How do you really "clean" your computer to prevent prying eyes???? [Archive] - Glock Talk

PDA

View Full Version : How do you really "clean" your computer to prevent prying eyes????


widmn
08-02-2011, 19:12
If you want to hide stuff from "agencies, not that I do. Just curious. What is the best way to clean your computer and hard drive?? Reformat? You hear about "them" being able to get stuff that.s been erased. Is that really true? How do they do that? Inquiring minds want to know.
Or do you just burn it??

StarfoxHowl
08-02-2011, 19:33
If you want to hide stuff from "agencies, not that I do. Just curious. What is the best way to clean your computer and hard drive?? Reformat? You hear about "them" being able to get stuff that.s been erased. Is that really true? How do they do that? Inquiring minds want to know.
Or do you just burn it??

If you're trying to hide stuff while the computer is in use, not sure there's a reliable way of doing real-time sanitation. If you're getting rid of a system and need to clean the hard drive for reuse/resale, then any decent software package that uses the DOD approved 7 pass wipe should suffice for most things.

That is a minimum, 7 pass wipe, that will nuke a hard drive enough to allow a previously SECRET classified drive to be used in an unclassified system.

There are other drive wipes that use a 35 pass wipe if you're really paranoid.

To be absolutely sure, 100% guaranteed that the hard drive can't be put back together again and put under a scanning electron microscope, have it crushed at a certified data destruction facility.

kc8ykd
08-02-2011, 19:37
what did you do?

and when will you be appearing on the news, i wanna dvr it

wrenrj1
08-02-2011, 19:38
My hard drive will be used once by me. Never to have a second life with another owner.
The rest will be available for those who want it.

ZombieTom
08-02-2011, 19:42
Remember way back when you use to record shows with a blank VHS tape. Then one day you would record over that show with something else? But you could still see a fuzzy shadow of what you had on there before? Thats like a hard drive. Theres always something left behind.

Sent from my DROIDX using Tapatalk

widmn
08-02-2011, 19:51
Wow!!! I had no idea. I guess if I ever need to hide something, I will burn it and crush it. Unbelievable what folks can do nowadays.

Manofprint
08-02-2011, 19:57
http://youtu.be/d7ClrhtD5PM

Linux3
08-02-2011, 21:18
Do you want to hide stuff on a working computer?
If you are running Linux it's pretty easy if you have more than one drive or more then one partition on a drive.

I have a second drive with one partition mounted as /Data. Yes, unlike Windows you can mount a drive, partition actually, as anything you like.

OK, so if you
cd / <enter>
ls -al <enter>

You will see that /Data is actually a directory under root '/'.

If I unmount /Data
sudo umount /Data <enter>

The directory is still there.
Copy files to the directory /Data then remount the partition.
mount -a <enter>

OK, you can't see the files in the directory /Data because if you cd to it all you see is the contents of the second disk partition.

You would have to compare the size of the partition and all the files in it to find out that something is wrong.

A not uncommon Unix Admin trick.

Ogreon
08-02-2011, 22:41
If by "agency" you mean "wife" then the easiest method is simply to stop letting her out of the basement. Or you could encrypt everything.

If by "agency" you mean "FBI" then you can encrypt everything and hope they can't break it.

If by "agency" you mean "totalitarian regime" then you can encrypt everything and hope they don't simply torture it out of you.

If by "agency" you mean "Ogreon" then I already know everything but will torture you anyway so you have no hope.

StarvinMarvin
08-03-2011, 02:31
If you are talking about cleaning a HD.. as in no letting anyone see what was once on it, use http://www.dban.org/

If you mean keeping things invisible to other users, I'd need more specifics.. you want to keep browsing history secret?, keep certain folders and files encrypted? what are you asking :dunno:

HerrGlock
08-03-2011, 05:55
Take your data off and put it on a thumbdrive or an external hard drive.
Reformat your hard drive.
Reinstall WIN and make sure to say yes to "Do you want to encrypt this disk?"
Use AES 1024 bit encryption or higher.
put your data back onto your computer.
Always, ALWAYS turn off your computer when you walk away from it for any length of time.
Put the thumb drive in your oven next time you use the self-cleaning feature of the oven.

wct097
08-03-2011, 18:43
I understand that the basic design of SSDs changes this discussion substantially. The 'wear leveling' features, if I understand correctly, basically overwrite things on their own.

gemeinschaft
08-03-2011, 20:34
Thermite seems to work well.

GAFinch
08-03-2011, 20:35
If whole disk encryption slows down your computer too much, create a separate partition or, better yet, a disk image to put all your downloads on, then encrypt it. If you need to quickly "clean" your computer, you can erase just your separate partition or disk image, encrypted or not, with the 7 pass zeroing method. This way, you don't waste time trying to prevent from accidentally deleting your system and non-sensitive files, or waste time erasing all the free space on a 2 TB hard drive every time.

Pierre!
08-03-2011, 21:09
True Crypt works pretty well.

Just don't lose the password... Don't ask how I know...

UtahIrishman
08-03-2011, 21:40
I've used TrueCrypt also, albeit not on the whole hard drive.

However I've found I can fit most 'sensitive' information on an encrypted thumb drive and then read it to only my computer's RAM. I think that's a better choice. I use passwords generated at grc.com to protect the thumb drive.

You can get as paranoid as you want with encrypted thumb drives. You could daisy chain encryption and passwords across as many thumb drives as you felt capable of keeping track of.

Also thumb drives are much more interesting targets to hit at the range than a hard drive if you ever feel the need to seriously 'clean up' :supergrin:

Kith
08-08-2011, 14:41
If you want to hide stuff ... do you just burn it??

Yep. Kill it with fire, the only way to be sure. Anything else is taking your chances.

Thermite seems to work well.

My favorite :supergrin:

The encryption method will work great against probably 90% of whoever you are worried about finding your data. The other 10% require the extreme measure of vaporizing the hardware.

filthy infidel
08-15-2011, 06:00
Truecrypt works. Some of you guys need to loosen the tinfoil, seriously.

Bank of America's standard HDD destruction is six 1/2" holes drilled through the drive.

solomansousana
08-16-2011, 23:01
If you're trying to hide stuff while the computer is in use, not sure there's a reliable way of doing real-time sanitation. If you're getting rid of a system and need to clean the hard drive for reuse/resale, then any decent software package that uses the DOD approved 7 pass wipe should suffice for most things.

That is a minimum, 7 pass wipe, that will nuke a hard drive enough to allow a previously SECRET classified drive to be used in an unclassified system.

There are other drive wipes that use a 35 pass wipe if you're really paranoid.

To be absolutely sure, 100% guaranteed that the hard drive can't be put back together again and put under a scanning electron microscope, have it crushed at a certified data destruction facility.

LOL, I'm an RN and I keep a lot of HIPAA data on my work laptop, but I also use a program called Kremlin, that allows me to right click on any file and encrypt/decrypt it using my choice of algorithms, it also gives me the choice to securely delete any file or document using a DoD shredder, with overwrite from 1 to 99 times.

StarfoxHowl
08-18-2011, 09:59
LOL, I'm an RN and I keep a lot of HIPAA data on my work laptop, but I also use a program called Kremlin, that allows me to right click on any file and encrypt/decrypt it using my choice of algorithms, it also gives me the choice to securely delete any file or document using a DoD shredder, with overwrite from 1 to 99 times.

Hi Solomansousana, there are a number of shredding programs available, PGP, Dban, and plenty of others. I was talking about a real-time, on the fly, program to sanitize a hard drive in the background.

Encryption is a whole different animal. I've used several different whole disk encryption programs, BitLocker, PGP (now Symantec) Whole disk encryption, etc.

I have extensive personal experience with PGP WDE and other than the boot screen coming up prior to the operating system starting, I didn't find that it slowed my machine at all.

solomansousana
08-18-2011, 12:23
Hi Solomansousana, there are a number of shredding programs available, PGP, Dban, and plenty of others. I was talking about a real-time, on the fly, program to sanitize a hard drive in the background.

Encryption is a whole different animal. I've used several different whole disk encryption programs, BitLocker, PGP (now Symantec) Whole disk encryption, etc.

I have extensive personal experience with PGP WDE and other than the boot screen coming up prior to the operating system starting, I didn't find that it slowed my machine at all.

Ah well then I haven't a clue. I've found that Kremlin works great for me when it's set to overwrite 10 times, and it does do it in the background while your doing other things.

mgo
08-18-2011, 13:22
If you want to hide stuff from "agencies, not that I do. Just curious. What is the best way to clean your computer and hard drive?? Reformat? You hear about "them" being able to get stuff that.s been erased. Is that really true? How do they do that? Inquiring minds want to know.
Or do you just burn it??

Most -laptops- allow a hard drive password (set in BIOS, which locks it via the drive's firmware) Then you must enter a password ahead of Windows (or other operating system) in order for it to boot. The only way to get the data off the drive would be to remove the platters, and strip the data. (expensive and difficult). With a solid state hard drive, there is no platter, so the data is not retrievable at all.

Since a desktop computer BIOS is not set up for hard drive firmware-type encryption, one needs software encryption like True Crypt, Best Crypt or Windows Bit Locker for security, as other posters have stated.

Of course, failing all, a government can revert to "rubber hose decryption" to get to the data. (let's hope it never come to that here, although water boarding seems all the rage these days)

happyguy
08-21-2011, 08:56
Thermite seems to work well.

As does oxy/acetylene.

Regards,
Happyguy :)

kc8ykd
08-21-2011, 14:03
Most -laptops- allow a hard drive password (set in BIOS, which locks it via the drive's firmware) Then you must enter a password ahead of Windows (or other operating system) in order for it to boot. The only way to get the data off the drive would be to remove the platters, and strip the data. (expensive and difficult). With a solid state hard drive, there is no platter, so the data is not retrievable at all.

Since a desktop computer BIOS is not set up for hard drive firmware-type encryption, one needs software encryption like True Crypt, Best Crypt or Windows Bit Locker for security, as other posters have stated.

Of course, failing all, a government can revert to "rubber hose decryption" to get to the data. (let's hope it never come to that here, although water boarding seems all the rage these days)

those bios passwords are just that, bios passwords. they can usually be defeated by removing the battery on the motherboard for an extended period of time, or on most desktops, by shorting a set of pins with a jumper.

mgo
08-21-2011, 16:20
those bios passwords are just that, bios passwords. they can usually be defeated by removing the battery on the motherboard for an extended period of time, or on most desktops, by shorting a set of pins with a jumper.

To a large extend you are correct. but it isn't just as easy as described in a laptop.

For a discussion here is a link:

http://www.daniweb.com/hardware-and-software/pc-hardware/storage/threads/14216


I'll stand by my statement: unless the snooper has very much above average computer and forensic skills, the HDD password which locks the chip on the hard drive controller, not the motherboard hardware (AND NOT the BIOS) will offer very strong protection.

And again, total encryption of the hard drive will offer excellent protection using the companies that I mentioned. That would be effective for a desktop hard drive or a laptop hard drive.

Backing up that encrypted drive will give the user a -non encrypted- backup...open to the world. So, that backup needs to be placed in a physically hidden location.

Restoring an encrypted hard drive using the backup is very risky and often will not work. One often needs to totally scrub the drive and start over, hoping the backup will then work, using a separate boot up rescue disk.

Also, just creating an encrypted folder for the sensitive data means that the indexer and other history information will still be butt naked to a snooper within the operating system.

kc8ykd
08-21-2011, 19:40
looking at that thread, it looks like there's various software packages to defeat passwords stored in the drive's firmware.

i'd rate that a meh compared to an encrypted volume or container on a disk.

in your backup scenario, why not encrypt the backup instead of relying on physically hiding it?

harrygunner
08-23-2011, 21:04
I have sensitive data on my hard drives. If a drive crashes, I remove the platters and heat them. They quickly turn into a powder. Then I throw away half in this week's trash, the other half in next week's trash.

My personal computers run Linux with encrypted non-system partitions. External USB drives are also encrypted. It takes a few days since I use 'dd' to write random data to entire partitions before building file systems on the partitions. That way no one knows where real data ends within the partition.

For login passwords, I run 'mkpasswd' a few times and concatenate portions of each run into a passphrase I memorize.

As for individual files on the hard drive, I wrote a C++ program based on a article by Peter Gutmann to wipe files. It overwrites files thirty-five times. The initial and final four writes being random data with twenty-seven specific pattern writes in between. I flush buffers and close the file after each write to make sure the operating system doesn't get in the way.

If you don't want to DIY, http://sourceforge.net/projects/srm/ has code for a file wiper. I haven't looked at the code, so I can't confirm it works well.

For encryption, back in 2001, I used the Rijndael code that was presented in the contest to become AES as a base. That code needed modification to be used for encryption.

AES is a specific set of configurations of Rijndael. I chose to keep the AES block size, go with 128 bit key size, run CBC, but increase the number of rounds from ten to sixteen.

Then to make sure my coding was correct, I reduced the rounds back to ten to replicate published results for given initialization vectors. Then used a package called 'diehard' to confirm that encrypted files "look" random.

After testing, I increased the round count again to create the encryption program I use to secure my products' source code and sensitive contract or business files.

So the Rijndael I run is more robust than AES.

Guess all this is consistent with my carrying a 10mm 1911. :rofl:

Javelin
08-23-2011, 21:13
A rare earth magnet to the hard drive will do a good job also.......

jwagess
10-04-2011, 20:51
Ditto on True Crypt. There was an Argetinian banker who had encrypted his whole hard drive using TC, and a very long password (over 20 characters),who was arrested for fraud. The Brazilian government could not break the encryption. They asked the FBI who could not break it after a year.
I don't know if they ever did. All security is is only as strong as it's weakest password.

Sniperfox
10-04-2011, 21:31
You didn't by any chance have a conversation with Chris Hansen from NBC did you?:tongueout: