2014
In reply to JamButty:

SDelete - google it - with flags to clear free space.

Then open the drive, remove the platters and sand the surface off before cutting them into a few pieces.
mgco3 - on 05 Apr 2014
In reply to JamButty:

You could always remove the drive and ship it to yourself via Malaysian Airlines..

(I'll get me coat)
nufkin - on 05 Apr 2014
In reply to Jack B:

> If you break the platters into a fine powder (0.01mm grains), melt them down etc. the data is unrecoverable.

Where do magnets figure in all this? One was used to good effect in Breaking Bad
Jack B on 05 Apr 2014
In reply to nufkin:

Take the platters out of the enclosure and you can get a magnet very close to them, and you remove the shielding too. Dragging a strong magnet over the surface of a platter will trash data very fast (by causing saturation), you might need a few passes to get all of it.

If you use particular patterns of AC magnetic field, you can overcome the shielding and randomize the data on the drive even with the platters still inside, this process is called degaussing. The kit to do it is a bit specialist, and usually needs to be in contact with the drive to work. A range of a few tens of cm might be achievable, but it's never going to work through the wall.

Using a DC field is harder. Whist within the enclosure, the platters are well protected. You won't get anywhere with a regular magnet (not even the shiny expensive Nd ones). A junkyard magnet probably wouldn't be strong enough even if the drive were pressed up against it. A very powerful electromagnet, such as found more or less only in physics labs, might be able to overcome the shielding and wipe the drive. But only from a meter away at most.

You can make much stronger fields with single use electromagnets. Check out http://en.wikipedia.org/wiki/Explosively_pumped_flux_compression_generator for details. If you set one of those of outside a police station, people are going to notice.

jonathan shepherd - on 05 Apr 2014
In reply to The Lemming:

> The best way to wipe your drive clean is with one of these.
Nah, an Argos hammer drill probably wouldn't last long enough to get through the case.


Jim Fraser - on 06 Apr 2014
In reply to mgco3:

> FAT??? Your age is showing Jim!! ...


Oh the days of using Norton 3.10 to find and recover deleted files in DOS 3.3 by changing the file header byte at a time!
ex0 - on 06 Apr 2014
In reply to mgco3:
Enlighten me as to what? You're telling me if I formatted my drive and gave it to you you'd be able to access my bank account?

Edit: Just so we're clear, I'm all for data security, but what this guy needs and the solutions he's being offered here do not marry up. By his posts it's fair to guess he doesn't quite understand the way that data is transferred when it comes to internet banking, my point is that there's no data related to his banking/online shopping that needs to be completely nuked before he sells the drive.
Post edited at 00:17
itsThere on 06 Apr 2014
In reply to JamButty:

on windows 98... why
Jack B on 06 Apr 2014
In reply to ex0:

> my point is that there's no data related to his banking/online shopping that needs to be completely nuked before he sells the drive.

His post at http://www.ukclimbing.com/forums/t.php?n=583458&v=1#x7730205 indicates he has plaintext passwords stored. Unwise perhaps, but not uncommon. More commonly, people may use their browser's "remember the password for this site" features.

So a DBAN-ing is not an unreasonable suggestion IMO.
armus on 06 Apr 2014
In reply to mgco3:



> I have been in IT for 40 years(and 4 days) and can recall the times we used to use a fluid that was a suspension of very fine iron particles in a hydrocarbon to physically reveal the magetic code in mag stripes on cards etc.

When I worked in the seismic survey industry we recorded on magnetic tape.
Sometimes we needed to check how a tape was recording. (Can't remember details). We used a liquid called Magnasee which came in a squat can like Evostick. We poured a little into the cap, pulled a few inches of the tape through it and you could actually see the bits on the tape. Was that what you described above?



JamButty - on 06 Apr 2014
In reply to JamButty:

Thanks to all, I deleted all files, used the Eraser and have reformatted it. Think that'll do, although I have no way of checking!

Ta


The Lemming - on 06 Apr 2014
In reply to JamButty:

> Thanks to all, I deleted all files, used the Eraser and have reformatted it. Think that'll do, although I have no way of checking!

> Ta

You could try a simple little experiment. Download this bit of software and see if it can recover any kind of files from your freshly wiped hard drive.

If it finds nothing, then happy days. If it does find something then just ask yourself, what could be found when somebody really wants to find data from a wiped drive.

Let us know how you got on. :-)

http://www.piriform.com/recuva
mgco3 - on 06 Apr 2014
In reply to armus:

Oh that sounds like the stuff!!! Magnasee.. I still have some of the old "equipment" that we used to use.Disc head cleaner etc. I still regularly use my MICR (magnetic ink character recognition) viewer for magnifying stuff that I used to be able to see with naked eye.

Those were the days!!
mgco3 - on 06 Apr 2014
In reply to ex0:

Enlighten you as to just what information can be recovered.

Some people keep all sorts of personal information on their PC in the msitaken belief that becasue they have "deleted" it or because it is / was password protected that it is safe. Not so.

He may well have had details of his bank accounts and passwords actually on his PC and deleted the information. You would be suprised how many people , even IT professionals, keep extremely sensitive information in this way.

All I am saying is whatever you have had on your PC can be recovered.
The Lemming - on 06 Apr 2014
In reply to JamButty:

> Thanks to all, I deleted all files, used the Eraser and have reformatted it. Think that'll do, although I have no way of checking!

> Ta

Have a bit of fun with a few of these too, just to set your mind at rest.

http://www.online-tech-tips.com/free-software-downloads/free-photo-recovery-software/
elsewhere on 06 Apr 2014
In reply to mgco3:
Can it be recovered after it has been overwritten by dban Etc?
Nutkey on 06 Apr 2014
In reply to Jack B:

> If you just delete all files, or do a format, then recovering the files would take me an hour or two (depending on disk size). Comercial recovery 10-30.

> If you break up the chippery on the drive, but not the platters, recovery is in the 400 region. I could maybe do it myself, but it would take days of careful work and buying some special parts/tools.


Just buy an identical replacement hard drive, and swap the controller board over. Cheaper, and less effort. I did this a few years ago when I had PSU problem that resulted in smoke coming out of the controller board. Ironically, while backing up...
ads.ukclimbing.com
Jack B on 07 Apr 2014
In reply to Nutkey:
That's kind of what I was referring to. If you can get a compatible donor drive, swap the PCB over and it just works, then grand. An hours work, tops, including buying parts. It could easily run longer though if you have to transfer calibration data across (locate EEPROM or whatever, remove from broken board, solder onto new board, probably an SMT package). Admittedly, it should still be only a few hours work if you have a hot air rework station, but I don't, so a day or two maybe. Similarly firmware uploads if the donor drive is an imperfect match.
Post edited at 00:18
mgco3 - on 07 Apr 2014
ByEek - on 07 Apr 2014
In reply to elsewhere:

> Can it be recovered after it has been overwritten by dban Etc?

It depends on what dban Etc is and whether you trust what it is doing. As someone above stated, the only true way to destroy sensitive data is to physically destroy the disk with a drill and hammer.
AndrewHuddart - on 07 Apr 2014
In reply to ByEek:

> the only true way to destroy sensitive data is to physically destroy the disk with a drill and hammer.

It can be put back together!

If you really don't went to be appear on crime watch, clear and overwrite the disk with dban or your tool of incinerating the shreds.

Probably OTT unless there's a government being very interested in you.
jkarran - on 07 Apr 2014
In reply to mgco3:

> Even a full disc format will leave sufficient residiual flux changes in the underlying oxide layers so that the data can still be retrieved.
> Difficult and slow but not impossible.

Only if you know exactly what was written over it or exactly what you're looking for.

jk
elsewhere on 07 Apr 2014
In reply to mgco3:
Recovery after overwriting is either impossible or beyond economic recovery unless you have reason to think somebody will spend lots of money on the off chance they'll find something.

Residual flux allowed recovery decades ago but do you think recovery after over writing is possible for current disks?
Post edited at 20:20
The Lemming - on 07 Apr 2014
In reply to elsewhere:


> Do you think recovery after over writing is possible?

Don't know if its possible, however I am in the process of trying right now.

I have a 700Gb external drive which I filled completely with stuff, I then formatted it and I am now in the process of using Ccleaner to securely wipe it clean. This process has about 8-9 hours to go and after that I'm going to use some freely available software to see what I can retrieve from this hard drive.

I need to get out more.

mgco3 - on 07 Apr 2014
In reply to elsewhere:

In short , yes it is.

You are right about the economics of it however but there are always people who will do it ( to quote George Mallory )"Because it's there!"
elsewhere on 07 Apr 2014
In reply to mgco3:
Interesting, I thought it was impossible and even dubious that governments could get any residual data from wiped hard drives.
itsThere on 07 Apr 2014
In reply to elsewhere:

7 pass method used by DBAN was standardise by the america intel agences i think. Who like to spy on everyone. So its likely that is wasnt enough which is why they now recommend physical destruction.

I was reading a magazine last week at work. There was an advert in it with the catch line "security approved by the NSA" It wasnt april the 1st.
mgco3 - on 07 Apr 2014
In reply to elsewhere:

Why do you think that the americans put more emphasis on taking Osama Bin Ladens PC Disc drives than taking him alive.

That wasn't an unplanned accident.
The Lemming - on 07 Apr 2014
In reply to mgco3:


> That wasn't an unplanned accident.


No, a lucky accident.

Either that or Bin Laden ran out of money to keep him safe and somebody went to the highest bidder with info.
JJL - on 07 Apr 2014
In reply to JamButty:

Blimey! I think you might want a risk-proportionate response.

1. Only browsed the web; no purchases. Played a bit of solitaire.
Reformat.
2. Online banking and puchases.
Reformat with overwrite.
3. Something mildly illegal or highly embarassing
Reformat with multiple overwrites.
4. Something significantly illegal
Smash it up
5. Something that shows you are in charge of al quaeda
Smash it up, incinerate it and drop small portions of the ash in remote places.... Oh, but don't forget to post your concern on UKC first.
elsewhere on 07 Apr 2014
In reply to mgco3:
> Why do you think that the americans put more emphasis on taking Osama Bin Ladens PC Disc drives than taking him?

Because it is unlikely he'd overwritten the drives that particular day.


wercat on 08 Apr 2014
In reply to elsewhere:

does defragging after deletion count?
elsewhere on 08 Apr 2014
In reply to wercat:
A defragger reorganises files but you don't know which or what proportion of your deleted files will be overwritten in the process.
The Lemming - on 08 Apr 2014
In reply to elsewhere:

Last night I did a quick format of an external hard drive and then did a simple wipe of the hard drive using Ccleaner, only one pass but it still wrote onto every part of the hard drive. This took all night.

This morning I looked at the drive and it was indeed empty.

So I used Recuva to check that it was empty. A quick check showed the drive was empty, so I chose a deep scan.

I have 5 hours to go. So far the rile recovery software has found 927 files.

If I can use free software to find deleted files from software that is supposed to securely wipe files then I have failed.




Being a paranoid little rodent, I will continue to physically smash hard drives.

Any scavenger can retrieve a hard drive and scan it for sh1ts and giggles, but they aren't going to go to the expense of straightening a platter just to check what's there.
elsewhere on 08 Apr 2014
In reply to The Lemming:
Interesting result!
The Lemming - on 08 Apr 2014
In reply to elsewhere:

> Interesting result!

Everybody was talking hypothetically, or intellectually, so I thought I'd do a test.

Three hours to go to see what has been found and recovered.
The Lemming - on 08 Apr 2014
In reply to JamButty:

Found some more software to clean drives. And I'll give it a go, once my initial experiment has run its course, to see if it can kill data on an external hard drive which I will fill with stuff again.

http://sourceforge.net/projects/eraser/
ByEek - on 08 Apr 2014
In reply to The Lemming:

> Last night I did a quick format of an external hard drive and then did a simple wipe of the hard drive using Ccleaner,

To be fair, CCleaner for me lives in the same pile of choss inhabited by the other red herring in the room - registry cleaners, closely followed by almost all anti-virus software.

I am not very in-the-loop with regard to disk cleaners, but I would be very cautious. I work in the software backup world and anything disk related is rarely simple or straightforward.
Indy - on 08 Apr 2014
In reply to JamButty:

Does Rawrite still work from a DOS prompt? Free and VERY secure!
Indy - on 08 Apr 2014
In reply to elsewhere:

>Recovery of data once overwritten was possible decades ago but probably not at current disk densities.


I hear that the NSA are using scanning electron microscopes on high value data.

Even at the very high density currently being used the data isn't 'quite' put in the same place every time. As the disc heats up and cools during use it expands and contracts leaving the data in slightly different places which can be decteded.

elsewhere on 08 Apr 2014
In reply to Indy:
I suppose it's the same technique on a smaller scale for higher densities.
The Lemming - on 08 Apr 2014
In reply to The Lemming:

> Last night I did a quick format of an external hard drive and then did a simple wipe of the hard drive using Ccleaner, only one pass but it still wrote onto every part of the hard drive. This took all night.

> This morning I looked at the drive and it was indeed empty.

OK

I've completed my little experiment. Recuva found practically everything that I was expecting to be there. It also found stuff that I knew nothing about from JPEGS to documents I had no knowledge of.

Strange

Well I had a go at recovering a few files onto my main desktop. I have to say that not one of those files opened. It would seem that they were all corrupt.

I'm sure somebody could have got them to open but I was not successful.

You pays your money and you takes your chances.
dissonance - on 08 Apr 2014
In reply to elsewhere:

> Because it is unlikely he'd overwritten the drives that particular day.

Would be rather tedious on a daily basis.
For that boobytrapping the computer with some thermite would be the way to go.
Although the home insurers might not be overly chuffed if they found out.
Rick Graham on 08 Apr 2014
In reply to dissonance:
Reading this thread with interest as I will soon have a HD to kill.

I intend to smash the F*** out of it, cut it into bits and bury them in separate foundation concrete pours.
Post edited at 19:50
mgco3 - on 08 Apr 2014
In reply to elsewhere:
> (In reply to mgco3)
> [...]
>
> Because it is unlikely he'd overwritten the drives that particular day.

And unlimited resource to recover anything anything previously written.
ow arm - on 08 Apr 2014
In reply to JamButty:

bash the smeg out of it with a lump hammer
pour a flammable liquid over it and set it alight
job done
mullermn - on 09 Apr 2014
In reply to The Lemming:

Apologies in advance to the 99.5% of UKC that will have no interest in this ;)

Were you able to tell if the files were the correct size or look at the raw content of them? I'm quite interested in your test because I was surprised that you retrieved anything after the overwrite.

There is a risk that an overwrite will not cover literally the entire drive because during its normal lifetime a drive can remap sectors that are showing signs of failure to prevent future data loss, however the data affected should a) be very small (too small to be of use if retrieved) and b) not be retrievable without replacing (or doing some low level tinkering with) the drive controller since the controller in the drive would be what did the remapping in the first place.

If the software restored filenames then that suggests that it was able to recover the indexes for the filesystem, as if it had been able to find the data content then you may have got the data back but you would not have got meta-data (like the name and path).

What device did you set to be rewritten? In Linux (for example) for a disk holding a single partition system you could target either /dev/sda1 or /dev/sda and think that you're getting the entire device, but depending on how the partition geometry lines up with the disk geometry you might find that overwriting the file system doesn't quite overwrite the entire device and this might leave some data from previous use that could be recovered.

I believe most filesystems will also store multiple copies of themselves around different areas of the drive in order to enable recovery if the primary location gets corrupted. Some combination of the above could maybe have resulted in some of these backups still being available after the primary file system has been wiped.

This topic has been archived, and won't accept reply postings.