±Forensic Focus Partners

Become an advertising partner

±Your Account


Username
Password

Forgotten password/username?

Site Members:

New Today: 0 Overall: 36317
New Yesterday: 0 Visitors: 113

±Follow Forensic Focus

Forensic Focus Facebook PageForensic Focus on TwitterForensic Focus LinkedIn GroupForensic Focus YouTube Channel

RSS feeds: News Forums Articles

±Latest Articles

±Latest Videos

±Latest Jobs

Do companies forensically wipe their systems before disposal

Computer forensics discussion. Please ensure that your post is not better suited to one of the forums below (if it is, please post it there instead!)
Reply to topicReply to topic Printer Friendly Page
Forum FAQSearchView unanswered posts
 
  

sovietpecker
Member
 

Do companies forensically wipe their systems before disposal

Post Posted: Oct 06, 19 20:40

Hello everyone,

I would like to know if private and government organisations in your country forensically wipe Laptops/Desktops when the machines are up for renewal.

I am aware that most organisations simply instruct the IT Unit to format the drives before the systems are either sold back to the original owner at scrap value or auctioned out to a third party.

Also, what popular forensic data wiping tools would you recommend, aside from Eraser Blancco? I would prefer officially licensed software that could generate a Certificate of Erasure.  
 
  

jaclaz
Senior Member
 

Re: Do companies forensically wipe their systems before disp

Post Posted: Oct 07, 19 07:50

Why should a forensic data wiper be "popular"?

*Any* tool capable of issuing a SATA Secure Erase command will do (but also a very plain dd would, only it will be slower), and even a "normal" format under Windows post-XP (without the /q or "Quick Format") would do.

As always the chosen method needs to be checked and validated on the specific device.

The (AFAIK hypothetical) "Certificate of Erasure"[1] is only a piece of paper (or a bunch of bytes if it is electronic) and it has of course no real value in the real world, unless it is backed by a suitable insurance (or similar) guarantee of sorts, which would cost 10x or 100x the cost of the device (i.e. destroying it physically).

jaclaz

[1] though probably that would make a bureaucrat very, very happy.
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

Bunnysniper
Senior Member
 

Re: Do companies forensically wipe their systems before disposal

Post Posted: Oct 07, 19 12:56

Erasing files on the old drive is only step one. Step two is the pyhsical destruction of the drive and then the old laptop is sold. Whoever buys the used hardware has to buy brand new drives, too, before theses devices can be sold to a 3rd party. This is what most of the companies do.

Back to the initial question: DBAN (https://dban.org), Eraser (https://eraser.heidi.ie) and of course dd can be used to erase old files.

regards, Robin
_________________
--
All opinions are mine and are not necessarily the opinions of my employer. 
 
  

maysr
Newbie
 

Re: Do companies forensically wipe their systems before disp

Post Posted: Nov 06, 19 18:47

Best Practices depends on what is being erased/destroyed.

What is best for a commercial company, may not be best for a government.

The extreme method is physical destruction of the device, beyond repair. Like crushing it.

If that is not required, then you would best suited using a tool that will write all 00's to every sector of the device. The reason for this is that you can verify the wipe using a Checksum64. If the Checksum64 results in 00's, then the wipe was successful.  
 
  

JimC
Senior Member
 

Re: Do companies forensically wipe their systems before disp

Post Posted: Nov 06, 19 19:07

It is trivial to calculate the Checksum64 (or any other similar hash) for zero filled data of arbitrary size.

If software were to calculate the same hash over the storage media and produce the same hash it would be a very good indication that the storage media was indeed wiped.

Jim

www.binarymarkup.com  
 
  

jaclaz
Senior Member
 

Re: Do companies forensically wipe their systems before disp

Post Posted: Nov 07, 19 09:41

- JimC
It is trivial to calculate the Checksum64 (or any other similar hash) for zero filled data of arbitrary size.

If software were to calculate the same hash over the storage media and produce the same hash it would be a very good indication that the storage media was indeed wiped.

Jim


And someone actualy made a handy tool for that Smile :
www.edenprime.com/tool...ulator.htm
and some previous discussion on the matter:
www.forensicfocus.com/...c/t=16208/

jaclaz
_________________
- In theory there is no difference between theory and practice, but in practice there is. - 
 
  

AmNe5iA
Senior Member
 

Re: Do companies forensically wipe their systems before disp

Post Posted: Nov 07, 19 12:42

https://github.com/AmNe5iA/Device-Wipers

Scripts may need some alteration to work on your own local systems.  
 

Page 1 of 1