I have old hard drives that have been used by multiple people, that may have been used dubiously. If ever I was to get into trouble with the police, I'm curious how to could "police-proof" the drives. They're in external enclosures right now.
Yeeah.
[QUOTE=Duze;42255473]I have old hard drives that have been used by multiple people, that may have been used dubiously. If ever I was to get into trouble with the police, I'm curious how to could "police-proof" the drives. They're in external enclosures right now.
Yeeah.[/QUOTE]
get a super magnet and demagnatize them quickly then burn the suckers.
I thought microwaves were enough.
35-pass gutmann, apply strong magnet, throw platter in microwave and bury the shattered remains
(last 3 steps optional)
[editline]20th September 2013[/editline]
(also the faster DoD standard is pretty much fine for all modern drives too)
If you smash the platters, there will be little chance of the police going to the effort of recovering the data.
That said, if you're a terrorist or similar they might, in that case it's probably best to use some sort of acid to dissolve the platters, or at least their magnetic coating.
If you want to be able to use the disks afterwards, a simple 35 pass wipe should do. Most national police forces can now recover data ~10 wipes deep.
I'm pretty sure OP wants to keep using them, not destroy them.
Otherwise he could just go and throw them into the nearest dumpster
IF you want to keep using them, run a generic format and install over that. Unless your family was looking at or making CP I really doubt your level of paranoia is necessary.
Otherwise slam it down on a concrete surface and toss them in the trash. Generic head crashes keep most people out of your old drives unless of course you were selling government secrets or distributing CP but again, I doubt you're doing that.
[URL="http://www.dban.org/"]DBAN[/URL] them
[QUOTE=MIPS;42256011]Generic head crashes keep most people out of your old drives unless of course you were selling government secrets or distributing CP but again, I doubt you're doing that.[/QUOTE]
I tend to use microfilm.
[QUOTE=XL5;42255859]Most national police forces can now recover data ~10 wipes deep.[/QUOTE]
Huh.
35 pass will do. It's probably nothing serious.
On that note, I have some somewhat dark secrets about people wiping corporate data.
[IMG]http://media.giphy.com/media/TeBpzQZRaBIC4/giphy.gif[/IMG]
[editline]21st September 2013[/editline]
wheres your snoop proof drives now?
[QUOTE=Duze;42256377]
On that note, I have some somewhat dark secrets about people wiping corporate data.[/QUOTE]
Well arrent you special.
[QUOTE=xxxanax;42259337][IMG]http://media.giphy.com/media/TeBpzQZRaBIC4/giphy.gif[/IMG]
[editline]21st September 2013[/editline]
[/QUOTE]
Whoops to late now!
[QUOTE=taipan;42259360]Well arrent you special.[/QUOTE] Eh. Heh.
Anything digital will take a while to 'police' proof. Unless you already have the entire hardrive encrypted pretty well before hand.
Pretty much any high G impacts will ruin the drives, or a very strong electro-magnetic pulse hitting the platter. So, you could hook up a strong e-magnet to the hardrive, and whenever someone slams down your door, flip a switch, WHAM. The spoons from the kitchen will be stuck to the side of your computer.. Oh and your data is gone.
Use DBAN to wipe the hard drive. [url=https://www.anti-forensics.com/disk-wiping-one-pass-is-enough-part-2-this-time-with-screenshots/]A 1-pass wipe is all that's needed.[/url] Also some of you need to be stop being so dramatic. Why destroy the HDD if it's still perfectly usable? It's a waste.
[QUOTE=GreenDolphin;42264754]Use DBAN to wipe the hard drive. [URL="https://www.anti-forensics.com/disk-wiping-one-pass-is-enough-part-2-this-time-with-screenshots/"]A 1-pass wipe is all that's needed.[/URL] Also some of you need to be stop being so dramatic. Why destroy the HDD if it's still perfectly usable? It's a waste.[/QUOTE]
I wouldent trust this article too much considering hes making an analogy for a hard drive with a flash drive
Unless hes proving that the data looks to be gone from overwriting it, in which case, no fucking shit
1 pass will hide the data from reading the disk normally, but it probably wont hold up if a professional actually tries to recover it
[QUOTE=GreenDolphin;42264754]Use DBAN to wipe the hard drive. [url=https://www.anti-forensics.com/disk-wiping-one-pass-is-enough-part-2-this-time-with-screenshots/]A 1-pass wipe is all that's needed.[/url] Also some of you need to be stop being so dramatic. Why destroy the HDD if it's still perfectly usable? It's a waste.[/QUOTE]
I can confirm this. A good friend of mine is a GIAC Forensic Examiner and he laughed when someone said they run multiple passes on their hard drive.
[editline]21st September 2013[/editline]
[QUOTE=Tobba;42264810] but it probably wont hold up if a professional actually tries to recover it[/QUOTE]
Do you have any support for this statement?
for complete irretrievability, 3 pass zero out and physical destruction is recommended. for general use, a 3 or more pass zero & format will be fine.
From what I recall, an empty-space pass overwrites with zeros and so on.. Since I learned some years ago "deleting" files doesn't necessarily do much. Lol
In the very old days of disk packs and removable media one of the security methods used was to have a custom alignment disk made that was otherwise perfect aside from moving tracks out of alignment from any given standard. All drives were then calibrated to this and all packs were low-level formatted on these drives.
This meant that no pack or cartridge from outside the company's inventory could be used in the computer and likewise no pack or cartridge could be used outside the company in another system without the requirement of a low-level format which would destroy existing track data and all data on the drive.
The idea that a single full-zero write over the entire disk surface will not prevent access is bullshit. Once you write to a block that it is a 0 and do the same with every other block that might reference that location you cannot recover what might of been there. You cannot have a block that has a binary value of 0 and still somehow retain its old value of 1. Once changed it's gone.
The same goes for a low-level format. If track data shifts between formats the newly written track data will obliterate any old data because it continuing to exist would eventually lead to disk corruption (like the theory where two parallel universes slightly out of phase but occupying the same space will eventually destroy eachother).
[QUOTE=Duze;42265908]From what I recall, an empty-space pass overwrites with zeros and so on.. Since I learned some years ago "deleting" files doesn't necessarily do much. Lol[/QUOTE]
With NTFS, "deleting" doesn't really do anything at all - the data is still there, but Windows removes the file from the MFT and then overwrites that data when it needs that space again. This is why file recovery programs work.
[QUOTE=MIPS;42267788]In the very old days of disk packs and removable media one of the security methods used was to have a custom alignment disk made that was otherwise perfect aside from moving tracks out of alignment from any given standard. All drives were then calibrated to this and all packs were low-level formatted on these drives.
This meant that no pack or cartridge from outside the company's inventory could be used in the computer and likewise no pack or cartridge could be used outside the company in another system without the requirement of a low-level format which would destroy existing track data and all data on the drive.
The idea that a single full-zero write over the entire disk surface will not prevent access is bullshit. Once you write to a block that it is a 0 and do the same with every other block that might reference that location you cannot recover what might of been there. You cannot have a block that has a binary value of 0 and still somehow retain its old value of 1. Once changed it's gone.
The same goes for a low-level format. If track data shifts between formats the newly written track data will obliterate any old data because it continuing to exist would eventually lead to disk corruption (like the theory where two parallel universes slightly out of phase but occupying the same space will eventually destroy eachother).[/QUOTE]
I would argue that there is theoretically a possibility of data recovery, although probably limited to small bit streams if even that. And the methods and ways of doing it are probably way out of the means of any police force.
Basically, one pass of a full clean is good. Maybe a second for contingency. But the most important part is to not have CP on your hard drive or anything that the police would actually be interested in.
Yeah, if you really have content on the drives that isn't yours and you don't want to be found with, just chuck the drives.
Surely if the content is [I]that[/I] bad, you can afford to bury the drives 6ft under and get yourself some new ones just to be sure.
imo he best case for snoop-proofing your data is to premeditate where you store it. If you store all your data on a FAT32 partition in a normal folder/directory then you are going to get that data found, possibly even with several drive wiping passes. On the other hand if you store the data on an ext3/ext4 filesystem inside a Truecrypt NTFS-formatted container inside another Truecrypt container in an encrypted vmware virtual machine - and then you do the passes - the probably of that data being found in any tangible format is extremely minute.
[QUOTE=runtime;42272592]imo he best case for snoop-proofing your data is to premeditate where you store it. If you store all your data on a FAT32 partition in a normal folder/directory then you are going to get that data found, possibly even with several drive wiping passes. On the other hand if you store the data on an ext3/ext4 filesystem inside a Truecrypt NTFS-formatted container inside another Truecrypt container in an encrypted vmware virtual machine - and then you do the passes - the probably of that data being found in any tangible format is extremely minute.[/QUOTE]
A single effective wipe will completely destroy all data regardless of format and security since it converts all binary bits to a single value. How would the partition type alone even make some of the data salvageable?
Everyone be forgetting about ATA Secure Erase.
[QUOTE=GreenDolphin;42272842]A single effective wipe will completely destroy all data regardless of format and security since it converts all binary bits to a single value. How would the partition type alone even make some of the data salvageable?[/QUOTE]
Because of the way FAT and NTFS works. Sometimes something as simple as filenames can be evidence enough.
If the police find references to files like "Supersecretplanstostealfrombarclays.doc" then you're going to have some explaining to do.
[QUOTE=XL5;42273349]Because of the way FAT and NTFS works. Sometimes something as simple as filenames can be evidence enough.
If the police find references to files like "Supersecretplanstostealfrombarclays.doc" then you're going to have some explaining to do.[/QUOTE]
That still doesn't explain how. If I were to convert all binary bits to a single value then there would literally be no personal data left regardless of the format. No filenames or evidence. You can wipe a FAT/NTFS storage device and look at the hexidecimal code after to see that all the personal data is gone.
If you're talking about a regular format then that's a completely different story altogether. They're only marked as deleted and waiting to be overwritten by other files.
The other alternative is to keep secure disks and media offline unless you need to access something.
My tape library can lock out access to individual tapes unless a password is entered locally at the control panel. Or you "check out" the tapes and store them someplace. Works best with striped tapes because volumes spanned over multiple tapes can be rendered unreadable of one tape is missing from the set.
[QUOTE=runtime;42272592]imo he best case for snoop-proofing your data is to premeditate where you store it. If you store all your data on a FAT32 partition in a normal folder/directory then you are going to get that data found, possibly even with several drive wiping passes. On the other hand if you store the data on an ext3/ext4 filesystem inside a Truecrypt NTFS-formatted container inside another Truecrypt container in an encrypted vmware virtual machine - and then you do the passes - the probably of that data being found in any tangible format is extremely minute.[/QUOTE]That's entertaining.
It's in an external enclosure if that counts for anything.
The half-story is, what I did what, to back up whole drives on my otherwise useless amount of space on a hard drive, I just tossed all the data onto it, not remembering what was on the other disks. It was mostly ripped music and garbage. I was half in-trouble with the police at one point over completely debatable issues (the police don't debate :( ), and don't want nonsense about pirated stuff, although that's highly unlikely and over-paranoid! Courts make dumb decisions though. And courts leveraging their ability to make a warrant for you on a whim to make you do things, bleh.
Pretty much. /storytime #thefuzz
They won't waste their time searching your HDD's for pirated stuff unless someone is either pushing them or they are searching for something else.
Sorry, you need to Log In to post a reply to this thread.
