Wipe Any PC in 2 Minutes!

[jakkuh_t]

We investigate a USB key that claims to irreversibly destroy data.

 

 

 

Buy the RedKey USB:

On Indiegogo: https://lmg.gg/8KV92

[Enderman]

My hammer can do the same in 2 seconds

[Slottr]

Just now, Enderman said:

My hammer can do the same in 2 seconds

With my clumsiness I just have to look at a drive and the data's gone

 

Check. Mate.

[GGPLAYING]

My cola can do the same in half a second.

[SolarNova]

Thats all well and good, but what about secure erasing sensitive data and free space WITHOUT wiping the entire drive and/or OS ?

 

For HDD its easy, plenty of free utilities that work, but for SSD's ..not so much. Paid sure, but not free.

[TheSebware]

Linus,

NO, The MBR/GPT does NOT contain the File Tree Structure.

The MBR only holds Data about the Bootloader (if installed there) and the Partition Layout (Part. 0 starts at sect. 1, ends at sect. 1337 has a XFS/HFS/Ext4/ReiserFS/Whatever File System and Flags Alpha, Beta, Delta). GPT works similar.

Your actual directory tree is stored in the File system.

 

Second: Anything that can trigger an ATA Secure Erase will do the same as the manufacturer's tool (as long as Secure Erase is supported by the drive).

So, a Free tool for SSDs:

hdparm on Linux (USE WITH CAUTION!): https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase

 

21 minutes ago, SolarNova said:

what about secure erasing sensitive data and free space WITHOUT wiping the entire drive and/or OS ?

Securely erasing data from a PC running Windows? Sysinternals to the rescue: https://docs.microsoft.com/en-us/sysinternals/downloads/sdelete

I don't know about other platforms.

Edited February 17, 2019 by TheSebware
Added GPT statement

[PopsWC]

The redkey usb is just basically a usb with a skinned version of NWipe for $45

[poochyena]

Would liked to have seen how different software compared, or even just deleting everything, refilling it with junk, and then deleting it all compared.

[oskarha]

30 minutes ago, TheSebware said:

Second: Anything that can trigger an ATA Secure Erase will do the same as the manufacturer's tool (as long as Secure Erase is supported by the drive).

So, a Free tool for SSDs:

hdparm on Linux (USE WITH CAUTION!): https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase

This.

SSDs should be erased with Secure Erase, not overwrites like with spinning rust (eg. CCleaner only does overwrites and refuses to overwrite an SSD).

This USB seems to be overwriting SSDs and not secure erasing them, making it no better than Darik's Boot and Nuke.

[jake9000]

I did enjoy the flashy interface, but like a previous poster says triggering ATA Secure Erase is all you need.

Another option that I use for work is simply rotating the whole disk encryption key and forcing a reboot.. this causes a self-inflicted ransomware scenario. Usually use it if the company is terminating an employee that works from home.

[Fasauceome]

"but Linus, the video is 12 minutes, not 2 minutes"

[TheSebware]

3 minutes ago, oskarha said:

SSDs should be erased with Secure Erase, not overwrites like with spinning rust.

Depends on the Threat Model:

Threat Model 1: Someone who can use forensic software, but can't/won't send the drive any instructions apart from "Read Sectors A-B" or modify the drive physically

Defense: One Pass Zeroes is enough.

 

Threat Model 2: Additionally, the opponent can run any Command they want or even custom Firmware

Defense: One Pass Zeroes, 3-4 Passes Random Data, optionally another pass Zeroes

 

Threat Model 3: Our Opponent has the capabilities to read the drive platters/NAND chips independently from the controller and the knowledge/tools to make sense of the raw data

Defense: As in Model 2, but additionally: Use strong magnetic fields (especially when using magnetic media), large amounts (>700 degC) of heat for at least an hour, drop in a bucket of ice water to accelerate physical destruction and to cool it down quicker, Try shooting a "Will it Blend" with the burned drive.

Get rid of powder in as many different places as possible.

 

In all Threat Models: Full Disk Encryption with LUKS or similar will also hinder an opponent from getting the data.

[tjrose91]

my two cents is what about the build in windows command how efficient is it, 

1. search "cmd"

2. Run as Admin

3. Type in "DiskPart"

4. List Disk ( so you know what disk you need and recommend opening disk manager to double check when selecting disk)

5. Select disk

6. "Clean" shortest or "Clean All" longest ( i assume with " Clean All" from googling that it takes several hours just like if you do Windows Reset Option, this way you dont need to reformatt windows and able to do individual drives using Command Prompt
 Depending on what your needing done sometimes when installing linux and wanting to reuse the drive in a windows enviorment is the fastest just using the command Clean) 

[jsonnet]

So just to clarify, with typical HDDs the space is divided into physical containers, called sectors, if you want to immediately delete a file or even the hole disk you just override each sector with random data. Easy.
But Flash storage on the other hand is divided into blocks, which can wear out and are controlled by a flash controller, which provides an HDD-like interface to your system. Its job is to map sectors to blocks in a dynamic table, which allows the controller to spread the usage on different blocks, even if the operations are always on the same sectors. Which means, if you “overwrite” a sector, usually a new cell gets to be written on and the old one persists.
That's why in practice, flash storage is substantially larger (especially quality ones) than advertised, what allows for degrading blocks over time without losing storage space. All this is dealt with by the flash controller (invisible to user and system)!
BUT:

1. assume you are overwriting sector 0 typically doesn't change block 0, which means the system cannot see the data anymore.
2. assume you are overwriting all sectors once, it does not affect all blocks, as the real size is larger.
3. assume you are overwriting all sectors more than once, could work but might also not.

=> So if someone would take the flash media apart and insert their own controller and read block by block, he can definitely (potentially) recover the (all) data.

 

Of course there are solutions for secure deletion, but they typically require controller support and work by encrypting all cells, store keys in dedicated cells and if a file gets “deleted”, it does this by erasing the key cell. But in a nutshell this solution is far from being perfect and there are still no standards to date.

 

---------------------------------------

FYI: There is no intention in me sounding nerdy or anything like that, I just wanted to give a brief overview on how HDDs and SSDs differ in file deletion and the problem of Flash memory when wanting to securely delete data.

[Electronics Wizardy]

49 minutes ago, tjrose91 said:

my two cents is what about the build in windows command how efficient is it, 

1. search "cmd"

2. Run as Admin

3. Type in "DiskPart"

4. List Disk ( so you know what disk you need and recommend opening disk manager to double check when selecting disk)

5. Select disk

6. "Clean" shortest or "Clean All" longest ( i assume with " Clean All" from googling that it takes several hours just like if you do Windows Reset Option, this way you dont need to reformatt windows and able to do individual drives using Command Prompt
 Depending on what your needing done sometimes when installing linux and wanting to reuse the drive in a windows enviorment is the fastest just using the command Clean) 

Just saying, this won't delete the data just the file system and partition table. You can easily recover files after this. If you want to wipe a drive you have to do a ata secure earse or write over all the data

[Mista60]

what laptop is that at 11:00 in the video?

[C Rose]

3 hours ago, jakkuh_t said:

We investigate a USB key that claims to irreversibly destroy data.

 

 

 

Buy the RedKey USB:

On Indiegogo: https://lmg.gg/8KV92

Lol. Love you guys. My Laurel and Hardy of tech. 

 

[mariushm]

2 hours ago, TheSebware said:

Linus,

NO, The MBR/GPT does NOT contain the File Tree Structure.

The MBR only holds Data about the Bootloader (if installed there) and the Partition Layout (Part. 0 starts at sect. 1, ends at sect. 1337 has a XFS/HFS/Ext4/ReiserFS/Whatever File System and Flags Alpha, Beta, Delta). GPT works similar.

Your actual directory tree is stored in the File system.

 

Second: Anything that can trigger an ATA Secure Erase will do the same as the manufacturer's tool (as long as Secure Erase is supported by the drive).

So, a Free tool for SSDs:

hdparm on Linux (USE WITH CAUTION!): https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase

 

Securely erasing data from a PC running Windows? Sysinternals to the rescue: https://docs.microsoft.com/en-us/sysinternals/downloads/sdelete

I don't know about other platforms.

Completely agree with this.

Seriously, it's such a basic mistake that maybe you should take the video down and correct it and reupload it.

 

Did nobody detect this in the week or so this video was on floatplane?

[THraShArD]

I have some notes stashed away somewhere but have some special DOS Debug commands that will wipe the drive and a Nuke Blast. Takes 2 seconds and under 2 minutes

[tjrose91]

1 hour ago, Electronics Wizardy said:

Just saying, this won't delete the data just the file system and partition table. You can easily recover files after this. If you want to wipe a drive you have to do a ata secure earse or write over all the data

from what i understood " Clean All " is similar to the Reset Option like Linus did, but also from what i understood is " Clean All" secure erases the drive and writes all 0's but it takes a really long time i assume an hour per 320gb of data for the traditional drive shorter for SSD's here is a link to a fourm i found

https://www.sevenforums.com/tutorials/52129-disk-clean-clean-all-diskpart-command.html

[Guest zeuschops]

I could do this mostly with Ubuntu and shell, Windows and batch (with admin privileges tbh), or macOS and shell... Granted, the different could be between 2 hours and 2 days depending on the drive and CPU tbh.. Also, I do mean "secure data erasing" which is typical mostly of macOS and Linux since diskpart (as posted above) usually people stop at "clean" which doesn't do any erasing until you get to `format fs=ntfs` WITHOUT the quick specifier will only do a single pass for 0's.

 

But hey, at $45 I could get like 5 of these things made (maybe not as a key, but just a flash drive with some code on it can be done).

[DataStorm]

5 hours ago, TheSebware said:

Linus,

NO, The MBR/GPT does NOT contain the File Tree Structure.

The MBR only holds Data about the Bootloader (if installed there) and the Partition Layout (Part. 0 starts at sect. 1, ends at sect. 1337 has a XFS/HFS/Ext4/ReiserFS/Whatever File System and Flags Alpha, Beta, Delta). GPT works similar.

Your actual directory tree is stored in the File system.

 

Second: Anything that can trigger an ATA Secure Erase will do the same as the manufacturer's tool (as long as Secure Erase is supported by the drive).

So, a Free tool for SSDs:

hdparm on Linux (USE WITH CAUTION!): https://ata.wiki.kernel.org/index.php/ATA_Secure_Erase

 

Securely erasing data from a PC running Windows? Sysinternals to the rescue: https://docs.microsoft.com/en-us/sysinternals/downloads/sdelete

I don't know about other platforms.

Yeah, correct.

In a FAT (8/12/16/32bit) partition its stored in the FAT  (File Allocation Table, often 2 copies on a partition depending implementation/version)

In a NTFS (New Technology File System, many versions over the years since Windows NT 3.x) partition its stored in the MFT (Master File Table, can be multiple parts over the drive, has journallling, tiny files that are smaller than I believe 4kb will be stored inside the MFT itself instead of outside with a pointer)

And so every filesystem has its own "table" or system with where files are being located and managed with.

 

Seems like somebody didn't do their homework writing for the video.

 

The point of that key is to wipe the entire drive, which includes the partition table and the partitions with their filesystem on it.

Edited February 18, 2019 by DataStorm
incomplete sentence.

[Tamesh16]

6 hours ago, tjrose91 said:

my two cents is what about the build in windows command how efficient is it, 

1. search "cmd"

2. Run as Admin

3. Type in "DiskPart"

4. List Disk ( so you know what disk you need and recommend opening disk manager to double check when selecting disk)

5. Select disk

6. "Clean" shortest or "Clean All" longest ( i assume with " Clean All" from googling that it takes several hours just like if you do Windows Reset Option, this way you dont need to reformatt windows and able to do individual drives using Command Prompt
 Depending on what your needing done sometimes when installing linux and wanting to reuse the drive in a windows enviorment is the fastest just using the command Clean) 

i was gonna comment this, but yeah works fine, didnt do a test, but i know it wrote over all my data 

[GodAtum]

There's loads of free disk wipers https://www.lifewire.com/free-data-destruction-software-programs-2626174

[ahuckphin]

Any reason why @LinusTech is no longer using an ultrawide?