.

Data Recovery

<<

mad_irish

User avatar

Newbie
Newbie

Posts: 17

Joined: Thu Aug 14, 2008 7:45 am

Post Mon Sep 08, 2008 9:15 am

Data Recovery

Hello,

  I'm posting because I have very little experience in forensic recovery but at an event over the weekend I overheard someone tell a casual computer user that if they were going to sell their computer on eBay all they had to do was a "low level format" of the drive to destroy all their data.  The explanation was that if the user formatted the drive from the BIOS menu that the computer would overwrite all the sectors on the hard drive and that only people who could spend hundreds of dollars would be able to recover any data.  The computer in question was an old Windows XP machine with no special security software.  I'm wondering how effective such a formatting is, how easy it would be to recover data off a drive formatted in this way, and basically if this advice holds any water at all?  I'm inclined to think that if you aren't doing a DoD spec wipe you're asking for trouble, and my suggestion was to simply TrueCrypt the drive so data recovery would be impossible.  Does anyone have any thoughts/insights/suggestions about a situation like this?  Thanks in advance.
<<

dalepearson

Sr. Member
Sr. Member

Posts: 357

Joined: Thu Nov 09, 2006 10:03 am

Post Mon Sep 08, 2008 10:17 am

Re: Data Recovery

I am only qualified with EnCase, and I do forensics now and again so wouldnt say I was best to answer, but it is amazing what can be got back from a drive after simple formating.

If you want to ensure someone will have a hard job accessing your old data, a format with random data overwriting is the way.

So many free apps to do this so no excuse really. Most people wont need DoD type standards so 3 overwrites should be fine and not to time consuming.

Something like Darik's Boot and Nuke is ideal.
<<

silxp

Newbie
Newbie

Posts: 15

Joined: Thu Sep 04, 2008 7:46 pm

Post Mon Sep 08, 2008 11:15 am

Re: Data Recovery

mad_irish wrote:my suggestion was to simply TrueCrypt the drive so data recovery would be impossible.  Does anyone have any thoughts/insights/suggestions about a situation like this?  Thanks in advance.


Encrypting the data then wiping it sets you up for a cold boot attack if done improperly (http://en.wikipedia.org/wiki/Cold_boot_attack) the proper method to destroy data would be to degauss the drive however, this would make the drive unusable. Anyhow, you can check out the following document on data sanitization: http://cmrr.ucsd.edu/people/Hughes/DataSanitizationTutorial.pdf
OSCP, C|EH, CNDA, CHFI, SGFA, SGFE
<<

waltmanno

Newbie
Newbie

Posts: 1

Joined: Tue Oct 14, 2008 12:16 am

Post Wed Oct 15, 2008 10:27 pm

Re: Data Recovery

You could also use a program like Helix and do a dd command to write zeros over the whole drive.  This way the drive is operational and sellable.
<<

jimbob

Post Mon Nov 17, 2008 10:43 am

Re: Data Recovery

One important point when it comes to discussing disposal of hard disks is the ever-present issue of risk. If you are a poor student and getting $50 for a used hard drive is big deal then destructive disposal seems a poor choice. If you're a multinational company then hit your old disks with a hammer. A big hammer.

The student's solution would be to use something like Darik's Boot and Nuke.

http://www.dban.org/

Regardless of who is disposing of their old computers it's worth erasing the disks, even if the machine is going to be scrapped. I've seen plenty of scavengers trying to take dumped kit from refuse dumps and recycling centres.

Jimbob
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Mon Nov 17, 2008 5:28 pm

Re: Data Recovery

Just out of curiosity, does the "low level format" concept still exist?  I haven't seen a BIOS offer that option in years. 

I don't think that you need to DoD wipe the drive.  I don't think that anything more then 1 complete wipe pass is necessary.  If you write zeros to every sector of the drive, traditional data recovery becomes almost impossible.  The trick is to write zeros to EVERY sector of the drive.
~~~~~~~~~~~~~~
Ketchup
<<

jason

User avatar

Hero Member
Hero Member

Posts: 1013

Joined: Sat Jun 21, 2008 6:23 pm

Location: USA

Post Mon Nov 17, 2008 9:38 pm

Re: Data Recovery

Wikipedia on low-level formatting:

http://en.wikipedia.org/wiki/Low_level_format

In short, no you generally can't do that anymore.

Return to Forensics

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software