Silk Road forums

Discussion => Security => Topic started by: wanna-be on April 21, 2012, 07:57 am

Title: Hard drive destruction
Post by: wanna-be on April 21, 2012, 07:57 am
If one destroys their hard drive in their laptop and replaces it with another, does that erase every trace of recoverable memory on the the laptop?
Title: Re: Hard drive destruction
Post by: mdmamail on April 21, 2012, 08:06 am
Load up a live CD too and blast the memory, though it should erase itself after an hour or so of no power (disconnect battery).
Also did you properly kill the HD.. simply breaking it into pieces is not enough. Truecrypt it with impossible random password, then use http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml to access bad partitions and nuke them.
Title: Re: Hard drive destruction
Post by: Prawl42 on April 21, 2012, 12:34 pm
Also if you plan on going though HD's regularly in the future just use live usb to run your os from, destroying a small usb stick is much easier then a big chunk of metal :)
Title: Re: Hard drive destruction
Post by: AbraCadaver on April 21, 2012, 03:47 pm
Load up a live CD too and blast the memory, though it should erase itself after an hour or so of no power (disconnect battery).

+1

It's technically possible (though hardly 100% reliable) to open up a computer and subject the RAM modules to very cold temperatures in order to help preserve whatever the contents were immediately before it was switched off. From there, the RAM modules can have their contents read.

Don't allow this to frighten you too much though. You'd have to be a known, high value LE target for them to consider going to such lengths, and as mdmamail mentions, once the computer has been switched off for long enough, no RAM contents are retrievable no matter how much liquid nitrogen you use
Title: Re: Hard drive destruction
Post by: vlad1m1r on April 21, 2012, 04:37 pm
Load up a live CD too and blast the memory, though it should erase itself after an hour or so of no power (disconnect battery).

+1

It's technically possible (though hardly 100% reliable) to open up a computer and subject the RAM modules to very cold temperatures in order to help preserve whatever the contents were immediately before it was switched off. From there, the RAM modules can have their contents read.

Don't allow this to frighten you too much though. You'd have to be a known, high value LE target for them to consider going to such lengths, and as mdmamail mentions, once the computer has been switched off for long enough, no RAM contents are retrievable no matter how much liquid nitrogen you use

Thanks AbraCadaver,

This is the only documented method of bypassing Full Disk Encryption and is known as a "Cold Boot Attack" - if you replace a hard drive, there won't be anything left of that data that remained on the old one but you need to make sure the original has been securely erased. I think DBAN's Boot and Nuke has been mentioned before here. For ultra reliability use the Gutmann method which passes random data over the old information 35 times - Even our Secret Service here in the UK can't recover data from a hard drive wiped in this way but obviously your NSA in the USA have considerably more resources so either sell the old hard drive or dispose of it discretely - I dropped mine down a drain last time!

V.
Title: Re: Hard drive destruction
Post by: pine on April 21, 2012, 10:11 pm
Once cloud computing genuinely comes into it's own, so much of these discussions will become completely irrelevant. Instead of having to track down 1 encrypted HD, it could be a million HDs with a trace bit of data on it, and so forth. Hypothetically of course.
Title: Re: Hard drive destruction
Post by: mdmamail on April 21, 2012, 11:47 pm
If you have an ATA or SSD drive, use this: http://cmrr.ucsd.edu/people/Hughes/SecureErase.shtml
It destroys everything by using hardware manufacturer secure erase built into every drive. Completely destroys all data, bad blocks and other areas no software can reach. Note to yourself: don't use SSD drives Truecrypt advises against it.

Else:
- download any linux live CD .ISO, burn to cd and reboot
-encrypt the entire disc using Truecrypt with ridiculous maximum length password made up of totally random characters
-open terminal. If your live CD doesn't have dcfldd then apt-get install dcfldd or aptitude search dcfldd
-enter in terminal: "dcfldd pattern=lol of=/dev/sda" (change /dev/sda to wherever your disc is mounted obviously, drop to terminal and type "dmesg | grep sd" your HD is probably sda )

entire disc will be overwritten with lololololololol which is a great message for the feds to read when they seize your drive and try to analyze it using Encase forensic software. verify this by typing "dcfldd if=/dev/sda | hexdump -C"