hello friends! new(ish)!

Data Destruction: Difference between revisions

From InstallGentoo Wiki v2
Jump to navigation Jump to search
>Krossbow
m (Grammar)
>Mrsnooze
m (added security category)
Line 37: Line 37:


[http://www.forensicswiki.org/wiki/Main_Page Forensics Wiki]
[http://www.forensicswiki.org/wiki/Main_Page Forensics Wiki]
[[Category:Security]]

Revision as of 10:10, 24 February 2016

Data destruction is the "art" and various methods to securely erase files on a Hard Drive. For data destruction, wiping the entire drive is preferable since most operating systems will leak details of your files (e.g. temporary copies of your document, mentions of it in most recently used lists, log files, registry entries, command history, etc.).

Full Drive Wiping

DBAN (Darik's Boot and Nuke) is the goto tool for drive wiping. Burn the iso to a cd or write it to a usb thumbdrive, boot from it and then it's just a matter of selecting which drives to wipe and how thoroughly you want them wiped. Using the [code]dodshort[/code] option is fine, and is recommended by DBAN themselves.

One pass is fine. Three if you're paranoid. The Gutmann 35 pass wiping is overkill. Gutmann himself has said that it's unneccesary on modern drives and even when he invented it in the 90s, many of the wipes were for different types of storage medium and the full 35 was overkill for any one device.

You could also boot a live linux distro and use one of the following commands to wipe a drive:

  • # shred -vn 3 /dev/sdX
  • # dd if=/dev/urandom of=/dev/sdX

Individual File Wiping

For individual files, the linux command "shred" can be used:

  • $ shred -vun 3 file
    • -v for verbose
    • -u to remove the file after shredding it
    • -n to specify the number of passes
    • -z to add a final wipe of all 0s

SSD Drives

SSD drives (and flash memory cards/thumb drives) are trickier to securely erase since they perform wear leveling to preserve the life of their flash memory. This means your operating system can never be certain where data is stored on the drive. To mitigate against this:

  • Encrypt from day one, so that your raw data will never be stored on the drive.
  • Fill the drive to capacity with innocuous data, to overwrite as much as you can (SSDs have reserved areas which you can't get to).
  • Don't rely on the TRIM/sanitize functions of the SSD to securely erase anything. These are programmed differently by each manufacturer and are not reliable.

Physical Destruction

Once you've logically sanitized your drive, you may still want to physically destroy it for paranoia's sake.

An easy way to do this is to buy yourself a set of TORX screwdrivers ($5 - $10) and open the drive casing where you can get at the platters. Be careful when handling the platters, as they may break surprisingly easily and send shrapnel flying and cut your hands. Don't try to snap them in half without thick protective gloves and something to contain the shrapnel (you might want to wear protective gloves and goggles even if you don't intend to snap them).

More expensive/industrial solutions are detailed in a fun little 31c3 talk titled Hard Drive Punch - Destroying data as a performative act .

Android

Factory resets aren't good enough to sanitize a device.

External Links

Forensics Wiki