This blog is no longer updated.

Since I own the domain name for a couple more years, and the hosting was paid-in-advance, it's still here. But I've moved on to Hawaii, and no longer have the need to publish all the sorts of neat stuff that made up the contents of this website.

If you've linked to me, you are invited to unlink, as your readers will no longer be presented with new content. Thanks, Steve

Poor Man's BCWipe Monday, November 07, 2005 : Stephen D. Carroll, rokus.net So, you've got some sensitive data on your computer, and you want to get rid of it. Tossing it in the "Recycle Bin" is insufficient - you want it gone. [Shift]+[RightClick] the file and select delete - it bypasses the recycle bin and it's gone. Well, sort of. You haven't done anything to actually change the data string (0001 0010 0000 0010 0100 1000 1101) , you've just notified the disk that "Sectors 724-773 are available as free space." When you deal with sensitive or classified data, there's a whole Mil Spec on how to destroy the remnants of that binary stream. They call it a seven pass overwrite - where all the empty space on the disk is written with all zero's, and then all one's in seven cycles. (The science behind this is fascinating to about three people in the world, and they don't read this, so I'll spare you.) Several companies offer DoD Spec file shredding programs, disk erasers, pagefile sanitizers, and the like. It is not the intent of this post to endorse any single one of those products, even though the title of this article may appear otherwise. (We've used "BCWipe" so often and for so long that it's (probably improperly) become a verb - "Yeah, and when you're done BCWiping that box, toss it over there.") But if you're not going to shell out the thirty or fifty bucks (or however much it costs), but still want to get rid of those sequenced ONEs and ZEROs on your Windows box, here's the cheap way to do it: C:\>cipher /w:c:\ Naturally, cipher /? will tell you what the heck cipher.exe does: "Displays or alters the encryption of directories [files] on NTFS partitions." Wha Huh? Read on... "   /W       Removes data from available unused disk space on the entire volume. If this option is chosen, all other options are ignored. The directory specified can be anywhere in a local volume. If it is a mount point or points to a directory in another volume, the data on that volume will be removed." In essence, forget all of the encryption switches that you can use with cipher.exe - if you just want to remove data from a disk, cipher's the way to go. Here's why you still need a commercial product: Cipher doesn't sanitize the pagefile, and if you move the pagefile from C:\ to D:\, clean C:\, move it back from D:\, clean D:\, you're going to have problems. Additionally, cipher does NOT do a seven pass write of the disk as required by the MilSpec. I suppose you could run it seven times, but really, I bet you'd forget around the fifth time or so which pass you were on. Here's a screenshot of cipher blasting all zero's to my hard drive: Here's the next step - all one's to the disk: There's a third pass where it writes random numbers, but I think you get the idea (hint: ..................................) "Cipher /w" is a good tool if you're not too paranoid (single pass vs. seven pass). Naturally, it works much better if you clean up your windows session first (delete temp files, clear browser cache, toss your cookies (heh), and burn your taxes to CDR). I highly recommend this tool for use prior to disposing of your hard drives, selling them on eBay, or generally losing physical control of the platform. It is not, and let me repeat that, not, not, not, not, an approved DoD tool for declassifying data storage devices. (Is that clear?) Permalink |   Mail this...

Poor Man's BCWipe | Login/Create an account | 0 Comments

No comments Nested Flat Thread Oldest first Newest first

Comments are owned by the poster. We aren't responsible for their content.