Wiping a computer clean, without physically damaging anything

Discussion in 'Travel Technology' started by Bay Pisco Shark, Feb 16, 2015.  |  Print Topic

  1. Bay Pisco Shark
    Original Member

    Bay Pisco Shark Gold Member

    Messages:
    1,557
    Likes Received:
    2,072
    Status Points:
    1,270
    I'm going to be sending a couple of computers (both Dell, desktop and laptop) back to a specific vendor that I'm firing. They are full of sensitive data.

    What is the best and/or most complete way to shred every bit of data on the devices, without causing any physical damage to anything? I know that there have been others in my same situation that have taken out the HDD and drilled through it. I'd prefer not do do this.
     
    Gargoyle and Sammich like this.
  2. Wandering Aramean
    Original Member

    Wandering Aramean Gold Member

    Messages:
    28,218
    Likes Received:
    61,754
    Status Points:
    20,020
    Use a disk wipe program which meets DoD 5220.22 M spec's. Not perfect but it should get you where you need to be.
     
  3. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,199
    Status Points:
    16,520
  4. Sammich

    Sammich Gold Member

    Messages:
    5,644
    Likes Received:
    22,439
    Status Points:
    11,025
    Depends on how sensitive your data is and how paranoid you are.

    Some people do 30 passes using Boot and Nuke. Our government standards say that 3 passes is enough.

    The CIA, NSA ditched the wiping standard since a while back and requires you to physically damage/shred the drives.
     
  5. WilliamQ

    WilliamQ Gold Member

    Messages:
    4,499
    Likes Received:
    14,270
    Status Points:
    10,675
    They should know.
    They probably have some of the best forensic recovery toys (tools).
     
    Sammich and Gargoyle like this.
  6. estnet
    Original Member

    estnet Gold Member

    Messages:
    1,749
    Likes Received:
    2,117
    Status Points:
    1,270
    why not just replace the harddives if you don't want to destroy them? Small cost for your peace of mind ;)
     
    Gargoyle likes this.
  7. traveltoomuch

    traveltoomuch Silver Member

    Messages:
    774
    Likes Received:
    912
    Status Points:
    795
    I specifically recommend BCWipe from Jetico. Trial license for 21 days. Unless you expect specific malice, don't worry so much about number of passes, but do make sure to wipe free space. Alternatively (or additionally) you could use their "BCWipe Total WipeOut" to get the whole disk including boot blocks, partition tables, etc.
     
    iolaire and Gargoyle like this.
  8. Dublin_rfk

    Dublin_rfk Gold Member

    Messages:
    4,222
    Likes Received:
    6,041
    Status Points:
    4,770
    And you get the satisfaction of pounding on something!
     
    Sammich and Gargoyle like this.
  9. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,199
    Status Points:
    16,520
    I just did that last weekend with six disks that either were no longer spinning up or I was too lazy to set up a machine with a PATA interface (my external enclosure recently died). Hammer time!
     
    bigx0, Gargoyle and Dublin_rfk like this.
  10. Gargoyle
    Original Member

    Gargoyle Milepoint Guide

    Messages:
    22,015
    Likes Received:
    96,543
    Status Points:
    20,020
    You should have made a video and posted it on youtube. Monetize it with the youtube ads, since you'd get lots of page views.

    No need to thank me. Just send me a 5% commission. :p
     
    MX and HaveMilesWillTravel like this.
  11. bigx0

    bigx0 Gold Member

    Messages:
    1,274
    Likes Received:
    2,287
    Status Points:
    1,270
    But if you go through all that trouble at least save the magnets inside. They are really awesome.
     
  12. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,199
    Status Points:
    16,520
    I have more. Many more.
     
    Gargoyle and traveltoomuch like this.
  13. Sammich

    Sammich Gold Member

    Messages:
    5,644
    Likes Received:
    22,439
    Status Points:
    11,025
    From Wikipedia,

    "As of the June 2007 edition of the DSS C&SM, overwriting is no longer acceptable for sanitization of magnetic media; only degaussing or physical destruction is acceptable." :p
     
    bigx0, Gargoyle and traveltoomuch like this.
  14. bigx0

    bigx0 Gold Member

    Messages:
    1,274
    Likes Received:
    2,287
    Status Points:
    1,270
    That wiki entry must have been inserted by a hard drive manufacturer wanting to sell more hardware. ;)

    I can't argue with supposedly official documents, but IMO random complete overwriting even once will make it nearly impossible to reconstruct the data. Yeah, back in the days when a huge disk was 50MB and the size of a pizza their magnetic spots were large and needed considerable energy to magnetize. It was relatively "easy" to forensically reconstruct data with those. But not these days, not by ordinary mortals. Of course, if someone has the NSA on their tail, there are much larger problems than returning scrubbed drives to a vendor!
     
    Gargoyle, MX, Dublin_rfk and 3 others like this.
  15. Dublin_rfk

    Dublin_rfk Gold Member

    Messages:
    4,222
    Likes Received:
    6,041
    Status Points:
    4,770
    Please refer to the IRS IT dept manual!
     
    Gargoyle and Sammich like this.
  16. Sammich

    Sammich Gold Member

    Messages:
    5,644
    Likes Received:
    22,439
    Status Points:
    11,025
    Their IT manual is to advise users to just throw them out without action or copy all the data and release them to the public..
     
    Gargoyle likes this.
  17. traveltoomuch

    traveltoomuch Silver Member

    Messages:
    774
    Likes Received:
    912
    Status Points:
    795
    warning: unhelpful response follows.

    Make sure to have set up robust whole-disk crypto before you put the data on them in the first place, conveniently pre-shredding the bits, then forget the key. (Or overwrite the block containing the encrypted key, depending on the exact system.)
     
  18. HaveMilesWillTravel
    Original Member

    HaveMilesWillTravel Gold Member

    Messages:
    12,504
    Likes Received:
    20,199
    Status Points:
    16,520
    In the spirit of this being a travel forum:

    You could just ship the computers back via "United destroyed my Guitar" air freight and hope for the best ;) Might help to write "Fragile" on the card board box.
     
    Gargoyle, MX and traveltoomuch like this.
  19. viguera
    Original Member

    viguera Gold Member

    Messages:
    4,737
    Likes Received:
    6,913
    Status Points:
    4,745
    I guess as others have said, it depends on your level of paranoia and how sensitive the actual data is... if you really, really don't want anybody attempting to retrieve it, just don't send them.

    The places I used to work required you to degauss them, then shred them -- or have a vendor do it with an employee present as witness.
     
    Sammich likes this.
  20. ljreinholt

    ljreinholt Active Member

    Messages:
    1
    Likes Received:
    0
    Status Points:
    70
    WipeDrive sold by White Canyon meets all DOD and other NORMS....
     
  21. legalalien
    Original Member

    legalalien Gold Member

    Messages:
    4,536
    Likes Received:
    9,301
    Status Points:
    7,770
    Posting here for future reference...modern versions of Windows come with a built-in utility to wipe empty space (deleted data) and leave the OS itself intact. To use it, open command prompt, and run

    cipher /w:C

    You can substitute another drive letter for C to wipe other drives, or specify a folder. Cipher does DoD compliant wipe, writing 0x00, 0xFF and random data. For more information, see https://support.microsoft.com/en-us/kb/315672. No third-party software needed.
     
  22. Wandering Aramean
    Original Member

    Wandering Aramean Gold Member

    Messages:
    28,218
    Likes Received:
    61,754
    Status Points:
    20,020
    Nice option. Assuming, of course, that you've managed to delete everything you were supposed to. ;)
     
  23. legalalien
    Original Member

    legalalien Gold Member

    Messages:
    4,536
    Likes Received:
    9,301
    Status Points:
    7,770
    Indeed. One option is to reset Windows (http://windows.microsoft.com/en-US/windows-8/restore-refresh-reset-pc, use "Remove Everything..." option, which deletes all personal and application files), then run cipher. Another is to actually remember where your sensitive data is. :)

    Cipher comes handy if you want to leave PC/laptop in a working state, but care about personal files getting erased, e.g., remove one user, but leave the rest of the system running. If that's not a requirement, then nuking the entire drive is probably a safer choice.
     
    Wandering Aramean likes this.

Share This Page