Jump to content
Login with your Gmail HERE and start posting in seconds! ×
Don't just read! Be part of the Community! Join the conversation ×
Our Newsletter now includes a Sunday edition! Stay updated 7 days a week!

Did You Know:

Guest Reimar

By Guest Reimar
in IT and Computers

 Share

Recommended Posts

Guest Reimar

Guest Reimar

Posted
Posted

You may already know that “deleting” a file does nothing of the sort. But did you know that your disk drive has a built-in system for the secure erasure of data? No? Then read on

What do you mean “delete” doesn’t delete? File information is maintained in a directory so your operating system can find it. All that “delete” does is erase the file’s reference information. Your OS can’t find it, but the data is still there.

That’s what those “file recovery” programs look for: data in blocks that the directory says aren’t in use.

You really want to do this

If you keep business, medical, or personal financial information on disks, simple deletion isn’t enough to protect the data when disposing of the equipment.

Besides identity theft, data loss may leave you or your company liable under federal laws such as HIPAA, Sarbanes-Oxley, Graham-Leach-Bliley or other state laws. Criminal penalties include fines and prison terms up to 20 years. Not to mention the civil suits that can result.

So what’s the magic?

Something called Secure Erase, a set of commands embedded in most ATA drives built since 2001. If this is so wonderful, why haven’t you heard of it before? Because it’s been disabled by most motherboard BIOSes.

Secure Erase is a loaded gun aimed right at all your data. And Murphy’s Law is still in force. But hey, if you’re smart enough to read Storage Bits, you’re smart enough to not play with Secure Erase until you need to.

How does Secure Erase work?

Secure Erase overwrites every single track on the hard drive. That includes the data on “bad blocks”, the data left at the end of partly overwritten blocks, directories, everything. There is no data recovery from Secure Erase.

Says who?

The National Security Agency, for one. And the National Institute for Standards and Testing (NIST), who give it a higher security rating than external block overwrite software that you’d have to buy. Update: There is an open source external block overwrite utility called Boot and Nuke that is free.

Secure Erase is approved for complying with the legal requirements noted above.

UCSD’s CMRR to the rescue

The University of California at San Diego hosts the Center for Magnetic Recording Research. Dr. Gordon Hughes of CMRR helped develop the Secure Erase standard.

Download his Freeware Secure Erase Utility, read the ReadMe file and you’re good to go.

To use it you’ll need to know how to create a DOS boot disk - in XP you can do it with the “Format” option after you right-click the floppy icon in My Computer.

Update: Some folks have commented that I didn’t actually say how to use the utility, leaving that to the readme. For those of you who’d like to judge how tricky this is - and it is definitely not for newbies - here’s a quote from the instructions:

Instructions for using HDDerase.exe

Copy the downloaded file, HDDerase.exe onto the created floppy/CD-ROM bootable DOS disk. Boot the computer in DOS using the bootable disk. Make sure to set the correct boot priority setting in the system BIOS. Type “hdderase” at system/DOS prompt to run HDDerase.exe. All ATA hard disk drives connected to the main system board will be identified and their information displayed. Make sure that the jumpers on the hard disk drives are correctly configured. Avoid setting the jumpers to CS (cable select) on the hard disk drives. Master or slave jumper setting is preferred.

There’s more, but if this is more than you want to deal with then Secure Erase isn’t for you. Update II: A late commenter says “Floppy boot does not understand SATA drives and thus the method described does not work.” I don’t know if it is true or not, but if it is it is worth knowing. Maybe someone well-versed in Windows floppy booting can confirm.

Here's the link to the download: http://cmrr.ucsd.edu/hughes/SecureErase.html

waldwolf Silver Member

waldwolf

Posted
Posted

One should keep in mind the reports statement:

.....Secure erase is recognized by NIST 800-88 as an effective and secure way to meet legal data sanitization requirements against attacks up to laboratory level......

The key words here are, up to laboratory level

Government agencies foreign and domestic (as well as others with proper equipment/experience) can still recover the data.

waldwolf

endure Star Member

endure

Posted
Posted
The only reasons I can think of anyone going to these sorts of lengths to hide data arent good ones.

If you take the time to read the accompanying PDF file on the site you'll find that fines of up to $1 million and up to 20 years in gaol are available to companies who don't go to these sorts of lengths with data that they have in their possession.

chuchok Ruby Member

chuchok

Posted
Posted
The only reasons I can think of anyone going to these sorts of lengths to hide data arent good ones.

What like credit card details,names. addresses.customer info etc.You are joking right?

Guest Reimar

Guest Reimar

Posted
Posted
Unrecoverable data:

33110.jpg

Is that your "old" Hard Disk?? :o:D

nikster Diamond Member

nikster

Posted
Posted
The only reasons I can think of anyone going to these sorts of lengths to hide data arent good ones.

If you take the time to read the accompanying PDF file on the site you'll find that fines of up to $1 million and up to 20 years in gaol are available to companies who don't go to these sorts of lengths with data that they have in their possession.

That's the theory, at least.

Yet, every week there's another agency that manages to "lose" a laptop full of social security and bank account data for 100s of thousands of employees. And every month some company manages to get all their stored customer credit card info nipped. Last story I read 20 million credit cards got compromised. Whoopsie!

Getting people to use passwords that are not in a dictionary is a challenge - don't even start about secure erasing of data. The vast majority of companies does not have any data protection measures in place. Data security is both difficult to understand and hard to practice.

I am somehow reminded of this english "hacker" who is about to be extradited to the U.S. for breaking into uncounted numbers of Military servers, some of which contained classified data. His "hacking" skills consisted of looking for Windows machines with unprotected shares....

Conan Explorer Member

Conan

Posted
Posted

The only way to destroy the data completely is physically destroying the drive, even following the above methods and then smashing it with a hammer highly specialised firms/gov departments can still recover the data - but who is going to go to that extent?

cdnvic Star Member

cdnvic

Posted
Posted
The only way to destroy the data completely is physically destroying the drive, even following the above methods and then smashing it with a hammer highly specialised firms/gov departments can still recover the data - but who is going to go to that extent?

A grinder or torch will ensure they can't.

cdnvic Star Member

cdnvic

Posted
Posted
I use Eraser whenever I delete a sensitive file from my system.

Me too, but it won't stop everything.

Of course if you aren't a supervillan you should be ok. :o

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.






ASEANNOW

ASEANNOW (formally ThaiVisa) is Thailand's oldest and most popular expat and foriegner forum. Sign up today and have your say!

MORE INFO

POPULAR AREAS

CONTACT US

219/59 Asoke Towers, 15th Floor, Soi Sukhumvit 21, Watthana, Bangkok 10110
(+66) 99 196 1100
[email protected]

×
×
  • Create New...