Silk Road forums

Discussion => Security => Topic started by: joolz on April 21, 2013, 10:29 am

Title: How to totaly clean a laptop /p.c
Post by: joolz on April 21, 2013, 10:29 am
how do you totally clean a laptop seems my mates neeb using the home p.c for orders and wants to clean its hard drive without having to loose any family picture,s etc  I said format your hard drive but he looking for an easier option. 
any ideas?
Title: Re: How to totaly clean a laptop /p.c
Post by: MaidMandy on April 21, 2013, 10:54 am
Hi there, if you want to clean a machine that is using a Window's Operating system, this should be useful:

If your friend uses it, make sure he backs up his family pictures etc as essentially, he will wiping the entire drive using erasing software like DBAN -- Darik's Boot and Nuke, which you can download from: http://sourceforge.net/projects/dban/

The problem with Windows is that it stashes so much data in so many obscure little corners, that it is well-nigh impossible to find and eliminate them all.
Windows has been described as a forensic technician's wet dream, and I believe that description is accurate. ;)

When you use software like DBAN, the entire drive is wiped, so you lose all your data -- your copy of Windows will be wiped, as well as all your files and other data. Unfortunately, this is the only way GUARANTEED to defeat forensic analysis should your machine be seized. You could always claim, if they queried why your machine has only a recent windows installation, that you got a virus and you wiped and re-installed.

If you're using PGP/GPG, be absolutely sure to backup your keyrings -- if you lose those, they can't be replaced.

I hope this is of some use to you. :)
Title: Re: How to totaly clean a laptop /p.c
Post by: joolz on April 21, 2013, 11:16 am
thanks +1 but after he does that is it best to boot tor from a usb& will this leave a trace on the new cleaned laptop ?
Title: Re: How to totaly clean a laptop /p.c
Post by: ixcc on April 21, 2013, 11:59 am
Formatting your HDD once doesn't leave any traces on the hard drive. DBAN wipes the drive three times if you are using the default settings.

I would that you use Truecrypt (www.truecrypt.org) to fully encrypt your hard drives. Truecrypt is free software and easy to use.
Install Windows (or Linux) like you normally would, afterwards use Truecrypt to make a full hdd encryption. No need to boot from USB unless you are really paranoid about it.

If you have an external HDD with your backup data, make sure to encrypt that one as well.
Title: Re: How to totaly clean a laptop /p.c
Post by: wasta on April 21, 2013, 10:32 pm
Formatting removes only the pointer.
With UNformat everything will be back as normal.

Remember,  disk data, has to be overwritten.
Like a videotape.
You just can't lose in a few minutes what took hours to get

Take killdisk;

http://www.softpedia.com/progClean/Active-Kill-Disk-Hard-Drive-Eraser-Clean-10579.html

The disk will be a little too clean.

The whole hdd will be written over, with just zeros.

When you are planning not to use the disk anymore, you can smash the disk with a slash-hammer or drill several holes in the disk.

Don't just sabotage the connector interface, because guy's like me, get the ceramic disk out and place it in a other hdd.
I have found several of those hdd's, and if I don't like what I see, like cp, the disk will as they have been, delivered to the police.

That's a good thing so the money is spend wisely and not to get after visitors of SR, or other bullocks minor misdemeanors
Title: Re: How to totaly clean a laptop /p.c
Post by: kingghb on April 22, 2013, 01:08 am
Back up the user profile in C:\users on Vista/7/8 or C:\Documents and Settings on prior versions. Then backup any other data if stored outside of the profile, download software that will do a low level format on the drive. If you just re-format the drive the files can be easily recovered, if you want to be extra safe, do a LLF, the replace the drive with a new one.
Title: Re: How to totaly clean a laptop /p.c
Post by: Purple_Hue000 on April 22, 2013, 07:56 am
reformat your hard drive, wipe and reinstall your OS
Title: Re: How to totaly clean a laptop /p.c
Post by: kingghb on April 22, 2013, 05:51 pm
reformat your hard drive, wipe and reinstall your OS

Umm, no don't do this. If you don't do a low level format, your data can easily be recovered with any bull shit data recovery program such as "Get Data Back" or Stellar, Ontrack, among many others
Title: Re: How to totaly clean a laptop /p.c
Post by: tree on April 22, 2013, 07:33 pm
You could also just do a full disk encryption and then reformat. It would make it impossible to recover any data. An even more secure way would be doing a full disk encryption and then using DBAN, or even using TreuCrypt's secure overwrite option during the full disk encryption.
Title: Re: How to totaly clean a laptop /p.c
Post by: kmfkewm on April 23, 2013, 07:03 am
You could also just do a full disk encryption and then reformat. It would make it impossible to recover any data. An even more secure way would be doing a full disk encryption and then using DBAN, or even using TreuCrypt's secure overwrite option during the full disk encryption.

FDE doesn't inherently overwrite stuff that is already on the drive.
Title: Re: How to totaly clean a laptop /p.c
Post by: kmfkewm on April 23, 2013, 07:07 am
Which means that encrypting a drive that has already had sensitive information on it is not a good way to try to sanitize the drive. It is also a waste of time to encrypt the drive and then wipe it with something like DBAN or better yet Secure Erase. Don't confuse encryption with anti-forensic data wiping :).
Title: Re: How to totaly clean a laptop /p.c
Post by: klaw239 on April 23, 2013, 07:13 am
Unless your risking huge prison time is caught with data I'd just wipe the HD to zeros and that's it BUT if you are a kingpin or risk prison..either totally destroy the unit or bury the hd toss it in a river   take a blow torch to it. The feds use heavy magnets to extract data from formatted drives. Just remember if in doubt  completely destroy all evidence.  Why leave anything to chance? But hey IM paranoid lol  yeah right
Title: Re: How to totaly clean a laptop /p.c
Post by: tree on April 23, 2013, 05:36 pm
You could also just do a full disk encryption and then reformat. It would make it impossible to recover any data. An even more secure way would be doing a full disk encryption and then using DBAN, or even using TreuCrypt's secure overwrite option during the full disk encryption.

FDE doesn't inherently overwrite stuff that is already on the drive.
To encrypt all the data on the drive wouldn't it have to overwrite the non-encrypted data? It also encrypts the free space so that would  be like a 1 pass secure erasure. 1 pass isn't so great though so I understand DBAN is better.  Or am I completely mistaken?
Title: Re: How to totaly clean a laptop /p.c
Post by: kmfkewm on April 24, 2013, 01:18 am
You could also just do a full disk encryption and then reformat. It would make it impossible to recover any data. An even more secure way would be doing a full disk encryption and then using DBAN, or even using TreuCrypt's secure overwrite option during the full disk encryption.

FDE doesn't inherently overwrite stuff that is already on the drive.
To encrypt all the data on the drive wouldn't it have to overwrite the non-encrypted data? It also encrypts the free space so that would  be like a 1 pass secure erasure. 1 pass isn't so great though so I understand DBAN is better.  Or am I completely mistaken?

I am pretty sure that many FDE solutions only encrypt things that are currently indexed, and not the entire drive. That is why they generally have an option included to do a wipe prior to encryption. Here are some snippets supporting this though:

Quote
Why does it appear that most of the free space in my drive is used when BitLocker is converting the drive?

BitLocker cannot ignore free space when the drive is being encrypted because unallocated disk space commonly contains data remnants. However, it is not efficient to encrypt free space on a drive. To solve this problem, BitLocker first creates a large placeholder file that takes most of the available disk space and then writes cryptographic material to disk sectors that belong to the placeholder file. During this process, BitLocker leaves 6 GB of available space for short-term system needs. All other space, including the 6 GB of free space not occupied by the placeholder file, is encrypted. When encryption of the drive is paused or completed, the placeholder file is deleted and the amount of available free space reverts to normal. A placeholder file is used only on drives formatted by using the NTFS or exFAT file system.

As you can see, Bitlocker does not encrypt the free space on the drive. But they take care of the problem by overwriting it. However my point is that the encryption process and the full drive overwriting process are two separate things, and it is not safe to count on FDE to be equal to full drive overwriting, even though many implementations of FDE probably do a full drive overwrite as well.

here is another citation, although from a non-official source:

http://serverfault.com/questions/395912/does-luks-also-encrypt-free-space

Quote
up vote 6 down vote
   

The standard recommendation, is that you over-write a disk/volume with random data before you setup luks. The Ubuntu installer will even offer to do this for you if you select the Expert mode. I don't believe the latest version will do this by default though, but I haven't actually tried it. This is often skipped/ignored because the process will take a long time.

But no, luks does not automatically fill or over-write blocks when it is setup.

Using the psuedo random generator in badblocks (badblocks -c 10240 -wsvt random /dev/<device>)is usually considered good enough and suggested as a good method to wipe a volume by most LUKS guides and HOWTOs.


Once again you can see that the actual FDE does not overwrite the entire drive, and relies on a separate (although depending on the specific implementation, possibly integrated) drive wiping mechanism.
Title: Re: How to totaly clean a laptop /p.c
Post by: kmfkewm on April 24, 2013, 01:25 am
Another example would be if you have an install of Windows for example, and then you install Ubuntu with FDE. Just because you have used FDE when installing Ubuntu does not mean that the entire drive has been encrypted. Only the newly installed data related to Ubuntu has been encrypted, and only the space it takes up has been overwritten. Unless you first did a separate full drive overwrite, there will still be plaintext data remnants from the Windows install on the drive.

The exact details of if you can count on an FDE implementation to be equal to a full drive wipe or not will vary from implementation to implementation. But having FDE is not the same as having wiped your drive, so you should not confuse the two things and rely on FDE to be a secure wipe.
Title: Re: How to totaly clean a laptop /p.c
Post by: sourman on April 24, 2013, 02:11 am
Quote
But having FDE is not the same as having wiped your drive, so you should not confuse the two things and rely on FDE to be a secure wipe.

Very true, in fact the presence of FDE alone will invite suspicion, especially if the bootloader is stored locally. Truecrypt (not sure about the others) will overwrite the free space with psuedorandom data, but I wouldn't recommend that if you're expecting a visit from the party van.

If the threat is imminent, just DBAN the drive as others have suggested and either leave it blank or install a clean copy of windows sans encryption. I'd even say break and throw out the DBAN CD so they don't throw BS evidence tampering charges at you. Don't worry about overwriting the drive 3,000 times or grinding the CD into dust. Data overwritten once is gone if you're using a modern hard drive, and the same goes for anything on a smashed CD. If you're doing something serious enough for them to attempt that level of data recovery, odds are they'll just nail you the traditional way.