hi

 I see a lot of programs that are available to clean up the disks for
Windows OS. Not wipe a disk but clean up deleted files so they cannot be
recovered.
 Is there any program for OpenBSD that will clean up the disks so that
deleted files cannot be recovered.

 (not looking to delete a file securly - but to wipe the disk clean of
deleted file with out affecting the OS)

-jon

hi

the problem is to clean up the un-used storage locations. When I delete
files / logs/ etc... I don't want any one to recover them. I am not asking
how to securly discard my disks...

 The answers are (from the threads)

    1. rm -P
    2. fill up the disks with 0 and delete them when the disk is full or
near full

I am not looking for how to grind the disks or hammer the. How to get some
one to dispose of the hard disks..
Again, Is there a way to wipe the un-used space in my hard disks clean with
out afftecting the OS ?

-jon

Then it appears that you have your answer(s)

-Jonathan

/dev/zero or /dev/urandom either will work fine (the first being quicker
than the last)
-- 
View this message in context: http://www.nabble.com/delete-deleted-data-tp14560809p14561483.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Grind them up.  There is nothing else you can do to "permanently" wipe
disks.  Residual magnetism is always there provided good enough
equipment.  If your data is that sensitive there is nothing else but the
grinder.

put a wood furnace in you garage, get a good hardwood fire going, pop 
the disk in there, and stoak it again in 2 hours. there you go.

cel

-- 
Christopher Linn <celinn at mtu.edu>  | By no means shall either the CEC
System Administrator II               | or MTU be held in any way liable
  Center for Experimental Computation | for any opinions or conjecture I
    Michigan Technological University | hold to or imply to hold herein.

Still recoverable.  I have dealt with pretty badly burnt disks that we
recovered data off.  Really the grinder is the way to go.

Hi!


Thermite should do the work too. Hot enough to bring the material out of
the ferromagnetic temperature range, i.e. to lose its magnetization.

And nice special fx. *g*

Grinding leaves small pieces of still magnetized material where a
*very* determined (yeah, unlikely unless the data is worth *very*
much) attacker could try playing jigsaw puzzle.

Of course you could try combining a grinding and a demagnetizing
technique (for the latter I'm still partial with applying heat that
brings the material well out of the ferromagnetic range).

Kind regards,

Hannah.

Of course, both the grinder and the fire will have a negative effect on
the OS installed on the drive :)

Note that if you do choose the fire method, that there are components
in the drive that you don't need to burn in order to securely delete
data.  Burning them will have a negative impact on the environment and
perhaps on the stove.  All you really need to do is burn the oxide off
the platters.  If the platters are aluminum, it shouldn't be too
difficult to melt the platters but I don't know if that will render the
oxide coating inoperable or if it just comes off as a sheet that could
be read.

Perhaps you need to grind up the platters into powder, mix in some

Doug.

Some geeks have had hard drive roast featuring thermite placed on top of hard drives to melt them.

That sounds like a fun way to securely delete data given enough thermite.

--- Marina Brown
Return-Path: <owner-misc+M62733@openbsd.org>
X-Original-To: marina@surferz.net
Delivered-To: marina@surferz.net
Received: from localhost (localhost [127.0.0.1])
	by mail.surferz.net (Postfix) with ESMTP id 57CBA149AFC
	for <marina@surferz.net>; Mon, 31 Dec 2007 14:04:36 -0500 (EST)
Received: from mail.surferz.net ([127.0.0.1])
	by localhost (mail.surferz.net [127.0.0.1]) (amavisd-new, port 10024) with LMTP id 21140-04-14
	for <marina@surferz.net>; Mon, 31 Dec 2007 14:04:29 -0500 (EST)
Received: from shear.ucar.edu (lists.openbsd.org [192.43.244.163])
	by mail.surferz.net (Postfix) with ESMTP id 7081F149AF2
	for <marina@surferz.net>; Mon, 31 Dec 2007 14:04:19 -0500 (EST)
Received: from openbsd.org (localhost.ucar.edu [127.0.0.1])
	by shear.ucar.edu (8.14.1/8.13.6) with ESMTP id lBVIxZHP010613; Mon, 31 Dec 2007 11:59:35 -0700 (MST)
Received: from mail.peereboom.us (adsl-76-250-126-209.dsl.austtx.sbcglobal.net [76.250.126.209])
	by shear.ucar.edu (8.14.1/8.14.1) with ESMTP id lBVItobX025486 (version=TLSv1/SSLv3 cipher=DHE-DSS-AES256-SHA bits=256 verify=NO)
	for <misc@openbsd.org>; Mon, 31 Dec 2007 11:55:50 -0700 (MST)
Received: by mail.peereboom.us (Postfix, from userid 0) id 6D83D5B702D; Mon, 31 Dec 2007 12:55:42 -0600 (CST)
Received: from peereboom.us (dev.peereboom.us [192.168.0.10]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested)
	by mail.peereboom.us (Postfix) with ESMTPSA id AFB6B5B7005; Mon, 31 Dec 2007 12:55:41 -0600 (CST)
Date: Mon, 31 Dec 2007 12:25:02 -0600
From: Marco Peereboom <slash@peereboom.us>
To: Jon <hypermails@gmail.com>
Cc: misc@openbsd.org
Subject: Re: delete deleted data
Message-ID: <20071231182501.GC5325@peereboom.us>
References: <1b2ba8a10712311025t40125892sd21c20052ea88d5d@mai...
[ message continues ]

nah, use one of these http://www.glasstorchtech.com/torches.html
the Mirage will liquify the platters in about 40 seconds ... smells
kinda bad though.

-- 
jakemsr@sdf.lonestar.org
SDF Public Access UNIX System - http://sdf.lonestar.org

Be sure that you do this yourself or personally witness the act. I just
experienced this myself where a contractor was *paid* money to grind up hard
drives in a bunch of old Sun hardware before the equipment was auctioned off
online. The contractor even issued 'certificates of destruction' for the
drives... long story short, the drives had not been destroyed. They were
intact, untouched, not even a software wipe. The drives booted and worked
fine. A simple 'boot cdrom -s' to change the root passwd was all it took to
view the hard drive's content.

-- 
View this message in context: http://www.nabble.com/delete-deleted-data-tp14560809p14562122.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Someone linked me this article a couple calling into question the
ability to actually read overwritten data:
http://www.nber.org/sys-admin/overwritten-data-guttman.html

I'de love to read something from the other side, showing real examples
of getting usable data off of a disk that has been overwritten / wiped
/ etc

any links or info?

Not possible on today's drives. In fact, according to NIST, one overwrite
with only zeros is sufficient. See The National Institute of Standards and
Technology (NIST) Special Publication 800-88, "Guidelines for Media
Sanitation."

-- 
View this message in context: http://www.nabble.com/delete-deleted-data-tp14560809p14561973.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

bullshit.

I decided to put my money where my mouth is :)

I bought a 80GB, Western Digital IDE hard drive. $60 USD. Attached it to a
Windows XP laptop (usb-ide bridge), initialized it, created one (1) primary
partition, formatted it NTFS and copied an older subversion repository to
it. I documented and screen-shot the entire process.

I then booted the laptop with an OpenBSD 4.2 install CD and selected the 's'
option and ran dd like this on the hard drive:

dd if=/dev/zero of=/dev/rsd0c

I called three (3) well-known data recovery companies. Two of them said
recovery was not possible after the dd procedure, one of them said they'd be
willing to try so long as no other data recovery company had opened the HDD
case and offered to do a free analysis in one of their ISO certified labs.
I'm sending the drive off tomorrow, I'll let you know in a few weeks how it
turns out. 

Brad

-- 
View this message in context: http://www.nabble.com/delete-deleted-data-tp14560809p14604134.html
Sent from the openbsd user - misc mailing list archive at Nabble.com.

Great.  The companies I worked with charged $500 per megabyte.  I am
sure you'll spend that to prove whatever point you are trying to make.

Let me repeat this one more time; I have worked with several of these
companies in the past who have recovered data from flooded and burnt
hard disks.  I also worked with incidental formats and such.  I am not
making this up.

Free analysis. I pay shipping. The drive cost 60 bucks. I'll probably
have a total of 100 bucks in it at most... cause they ain't gonna
recover jack... even in their ISO certified labs. We need to put a
stop to the notion that mulitiple overwrites and grinding and burning
and nuking drives is *required*... it's silly and wasteful. One pass
from /dev/zero is more than enough for all cases.

I agree that after a single pass of zeroes, getting anything but  
zeroes from a fully working, unaltered drive is not going to happen.

But if you remove the digital logic which masks residual signals via  
thresholds used to determine at what point a 1 is considered a 1 and a  
0 a 0, then perhaps 1's and 0's could be restored from some drives.  
Through the use of a replacement device that samples each bit with a  
bit depth greater than 1, allowing analysis to interpret what I would  
have thought would not be constant uniform samples.


I think more importantly, if it is comparatively very cheap to erase a  
drive in a paranoid manner and the leaking of that data could cost a  
fortune, then the comparatively small cost of paranoid erasure could  
be a risk worth taking.


Shane

On Thu, 3 Jan 2008, Brad Tilley wrote:

HaHaHa, I wish my day job employer would let me take the drugs you're on.

diana

On Thu, 3 Jan 2008 11:55:16 -0800 (PST), "new_guy" <byte8bits@gmail.com>

It can't be done. it's an urban legend, AFAICT.
http://www.nber.org/sys-admin/overwritten-data-guttman.html
Which references Gutmann's paper which started all this...

Of course I'm sure a tax analyst (http://www.nber.org/vitae/vita184.htm) 
knows more about data recovery than a security researcher with a history 
of researching overwritten-data-retrieval 
(http://www.cs.auckland.ac.nz/~pgut001/).

> It can't be done. it's an urban legend, AFAICT.

Yes I know. That's the whole point of this. It would have been better
to donate a 100 bucks to OpenBSD. I'm just fed-up with the stupid
drivel about needing to burn, grind, overwrite, and nuke drives... and
even after all of that there's still a chance (albeit small) that the
NSA can recover all data from the non-existent drive... out of the
ether I guess

/dev/zero is all you need :)

To expand on "bullshit" a little...

The longer you leave a 0 or 1 in a given place on a platter the more of
an "impression" it makes there. Writing over it with with random bits,
even several times, will not totally erase the deep magnetic impression
of the former bit. Forensics are more than good enough to pick that up,
if you pay the money.

As always, the real question becomes how much of a chance is there of
someone getting an old hard disk, and how much damage would be done if
they read the data on it. This is where is usually falls apart. People
want to completely wipe a disk, but want that to be essentially free in
cost and hassle. Tough cookies. If it's worth it, then completely
destroy the drives. If it's not worth it then write random data on it a
few times and call it good. But make an informed choice. Writing random
data might stop joe blow, but it won't stop someone serious with a lot
to gain.


-- 
Darrin Chandler            |  Phoenix BSD User Group  |  MetaBUG
dwchandler@stilyagin.com   |  http://phxbug.org/      |  http://metabug.org/
http://www.stilyagin.com/  |  Daemons in the Desert   |  Global BUG Federation

But as a stopgap, look into rm -P (on OpenBSD). Linux has "shred" too.

Hi!


dd if=/dev/zero of=/mount/point/something bs=1024k

(wait until disk is full)


Kind regards,

Hannah.

What problem are you trying to solve?