a very inportant lesson

so my dad bought a used pc at garage sale!! well any one who sells a used pc please format hardrive omg i cant belive what they left on it . i was checking to see if modem worked and all of a sudden im logeed in to aol!!!! i have no aol acct tthen all the messeger programs come up and im loged in as old pc person who had pc before dad bought it. man its a old pc dad got for 5 bucks or so but i figure it will be nice as spare only has 40 megs a ram and a 66 mhz cpu and 3 gig hardrive but im going to refotamt and find a small os .should i pm some of the people to warn the old pc owner?

I bought an old Apple Powerbook 140 laptop at a thrift store two or three years back, and it was full of all kinds of "evidence" like credit card numbers, PINs, names, addresses, telephone numbers, and all kinds of other horse puckey.
I deleted all the information I found on it, but there still could be more that I haven't discovered yet.

This is so common it's tragic. I have reconditioned several Macs that have gotten donated to the local humane society thrift store here, and that always means doing a low level format so that nothing of the original owners can be recovered.

not everyone who buys a used machine is as nice and ethical as Raggie, Craig and myself!

i went to install windows and it didnt take i never installed a older distro before 2000 wont work on it i guess i can down load a bot disk and try again

a friend's daughter bought them a used PC from the finance company where she worked. they asked me to set it up.

I never saw so many people's financial data in my life. when I contacted them and told them about it (after 2 Fdisks and 2 Formats with Norton Wipe Disk) they told me it wasn't possible. that it didn't happen.

Often drive manufacturers will offer free low level format tools that are supposed to overwrite every sector for their drives. (Western Digital, among others) Since that is still a software approach it is not 100% foolproof but it is way better than nothing. Any good wipe would be better than nothing, IMO. It is amazing how many businesses donate un-wiped drives with sensitive info on them.

On the other side, I would not have a second hand drive in my possession without wiping it, for fear that I might later be put in the position of having to somehow prove that some of the files on it did not belong to me. That kind of thing could make you wish you were never born. It could still be in the 'slacks' (cluster tips), where no UNDELETE would find it -- but any forensic search would. No thanks.

The US government has been known to recover data on drives wiped up to 21 times, although the guttman method of wiping some 33 times would probably be enough to ensure complete data destruction... but that can take quite a while to do on larger drives. A standard US DoD 7 wipe procedure should be sufficient for one who wants to sell their drive on ebay, but people who just do a quick format and unload their drives do put themselves at risk.. people who do nothing and make it so you sign into their accounts when you get their drives make me laugh.

Low level formatting is risky on modern drives. If aborted during the long procedure, it will likely render the drive unusuable.

i have one that wipes over some crazy amount of times i got it free on a boot disk i found on net it has like 10 lewvels of formating

I have read of tools, such as those mentioned, that cleaned the hard drive. Now after this, maybe the best way is to remove and destroy the hard drive. Is this the best way to go?

Jerry

I use a freebie called 'Eraser 5.3' to erase personal stuff on my drive. Though, I usually just give my old drives/computers to family members.

[ QUOTE ]
JerryM:
I have read of tools, such as those mentioned, that cleaned the hard drive. Now after this, maybe the best way is to remove and destroy the hard drive. Is this the best way to go?

[/ QUOTE ]

The more research I do on this subject the less faith I have in software tools. Even the most specific wiping tools, designed for a specific model of drive, from the company that made the drive cannot be absolutly guaranteed to overwrite ALL data on the drive, whether advertised as such or not.

Most security experts today admit that any information written in plaintext to magnetic media will remain a threat until the media itself is physically destroyed. Current security practices dictate that sensitive data only be written to magnetic media as cyphertext to a transparently encrypted volume. In this way, after the user has entered his passphrase the encrypted volume encodes and decodes on the fly (OTF) as he writes and reads, just like a regular directory -- but plaintext is never written to media. With this approach if the power fails, plaintext will never be left on the drive. If a file is deleted no wiping tool must be trusted to clean it up -- as it was always encrypted.

In threat assessment, if the truly big guns, with deep pockets, are after your data, transparent encryption will make their job much more expensive. If they pull your platters and use high sensitivity heads in an attempt to read old traces, they will, of course, be in cyphertext. Likewise, if money is no object to your attackers they may attempt to read traces of individual bits under an electron microscope -- they will still be encrypted.

Testing has shown over and over that no matter what the claims of the wiping software -- it cannot be trusted to do it's job in any cases except those that involve a fairly low threat level.

The two rules that go hand in hand are:

1. ) Never write sensitive data to magnetic media in plaintext.
2. ) Any magnetic media with sensitive data in plaintext cannot be considered unreadable until the media is physically destroyed.

Obviously, threat evaluation plays a huge role in determining what actions would be prudent. Hiding phone numbers from your dorm roommate would not require the same level of diligence and attention to detail as protecting details of your financial contributions to Mullah Omar.

The bottom line is, if security is what you are most concerned about, destroy the drive.

Raggie, as mentioned previously, there are some shareware/freeware hard disk eraser programs that can be downloaded.

Windows 2000 will likely puke if you try to install on that PC. NT 4.0 would work, and I have put Win98 on PC's with 486 class processors and had it work OK. You should be able to pour out an entire jar of molasses in the time it will take to boot up though. I recommend a free-distribution version of Linux for better speed. It would be a good project for learning the Linux operating system with.

There is some truth in much of this. I do computer forensics professionally so this is very authoritive information from the horses mouth.

If there is a "determined", no cost effort to recover data then your probably out of luck, they'll get it back even if it's been wiped or overwritten by new data. The techniques to do this are called reading "border" and "shadow" data. You can look it up if your interested but take it as written, by someone who's watched it done, it's only a matter of money. It's even possible to recover multiple data streams from the same physical locations, not reliably, but it can and has been done.

Fortunately, few will be willing to fork over the many thousands needed except for maybe the government, so a standard, 3 pass wipe of deleted data is pretty much adequate to the job. This doesn't say that there aren't plenty of references to illicit data elsewhere on the disk, such as the explorer index file, the page and hibernate files. All these are gold mines for the forensics investigator, but a 3 pass wipe will stymie all but the most determined (as in "expensive") attempts to recover deleted data.

If you run a wipe program on a disk, either once or as a real time, background task that overwrites deleted data, the investigator will know you did it, and in many cases, that's considered incriminating evidence in itself and will be used by the prosecution if it's related to a crime.

If you want to safe wipe a disk, a format, high or low level won't do it. I don't care how you format, all that does is rewrite the sector and cluster marks, it doesn't touch the data. I can still get everything off the disk just as easily as if it were never formatted at all. Pictures, text, even programs or complete desktops. There are tools for that job that cost thousands of dollars, but their real pro at what they do. Give them a disk and they'll suck it dry. Safe wiping requires running a DOS based, forensics quality program that rewrites data a full seven times to eliminate shadows and borders on the data bits.

A seven pass, forensics wipe is pretty much proof against any recovery effort. Maybe the NSA, or the CIA might try it if it were important enough, but in my experience, they'll get next to nothing.

In our office where I'm the systems admin, no hard disk leaves the house intact. We dismantle them for decorations or simply destroy then in a press. It's just easier that way.

There is a whole cadre of hackers and scammers who do nothing else these days but go to flea markets and garage sales to buy up old computers for a few bucks each, I don't guess I need tell you why.

Al

Thanks guys for the good info. I am not contemplating a new computer at the present time, but it appears that the best thing to do is to destroy the hard drive.
Jerry

i did a 25 times wipe. took a long time

A 7 pass wipe is considered pretty much standard, but as Al says, if someone with an unlimited budget wants that data, they can get it using fancy techniques

Of course, if I had illeagal data I wanted trashed NOW, I'd use the the idea of packing 1/4 if thermite right above the drive, with the ability to scram it - raid happens, the thermite goes off - NO one will recover the drive, because it'll be a pile of aluminum oxide

As for taking drives apart - yep - that works. I have an old ESDI (remember THAT drive format anyone?) full height drive sitting open on a shelf in my office - quite nice

I think it's quite easy to overwrite every sector on the disk. Every disk diagnostic program from every disk drive manufacturer has that capability.

Are you saying that these diagnostic programs are lying to me, or don't you bother to run disk diagnostics?

[ QUOTE ]
Al_Havemann said:
There is some truth in much of this. I do computer forensics professionally so this is very authoritive information from the horses mouth.
Al

[/ QUOTE ]

Al,

THANKS a lot for the very informative post!

I have often wondered exactly what is available after "Norton UnErase!".

I know we had some hard drives that were not backed up damaged in the Flood Allison of 2001 (damamged? They were under 10 feet of rainwater!)

We sent them away, and it did cost a pretty penny, but we did recover the data.

I would imagine (you correct me) that in a case like that, they disassamble the HD in a clean room, somehow microscoply gently clean the platters, re-assemble the platters in a duplicate hd, and start from there.

I have always gotten a kick out of how some kid in a movie recovers data from a HD that has been "wiped clean".

Any web sites to read more about this?

i laugh when some people just delte a file in windows, well it aint funny but it is so easy to get the file back all delteteing it did was take it outa ya veiew its still there ya just dont have the index of it i guess index is corect word.

[ QUOTE ]
eluminator:
I think it's quite easy to overwrite every sector on the disk. Every disk diagnostic program from every disk drive manufacturer has that capability.

Are you saying that these diagnostic programs are lying to me, or don't you bother to run disk diagnostics?

[/ QUOTE ]

Emphasis mine

All software has bugs. Many of these programs are designed with the best of intentions but very few can live up to their claims with all drives. Every manufacturer designs his drive differently. All drives are not the same. People who test drives after using these products often find that the program didn't even take the filenames off the media. Often some data is untouched even if a whole drive is supposedly wiped.

Wiping individual files is far more problematical. Many programs create a plethora of temporary files that will remain after the file itself is gone. How can the wiping program know where all of these copies are? In an effort to save you drive space many Windows programs write to kinky places like 'slacks' instead of temp files. These will remain after a file is wiped. Modern Hard disk drives are 'self repairing' in that they find and mark their own bad sectors without the intervention of the OS. The drive then replaces the bad sector with some of the extra capacity built into the drive. How can you be sure what's on those bad sectors? You don't know when they failed and were "fixed". How can the wiping program scrub them if even the OS doesn't know that they exist?

Don already mentioned the hibernate files. Some wipers even claim to wipe the swap files from within Windows. This is a very dubious claim, at best.

Sarah Dean has put up a very thoughtful comparison of disk and file wiping utilities
here.