hello friends! new(ish)!

Data Destruction: Difference between revisions

From InstallGentoo Wiki v2
Jump to navigation Jump to search
>Mrsnooze
(moving data destruction to it's own page pt2)
 
>Se7en1
(→‎Individual File Wiping: Add wipe and srm)
 
(9 intermediate revisions by 6 users not shown)
Line 1: Line 1:
For data destruction, wiping the entire drive is preferable since most operating systems will leak details of your files (e.g. temporary copies of your document, mentions of it in Most Recently Used lists, log files, registry entries, command history etc).
Data destruction is the "art" and various methods to securely erase files on a [[Hard Drive]]. For data destruction, wiping the entire drive is preferable since most operating systems will leak details of your files (e.g. temporary copies of your document, mentions of it in most recently used lists, log files, registry entries, command history, etc.).


== Full Drive Wiping ==
== Full Drive Wiping ==
[http://www.dban.org/ DBAN] (Darik's Boot and Nuke) is the goto tool for drive wiping. Burn the iso to a cd or write it to a usb thumbdrive, boot from it and then it's just a matter of selecting which drives to wipe and how thoroughly you want them wiped.
[http://www.dban.org/ DBAN] (Darik's Boot and Nuke) is the goto tool for drive wiping. Burn the iso to a cd or write it to a usb thumbdrive, boot from it and then it's just a matter of selecting which drives to wipe and how thoroughly you want them wiped. Using the [code]dodshort[/code] option is fine, and is recommended by DBAN themselves.


One pass is fine. Three if you're paranoid. The Gutmann 35 pass wiping is overkill. Gutmann himself [https://en.wikipedia.org/wiki/Gutmann_method#Criticism has said] that it's unneccesary on modern drives and even when he invented it in the 90s, many of the wipes were for different types of storage medium and the full 35 was overkill for any one device.
One pass is fine. Three if you're paranoid. The Gutmann 35 pass wiping is overkill. Gutmann himself [[Wikipedia:Gutmann_method#Criticism |has said]] that it's unneccesary on modern drives and even when he invented it in the 90s, many of the wipes were for different types of storage medium and the full 35 was overkill for any one device.


You could also boot a live linux distro and use one of the following commands to wipe a drive:
If you're using linux, you can use <code>dd</code>:  
* # shred -vn 3 /dev/sdX
# dd if=/dev/urandom of=/dev/sdX status=progress
* # dd if=/dev/urandom of=/dev/sdX
or <code>shred</code>:
# shred -vn 3 /dev/sdX
replacing <code>sdX</code> with your disk name. If you're unsure what you disk is, use <code>lsblk</code> to check. Make sure to quadruple check your disk name, as you will not be prompted after the command is executed.


== Individual File Wiping ==
== Individual File Wiping ==
Line 17: Line 19:
** -n to specify the number of passes
** -n to specify the number of passes
** -z to add a final wipe of all 0s
** -z to add a final wipe of all 0s
Other commands include "wipe" (which is the name of two unrelated projects that do the same thing), and "srm".


== SSD Drives ==
== SSD Drives ==
SSD drives (and flash memory cards/thumbdrives) are tricker to securely erase since they perform wear levelling to preserve the life of their flash memory. This means your operating system can never be certain where data is stored on the drive. To mitigate against this:
SSD drives (and flash memory cards/thumb drives) are trickier to securely erase since they perform wear leveling to preserve the life of their flash memory. This means your operating system can never be certain where data is stored on the drive. To mitigate against this:
* Encrypt from day one, so that your raw data will never be stored on the drive.
* Encrypt from day one, so that your raw data will never be stored on the drive.
* Fill the drive to capacity with innocuous data, to overwrite as much as you can (SSDs have reserved areas which you can't get to).
* Fill the drive to capacity with innocuous data, to overwrite as much as you can (SSDs have reserved areas which you can't get to).
Line 27: Line 31:
Once you've logically sanitized your drive, you may still want to physically destroy it for paranoia's sake.
Once you've logically sanitized your drive, you may still want to physically destroy it for paranoia's sake.


An easy way to do this is to buy yourself a set of [https://en.wikipedia.org/wiki/Torx TORX] screwdrivers ($5 - $10) and open the drive casing where you can get at the platters. Be careful when handling the platters, as they may break surprisingly easily and send shrapnel flying and cut your hands. Don't try to snap them in half without thick protective gloves and something to contain the shrapnel (you might want to wear protective gloves and goggles even if you don't intend to snap them).
An easy way to do this is to buy yourself a set of [[Wikipedia:Torx |TORX]] screwdrivers ($5 - $10) and open the drive casing where you can get at the platters. Be careful when handling the platters, as they may break surprisingly easily and send shrapnel flying and cut your hands. Don't try to snap them in half without thick protective gloves and something to contain the shrapnel (you might want to wear protective gloves and goggles even if you don't intend to snap them).


More expensive/industrial solutions are detailed in a fun little 31c3 talk titled [https://www.youtube.com/watch?v=dl2vPB8Gla8 Hard Drive Punch - Destroying data as a performative act ].
More expensive/industrial solutions are detailed in a fun little 31c3 talk titled [https://media.ccc.de/v/31c3_-_6595_-_en_-_saal_1_-_201412281900_-_hard_drive_punch_-_aram_bartholl#t=314 Hard Drive Punch - Destroying data as a performative act ].


== Android ==
== Android ==
Line 36: Line 40:
== External Links ==
== External Links ==


[http://www.forensicswiki.org/wiki/Main_Page Forensics Wiki]
*[http://www.forensicswiki.org/wiki/Main_Page Forensics Wiki]
*A [https://www.youtube.com/watch?v=CiBI0yrtHUo scene] from the film "Core", 2003.
 
[[Category:Security]]
[[Category:HowTo]]

Latest revision as of 05:37, 20 February 2022

Data destruction is the "art" and various methods to securely erase files on a Hard Drive. For data destruction, wiping the entire drive is preferable since most operating systems will leak details of your files (e.g. temporary copies of your document, mentions of it in most recently used lists, log files, registry entries, command history, etc.).

Full Drive Wiping

DBAN (Darik's Boot and Nuke) is the goto tool for drive wiping. Burn the iso to a cd or write it to a usb thumbdrive, boot from it and then it's just a matter of selecting which drives to wipe and how thoroughly you want them wiped. Using the [code]dodshort[/code] option is fine, and is recommended by DBAN themselves.

One pass is fine. Three if you're paranoid. The Gutmann 35 pass wiping is overkill. Gutmann himself has said that it's unneccesary on modern drives and even when he invented it in the 90s, many of the wipes were for different types of storage medium and the full 35 was overkill for any one device.

If you're using linux, you can use dd:

# dd if=/dev/urandom of=/dev/sdX status=progress

or shred:

# shred -vn 3 /dev/sdX

replacing sdX with your disk name. If you're unsure what you disk is, use lsblk to check. Make sure to quadruple check your disk name, as you will not be prompted after the command is executed.

Individual File Wiping

For individual files, the linux command "shred" can be used:

  • $ shred -vun 3 file
    • -v for verbose
    • -u to remove the file after shredding it
    • -n to specify the number of passes
    • -z to add a final wipe of all 0s

Other commands include "wipe" (which is the name of two unrelated projects that do the same thing), and "srm".

SSD Drives

SSD drives (and flash memory cards/thumb drives) are trickier to securely erase since they perform wear leveling to preserve the life of their flash memory. This means your operating system can never be certain where data is stored on the drive. To mitigate against this:

  • Encrypt from day one, so that your raw data will never be stored on the drive.
  • Fill the drive to capacity with innocuous data, to overwrite as much as you can (SSDs have reserved areas which you can't get to).
  • Don't rely on the TRIM/sanitize functions of the SSD to securely erase anything. These are programmed differently by each manufacturer and are not reliable.

Physical Destruction

Once you've logically sanitized your drive, you may still want to physically destroy it for paranoia's sake.

An easy way to do this is to buy yourself a set of TORX screwdrivers ($5 - $10) and open the drive casing where you can get at the platters. Be careful when handling the platters, as they may break surprisingly easily and send shrapnel flying and cut your hands. Don't try to snap them in half without thick protective gloves and something to contain the shrapnel (you might want to wear protective gloves and goggles even if you don't intend to snap them).

More expensive/industrial solutions are detailed in a fun little 31c3 talk titled Hard Drive Punch - Destroying data as a performative act .

Android

Factory resets aren't good enough to sanitize a device.

External Links