DBAN - Emergency data destruction

Discussion in 'Keeping Your Anonymity In Iran' started by TheONE-IRAN, Jun 19, 2009.

  1. TheONE-IRAN Member

    I have not seen this mentioned yet...

    Darik's Boot And Nuke | Hard Drive Disk Wipe

    FYI: A single overwrite pass will make the data unrecoverable on a hard disk - However I would suggest if you have the time to use 3 pass's just to be safe.
    • Like Like x 1
  2. Ver Greeneyes Member

    Even several wipes can still leave magnetic traces that a determined expert can recover, so run as many passes as you have time for/the data is worth.
  3. TheONE-IRAN Member

    • Like Like x 1
  4. Ver Greeneyes Member

    Thank you for the sources.
  5. TheONE-IRAN Member

    Not a problem.
  6. Single erase is absolutely not enough for data destruction. Any HDD wtih data just deleted can be recovered pretty fast (minutes or even seconds). Also a large capacity HDD requires alot of time to be erased fully (not just the FAT, NTFS or other file system but all the bits on that disk). The only good data destruction method using software methods is multiple rewriting with random bites so after about 20-30 passes no one will be able to recover any meaningful data from this HDD. The other destruction method is physical. But this requires some tools to open the HDD. Then you will need some torch to literally burn the disks. They are made of thin metal so some pocket gas torch is able to transform the disk/s into some shapeless piece of metal which doesn't contain data anymore. For large capacity HDDs may be the physical method is faster.
    • Like Like x 1
  7. The upper post is not true for flash drives where a single full erase is really enough. I forgot to mention this, sorry.
  8. 20-30 passes is completely ridiculous by any standards. Even the DoD only does what, 3 passes?
  9. Disk Wiping

    I am the owner of the domain above and work in computer forensics dealing with hard disk (and other storage media) wiping on a daily basis.

    You cannot recover data from a modern hard drive which has been wiped just once. It is the equivalent of this:

    We'll represent some data in binary first:

    This is equal to "69" in decimal, a human readable format which you might see in a text document or anywhere really.

    Disk wiping software will go through a storage medium randomly writing one's and zero's (or all zero's or custom patterns, basically whatever it is programmed to do).

    So if you were to just "zero" out the storage media then you would be left with a drive filled with zero's. Your data "69" would now be:

    Which in decimal is: 0

    You cannot recover the previous contents of this data, it is now gone. There is a technique called Magnetic Force Microscopy which uses a device to "detect" the previous value of a bit (1 or 0). Modern hard disks are far too efficient for this method to yield accurate results.

    This method may recover 1 bit correctly (extremely slim chance), but it then has to recover seven more bits correctly to recover the original decimal value "69" (which is a byte). Documents are normally made up of several kilobytes. The chances of recovering a single bit are very slim. The chances of recovering a document in its original form (not coming out as random letters and numbers) is pretty much 0%. If even a single bit is different in a byte, then the bytes value is not equal to what it was originally.

    Apply this to other file formats such encrypted files, even if you have the password, the encrypted container is now corrupt and destroyed. Open a picture in a hex editor and change some bytes, watch colors change. Do the same with other files and documents.

    Currently there is about a 0% chance of data being recovered after a single wipe.

    Hope this helps.
  10. Also

    I also should mention that many of you are probably confusing normal deletion of data with a single pass disk wipe.

    Normal deletion of data on most operating systems is really the equivalent of tearing out sections of the table of contents of a book.

    Think in terms of this:

    You can only read a book by first looking up the page number in the table of contents. So if that entry is torn out you can no longer return to those pages to read the content. The content on a storage medium still exists but it has been marked as "unallocated" and can now be used by the operating system as a place to write data. So it will eventually be over-written, however, in the mean time it can still be recovered with specialized software which can scan through a storage medium to identify these files.

    When you wipe a drive, you are essentially replacing every page from cover to cover.
  11. Crayson4Iran Member

    Don't be too paranoid.

    Factor in the number of people.
    The number of computers and hard drives.
    The amount of data!

    Iran has only so many forensic experts/laboratories and limited time.
    The can't try and recover thousands of empty harddrives.

    I recomend having this little program handy and use it.
    The more people use it the better, the bigger the number of trashed hard drives they need to look at.

    Nothing is absolutely safe, but this is certainly a way to make it MUCH safer in case your computer is in danger to fall in their hands and you need it wiped quickly!
  12. worse comes to worse if you've got the time you could attempt to physically destroy the hard drive.
  13. Ver Greeneyes Member

    Of course that might give them more grounds to arrest you on. Just a wiped hard disk doesn't mean much.

  14. the free program ERASER works beautifully too. You can do a Gutzman erase or choose fewer also cleans the empty spaces on your hard drive >)
  15. Yar

    I can't imagine there being many competent government forensic examiners in Iran? Federal agents in the US that do this can sometimes barely turn on a computer. It is the private sector which is light years ahead.

    Another way to secure your data is to use full disk encryption with TrueCrypt and modify the boot loader with a hex editor to remove the string "truecrypt"

    Modify TrueCrypt Encryption Boot Loader Strings | Anti-Forensics

    This way you've a disk full of data, it's just unreadable.
  16. just get some thermite rigged over your PC theres a perfect solution
  17. DeiBellum Member

    For those of you using linux, instead of using the 'rm' command, use the command 'shred' it effectively does the same thing as the tools above. For a more secure erase use 'shred -z' which will add a layer of Zeros over your "shreded" data.

    Source: shred - Linux Command - Unix Command
  18. I spent two years working in a computer forensics shop - we used Eraser to wipe drives that were used to transport client data/backups/what have you, and we slept just fine at night.
  19. What about magnetic domains? Bit storage area boundry regions?
    Why do you spread this kind of disinformation?

    Sheesh, even shuffling a deck cards requires at least 8 passes to randomize. Disk storage is not numerical, it is physical. In forensic or recovery analysis we do not search the numerical content of a disk like a computer operating system would, we look at the magnetic properties of the entire platter surface.


  20. xtheory Member

    Forget software means of erasing data. Unless you have enough time to wipe drives with the standard DoD 7 pass wipe you should go for complete destruction and use thermite to melt the drives down to molten metal. The recipe is extremely simple and cheap to make. You should have as many batches of these prepared ahead of time in the event you have to throw the hard drives into it and light it before bailing. Here is how you make it:

    You take 8 grams of powdered iron oxide to 3 grams of powdered aluminum and put them in a standard clay flowerpot. It's best to have a thin magnesium strip of metal to act as an ignition method. All you need to do is light the magnesium strip with a match or preferably a butane lighter. Before lighting it bury the hard drive in the middle of the mix and light. Security forces or police will not be able to put out the thermite once ignited and it will burn at around 2500 deg C effectively melting the entire hard drive in minutes. EXTREMELY IMPORTANT!!! - Ensure you do this outside, because if you do this inside of a building it will set the building on fire and will be next to impossible to extinguish.

    Another tip - make sure your computers have easily removable hard drives. Ideally you should be able to pop the front of the computer case off and pull out the hard drives in under a minute without tools. This is essential! You won't have much leeway time when you hear the police busting in your apartment. Keep all your pots, computers and ignition methods prepared and close to each other so you do not have to search for them when and if the time comes. Put the pots outside with the hard drives, light, and run! It will not explode but you do not want to be anywhere close because they will arrest you for destroying potential evidence against you. Be careful with itself. It will not ignite on it's own (non-volatile) but if you come in contact with it while it's burning you will be severely injured or die as a result.

    Wiping is okay, encryption is better, but full destruction is the ONLY guaranteed means of keeping your data secure. It is cheap and easy in most countries to secure the supplies for this method of data destruction. It can also be used for quickly destroying anything else that would take time to burn.

    I guarantee this will work for you in an emergency. When I was in the Army we'd use thermite grenades for destroying sensitive communications, vehicle engines and weapon systems if we felt they were going to imminently fall into enemy hands. A simple soda can with a hole in the bottom filled with thermite can easily melt through the engine block of a car if placed on the hood. Cover the hole with paper or tape on the outside so it does not leak out. Light on a security force vehicle's hood and run. They will be unable to stop the reaction or use the vehicle to pursue you before the damage is done. I do not condone violence but I fully support the Iranians cause for democracy which under extreme circumstances call for sabotage.
    • Like Like x 1
  21. Xtheory is correct, physical destruction by heat is the ONLY guaranteed way of data obliteration in a panic (storm trooper thugs coming through the door) situation assuming you can set the thermite charge on top of you computer off. It's a bit hard on the apartment, but...

    A single pass erase, even with a shredder is recoverable by competent technicians with proper equipment.

    Using scanning electron microscope... a DOD standard pass can be recovered.
    (The CIA disposes of their hard drives (according to CBS-60 Minutes) by removing the platters, physically scrapping the media from the platters using a specialized lathe then destroying the shaved media. Guess they don't trust the DOD algorithm either)

    Only shredders using Peter Gutmann wiping schemes, such as BCWipe and BCWipe Total Wipe Out by Jetico, can be trusted to do the job. However a "Gutmann" wipe takes 35 passes... in other words,, it could take days to shred your hard drive.

    About Yar from Anti-Forensics
    In situations where your freedom is on the line; knowing who to trust is critical. When in doubt, don't trust. And someone giving the kind of advice Yar is, though I have now way of knowing for sure, bet he's a bad guy or working for the bad guys, it could save your life.
  22. TheONE-IRAN Member

    This has always been a widely discussed topic.

    This was from Gutmann in 1996

    Secure Deletion of Data from Magnetic and Solid-State Memory

    Bottom line
    • Complete physical destruction is always preferred and absolute
    • DBAN or the like even at single pass has value when needed
    • Avoid the need to even be concerned about data wiping and use whole disk encryption
  23. No company has been able to recover data from a complete 0 out of data on a modern hard drive. Due to the absurd density of platters ( 500gb a platter now ) microscopes are not longer able to ACCURATELY discern what was there before. Again, so far, no company can recover a complete 0 out of any modern hard drive under any circumstances. You have to understand that you're literally going through each 1 and 0. Not only would it be incorrect many times ( who's to say they haven't written a 1 before they put another 0 down to screw you up? ) you wouldn't be able to recover more than a kilobyte for thousands of dollars. Chances are they would have maybe a line of pixels and some random google logo on your hard drive.
    In summary:
    You just have to use DBAN once
    No one can ACCURATELY predict whether it is a 1 or 0 ( you'd need almost 100% to interpret the data )
    No one can ACCURATELY predict whether it is a 1 or 0 on a scale of hundreds of gigabytes.
    Just use truecrypt and DBAN and you're fine.

    People give the impression that all they do is look at the hard drive with a microsope and they can see all your information/drag and drop files off of it.
    If you really want to protect yourself fill up the hard drive with random crap like games hah. The less that is on the HD that is relevant the more minuscule a chance that they would find it. ( 2MB of photos and 200KB text compared to 150GB of games... )
    • Like Like x 1
  24. The only US gov agency I've ever heard of doing any 1337 computer stuff was the Air Forces OSI figuring how to read fragments of floppies buy taping them to other floppies and the putting the bits back together.
  25. xtheory Member

    This was posted in the other thread, but it should go here as well:

    Do you think a single pass zeroed out wipe of a hard drive is quick in an emergency? Try at least an hour for an 80GB drive. I just did a test single pass zero wipe of a 250GB hard drive today and it took 2 hours. I don't know about you, but I doubt I could hold off an Iranian SWAT team for that long. Unless you know hours in advance that they are coming (which you don't) you just will not have the time to zero the disk. In that case you better wish you have at least encryption. Then again, they could just capture you and torture you to give up the password or USB key you're using to get to your data. You still might get tortured if you try to destroy the data via disk wipe or thermite, but at least with thermite you know there is no way of retrieving the data and the only way they'll get any information is by compelling you to talk. The beauty in this is that you can always lie under torture. You cannot lie about physical evidence because they have it.

    I can see how this would go down...

    Police: Open the door. This is the police!

    You: Uh, heh. Could you come back in two hours while I wipe this hard drive?

    Police: NO!

    You: Fuck! I wish I had thermite and a burn box.

    If your wondering how long it would take to pull hard drives from a desktop computer with front loaded hard drives with tool free removal, this is what you'd be looking at:

    Removal of hard drive: 1 minutes
    Stuffing hard drive into already prepared pot filled with thermite: 1 minute
    Put thermite filled pot in a metal burn box inside of bathtub: 20 seconds
    Lighting magnesium fuse: 3 seconds
    Put metal burn box on top of pot: 5 seconds

    Total time of to totally destroy hard drive: 2 minutes, 28 seconds maximum

    Total time to do wipe drives with zeros: 2 hours

    It's your life and choice. I'd prefer the foolproof method that takes the least amount of time.
    • Like Like x 1
  26. Gluing Data Back Together

    During the 1979 Revolution the Iranian's took shredded secret documents from the captured American Embassy. With great and dedicated effort they glued all the pieces of paper back together and gained a huge insight into the secrets those "shredded" documents contained.

    For a computer, the data is on the hard drive. That would be removed and totally destroyed by melting the parts.
  27. xtheory Member

    Exactly my point. When other people's lives are on the line you do not want to risk their safety by not being careful enough. That is why many spies in WW2 carried cyanide pills - destroy yourself and you keep the enemy from your secrets. Destroying a hard drive is the ONLY way to 100% guarantee that the data is unrecoverable. Even though it's said to be nearly impossible to recover from a disk wipe (if you even had the time to do it anyways) you should never underestimate the will of a government that hasn't even a single shred of integrity to conduct a lawful election. If they have the time they will do whatever they can to get to your data. There are some extremely smart people in Iran. Some of the most talented programmers I know are Iranian. Never underestimate under any circumstances.

    Does this sound too paranoid? Perhaps. But then again - how much is your life and the lives of the ones you love to you?
    • Like Like x 1
  28. SSD is a great alternative

    SSD stands for solid state disk. They run similer to thumbdrives and they take somwhere from between 6-12 volts of power.
    One could buy a couple of SSD drives and store their data on those.
    Then hook up mains power on an emergency kill switch directly to the terminals of each SSD.
    If the iranian police force were to knock on the door, one could just then flick the switch and completly and uttly fry the SSDs.
    This could destroy ur highend computer hardwear too, but i suppose u could also make another switch to isolate the drives from the computer then the kill switch for the SDDs.
  29. How many people, not just Iraqis, will have time to wipe their hard drives while government henchmen break down the door and rush in. They'd have the entire computer out the door in a matter of minutes. I have a better idea. Just use strong system-wide encryption with a very long passphrase. Then, even if you can't wipe it, it should take months to decrypt. Make sure to use a duel-boot and keep your encrypted filesystem unmounted while you're in the unsecured system, so you can keep hackers out of your encrypted system while you're playing Solitare. If you're unsure about how to do this, go to #ubuntu on and ask how to setup an encrypted system with the alternate installer. They'll be happy to help.
    • Like Like x 1
  30. My two cents later than sooner

    Ok so I'm reopening an old thread but its a great thread. Here is a thought the more than one pass idea has more to do with software and or hardware errors that result in a "0" or two being missed and by doing the wipe again the odds of "missing" due to software or hardware failure/glitch are decreased exponentially. I doubt anyone who made the 3 pass dod spec would argue that a "perfectly wiped" with zero's wipe is not enough. 3 pass's probably has more to do with making sure you didnt "miss" due to an error.

    Encryption: so if your worried about cops kicking in the door have all your stuff encrypted. They really are not going to get past encryption at least this year right? So has anyone heard of a hard disk being shelved to await a later date before a statute of limitation has not run out in case a PD dept. suddenly avails themself of "new" methods to recover encrypted data without the encryptor's coopertation? Seems far fetched....... Then again look at Roman Polanski sheesh 30 years later they are still after him so you never know.....

    So I have a question, if you encrypt your drive with Bitlocker or PGP-commercial then destroy the "key", on a hardware raid-0 with 2 drives then wipe the raid and reformat the raid using a different "block" size then writing with zero's one time to the new array can anyone imagine this data being recovered ever?
  31. To all the geniouses out there. You are not going to have 2 minutes and 30s to extract your hardrive and destroy it in a police raid. My advise? Use a laptop for that kind of information. That you can destroy with thermite in what, 10s? I hope the police can't break the door and outrun you to your thermite, cause then, buddy you are fucked.
  32. really - you have government forces in a hostile country that are bursting down your door to get their hands on the information on your hard drive.
    1 - you will not have 2.5 minutes to destroy shit!
    2 - destroying the hardrive will not mean they wont torture you for the information or just shoot you on the spot...

    if you are going to be paranoid - do it properly.
  33. This doesn't only apply to people in Iran, but it can and should apply to people everywhere.

    If you want to protect your data, use FDE (Full Disk Encryption) to protect it whenever your PC is not turned on and in use. (Truecrypt, Veracrypt, etc)

    Then if you need to wipe it in a hurry, just have DBAN ready to go, to do it quickly one pass should be enough especially if your HDD is already encrypted. If you still don't trust just one pass, then I recommend three passes, that will definitely remove everything.

    After that if you need to, and if you have enough time, you can pull the HDD apart, and physically destroy the platters.

    It makes you look suspicious, and it might make you end up in jail, depending on your circumstances, but personally I'd prefer just the peace of mind that no one can get any of my data.

Share This Page

Customize Theme Colors


Choose a color via Color picker or click the predefined style names!

Primary Color :

Secondary Color :
Predefined Skins