The Sanctuary
Technology => Network (in)Security => Topic started by: SBTlauien on October 19, 2014, 06:23:58 am
-
This short explanation will tell you the best way, and usually only way, that people permanently destroy the data that is on a hard drive.
A lot of idiots will tell you that you can destroy data that's on your hard drive by using certain programs. I wouldn't bother with the hassle when hard drives are so inexpensive these days. With this method, a person would need to buy a new hard drive.
First they need to take their hard drive out of their PC or laptop. I'll be using the hard drive that was in my laptop for this explanation.
When they pull it out, it has some mounts on it, like the ones in this picture. They are those metal things that run down the side of the hard drive and have little blue plastic ends.
(http://i5.photobucket.com/albums/y156/SBTlauien/HardDriveFun/1_zpsd5490db1.jpg)
After taking those off, they need a star key to remove the outer-back case. After taking off all of the screws, they simply pry up on the case. I used a flat head screw driver for this one.
(http://i5.photobucket.com/albums/y156/SBTlauien/HardDriveFun/3_zpse33af22f.jpg)
At this point, the disks can be seen. They are very reflective and hold the evidence that so many detectives and federal agents just love to seize during a search warrant. They look like this...
(http://i5.photobucket.com/albums/y156/SBTlauien/HardDriveFun/4_zps1c176ea6.jpg)
They simply place the whole hard drive into their sink, and place a paper towel over the disks(these will shatter). Then they use the flat head screw driver to apply pressure to the disks until they shatter. They would keep moving the screw driver around until it's just a nice glass mess. Like this....
(http://i5.photobucket.com/albums/y156/SBTlauien/HardDriveFun/5_zps77df0c1f.jpg)
Then they would pour these glass remains into a paper bag and toss it discretely into a trash somewhere.
-
Actually, if you want to do it.. a slightly easier way..
1. If you dont want to destroy the drive all together, delete everything you want gone, and then proceed to fill up every last bit of space on your drive with random data.. a good example is a single folder filled with "X' amount of the same image till your drive is full. When you delete data off your drive, your not really deleting it, just communicating to your computer that it is okay for this information to be overwritten.. You can easily back up this information with a variety of programs, including some free ones.
What I would do if I was worried about such a situation? Keep your suspect data in one place and encrypted.. have a spare external hardrive on hand pre-loaded with a data mass equal to or slightly greater than your computers internal hardrive. Worse comes to worse, delete your suspect data and quickly fill your computer with the preloaded crap.. it should effectively overwrite what you were hiding.
2. Just incase that isnt your speed, having access to (2) strong computer magnets should do the trick.. one on each side of the drive, or rubbing them in an alternating fashion simultaneously on each side of the drive should effectively clear and corrupt all data.. and.. the drive may even still be salvagable to be overwritten and reused.. maybe not all cases but..
With the OP method your leaving behind physical evidence of your intent to hide something.. it'd probably be easier to explain my first method.. get creative.. and the second one, well its not hard to believe that your computer/hard drive is just fucked up.. shit does happen.
-
I have read that replacing all of the space on the hard drive isn't 100% guaranteed and that forensic detectives can still pull the data off of it. This thread is pertaining to forensic detectives as in the Federal Bureau of Investigation, not some kid with recovery hardware/software.
With the OP method your leaving behind physical evidence of your intent to hide something.
Not if you dump it all. Then you've simply destroyed the evidence completely. $50 for a new hard drive is so cheap, I'd rather just replace it than take the chance.
-
I mean yea, I understand.. But isn't "breaking it into a million pieces" more/less common sense if it were something like being pursued by the FBI? How would it fair in court if they already had credible info on you by somehow managing to track you online, and then they find evidence of a newly installed hard drive? When has lack of physical evidence been a problem before? Unless you have some serious buck to ante up a good lawyer.. Trial by your peers would screw you. However, if there was a means of effectively masking and replacing all old data beyond recovery, it would look more in your favor.. And yes, my methods weren't for the criminal mastermind.. More so for protecting yourself from smart nosy friends or low level script kiddies who manage to get a Trojan on your machine and strive to get your sex tapes.. That sorta thing lol
-
This is a reliable method for destroying a drive for sure. If you want to keep your drive physically intact and use software to zero your drive instead, Dariks Boot And Nuke (DBAN) is a great alternative.
-
How would it fair in court if they already had credible info on you by somehow managing to track you online, and then they find evidence of a newly installed hard drive? When has lack of physical evidence been a problem before?
Even in that scenario, I think it would still be better to simply have a newly installed hard drive, if you're guilty of the crime. It would leave concrete evidence out of the courtroom, rather than being caught red handed.
-
expected this thread to be you smashing your HD with a hammer
-
if the hard drive platters are intact....as in if software was used to supposedly delete info...the potential exists for info to be retrieved.
Another method that doesnt involve hammers is using a propane hand torch to melt the platters, which is more effective.
-
if the hard drive platters are intact....as in if software was used to supposedly delete info...the potential exists for info to be retrieved.
Another method that doesnt involve hammers is using a propane hand torch to melt the platters, which is more effective.
I don't know about more effective, both methods involve fucking up the platters in some way. I think I'd rather smash it up, then at least you can scatter the pieces all over the place.
-
Just curious, and you all may know this... Say a person keeps their sensitive or secret information on a portable HD, and access it via a desk/laptop.. And a situation occurs where you need to discard such information.. If you only used the desk/laptop to open/read the information.. is it necessary try and obliterate its hard drive, even though the sensitive data was never actually stored on it? Similar to trying to access something from your recent places folder that was originally opened through another source (usb or external hd), and the information cannot be found... could there really be something there, or is it relatively safe? I'm thinking yes, but eh.. I dont claim to be the most savvy on the subject.
-
could there really be something there, or is it relatively safe? I'm thinking yes
you're thinking 'yes' to which one?
-
I destroy the evidence on my hard drive by forgetting what I just typed 3.5 seconds after I post it
-
Just curious, and you all may know this... Say a person keeps their sensitive or secret information on a portable HD, and access it via a desk/laptop.. And a situation occurs where you need to discard such information.. If you only used the desk/laptop to open/read the information.. is it necessary try and obliterate its hard drive, even though the sensitive data was never actually stored on it? Similar to trying to access something from your recent places folder that was originally opened through another source (usb or external hd), and the information cannot be found... could there really be something there, or is it relatively safe? I'm thinking yes, but eh.. I dont claim to be the most savvy on the subject.
I wish I knew the answer. If for some reason, the information is moved into a temporary directory on your computer then it'll be recoverable. If it's just cached in memory then it won't be. But I don't know enough about it to give you a better answer :(
-
if the hard drive platters are intact....as in if software was used to supposedly delete info...the potential exists for info to be retrieved.
Another method that doesnt involve hammers is using a propane hand torch to melt the platters, which is more effective.
I don't know about more effective, both methods involve fucking up the platters in some way. I think I'd rather smash it up, then at least you can scatter the pieces all over the place.
The problem with that is it still leaves evidence and the potential for collection of data. I know of a case where someone cut up a floppy disk in an attempt to hide evidence but someone managed to get a piece of it, attach it to another floppy disk in a way that would allow it to be read, and collected all the evidence necessary to complete a prosecution
With todays more advanced forensics along with the higher storage density of a hard drive, there has to be a way of extracting data from platter fragments
-
Pour gasoline on hard drive and light it on fire. Problem solved. No more evidence.
-
I use CCleaner and computer duster
-
I use CC and computer duster
It's still on there.
It would be nice if it were possible to choose the exact files to be deleted and rewrite that exact sector of the hard drive like 100 time, which would probably damage the hard drive anyways. It may still be recoverable.
-
How does one know when the feds are unto you?
-
How does one know when the feds are unto you?
when you use a computer
-
http://en.wikipedia.org/wiki/Gutmann_method
35 pass method designed to work with multiple hard drive types (Guttman published the method in 1996). It's pretty interesting.
Of course physically destroying a drive is the best way to remove everything. Before getting to that point I'd suggest encrypting sensitive information first.
Also what the fuck are you people hiding?
-
Also what the fuck are you people hiding?
The Communist agenda.
-
How does one know when the feds are unto you?
It's good practice to replace hard drives, along with other storage media that may contain evidence, every few months, if you're committing serious crimes.
-
If someone were really doing something they werent supposed to, I'd assume you would use a set-up where you have excellent processing power and a hard drive with only enough space to cover essential programs, with a little wiggle room for cached browsing etc (so it doesnt get overloaded).. and simply use portable encrypted HD's to store your programs, data, and etc.. Plug in go..
-
If you are going to physically destroy a hard drive go all out. Wipe it, smash it, burn it and scatter it on a grave somewhere. If you want to have fun and potentially ruin someones month or year... Have hundreds or thousands of terabyte hard-drives in your house filled to the brim with normal pictures and videos and documents and some poor sod will have to go through them all for hours on end even with triage programs. They often give up or don't attempted it if the case isn't that important. Unfortunately this method probably won't last much longer with software developments. If you are sadistic and you know the person/people working your case you can stalk them and watch their life deteriorate. Fun for all the family.
-
1. If you dont want to destroy the drive all together, delete everything you want gone, and then proceed to fill up every last bit of space on your drive with random data.. a good example is a single folder filled with "X' amount of the same image till your drive is full. When you delete data off your drive, your not really deleting it, just communicating to your computer that it is okay for this information to be overwritten.. You can easily back up this information with a variety of programs, including some free ones.
What I would do if I was worried about such a situation? Keep your suspect data in one place and encrypted.. have a spare external hardrive on hand pre-loaded with a data mass equal to or slightly greater than your computers internal hardrive. Worse comes to worse, delete your suspect data and quickly fill your computer with the preloaded crap.. it should effectively overwrite what you were hiding.
It's been fairly widely accepted that single pass overwrite isn't a surefire way to destroy information, it's claimed that microscopy can recover data on overwritten segments of the disk. As far as I know there's never been a case of recovering information this way though.
In any case, copy pasting a picture a billion times isn't really what you want to be doing. Even if you fill as much as much space as your operating system gives you, there's more on your disk than user storage. It's possible your OS reserved some swap space it never ended up writing to or maintains free storage for boot time.
-
Just use LUKS/dm-crypt full disk encryption and have an emergency self destruct script that when activated writes 3 passes of data from /dev/urandom to the first 4096 or whatever blocks (keyslots and header) of the encrypted partitions and then immediately powers down the machine.
-
Just use LUKS/dm-crypt full disk encryption and have an emergency self destruct script that when activated writes 3 passes of data from /dev/urandom to the first 4096 or whatever blocks (keyslots and header) of the encrypted partitions and then immediately powers down the machine.
To much room for error. One of the first things they do during a digital forensic investigation, is make an exact image of the hard drive. I've also read that they like to wait to arrest/detain the suspect while they are out-and-about rather than while they are at their resident.
-
Should be pretty foolproof actually. Just have a root terminal open and if LE busts in, execute the script. Within 10 seconds everything will be permanently gone and (DDR3) RAM cleared. A hard drive full of LUKS encrypted data without a key and header is about as useful to forensic examiners as a brick.
For DDR2 RAM you should probably implement some kind of secure memory erasure like what TAILS does, because it takes much longer, possibly as much as several minutes to clear after loss of power.
-
What happens when they arrest the person at work and then search that persons residence?
-
You should still be okay, assuming your encryption passphrase is sufficiently strong. Any security conscious individual will power down machines containing sensitive data when he's not in the immediate vicinity. I have my servers running 24/7 but they contain no sensitive files. Everything else is turned off when not in use.
-
it is very clear that you are a bunch off pernoid pedos why not give all your drives to me and i can keep them safe till you need them..
-
it is very clear that you are a bunch off pernoid pedos why not give all your drives to me and i can keep them safe till you need them..
Do u clean off the lube before you return them?
-
There is always nuking it in the microwave.
-
Shattering the disks is so stress relieving though. Plus I don't have a microwave...
-
There is always nuking it in the microwave.
Do you know that actually works? Like it seems like it would be destructive but I'm not sure what the actual mechanism would be. I know microwaves are in the electromagnetic spectrum but that's not sufficient to affect the actual platters, radiowaves clearly don't. And if you put metal in a microwave it'll spark but it won't experience kinetic force like we would expect in a magnetic field. Like maybe the charge that metal experiences could force the write head to flip a bit or something, but unless the disk is actually spinning I'm not sure it would really total the whole disk.
Maybe someone can explain this to me.
-
Too slow. Use thermite.
Good benefit is they can't put it out when it gets going, and it'll give the LEO's in the room a nice suntan.
-
Too slow. Use thermite.
Good benefit is they can't put it out when it gets going, and it'll give the LEO's in the room a nice suntan.
they'd probably stick your fucking face in it if you ignited it. SWAT aren't nice people
-
lol, then again swat probably isn't going to be trying to seize equipment from your house right? Like that happens in movies but I think they only call them in when they're expecting armed resistance right? For seizing equipment it'd probably just be regular police
-
Just wanted to add that recovery via forensic microscopy is extremely difficult even after one overwrite, less probability of getting a correct bit than pure chance. Here's a paper: http://digital-forensics.sans.org/blog/2009/01/15/overwriting-hard-drive-data/