Do companies forens...
 
Notifications
Clear all

Do companies forensically wipe their systems before disposal

7 Posts
6 Users
0 Likes
771 Views
(@d1m4g3r)
Posts: 28
Eminent Member
Topic starter
 

Hello everyone,

I would like to know if private and government organisations in your country forensically wipe Laptops/Desktops when the machines are up for renewal.

I am aware that most organisations simply instruct the IT Unit to format the drives before the systems are either sold back to the original owner at scrap value or auctioned out to a third party.

Also, what popular forensic data wiping tools would you recommend, aside from Eraser Blancco? I would prefer officially licensed software that could generate a Certificate of Erasure.

 
Posted : 06/10/2019 8:40 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

Why should a forensic data wiper be "popular"?

*Any* tool capable of issuing a SATA Secure Erase command will do (but also a very plain dd would, only it will be slower), and even a "normal" format under Windows post-XP (without the /q or "Quick Format") would do.

As always the chosen method needs to be checked and validated on the specific device.

The (AFAIK hypothetical) "Certificate of Erasure"[1] is only a piece of paper (or a bunch of bytes if it is electronic) and it has of course no real value in the real world, unless it is backed by a suitable insurance (or similar) guarantee of sorts, which would cost 10x or 100x the cost of the device (i.e. destroying it physically).

jaclaz

[1] though probably that would make a bureaucrat very, very happy.

 
Posted : 07/10/2019 7:50 am
Bunnysniper
(@bunnysniper)
Posts: 257
Reputable Member
 

Erasing files on the old drive is only step one. Step two is the pyhsical destruction of the drive and then the old laptop is sold. Whoever buys the used hardware has to buy brand new drives, too, before theses devices can be sold to a 3rd party. This is what most of the companies do.

Back to the initial question DBAN ( https://dban.org), Eraser ( https://eraser.heidi.ie) and of course dd can be used to erase old files.

regards, Robin

 
Posted : 07/10/2019 12:56 pm
(@maysr)
Posts: 3
New Member
 

Best Practices depends on what is being erased/destroyed.

What is best for a commercial company, may not be best for a government.

The extreme method is physical destruction of the device, beyond repair. Like crushing it.

If that is not required, then you would best suited using a tool that will write all 00's to every sector of the device. The reason for this is that you can verify the wipe using a Checksum64. If the Checksum64 results in 00's, then the wipe was successful.

 
Posted : 06/11/2019 6:47 pm
JimC
 JimC
(@jimc)
Posts: 86
Estimable Member
 

It is trivial to calculate the Checksum64 (or any other similar hash) for zero filled data of arbitrary size.

If software were to calculate the same hash over the storage media and produce the same hash it would be a very good indication that the storage media was indeed wiped.

Jim

www.binarymarkup.com

 
Posted : 06/11/2019 7:07 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
 

It is trivial to calculate the Checksum64 (or any other similar hash) for zero filled data of arbitrary size.

If software were to calculate the same hash over the storage media and produce the same hash it would be a very good indication that the storage media was indeed wiped.

Jim

And someone actualy made a handy tool for that )
http//www.edenprime.com/tools/epAllZeroHashCalculator.htm
and some previous discussion on the matter
https://www.forensicfocus.com/Forums/viewtopic/t=16208/

jaclaz

 
Posted : 07/11/2019 9:41 am
AmNe5iA
(@amne5ia)
Posts: 173
Estimable Member
 

https://github.com/AmNe5iA/Device-Wipers

Scripts may need some alteration to work on your own local systems.

 
Posted : 07/11/2019 12:42 pm
Share: