Silk Road forums
Discussion => Security => Topic started by: Heyenezz on March 06, 2012, 01:57 am
-
How do I remove ALL traces of Tor, Vidalia, bitcoin, and PGP from my computer? How do Iverify that such info has been removed?
I want to move that info to a secure VM on an encrypted USB drive. My hard drive's encrypted but I'd like more layers of plausible deniability.
Thanks for any help.
-
run the ata "secure erase" command on your hard drive.
-
run the ata "secure erase" command on your hard drive.
What does this mean?
Is there a way to remove such data without removing all the other data?
-
If you're using Linux/Mac/BSD, there is the "srm" utility. By default, it overwrites the file 34 times before deleting, but it also has options for DoD and DoE compliant erasing. It is SLOW. There's also the "shred" utility that is part of one of the GNU toolsets that is (typically) installed as a part of a basic Linux install, but the man page specifically states that the effectiveness of "shred" is lessened by the use of a journaling file system such as ext3, ext4, or xfs. I don't know if that same limitation applies to "srm" although in thinking about it, it seems like it would, but it's better than nothing.
If you're using Windows, I don't know. I'm sure there has to be some kind of equivalent freeware available.
The thing is, though, if you want absolute verification that all traces of something are gone, then you have to know everywhere that any trace of it might be. If you don't know these things and can't be 100% certain that you've deleted every file and folder, QTC's suggestion, or something like it, is the only way to go. If you've nuked the entire drive in a secure manner, only then you can be 100% certain that everything is really gone.
-
If you're using Linux/Mac/BSD, there is the "srm" utility. By default, it overwrites the file 34 times before deleting, but it also has options for DoD and DoE compliant erasing. It is SLOW. There's also the "shred" utility that is part of one of the GNU toolsets that is (typically) installed as a part of a basic Linux install, but the man page specifically states that the effectiveness of "shred" is lessened by the use of a journaling file system such as ext3, ext4, or xfs. I don't know if that same limitation applies to "srm" although in thinking about it, it seems like it would, but it's better than nothing.
If you're using Windows, I don't know. I'm sure there has to be some kind of equivalent freeware available.
The thing is, though, if you want absolute verification that all traces of something are gone, then you have to know everywhere that any trace of it might be. If you don't know these things and can't be 100% certain that you've deleted every file and folder, QTC's suggestion, or something like it, is the only way to go. If you've nuked the entire drive in a secure manner, only then you can be 100% certain that everything is really gone.
Thanks guys. That's a bitch though, but the security seems worth it. I'll reinstall Windows after backing up vital data.
-
If you're using Linux/Mac/BSD, there is the "srm" utility. By default, it overwrites the file 34 times before deleting, but it also has options for DoD and DoE compliant erasing. It is SLOW.
I've been told by somebody that generally knows what the fuck they're talking about that this will leave you vulnerable to spin stack microscopy analysis of your hard drive. (You have to ask though whether they'll break out that equipment for a buyer, the only time I've heard of it being used was to pwn a carder.) I've also been told by somebody who does data recovery work for police departments that one overwrite pass is enough. Secure erase is very fast though, is better than a one pass wipe, and wipes track edges so I don't really see any reason not to use it.
-
I used to have references to forensic papers claiming one pass is enough and forensic papers claiming one pass is not enough. Today it seems that pretty much everyone agrees that one pass is enough, and there have been forensic papers that demonstrate this to be true. So I am inclined to agree that one pass is enough. The issue with not using ATA secure erase is that even with 35 passes, there could be 'magnetic residue' on the edge of tracks. Normal wipe programs bring the drive head down the track down the center and don't overwrite data on the edge of the track consistently. ATA secure erase puts the head off track by a few degrees during the second pass so it erases this data. It is technically one pass in both cases though, just the second pass is done with the head at a different position. There is a forensic paper showing that data can be pulled off a drive with multiple pass overwrites that don't use ATA secure erase, but the issue isn't due to a single pass not being enough.
csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdfcsrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf
-
So, can I just reinstall Windows without installing additional software?