I have a small problem which you might be able to advise on. Due to an upgrade at my company, we have a small number of PC workstations to dispose of (to worthy causes). I have deleted all the company sensitive files that I can find, but I need to know how to overwrite the blank space on the disk to make sure that no-one can subsequently resurrect the data.

Does anyone know of a utility that can do the overwrite, and are there any files that may contain info that is not obvious to a search with Explorer?

Thanks for your help, guys.

FJJP :O

Re-partition with fdisk (good, old DOS utility) and reformat.

FJJP..............Knowing the sensitivity of the information that you handle, I would suggest that you talk to the Owners and see if they would spring for new drives. This is really the only surefire way of protecting the information. Obviously the old drives could then be destroyed or saved in a bank vault.

As you are donating the old computers, used drives or very cheap drives would be acceptable.

It depends on how paranoid you wish to be or have reason to be. There are a whole stack of utilities out there (some free, some not) that will overwrite all sectors with zeros or whatever many times to US security standards. Even so, it is just possible that a professional security expert with special equipment might be able to extract a few scraps. The average joe (or even computer guru) won't.

There was a PPRuNe thread about this a while ago if you can find it. If you do have really really terrible secrets to protect then your company will have security policies that normally destroy drives and melt down the bits.

As you probably know, there is no such thing as deleting from disk. It's not like a cassette tape where you just wipe it, because if you did, you'd destroy the formatting.

Whilst I cannot guarantee it will do the job you want, if you want to keep the system files, I've just downloaded a freeware utility which does the job very well.

Its called "Eraser" and it purports to be just as secure as many professional (and expensive) programs.

It can overwrite individual files multiple times with a large cryptographically secure random number sequence before marking as deleted. This is (apparently) to "military" standards, and is the equivalent of shredding. It can also overwrite all your free space in a similar manner to deal with previously (and historically) deleted files.

The original developer is no longer supporting it, (due to other commitments I understand), but it has been taken over by someone else. Although they do ask for a $10 donation, it
is totally FREE, being licenced under the GNU public distribution licence.

Click here for ERASER (http://www.heidi.ie/eraser/)

Good Luck,

Andy Woolford

There's no desparate state secrets involved, just confidential personal info about clients. Owners wouldn't spring for new drives just to give 'em away - not good business sense. Unlikely that security experts would be involved - just safeguarding clients against curious amateur with a bit of IT knowledge.

awoolford, Eraser sounds just what I'm after - I'll have a look.

Thanks guys; I appreciate your taking the time to help.

FJJP :D

f-disk and re-format does not remove data from drive, it can be recovered quite easily with a disc recovery utility. Suggest you try something like "disc scrub" available from .

Ease off KENNYR - if FJJP follows standard guidelines and uses an accepted security eraser like the ones listed below the data is essentially unrecoverable.

After this has been done special labs with dedicated equipment like a Class 1000 clean room where the drive can be disassembled and the drive mechanics and platters tinkered with MAY be able to recover SOME fragments of data. I doubt whether the small offchance of finding your address and and banking details are worth that sort of expenditure. Strictly for Government spooks and big-time industrial espionage where even a tiny code fragment may add something to the big picture.

A typical quote from the web:

Level 2: Government Wipe Disk Erasure

(Minimum acceptable Sanitization Level for Government IT Assets)

This level demands the disk to be erased using a software product specifically designed for multiple-pass sanitized erasure and meeting CIO sanitizing standards (e.g., U.S. Department of Defense 5220.22M Cleaning and Sanitizing standard). Disk sanitizing includes securely erasing the media, writing multiple ones and zeros across the surface, sanitizing each sector, verifying sanitization and generating a report.

Government Wipe Disk Erasure is the preferred approach as it:

sets a minimum baseline of sanitizing IT assets that fulfills statutory obligations under Section 30 of the Freedom of Information and Protection of Privacy Act (FOIPP Act) to protect personal information;

provides a high level of assurance that information stored on media is unrecoverable by any means;

saves government a significant amount in disposal fees;

provides more useable equipment for schools and disposal sales; and

is environmentally responsible.

The three software tools endorsed by the CIO as meeting the government standards for government wipe disk erasure are:

East-Tec DiskSanitizer Government version,

RCMP DSX, and

Norton Utilities 2002 with Norton WipeInfo government wipe option.

Had a friend who's profession (and a lucrative one at that!) was to extract data from HDD's that people thought were wiped. The only way to ensure you've wiped the data is to overwrite every sector address 7 times. So you do need a utility of some description but I can suggest one.

Norton Works has a programme that meets government erasure standards (ie, overwrites at least five times - or more, can't remember exactly). I can check it out when I get back home and let you know if you wish.
cheers

Thanks again guys. I'll look at all your suggestions and let you know how I get on.

:D

Excuse my ignorance here,
but why does Re-Formatting a HD not remove all data ... I always thought that cleaned up all sectors ?

Plus, I was always under the impression that 'Defragmenting' a drive would make files unrecoverable ....???

FJJP
The Norton system is a Norton Utility called WipeInfo. It will wipe discs, files or free space (or combo as you select) using a couple of wipes of 1s and 0s, then three wipes of a random number selected by yourself. It says it operates to some a standard, DoD I thnk it said.
Cheers

Out of interest, I have just used "File Scavenger" to recover data from a SCSI hard disk that had been wiped with fdisk and formatted. No problem.

File Scavenger Link (http://www.quetek.com/prod02.htm)

Cheers, :cool:

noblues

A very simple explanation (I hope!)

defrag simply gathers all the bits of a file (which can be in several blocks all over the hard drive) and compiles them into one sequental block. No data is deleted.
Format puts markers for start and end of sectors on the hard drive, any data between these marks is left intact.
Fdisk does a similar thing.
The operating system uses a File Allocation Table (FAT) to store and retrieve files from the hard drive. Deleteing a file removes the entry from the FAT but leaves the data intact.
Windows explorer and the like display information taken from the FAT not from the disk surface.

From this you can see that if you can read the disk surface directly you can recover data that was "deleted".

Hope this helps

CK

A friend of mine had a very very sick hard disk. In the end, this is what he had to say:

"I actually got my data back using GetDataBack for FAT from www.runtime.org.
It cost £42 to buy. The free demo version scans the disk, shows what it has
found, and lets you see the contents of the files but not save them to a
good disk. So at that point you know whether it is worth spending the money."

Worth keeping in the back of your mind...

ck4707 - Thanks for the reply.

I thought that when you DEFRAG a drive if a file has been deleted in the FAT then its contents/bits will be overwritten as the other files are moved around ?

Does DEFRAG look in the FAT to check if a file is still 'current' - I would have assumed if its trying to optimise the disk it would not bother with any files not in the FAT ????

Uhhhmmm ?

noblues

as far as I know defrag only deals with files in the FAT and sys files.

When the files are moved they tend to go at the start of the drive and fill up the disc space from there. If there is any "deleted" data there is no way of knowing where it is on the disc and they may or may not be over written by the defrag process.

A bit hit and miss ifyou want to destroy data!!

regards
CK

Out of interest, I have just used "File Scavenger" to recover data from a SCSI hard disk that had been wiped with fdisk and formatted. No problem.

Wow. You live, you learn... :eek:

awoolford - The utility 'Eraser' you recommended works well, but 'securing' 'unused disk space' with a US DoD 7 pass overwrite takes about 5 hours on my 120G HD.
I would hate to think how long the Gutmann 35 pass would take, probably 25 hours !

I do wonder having my HD spinning continuously for 5 hours does to the life of it !

Why not just defrag, and fill the 'dead' space up with 'any old data', ie. a few DVD's and then delete that data.
That way at least you know any slack space will be overwritten by harmless files even if soemone does try a recovery of data ?