It has been a long, long while since I last updated this "thread" of useful security-related applications for Windows and Linux, last time was when Torpark was still called Torpark, because I’ve purposefully withheld information that was sensitive at the time. You don’t have to be an 1337 h4x0r to find out where I work, and why it could be a sensible stand given factors of varying nature. But enough shadow talk and secret whispering! There are a few applications that I use daily that I recommend to my peers who care enough about privacy. And whatever I reveal here is not sensitive for my work place. Today I want to tell ya’ll about wiping.
Whenever you do something in the electronic world, you leave a trace. And whenever you delete a file, you leave a trace. Most systems don’t even delete the file they just mark it as empty space, and it is free for anyone to undelete them completely. I will write on data recovery and forensics later.
But what to do then? Simply stop using computers? No. Even though you live in a cabin in a forest without any electricity, you can be sure that there are insecure systems out there who store information about you. The way to tackle this problem is a simple change of routines. Instead of deleting files and compromising the data whenever the storage device is a) returned for service or b) simply thrown away or c) stolen/accessed/cracked, is to wipe the files.
There are many ways to wipe but my favourite is The Hacker’s Choice:
The deletion process is as follows:
- The overwriting procedure (in the secure mode) does a 38 times overwriting. After each pass, the disk cache is flushed.
- truncating the file, so that an attacker don’t know which diskblocks belonged to the file.
- renaming of the file, so that an attacker can’t draw any conclusion from the filename on the contents of the deleted file.
- finally deleting the file (unlink).
THC’s Secure_Delete tool does exactly this. Using:
$ srm -v <filename>
$ srm -r -v <directory name>
you get a verbose output of the wiping process of the file or directory respectively. The nice thing about Linux is that you can include secure_delete in any bash script or cron job (scheduled task) that you wish.
Wiping, in any system, naturally takes some time. THC writes that in 1 second you can approximately overwrite 1 to 2 MB of data, depending on your harddrive performance. In totally insecure mode, a 100 MB file/free-disk-space takes about 15 seconds, while the totally secure and recommended mode takes approximately 60 minutes. Leaving the wiping to itself is probably the best way to save time, while you boot up your second machine to read the latest sigg3.net adventure.
The two file systems in use in the Windows world at the moment are FAT and NTFS, both of which is supported (somewhat) in Linux as well. FAT is a pretty old format, and data gets fragmented if you sneeze in the general direction of the chassis. Files stored in FAT are really easy to recover too. NTFS is a huge step in the right direction, because it dynamically utilizes the disk making data recovery harder over time, but still lags behind some of the better unix file system formats such as xfs, ext3 and reiserFS. In other words, data wiping is even more important in Windows than in Linux. So what applications can you use? I’ll cover one commercial (but free) and one open sourced tool here.
A very simple to use tool that integrates nicely into the Windows desktop. You download and install the free trial edition (embedded license) and you’ll receive a right-click option for wiping, including: Delete (file or dir) with wiping, Wipe recycle bin and Wipe free space. The latter is brilliant, because by first deleting the file normally and then wiping the free space of that disk, any intruder will not be able to distinguish what has been a file and what has been empty space. By default, however, BCWipe uses the US Department of Defence 7-time wipe setup which is not what your privacy requires!
Instead select the Guthman method (35 wipes) or create your own custom wipe. If you’re about to wipe large amounts of data over a few days Windows may give you some trouble. Disable hibernation and standby or else the wiping file can be made inaccessible to BCWipe and the process will halt waiting for user input. BCWipe allows you to choose what to do when the desired operation is completed, such as show log, restart or shut down the computer.
Heidi, fronted by a gal looking suspiciously like a number 6 cylon agent, has made a wiping tool for windows that is open sourced and released under the GNU General Public License. It was Irongeek who tipped me about it because I didn’t like the bcwipe license. Similar to BCWipe it features a nice context-menu option but also has a scheduler feature, which is always nice. In contrast to BCWipe, Eraser uses the Guthman standard by default. I have only tried it once, but my feeling’s that they both get the job done (though Heidi has a nicer license).
Making a habit of wiping sensitive data or traces thereof will do you no harm at all. In fact, it may save you from losing face (or your job) one day. All those embarrassing photos of celebrities, for instance, would have been avoided if the camera or cellphone memory had been wiped before it was turned in for repairs. And what about the external USB-cabled hard drives that you use for backups, when you send them in for replacement. Did you wipe’em first? I hope you did, or else you’ll have people like me checking out your data. I’ll cover forensics at a later time. In the meanwhile, do as your mother told you and remember to wipe.