Silk Road forums
Discussion => Security => Topic started by: djtiesto on August 21, 2013, 09:30 am
-
Don't really order but I did order 1-2 time here and I just want to delte all traces of SR just t be safe
is 3enough orr 7 enuff?
what if u do 3 passes three differnt time will that be more den 7 pass option once?
-
Don't really order but I did order 1-2 time here and I just want to delte all traces of SR just t be safe
is 3enough orr 7 enuff?
what if u do 3 passes three differnt time will that be more den 7 pass option once?
Since you mention CCleaner, you must be running Windows. Windows is notorious for stashing little bits of data in the most obscure places imaginable. It is not for nothing that Windows has been described (correctly, in my opinion) as: "A forensic technician's wet dream."
If you're that worried, I'd use DBAN to wipe your entire drive, and then re-install Windows and your backed-up data. Like they said in Alien, if you want to be sure, you'll have to nuke it from orbit.
Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (MIT clearnet keyserver)
PGP Key: https://keys.indymedia.org/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia https: clearnet keyserver)
PGP Key: http://qtt2yl5jocgrk7nu.onion/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia .onion keyserver)
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090 (Silk Road Forums PGP Key Link)
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07 B66B AFC8 CE71 D9AF D2F0
-
what if i use linux for tor? not windows
is dban better than ccleaner?
-
One pass is enough.
Like nightcrawler said, It would be a good idea to switch to an anonymous, Linux-based OS like TAILS as it does not store data permanently and thus won't require the use of CCleaner or any other wiping/cleaning tool. For maximum security, I would also advise you to remove the hard drive and any other storage medium on whatever device you decide to use with TAILS.
Get TAILS here: https://tails.boum.org/ (CLEARNET)
-
No number of passes is enough with individual file wipes, there is always a chance that forensic trace evidence is left somewhere on your drive, and on Windows this risk is all the more serious. The only way to be sure you have wiped all traces of a file is to wipe your entire drive.
-
CCleaner will do a complete wipe/delete of the entire drive, just not of the HDD in the computer - you'll have to swap that drive out and connect it via usb or spare sata connection and then do a complete wipe - but i would do that -
-
No number of passes is enough with individual file wipes, there is always a chance that forensic trace evidence is left somewhere on your drive, and on Windows this risk is all the more serious. The only way to be sure you have wiped all traces of a file is to wipe your entire drive.
Well, if you're talking about a single, contiguous file on a standard (and undamaged) NTFS/FAT32 partition located on a modern hard drive, then a single overwrite will be sufficient to destroy that file. However, it will not remove other traces of the same file that may have been copied by the OS, some sort of update process, backup software, etc.
Also, wiping a single file (or running a cleaning app) likely won't be enough to cover your ass from the stuff you AREN'T aware of. Windows systems create so many artifacts that forensics experts will almost always find some nebulous piece of information to use as "evidence" against you. In the end, even though you can technically eliminate a single file via wiping software, it is still best practice to wipe the entire drive if you suspect any kind of LE involvement. It's just not worth it!
-
CCleaner will do a complete wipe/delete of the entire drive, just not of the HDD in the computer - you'll have to swap that drive out and connect it via usb or spare sata connection and then do a complete wipe - but i would do that -
Personally, I wouldn't trust a program running under Windows to wipe the entire drive. DBAN uses Linux, it's open-source, and it's been around for a LONG time. The only thing better than DBAN would be to use the drive's built-in wipe function.
Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (MIT clearnet keyserver)
PGP Key: https://keys.indymedia.org/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia https: clearnet keyserver)
PGP Key: http://qtt2yl5jocgrk7nu.onion/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia .onion keyserver)
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090 (Silk Road Forums PGP Key Link)
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07 B66B AFC8 CE71 D9AF D2F0
-
ididbnt use windows
is 3 passes TWICE enough or should I just do 7 passes right away
left dban on since last night and it was at 50%,,, then earlier it popped upwith lots of black gray text
Disabling IRQ #16 what that mean?
-
Use whole disk encryption like Diskcryptor to encrypt the entire drive with a very long (80+ character) passphrase. Use Serpent or Twofish for your algorithm. Then delete your partitions. Good luck to anyone trying to get your data back after that ;)
-
CCleaner will do a complete wipe/delete of the entire drive, just not of the HDD in the computer - you'll have to swap that drive out and connect it via usb or spare sata connection and then do a complete wipe - but i would do that -
You can select free space only to wipe daily temporary files. Entire drive is really a once-monthly or clean slate thing.
-
And if you're going to the trouble of removing the disk to do a complete wipe - do a one pass first followed by complete 35 pass to be on safe side. (The one first is just in case the 35 is stopped halfway)
Might take a while though.
-
1 pass of zero's is enough to make the information unrecoverable. This is a proven fact and all data recovery businesses will attest to that.
Still I use 7 pass algorythim to erase my data, but other people are right Windows hides information everywhere.
-
There is no such thing as a safe way to lose data by using nsa, one or 7 times, it doesn't matter.
The more the better.
The data is stored, and only a few places are overwritten.
To be sure all data is gone, you will need the same time as the download took, to write the data on the disk.
It's like your video in your vcr. To lose all data on the tape, you should record an other video over the old one.
You can not erase or delete all data from a videotape of 3 hours, in just 20 minutes. To delete a movie of 3 hours you need to record an other video of 3 hours over tho old video.
With ccleaner you should use the Guttman methode with 35 times overwrite.
No nsa or Dod.
-
I have been using windows in the past.
It seems that I should wipe my entire drive.
I have a few questions
1. Do I need to save my os and files on a disc?
2. How do you accomplish ^^
3. Then you Dban the drive? Or nuke it?
4. Then install windows as normally? If you even want it back?
5. What are these nightcrawler links?
Thank you all in advance
-
There is no such thing as a safe way to lose data by using nsa, one or 7 times, it doesn't matter.
The more the better.
With ccleaner you should use the Guttman methode with 35 times overwrite.
No nsa or Dod.
Bullshit.
Nobody uses 35 writes anymore not even Guttman himself. That paper is old, technology changed. It's like saying don't drive over 40mph or you could could break the engine (Model T).
-
I have been using windows in the past.
It seems that I should wipe my entire drive.
I have a few questions
1. Do I need to save my os and files on a disc?
The disk image backup feature on Windows is retarded. You'll be backing up and reinstalling the very files you want to destroy, since you'll be backing up all the caches and log files. You should individually backup the most important files, wipe the drive and do a clean reinstall of the OS, then copy the backup over.
2. How do you accomplish ^^
Get a thumb drive. Use Truecrypt to encrypt the whole thing. Copy over your important files.
3. Then you Dban the drive? Or nuke it?
Yep, DBAN has a one-click nuke option, just make sure the thumb drive isn't plugged in or it will nuke that too. :)
4. Then install windows as normally? If you even want it back?
Install it from a normal installation disk, not a backup image of your drive.
5. What are these nightcrawler links?
Key servers. If you don't know what they are, don't use them.
-
There is no such thing as a safe way to lose data by using nsa, one or 7 times, it doesn't matter.
The more the better.
There is a lot of evidence that contradicts your claim.
According to the 2006 NIST Special Publication 800-88 Section 2.3 (p. 6): "Basically the change in track density and the related changes in the storage medium have created a situation where the acts of clearing and purging the media have converged. That is, for ATA disk drives manufactured after 2001 (over 15 GB) clearing by overwriting the media once is adequate to protect the media from both keyboard and laboratory attack."
The National Institute of Standards and Technology is a government agency that makes recommendations to government and industry. Secure data erasure is important, for example, to comply with HIPAA, the medical privacy law. Hospitals must destroy medical records when their computers are decommissioned. They must wipe their hard drives. If they threw away a bunch of computers with insecurely erased hard drives and someone was able to recover patient records, that would be a massive violation of federal law. That's why it's unlikely that NIST is lying about their recommendation in order to screw us.
According to the 2006 Center for Magnetic Recording Research Tutorial on Disk Drive Data Sanitization Document (p. 8): "Secure erase does a single on-track erasure of the data on the disk drive. The U.S. National Security Agency published an Information Assurance Approval of single pass overwrite, after technical testing at CMRR showed that multiple on-track overwrite passes gave no additional erasure."
Again, this Information Assurance Approval by the NSA is for other government agencies. They are unlikely to be lying to them.
I posted the entire CMRR white paper here: http://dkn255hz262ypmii.onion/index.php?topic=99520.msg699299#msg699299
Further analysis by Wright et al. seems to also indicate that one overwrite is all that is generally required.
http://link.springer.com/chapter/10.1007%2F978-3-540-89862-7_21
Perhaps the best evidence that the NSA doesn't have magic technology to recover files after random writes is this:
A forensics expert testified in the Bradley Manning trial that, "the hard drive on Manning's computer had been securely erased in January 2010. "Everything from early January is gone"'.
http://www.theguardian.com/world/blog/2011/dec/19/bradley-manning-pre-trial-hearing-live-updates
Bradley Manning is the highest profile person to be prosecuted by the US government in the last 5 years. If they had the ability to recover data from his computer after it was securely erased, they would have used it. They didn't use it because it doesn't exist. Or if it does exist and Manning wasn't worth the trouble of using it on, none of us are either.
I should point out that Manning tried several times to securely erase his hard drives. One of those times was a zero write and they were able to recover data from that, so we should consider zero writes to be insecure. However, one random write is sufficient to make data unrecoverable.
-
Thank you so much astor! If I could give you karma I would.
Only 2 more questions
1. How do I get a clean copy of my windows os?
2. Do I need the window os if I just use a usb for a different os? Can I just nuke my computer and use the usb afterward with no windows?
-
Thank you so much astor! If I could give you karma I would.
Only 2 more questions
1. How do I get a clean copy of my windows os?
Well, that's the hard part. :)
You can either get a pirated copy and risk being identified for copyright violation, or buy a legit copy.
It's interesting that Windows doesn't let you make a clean installation disk. You *must* copy the entire contents of your hard drive onto a backup installation image. I wonder why that is.
2. Do I need the window os if I just use a usb for a different os? Can I just nuke my computer and use the usb afterward with no windows?
After nuking the hard drive, you could install any OS you want. You could not install anything and run Tails off a DVD or USB, then connect the backup USB and copy your important files into the Tails persistent volume.
-
PCs used to come with Windows installation disks. If you fucked up your computer, you could do a clean reinstall. This was the case up until about Windows Vista, I believe. Around that time they stopped shipping installation disks and put a rescue partition on the drive instead. The rescue partition only works if there's a recognizable Windows install on one of the other partitions. So you can't do a random write over the Windows partition and reinstall Windows. If you write over the whole drive, the rescue partition is gone too. If you create a backup disk, you run the risk of backing up the files that you want to destroy. So there is no way to securely reinstall the copy of Windows that you paid for (ie, with that license).
I suspect that's not an accident.
-
I wonder how they recovered data from a drive overwritten with 0's. I always use random overwrite myself though.
Hard drive data wiping has got to be the most controversial subject of computer forensics. You can literally find citations for everything from no number of passes is ever enough to a single pass with 0's is enough. From what I can gather, the people who sound the most educated on the matter claim that a single pass with random data is enough, and an off track pass could possibly help as well (although that claim is controversial as well). Personally, I feel very safe to do a Secure Erase wipe (which does one on track and one off track pass) followed by a one pass wipe with something like DBAN using random data (in case there is an implementation flaw in the Secure Erase, or something else goes wrong with).
-
Astor I thank you!
Your insightful knowledge has helped countless people on these forums. I am in debt to you at least 2 karma. Thank you for you helpful info
-
you need to either physically either destroy the hard-drive or you need to use something like Secure Erase, programs such as ccleaner arent going to get the job done for a forensic lab investigation. The best method is to physically destroy the hard-drive and ram. thats why its key to buy one of those cheap netbooks and only use that for SR activities along with a thumb-drive with a linux based os. keep tor on the thumb drive. if the heat gets on to you use secure erase once activated it can-not be reversed it will wipe the hard-drive then destroy the laptop and thumb-drive in a secure location at the very least activate secure erase before you get nabbed up
-
I have been using windows in the past.
It seems that I should wipe my entire drive.
I have a few questions
1. Do I need to save my os and files on a disc?
2. How do you accomplish ^^
You'll have to look this up elsewhere -- it's beyond the scope of what can be handled in the Forums.
3. Then you Dban the drive? Or nuke it?
Generally, you want to DBAN or nuke the drive to get rid of any and all incriminating information. Generally then, you would re-install your OS and your backed-up data.
4. Then install windows as normally? If you even want it back?
Whether you want Windows back is up to you. Whether or not you switch to another OS depends on the level of your computer skills. Some people are able to make the transition with ease, others much less so.
5. What are these nightcrawler links?
Thank you all in advance
These links in my .sig are pointers to where my PGP key can be downloaded from.
Nightcrawler
4096R/BBF7433B 2012-09-22 Nightcrawler <Nightcrawler@SR>
PGP Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xB8F1D88EBBF7433B MIT clearnet keryserver
PGP Key: https://keys.indymedia.org/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia https: clearnet keyserver)
PGP Key: http://qtt2yl5jocgrk7nu.onion/pks/lookup?op=get&search=0xB8F1D88EBBF7433B (IndyMedia .onion keyserver)
PGP Key: http://dkn255hz262ypmii.onion/index.php?topic=174.msg633090#msg633090
PGP Key Fingerprint = 83F8 CAF8 7B73 C3C7 8D07 B66B AFC8 CE71 D9AF D2F0
-
Bring the files you want to keep in safety (on a usb-stick or so)
Make a live-cd with ""kildisk""
Make in the BIOS the dvd the first boot.
Run it.
Your hdd contains just zeros now.
Guttmann or Dod or RSA just overwrites a tiny part.
A picture with just one on seven pixels erased, but leaving the other 6 pixels untouched is good enough to see what was on the picture.
Convar smartrecovery is a good tool to bring pictures back.
A lot of those pictures are damaged, and have a lot of ""noise"", because parts have been overwritten.
The majority is still there.
RSA just 1 time is just as a delete, and erases just the pointer.
If someone used delte, you bring it all back with undelete.
Just like a format seems to wipe everything, but when you use UNformat, all will be back.
Like the videotape I mentioned earlier. If you have a movie of three hours and take every fifth picture out, you still have four good pictures left. Enough to see if there was Cheeze Pizza on the tape or just the movie""gone with the wind"".