R Pentomino has asked for the wisdom of the Perl Monks concerning the following question:

hello, all.

in case the title doesn't say it all (and I suppose now that I think about it, perhaps it doesn't), what I'd be most grateful for someone's help on is this: I'm faced with the task of "wiping" a Windows XP machine in a non-volatile fashion, that is, finding a way to to (securely) delete (overwrite) essentially all personal & non-system crap I've piled onto the blasted things over the months -- you know, cookies, caches, temp files & all that other sekret stuff -- but without doing the obvious, but destructive thing (ie, reformatting & doing a full system restore.)

thing is, yes I *know* you can't really delete anything when it comes to magnetic storage, if ya wanna be rilly, rilly sure of course you have to shred and melt down the physical storage medium, etc, etc, I know, I know, I know. but I don't need to be "really, really" sure, just, umm, pretty sure will do, for this case.

so I guess what I'm asking for is, what do I need to know about the XP file system in order to be able to write a few simple scripts to "safely" overwrite (ie, temporarily creat enull files in the place of) essentially all non-used blocks on my hard drive, without of course (and this is the "safely" part) deleting or breaking anything that Windows actually needs to be Windows. 'cause again, the goal is not to destroy someone else's laptop, just to "clean out my desk".

again I know this isn't gonna be 100% secure, so please no pedagogical lectures about information security. 99% or so sure will do for now.

(oh and did someone say, "why the hell are you asking this on perlmonks?" answer: above all things, perl is about usefulness, and about working with open systems; so I'd like to think this is a very pragmatic, useful thing I'm trying to do, and of course (if there's some horrid, messy traversing / inspecting / probing / prodding / violating of orifices to be done on the Windows filesys, we'd most like to do such poking / prodding / violating in perl.) plus also I could just use a big, thick clue here, and cluefulness is I believe a generic property of perlmonks, that is to so, not strictly limited to the domain of perl.)

thank you very much 

   **
  **
   *

[download]

2006-01-12 Retitled by holli, as per Monastery guidelines
Original title: 'in vivo sublimification of a windows machine'

Replies are listed 'Best First'.
Re: OT: in vivo sublimification of a windows machine
by BrowserUk (Patriarch) on Jan 12, 2006 at 16:05 UTC

    Use this

    Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
    Lingua non convalesco, consenesco et abolesco. -- Rule 1 has a caveat! -- Who broke the cabal?
    "Science is about questioning the status quo. Questioning authority".
    In the absence of evidence, opinion is indistinguishable from prejudice.
[reply]
[d/l]
Re: OT: in vivo sublimification of a windows machine
by diotalevi (Canon) on Jan 12, 2006 at 19:08 UTC

    Fdisking and formatting a disk are not sufficient to erase data from a disk. Microsoft fdisk only overwrites the first cylinder leaving everything else untouched. Formatting is going to overwrite some spaces with the filesystem metadata but also leaves most space untouched. To erase a disk, you must overwrite the entire thing. On Linux, you'd copy /dev/zero to your drive with the dd program. Maybe you should boot off a Linux CD and erase your hard drive that way.

    Without destructive erasing, programs like Lazarus in The Coroner's Toolkit can still retrieve your data. TCT is targetted to UNIX but Lazarus works perfectly fine on Windows filesystems (I've used it on NTFS).

    ⠤⠤ ⠙⠊⠕⠞⠁⠇⠑⠧⠊

[reply]
Re: OT: in vivo sublimification of a windows machine
by sgifford (Prior) on Jan 12, 2006 at 16:52 UTC
    so I guess what I'm asking for is, what do I need to know about the XP file system in order to be able to write a few simple scripts to "safely" overwrite (ie, temporarily creat enull files in the place of) essentially all non-used blocks on my hard drive
    If you're just interested in writing something to all the unused blocks, why not just use them: create a file, then keep appending pseudorandomness until the drive is out of space. For added assurance, seek back to the beginning and write different pseudorandomness over top of that; repeat as your paranoia level requires. When you're done, delete the file. You may find that defragmenting will speed up this process.
[reply]

      That won't work. XP stores small files directly in the NTFS blocks without actually allocating a data area.

      ⠤⠤ ⠙⠊⠕⠞⠁⠇⠑⠧⠊

[reply]
Re: OT: in vivo sublimification of a windows machine
by zentara (Cardinal) on Jan 13, 2006 at 12:56 UTC
    My experience tells me, "Don't trust Windows to delete from Windows." What I mean is that there are secret unwritten files which Windows keeps( and they can change with updates, patches, virii, etc). Plus Gates has been in cahoots with the NSA since the beginning, so even if you get "safe delete" programs, they may just be a cover for a fake delete.

    So you need to do it from another Operating System. Boot from a Knoppix cd (or do something similar). You might have to copy the entire Windows file system off of the partition, then write zeros to it with /dev/zero, then put the files back. Even then, you might be inadvertently saving some hidden files.

    So what is the best thing to do? Setup your Windows in such a manner, that you can copy off your important files(emails, spreadsheets,etc) to a linux partition, zero out the windows partition, and do a fresh install of Windows, then copy your data back in.

    Do it about once a month( or daily if you are paranoid). Or you can just switch to linux. :-)

    I'm not really a human, but I play one on earth. flash japh
[reply]

      Sorry zentara, but this is utter crap.

      Examine what is said, not who speaks -- Silence betokens consent -- Love the truth but pardon error.
      Lingua non convalesco, consenesco et abolesco. -- Rule 1 has a caveat! -- Who broke the cabal?
      "Science is about questioning the status quo. Questioning authority".
      In the absence of evidence, opinion is indistinguishable from prejudice.
[reply]
[d/l]
        I discovered this when I tried to reinstall trial software which had 1 month trial period. I was amazed. I did format /f (or whatever the switch was to force a real format) with the "Rescue Disk", made by Windows. I should have had a totally reformatted partition. I reinstalled Windows, and then the trial software. Lo-and-behold ..... the trial software said I had used up my 30 days. What? Where was it stored? I had to use an old Dos6 boot floppy to format it out, and since I use linux to zero it out. Then the trial software went in again. So the question is.... what else are they storing?

        I remember googling around for what was going on and it was hinted that Windows will do something like mark certain disk sectors as bad, then hide information in them. It's formatting and delete programs will then skip those areas, leaving them to be found by the next install. Dos6 was the last version of any microsoft product which just did what you wanted. And of course, linux isn't bought off by the government spies yet, although I am becoming increasingly wary as big money moves into controlling the various linux distributions.

        I'm not really a human, but I play one on earth. flash japh
[reply]

Back to Seekers of Perl Wisdom