Author Topic: How People Destroy Evidence on a hard drive(Pictorial)  (Read 2901 times)

0 Members and 1 Guest are viewing this topic.

Offline Nasheeds and Lesbians

  • Devotee
  • **
  • !
  • Posts: 158
    • View Profile
Re: How People Destroy Evidence on a hard drive(Pictorial)
« Reply #15 on: October 19, 2014, 04:43:21 pm »
I use CCleaner and computer duster

Offline SBTlauien

  • Disciple
  • ***
  • Posts: 454
  • ส็็็็็็็็็.ส็็็็็็็็็.ส็็็็็็็็็
    • View Profile
Re: How People Destroy Evidence on a hard drive(Pictorial)
« Reply #16 on: October 19, 2014, 05:59:01 pm »
I use CC and computer duster

It's still on there.

It would be nice if it were possible to choose the exact files to be deleted and rewrite that exact sector of the hard drive like 100 time, which would probably damage the hard drive anyways.  It may still be recoverable.

Offline Soso0

  • Zealot
  • ****
  • Posts: 1,324
  • BOOM
    • View Profile
Re: How People Destroy Evidence on a hard drive(Pictorial)
« Reply #17 on: October 19, 2014, 07:07:55 pm »
How does one know when the feds are unto you?

Offline Nasheeds and Lesbians

  • Devotee
  • **
  • !
  • Posts: 158
    • View Profile
Re: How People Destroy Evidence on a hard drive(Pictorial)
« Reply #18 on: October 19, 2014, 07:18:44 pm »
How does one know when the feds are unto you?

when you use a computer

Offline fanglekai

  • Arch Disciple
  • ***
  • Posts: 717
    • View Profile
Re: How People Destroy Evidence on a hard drive(Pictorial)
« Reply #19 on: October 20, 2014, 12:01:44 am »
http://en.wikipedia.org/wiki/Gutmann_method

35 pass method designed to work with multiple hard drive types (Guttman published the method in 1996). It's pretty interesting.

Of course physically destroying a drive is the best way to remove everything. Before getting to that point I'd suggest encrypting sensitive information first.

Also what the fuck are you people hiding?

Offline SBTlauien

  • Disciple
  • ***
  • Posts: 454
  • ส็็็็็็็็็.ส็็็็็็็็็.ส็็็็็็็็็
    • View Profile
Re: How People Destroy Evidence on a hard drive(Pictorial)
« Reply #20 on: October 20, 2014, 01:59:09 am »
Also what the fuck are you people hiding?

The Communist agenda.

Offline SBTlauien

  • Disciple
  • ***
  • Posts: 454
  • ส็็็็็็็็็.ส็็็็็็็็็.ส็็็็็็็็็
    • View Profile
Re: How People Destroy Evidence on a hard drive(Pictorial)
« Reply #21 on: October 20, 2014, 02:01:33 am »
How does one know when the feds are unto you?

It's good practice to replace hard drives, along with other storage media that may contain evidence, every few months, if you're committing serious crimes.

Offline Rook

  • Arch Disciple
  • ***
  • Posts: 590
    • View Profile
Re: How People Destroy Evidence on a hard drive(Pictorial)
« Reply #22 on: October 20, 2014, 02:25:08 am »
 If someone were really doing something they werent supposed to, I'd assume you would use a set-up where you have excellent processing power and a hard drive with only enough space to cover essential programs, with a little wiggle room for cached browsing etc (so it doesnt get overloaded).. and simply use portable encrypted HD's to store your programs, data, and etc.. Plug in go..
The woods are lovely, dark and deep. But I have promises to keep, and miles to go before I sleep.
-Robert Frost

Offline Vanadate

  • Outlander
  • *
  • Posts: 7
  • Why do I have to take a personal test?
    • View Profile
Re: How People Destroy Evidence on a hard drive(Pictorial)
« Reply #23 on: October 20, 2014, 02:45:30 am »
If you are going to physically destroy a hard drive go all out. Wipe it, smash it, burn it and scatter it on a grave somewhere. If you want to have fun and potentially ruin someones month or year... Have hundreds or thousands of terabyte hard-drives in your house filled to the brim with normal pictures and videos and documents and some poor sod will have to go through them all for hours on end even with triage programs. They often give up or don't attempted it if the case isn't that important. Unfortunately this method probably won't last much longer with software developments. If you are sadistic and you know the person/people working your case you can stalk them and watch their life deteriorate. Fun for all the family.

Offline Lanny

  • Zealot
  • ****
  • Posts: 1,123
    • View Profile
Re: How People Destroy Evidence on a hard drive(Pictorial)
« Reply #24 on: October 20, 2014, 03:57:59 am »
1. If you dont want to destroy the drive all together, delete everything you want gone, and then proceed to fill up every last bit of space on your drive with random data.. a good example is a single folder filled with "X' amount of the same image till your drive is full. When you delete data off your drive, your not really deleting it, just communicating to your computer that it is okay for this information to be overwritten.. You can easily back up this information with a variety of programs, including some free ones.

 What I would do if I was worried about such a situation? Keep your suspect data in one place and encrypted.. have a spare external hardrive on hand pre-loaded with a data mass equal to or slightly greater than your computers internal hardrive. Worse comes to worse, delete your suspect data and quickly fill your computer with the preloaded crap.. it should effectively overwrite what you were hiding.

It's been fairly widely accepted that single pass overwrite isn't a surefire way to destroy information, it's claimed that microscopy can recover data on overwritten segments of the disk. As far as I know there's never been a case of recovering information this way though.

In any case, copy pasting a picture a billion times isn't really what you want to be doing. Even if you fill as much as much space as your operating system gives you, there's more on your disk than user storage. It's possible your OS reserved some swap space it never ended up writing to or maintains free storage for boot time.

Offline Tiffany

  • Adherent
  • *
  • !
  • Posts: 62
  • I'm a 13yo girl
    • View Profile
Re: How People Destroy Evidence on a hard drive(Pictorial)
« Reply #25 on: October 21, 2014, 07:02:13 am »
Just use LUKS/dm-crypt full disk encryption and have an emergency self destruct script that when activated writes 3 passes of data from /dev/urandom to the first 4096 or whatever blocks (keyslots and header) of the encrypted partitions and then immediately powers down the machine.

Offline SBTlauien

  • Disciple
  • ***
  • Posts: 454
  • ส็็็็็็็็็.ส็็็็็็็็็.ส็็็็็็็็็
    • View Profile
Re: How People Destroy Evidence on a hard drive(Pictorial)
« Reply #26 on: October 21, 2014, 07:14:33 am »
Just use LUKS/dm-crypt full disk encryption and have an emergency self destruct script that when activated writes 3 passes of data from /dev/urandom to the first 4096 or whatever blocks (keyslots and header) of the encrypted partitions and then immediately powers down the machine.

To much room for error.  One of the first things they do during a digital forensic investigation, is make an exact image of the hard drive.  I've also read that they like to wait to arrest/detain the suspect while they are out-and-about rather than while they are at their resident.

Offline Tiffany

  • Adherent
  • *
  • !
  • Posts: 62
  • I'm a 13yo girl
    • View Profile
Re: How People Destroy Evidence on a hard drive(Pictorial)
« Reply #27 on: October 21, 2014, 08:00:22 am »
Should be pretty foolproof actually. Just have a root terminal open and if LE busts in, execute the script. Within 10 seconds everything will be permanently gone and (DDR3) RAM cleared. A hard drive full of LUKS encrypted data without a key and header is about as useful to forensic examiners as a brick.

For DDR2 RAM you should probably implement some kind of secure memory erasure like what TAILS does, because it takes much longer, possibly as much as several minutes to clear after loss of power.

Offline SBTlauien

  • Disciple
  • ***
  • Posts: 454
  • ส็็็็็็็็็.ส็็็็็็็็็.ส็็็็็็็็็
    • View Profile
Re: How People Destroy Evidence on a hard drive(Pictorial)
« Reply #28 on: October 21, 2014, 08:02:01 am »
What happens when they arrest the person at work and then search that persons residence?

Offline Tiffany

  • Adherent
  • *
  • !
  • Posts: 62
  • I'm a 13yo girl
    • View Profile
Re: How People Destroy Evidence on a hard drive(Pictorial)
« Reply #29 on: October 21, 2014, 08:16:23 am »
You should still be okay, assuming your encryption passphrase is sufficiently strong. Any security conscious individual will power down machines containing sensitive data when he's not in the immediate vicinity. I have my servers running 24/7 but they contain no sensitive files. Everything else is turned off when not in use.