How do I sanitize a hard drive?

[Tosca]

Hi everyone

I have a PC which I'm passing on to someone else. I want to make sure that
all data on the hard drive have been erased and can't be recovered. I know
that normal methods of defragging, deleting, reformatting, reinstalling the
OS etc. won't neccesarily do that so how do I do it? I hasten to add that
there's nothing illegal or immoral on the hard drive, but there are likely
to be passwords etc. as I have accessed Internet Banking sites, purchased
items with a Credit Card etc. and I'm suspicious that confidential data may
have been stored.

If the drive can't be sanitized easily (by me and at low cost!), I'll
probably resort to removing the drive and destroying it physically - even
though that does seem extreme!

Thanks in anticipation.

 

[Carey Frisch [MVP]]

I would suggest downloading the free 30 day trial version
of Iolo's excellent DriveScrubber:
http://www.iolo.com/ds/index.cfm

--
Carey Frisch
Microsoft MVP
Windows XP - Shell/User

Be Smart! Protect Your PC!
http://www.microsoft.com/athome/security/protect/default.aspx

----------------------------------------------------------------------------

:

| Hi everyone
|
| I have a PC which I'm passing on to someone else. I want to make sure that
| all data on the hard drive have been erased and can't be recovered. I know
| that normal methods of defragging, deleting, reformatting, reinstalling the
| OS etc. won't neccesarily do that so how do I do it? I hasten to add that
| there's nothing illegal or immoral on the hard drive, but there are likely
| to be passwords etc. as I have accessed Internet Banking sites, purchased
| items with a Credit Card etc. and I'm suspicious that confidential data may
| have been stored.
|
| If the drive can't be sanitized easily (by me and at low cost!), I'll
| probably resort to removing the drive and destroying it physically - even
| though that does seem extreme!
|
| Thanks in anticipation.

 

[Guest]

Go to www.download.com (Owned by CNET) and search for a utility to remove the
FAT entries to wipe the hard drive. Most are not free though. My suggestion
would be drill a hole though the old hard drive and sell the computer without
a hard drive or go pick up a replacement hard drive for it.

 

[Tosca]

Thank you to each of you for your suggestions. I quite appreciate the pros
and cons of having a system where it is very difficult to revert the HD to
the brand new state. I realise that the Police have been able to use
computer forensic techniques to obtain valuable information which has
allowed them to secure convictions and this has been possible because
remnants (sometimes very large!) of files have remained on HD that were
thought to have been cleaned. Folks who use their PCs for immoral or
illegal activity are, hopefully, in the vast minority (unless I amd
extremely naive!).

I will have a look at the software but suspect that my paranoia will drive
me to physical destruction of the HD.

 

[Malke]

Thank you to each of you for your suggestions. I quite appreciate the
pros and cons of having a system where it is very difficult to revert
the HD to
the brand new state. I realise that the Police have been able to use
computer forensic techniques to obtain valuable information which has
allowed them to secure convictions and this has been possible because
remnants (sometimes very large!) of files have remained on HD that
were
thought to have been cleaned. Folks who use their PCs for immoral or
illegal activity are, hopefully, in the vast minority (unless I amd
extremely naive!).

I will have a look at the software but suspect that my paranoia will
drive me to physical destruction of the HD.

You really don't need to do that, and destroying a hard drive is harder
than you think. Download the free Darik's Boot & Nuke. You will make a
boot disk from the file you download. The instructions are there on the
website. Then just boot with this floppy, and the program will run
immediately. Be very careful to only boot with this floppy on a machine
you want to totally wipe! Make sure you label the floppy!

http://dban.sourceforge.net/

Malke

 

[Steve Clark [MSFT]]

The only way to do what you're asking about is to degauss the drive.

In most any filesystem or control state, there are artifacts that the proper
forensic tools will help derive data from.

Degaussing will "nuke" anything on the drive... This is what the government
does on systems that they want to destroy that processed classified data.

 

[Tosca]

Thank you. I suspect that degaussing isn't available to the average user
(like me!) as it's likely to involve expensive hardware.

 

[Tosca]

Thank you for the further advice about software - I'll have a look at this
site. Perhaps a solution would be to apply several software solutions
sequentially in the hope that they all do different things to the hard drive
(yes, my paranoia peeking through again!).

 

[David H. Lipman]

Tosca:

If you have Symantec Ghost, it includes a utility called GDISK.EXE which can sanitize a hard
disk. It even can sanitize a hard disk based upon DoD and NISPOM standards (albeit it has
not yet been approved for DoD use).

Dave



| Hi everyone
|
| I have a PC which I'm passing on to someone else. I want to make sure that
| all data on the hard drive have been erased and can't be recovered. I know
| that normal methods of defragging, deleting, reformatting, reinstalling the
| OS etc. won't neccesarily do that so how do I do it? I hasten to add that
| there's nothing illegal or immoral on the hard drive, but there are likely
| to be passwords etc. as I have accessed Internet Banking sites, purchased
| items with a Credit Card etc. and I'm suspicious that confidential data may
| have been stored.
|
| If the drive can't be sanitized easily (by me and at low cost!), I'll
| probably resort to removing the drive and destroying it physically - even
| though that does seem extreme!
|
| Thanks in anticipation.
|
|
|

 

[Bruce Chambers]

Hi everyone

I have a PC which I'm passing on to someone else. I want to make sure that
all data on the hard drive have been erased and can't be recovered. I know
that normal methods of defragging, deleting, reformatting, reinstalling the
OS etc. won't neccesarily do that so how do I do it? I hasten to add that
there's nothing illegal or immoral on the hard drive, but there are likely
to be passwords etc. as I have accessed Internet Banking sites, purchased
items with a Credit Card etc. and I'm suspicious that confidential data may
have been stored.

If the drive can't be sanitized easily (by me and at low cost!), I'll
probably resort to removing the drive and destroying it physically - even
though that does seem extreme!

Thanks in anticipation.

To protect your personal information and data from any future users
of average skills, you should, at the very least, format the hard drive
and reinstall only the OS and those applications whose licenses are to
be included in the transfer. If you wish to do a more thorough job of
protecting your personal data, WipeDrive 2.2.1
(http://www.accessdata.com/Product07_Overview.htm?ProductNum=07) meets
U.S. DoD standards for securely cleaning surplus unclassified hard
drives, and could be used before formatting and reinstalling the OS and
applications.


--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

 

[Bruce Chambers]

Degaussing will "nuke" anything on the drive... This is what the government
does on systems that they want to destroy that processed classified data.

Actually, we only degauss or shred those hard drives that cannot be
salvaged and reused, because of mechanical failure. For servicable hard
drives, we use software to write zeros and ones over the entire surface
several times, and then format the drives and put them to non-classified
use.

--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

 

[Tosca]

Thank everyone for very useful information. I have a lot to look at.

 

[Steve Clark [MSFT]]

Not if they're TS or compartmentalized. At least not at the facility I
still work at in the reserves...

 

[Bruce Chambers]

Not if they're TS or compartmentalized. At least not at the facility I
still work at in the reserves...

That's true. I should have qualified my statement to cover just the
Confidential and Secret claasifications.

--

Bruce Chambers

Help us help you:



You can have peace. Or you can have freedom. Don't ever count on having
both at once. - RAH

 

[Steve Clark [MSFT]]

My facility was the CIA, and we degaussed our machines.

I did mention classified... Right?

 

[David H. Lipman]

Well that's different. The CIA does not fall under the DoD and thereby has their own set of
regulations.

However I am confused over the tense. Past or present. You stated "I still work at in the
reserves" - which falls under the DoD.
Now you say "...was the CIA.".

I guess at this juncture the point is moot.

Dave




| My facility was the CIA, and we degaussed our machines.
|
| I did mention classified... Right?
|
|
|
|
|
| | > The Acting Under Secretary of Defense (AUSD) Linton Wells II put out a
| > memo ~6/2001 entitled
| > "Disposition of Unclassified DoD Computer Hard Drives"
| > This memorandum was the culmination based upon two other DoD memorandum.
| > 1) "Destruction of DoD Computer Hard Drives Prior to Disposal" -
| > 1/8/2001
| > 2) "Disposition of Unclassified DoD Computer Hard Drives" - 5/29/2001
| >
| > This memorandum lays out what is required for hard disks that contain
| > Sensitive But
| > Unclassified (SBU, Aka; US2 data).
| >
| > Attached is a JPEG extraction from this memo detailing what is required by
| > software to
| > sanitize a hard disk.
| >
| > Classified and above hard disks are sent to the NSA at Fort George Meade,
| > MD, for
| > destruction.
| >
| > Your "facility" should be sending media holding classified data to the
| > NSA.
| >
| > Dave
| >
| >
| >
| >
| > | > | Not if they're TS or compartmentalized. At least not at the facility I
| > | still work at in the reserves...
| > |
| > |
| > |
| > | | > | > Steve Clark [MSFT] wrote:
| > | >
| > | >>
| > | >> Degaussing will "nuke" anything on the drive... This is what the
| > | >> government does on systems that they want to destroy that processed
| > | >> classified data.
| > | >>
| > | >>
| > | >>
| > | > Actually, we only degauss or shred those hard drives that cannot be
| > | > salvaged and reused, because of mechanical failure. For servicable
| > hard
| > | > drives, we use software to write zeros and ones over the entire
| > surface
| > | > several times, and then format the drives and put them to
| > non-classified
| > | > use.
| > | >
| > | > --
| > | >
| > | > Bruce Chambers
| > | >
| > | > Help us help you:
| > | >
| > | >
| > | >
| > | > You can have peace. Or you can have freedom. Don't ever count on
| > having
| > | > both at once. - RAH
| > |
| > |
| >
| >
| >
| >
| >
|
|

 

[Steve Clark [MSFT]]

Used to work at the company.

I am in the Active Reserves. (was recalled recently)

The earlier mention in this thread had to do with SBU/FOUO stuff; I
mentioned degaussing was for classified systems. It is, and that is also
DoD standard.

Well that's different. The CIA does not fall under the DoD and thereby
has their own set of
regulations.

However I am confused over the tense. Past or present. You stated "I
still work at in the
reserves" - which falls under the DoD.
Now you say "...was the CIA.".

I guess at this juncture the point is moot.

Dave




| My facility was the CIA, and we degaussed our machines.
|
| I did mention classified... Right?
|
|
|
|
|
| | > The Acting Under Secretary of Defense (AUSD) Linton Wells II put out a
| > memo ~6/2001 entitled
| > "Disposition of Unclassified DoD Computer Hard Drives"
| > This memorandum was the culmination based upon two other DoD
memorandum.
| > 1) "Destruction of DoD Computer Hard Drives Prior to Disposal" -
| > 1/8/2001
| > 2) "Disposition of Unclassified DoD Computer Hard Drives" -
5/29/2001
| >
| > This memorandum lays out what is required for hard disks that contain
| > Sensitive But
| > Unclassified (SBU, Aka; US2 data).
| >
| > Attached is a JPEG extraction from this memo detailing what is
required by
| > software to
| > sanitize a hard disk.
| >
| > Classified and above hard disks are sent to the NSA at Fort George
Meade,
| > MD, for
| > destruction.
| >
| > Your "facility" should be sending media holding classified data to the
| > NSA.
| >
| > Dave
| >
| >
| >
| >
| > | > | Not if they're TS or compartmentalized. At least not at the
facility I
| > | still work at in the reserves...
| > |
| > |
| > |
| > | | > | > Steve Clark [MSFT] wrote:
| > | >
| > | >>
| > | >> Degaussing will "nuke" anything on the drive... This is what the
| > | >> government does on systems that they want to destroy that
processed
| > | >> classified data.
| > | >>
| > | >>
| > | >>
| > | > Actually, we only degauss or shred those hard drives that cannot
be
| > | > salvaged and reused, because of mechanical failure. For
servicable
| > hard
| > | > drives, we use software to write zeros and ones over the entire
| > surface
| > | > several times, and then format the drives and put them to
| > non-classified
| > | > use.
| > | >
| > | > --
| > | >
| > | > Bruce Chambers
| > | >
| > | > Help us help you:
| > | >
| > | >
| > | >
| > | > You can have peace. Or you can have freedom. Don't ever count on
| > having
| > | > both at once. - RAH
| > |
| > |
| >
| >
| >
| >
| >
|
|

 

[Guest]

Just low-level format the drive. Data recovery in some cases costs a fortune,
and if you don't have any military classified information on the drive, I
don't think anyone would want to see what you have or had in it. Low-level
erases the hard drive period. It is possible to recover data, but no one
(normal users) has the technology or the money to do it. Also, it is much
easier for a hacker to steal your sensitive information while you are ONLINE
than from a broken or erased hard drive! Think about it, ohh, and did I
mention that low-level formatting doesn't not cost a dime??

 

[Leythos]

Just low-level format the drive. Data recovery in some cases costs a fortune,
and if you don't have any military classified information on the drive, I
don't think anyone would want to see what you have or had in it. Low-level
erases the hard drive period. It is possible to recover data, but no one
(normal users) has the technology or the money to do it. Also, it is much
easier for a hacker to steal your sensitive information while you are ONLINE
than from a broken or erased hard drive! Think about it, ohh, and did I
mention that low-level formatting doesn't not cost a dime??

there are a few DOD class apps that will wipe drives with many passes -
a search on google.com should provide links to many.

 

[George M. Garner Jr.]

Tosca,

If you have a Linux boot CD handy you can boot to Linux and use Linux dd to
write zero's to the drive. This will frustrate ordinary means of file
recovery, including most forensic tools. It will not prevent data recovery
using an atomic probe or anything of that sort. But you shouldn't need to
worry about that. The syntax for dd is as follows (if memory serves me):

dd if=/dev/zero of=/dev/hda.

Regards,

George.

P.S. A low level format won't do squat as far as preventing data recovery!