Re: Cleaning up your hard disk
by Abigail-II (Bishop) on Jan 26, 2004 at 12:18 UTC
|
On Unix, you'd do it in half a line:
dd if=/dev/random of=/some/path
You may replace /dev/random with /dev/urandom if you like, and you can wipe an
entire disk or partition by giving the device file as
argument to of.
Abigail | [reply] [d/l] |
|
| [reply] |
|
They tell me there is something like this within PGP, even if I have never tried it.
| [reply] |
|
|
open F, ">file.txt";
while() { print F chr rand( 20 ) + 65; }
And break it when it's done.
| [reply] [d/l] |
|
No, not a good idea.
This will use all the bit patterns between 100_0001 and 101_0101. Of interest is that the upper 3 bit are always set to 010. This flaw might be sufficient to allow a sufficiently motivated person to extract something useful.
This would be better written as
1 while print F chr(rand(256));
As an added bonus, when the file system is full, the print wil fail, the call will return 0 and bingo! you fall out of the while. At least I believe that that is what should happen. You'll forgive me if I don't try this out on my own filesystem...
| [reply] [d/l] |
Re: Cleaning up your hard disk
by elwarren (Priest) on Jan 26, 2004 at 23:35 UTC
|
I suggest a heavy earth magnet because the truly paranoid know that new drives store all your secrets into the low level DRM partition that we mortals can't reach :-)
...insert nervous laughter...
On a slightly serious note, I wonder if this is one of the reasons PGP suggests nine passes to wipe a disk? Whatever type of cache is used for something like this can only hold so much data, and this could potentially push your, uhm, "evidence" out of the cache. | [reply] |
|
| [reply] [d/l] [select] |
|
| [reply] |
Re: Cleaning up your hard disk
by zentara (Archbishop) on Jan 26, 2004 at 20:23 UTC
|
Wouldn't you have to run this from a bootable cdrom with Perl on it? If you are wiping your whole hard drive, your OS will be deleted half way thru, and I guess it would hang? Maybe I'm missing something? Can the OS in memory keep running if it's disk files are wiped? | [reply] |
|
Darik's Boot And Nuke looks like just the thing. Plus it deals with filesystem caching.
Darik's Boot and Nuke ("DBAN") is a self-contained boot floppy that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.
It's also avaliable as a bootable cdrom image. However you save it, be sure to label it very clearly. :)
-- Rocco Caputo - rcaputo@pobox.com - poe.perl.org
| [reply] |
|
The kernel will already be loaded into memory (RAM), and this should work for the most part.
Though unconfirmed, I have heard tails of Windows (yes, Windows!) being formatted while it is still running. Windows is usually more obstinate about such things.
Of all the approaches posted here, DD is by far the best. It's fast, it's clean, and it's error-proof. The above script is dangerous as it won't get everything, plus it's going to be terribly slow in comparision to dd.
The suggestion of using something like Knoppix for the dd operation, though, is definitely best. This way you can get in the habit of doing this even on machines that do not have Perl available.
| [reply] |
|
He's not wiping the whole disk, he's just cleaning up the empty space so they cannot do an undelete on his files. For that simple purpose, the script works well.
I might shrink my pagefile as small as possible so to squeeze out any paged data. Delete the hibernation file as well. Run his program and maybe defrag the disk in between runs so that nothing is left in the empty sectors. Lots of wasted space like that on modern 10-80gb drives. All this stuff is amateur forensics. Anyone that's ever used the grep or strings command knows you can find tasty little nuggets without much work.
That's why openbsd has encrypted swap. Insane, but relevant in this discussion :-)
| [reply] |