Silk Road forums
Discussion => Security => Topic started by: xblackbladex on January 02, 2013, 11:06 pm
-
Incase you were worried that the LE was coming to your house, what steps would you take to clean your computer/house of evidence? There's always the obvious like "throwing out your harddrive", or if you wanna be like the terrorists in 24 stick a strong magnet to your harddrive lol, but say you don't wanna do that? What disc utilities could be used that will actually thoroughly wipe out evidence, which folders in your computer may contain evidence(ie are there any temp folders in the tor browser folder?). I'm far from computer illiterate but when dealing with safety I'd like to hear some real professional opinions. I think everyone should be aware of this kind of stuff.
-
Use a strongly encyrpted disk, run everything in RAM. Don't reveal password.
Something like tails is good. Or there is TrueCrypt's plausible denyability trick where two passwords give two different OSs...
You will not have time to destroy or erase your disks when they kick in the door.
-
The National Institute of Standards and Technology approves of only one way to securely erase data like hospital records and sensitive government documents, and that's a full random write over the entire hard disk. Writing over individual files is unsafe on a journaled filesystem, and doubly so the way Windows defragments and moves files around. An individual file can be written to multiple locations on a hard disk, and a program that "securely erases" individual files will only write over the last location.
An boot disk like DBAN is your best option. It does two random writes followed by one write of zeroes to make it look like no data erasure / cover up happened. That's may seem extreme, because you have reinstall your OS, but anything less is mirage of security.
-
Use a strongly encyrpted disk, run everything in RAM. Don't reveal password.
Something like tails is good. Or there is TrueCrypt's plausible denyability trick where two passwords give two different OSs...
You will not have time to destroy or erase your disks when they kick in the door.
Which is why I think it's good everyone learns in advanced. Perhaps doing routine clean ups can help. Plus if you get a warning letter from customs and they are actually planning on coming to your house, in many cases you'll get a few days before they come knocking. Those few days can be vital.
-
The National Institute of Standards and Technology approves of only one way to securely erase data like hospital records and sensitive government documents, and that's a full random write over the entire hard disk. Writing over individual files is unsafe on a journaled filesystem, and doubly so the way Windows defragments and moves files around. An individual file can be written to multiple locations on a hard disk, and a program that "securely erases" individual files will only write over the last location.
An boot disk like DBAN is your best option. It does two random writes followed by one write of zeroes to make it look like no data erasure / cover up happened. That's may seem extreme, because you have reinstall your OS, but anything less is mirage of security.
I learned in my IT class that if they are really hardcore searching your hdd, one write of zeros may not be enough. Are there any utilities that you guys know of that can write over it multiple times, I'm thinking like 16x at least!
And yes I expected that true destruction of evidence would involve wiping the OS, I was just hoping there might be other options.
-
An boot disk like DBAN is your best option. It does two random writes followed by one write of zeroes to make it look like no data erasure / cover up happened. That's may seem extreme, because you have reinstall your OS, but anything less is mirage of security.
Astor is 100% on point. To do the job right, use DBAN. Darik's Boot and Nuke -(clearnet) www.DBan.org
-
An boot disk like DBAN is your best option. It does two random writes followed by one write of zeroes to make it look like no data erasure / cover up happened. That's may seem extreme, because you have reinstall your OS, but anything less is mirage of security.
Astor is 100% on point. To do the job right, use DBAN. Darik's Boot and Nuke -(clearnet) www.DBan.org
Thanks for the link, I'm gonna go save it. It only writes one line of zeroes though?
-
Maybe I'm overselling this thread but I think we should pin this. Or at least a thread like it.
-
I learned in my IT class that if they are really hardcore searching your hdd, one write of zeros may not be enough.
As I said, it writes over the entire hard disk TWICE with random data, followed by one write of zeroes, so that's three writes total.
Are there any utilities that you guys know of that can write over it multiple times, I'm thinking like 16x at least!
Yes, DBAN. 16 times is overkill. NIST seems to believe that medical records are securely erased after a single write.
Look at this: https://en.wikipedia.org/wiki/Data_erasure#Number_of_overwrites_needed
Even ATA disk wipes, widely considered to be the most secure, do a single write.
But if you really want 16 writes, you could run DBAN 5 or 6 times. :)
-
I'd probably do it a couple more times just to be safe =D !
Is it true though that if you put a magnet to your harddrive that i'll break the access arm and render it unreadable? Say in a situation where they do kick in the door? Or was my professor just busting our balls? He seemed pretty serious about it.
-
Well, say they get on your computer and you never cleaned it. Tor doesn't save any cache/history or any temp files right? Therefore no evidence of ever being on SR right? So is having tor on your system enough evidence to use against you in court?
-
The National Institute of Standards and Technology approves of only one way to securely erase data like hospital records and sensitive government documents, and that's a full random write over the entire hard disk. Writing over individual files is unsafe on a journaled filesystem, and doubly so the way Windows defragments and moves files around. An individual file can be written to multiple locations on a hard disk, and a program that "securely erases" individual files will only write over the last location.
An boot disk like DBAN is your best option. It does two random writes followed by one write of zeroes to make it look like no data erasure / cover up happened. That's may seem extreme, because you have reinstall your OS, but anything less is mirage of security.
I learned in my IT class that if they are really hardcore searching your hdd, one write of zeros may not be enough. Are there any utilities that you guys know of that can write over it multiple times, I'm thinking like 16x at least!
And yes I expected that true destruction of evidence would involve wiping the OS, I was just hoping there might be other options.
To the best of my knowledge, no one (with the possible exception of the intelligence agencies) can recover data from a disk that has been wiped using one or more random passes, then zeroed-out. I had a friend who was hit with a Word macro-virus -- their files appeared intact, in that the file names/file sizes were correct, but the contents had been zeroed-out.
They lost years of documents, and even though they approached a well respected data-recovery service, nothing whatsoever could be recovered.
NC
-
Is it true though that if you put a magnet to your harddrive that i'll break the access arm and render it unreadable? Say in a situation where they do kick in the door?
It'll do more than that. A hard disk is a magnetic platter. The "bits" are defined by the magnetic orientation of tiny portions of the platter. Running a strong magnet over it will flip all the bits in the same direction, like doing a write of all zeroes or ones. It's certainly the fastest form of data wiping if you do it right, so that may be your best option when the door is getting kicked in. DBAN takes 5-10 hours on an average hard drive to do 3 writes. A magnet takes a few seconds.
Well, say they get on your computer and you never cleaned it. Tor doesn't save any cache/history or any temp files right? Therefore no evidence of ever being on SR right? So is having tor on your system enough evidence to use against you in court?
Correct. It would be a huge privacy leak if it saved your browsing history to disk. If you save bookmarks or passwords, those will be saved to disk, though.
Tor isn't illegal. I don't think you could be convicted of a specific crime like attempting to purchase a controlled substance, just by having Tor on your computer.
-
I have heard of data still being extracted after using magnets because of the metal casing between the drive platter. I believe the correct way to the whole magnet degaussing involves neodymium magnets making multiple swipes within an short allotted time. Or done vie electromechanical degaussing. If you got the cash go for a Model TS-1 Degausser, it's NSA approved but might set you back $20,000. :)
As for software "Secure Erase" created by the Center for Magnetic Recording Research (CMRR) is by far the fastest and the best program I've used since DBAN.
Also to note if you want the most secure way to store information I would highly suggest getting an "Apricorn Aegis Secure Key". Those things have a built in keypad and won't allow it to be usable if you fail to login after 10 attempts.
-
honestly i was so paranoid i wrote over my old hard drive :-[ oh well i feel safer anyway
-
honestly i was so paranoid i wrote over my old hard drive :-[ oh well i feel safer anyway
Don't feel bad you're not paranoid you're smart. A few months ago I got a customs letter and a few hours later I threw out my hdd.
-
Computer forensics cost a bunch of money.
For instance, recovering a filesystem from a complete drive where the controller has fried or something costs a thousand bucks or more. Recovering a raid array - where no data has even been over-written - costs 10s of thousands.
Recovering data from a drive that has been smashed, erased by writing new data, or whatever, is probably only worth attempting for a suspected terrorist cell. Even then I bet only a few if any government departments have that ability. Did they get any data from the PC of that connecticut shooter yet?
For a minor drug raid they are going to take the hard disk and if there isn't anything immediately obvious they are probably not even going to run an un-delete utility, let alone anything that can recover stuff that is written over or corrupted. It isn't worth the cost. They'll look at the browser history and cache, and in your Documents directory hoping to find "My Drug Orders.txt".
Note however that SSD drives because of the way they try to preserve the life of the each flash block leave a lot of data around. Even if you re-write a file with 1s, the original file is mostly still there. Even if you re-format and re-write an SSD, some data is left over.
That said I'd like to meet a prosecutor who thinks it is good use of taxpayer money to recover data from a partially destroyed filesystem in order to charge someone with personal possession or small scale dealing.
If you use TrueCrypt you should check whether the authorities are allowed to charge you with withholding the key from them or destroying the key. You might find the penalty for that is bigger than the crime you're covering up. Consider that it is best they don't see any evidence you are using TrueCrypt in that case.
-
Hey xblackbladex, I posted some info in a new thread because it's a lot of text
http://dkn255hz262ypmii.onion/index.php?topic=99520.0
-
The National Institute of Standards and Technology approves of only one way to securely erase data like hospital records and sensitive government documents, and that's a full random write over the entire hard disk. Writing over individual files is unsafe on a journaled filesystem, and doubly so the way Windows defragments and moves files around. An individual file can be written to multiple locations on a hard disk, and a program that "securely erases" individual files will only write over the last location.
An boot disk like DBAN is your best option. It does two random writes followed by one write of zeroes to make it look like no data erasure / cover up happened. That's may seem extreme, because you have reinstall your OS, but anything less is mirage of security.
I learned in my IT class that if they are really hardcore searching your hdd, one write of zeros may not be enough. Are there any utilities that you guys know of that can write over it multiple times, I'm thinking like 16x at least!
And yes I expected that true destruction of evidence would involve wiping the OS, I was just hoping there might be other options.
Magnetic microscopy has been used to recover overwritten data in the past. However this was only effective on older low-density drives. The area around where the bit was stored could retain old states. Modern high density drives use almost all of the space making this technique near useless.
While wiping many times is a good idea, once or twice is probably good. But then, you should be wiping already encyrpted data anyways.