Pennsylvania State University



Information Security

How to Properly Remove Information on

Macs, PCs, and Linux Systems

IST 454

Team Gamma

Chad Eckard

Michele Lang

Aric Renzo

Alec Rendazzo

Geoff Finnegan

Steve Dolges

Chris Banach

Contents

Introduction 3

Background 3

Windows 4

Insecure Deletion 4

Recovery 4

Secure Deletion 6

Linux 7

Insecure Deletion 7

Recovery 7

Secure Deletion 10

Macintosh 11

Insecure Deletion 11

Secure Deletion 11

Recovery 11

Physical Destruction 12

Proper Destruction Example #1 - Microwave 12

Recovery 12

Proper Destruction Example #2 - Thermite 12

Conclusion 13

Works Cited 14

Introduction

When working with sensitive information, it is imperative that organizations take every necessary step in order to remain secure. Be it classified government intelligence, company proprietary data, or your own personal identifiable information, one must take security very seriously. What most people do not realize is that simply deleting a file from ones computer does not permanently destroy that file and with proper utilization of a computer forensics program, an experienced user can retrieve deleted files with ease. When a organization or an individual disposes of a electronic devices such as; Hard Drives, USB Mass Storage Device, Personal Digital Assistant, or Smart Phone, it is imperative that they follow proper electronic disposal guidelines.

The effectiveness of espionage activities on a target, whether it be in government or private industry, always relates to the ability of the target organization to keep their data protected. When data or the hardware storing it reaches the end of its useful life in an organization, this data or hardware must be disposed of in the proper manner to prevent the recovery of documents or databases that could harm an organization or its stakeholders. The failure of a government to do so could compromise military or foreign policy secrets, as shown in the WikiLeaks scandal this past year. The failure of a business to properly destroy its data may lead to violations in federal and state privacy laws, such as HIPPA, or compromise trade secrets held by a corporation.

Background

Even though computers have been around since the 1930s, methods to properly dispose of computer memory were not needed until the 1960’s when IMB created Random Access Method of Accounting and Control [Mary]. This is because the first computers functioned differently compared to modern computers and those of 10 years ago. While there is not a plethora of information about how information was disposed of with the first computers, it can be assumed that it was some form of physical destruction since most of the information was stored on punch cards (The Gutmann). One of the early ways to securely erase data from a hard drive was a method named after Dr. Peter Gutmann. This method was mostly used for computers with Modified Frequency Modulation/Run-Length Limited [MFM/RLL] encoded disks which were replaced by the more modern variations. The Gutmann method uses about 35 different patterns to cover the erased area. This method actually got turned into the “secure erase” function that most computers have already embedded into their system (The Gutmann).

Physical destruction of data is another method to use to keep information safe. One way that is suggested is the use of magnets. However, while data in the past may have been more affected by low-strength magnets, today’s hard drives are much more resilient. Many sources have debunked that any comical, refrigerator magnet can cause mass data loss (Fenton). However, if a strong magnet is used, such as a Neodymium magnet, it is possible to disrupt the data enough to deter the theft of data. In the end, unless the drive is completely destroyed, enough fragments of data may be recovered with scanning transmission electron microscopy technology. However, this piece of technology is very expensive to purchase and difficult to use.

Windows

This section illustrates the insecure nature of deleting files in Microsoft Windows using the standard deletion methodologies. Later, we illustrate how to utilize the “Eraser” software to securely delete files and make them unable to be recovered.

Insecure Deletion

Step 1: Right click on the file and select the “Delete” option

Step 2: Empty the Recycle Bin by right clicking on the recycle bin and selecting the “Empty Recycle Bin” option.

Recovery

Step 1: Open Recuva to start the recovery wizard. When prompted to select the type of file you wish you recover, select the “other” option, this way, the recovery program will look for all types of files and file fragments present on the drive location. Select “Next”

Step 2: The next step is to specify the location of the deleted file. When prompted, select “other” and in the option box, specify the drive or location where the file last resided. In this case, specify “E:\” to tell Recuva to search on the root of the E: drive

[pic]

Step 3: On the last page of the wizard, select the “Enable Deep Scan” option to increase your chances of finding the deleted file.

Step 4: After the scan has completed, right click on the recovered file and select, “Recover Highlighted...” Specify a recovery location that is on a separate physical drive than the one on which you are performing the recovery. This ensures the file will not overwrite itself when it’s recovered. In this case we are recovering the file to the desktop.

[pic]

Secure Deletion

Step 1: Open “Eraser” located on the desktop

Step 2: To add a new task, select “Eraser Schedule” and select “New Task”

Step 3: Type in a name for the task, select the “Run Immediately” check box. To select data to erase, press the “Add Data” button and navigate to the document you wish to delete.

Step 4: In the “Eraser Method” drop down box select, “Gutmann 35 Passes” and apply your settings. Eraser will then securely delete the data specified by applying the Gutmann algorithm.

[pic]

Linux

This section illustrates the insecure nature of deleting files in Ubuntu Linux using the standard deletion methodologies. Later, we illustrate how to utilize the Secure-Delete software to securely delete files and make them unable to be recovered.

Insecure Deletion

Step 1: Move a file onto the volume you are using to store data.

Step 2: Delete the file by right clicking and moving to trash.

Recovery

Step 1: First thing you will need is Autopsy for Ubuntu. This can be achieved by going into the terminal and typing “sudo apt-get install autopsy”. This will install autopsy to your computer

Step 2: Next you want to start autopsy by typing “sudo autopsy” into the terminal. It will start up and give you the link “” to put into your browser for the interface. Leave this terminal window open. These first two steps are already pre-arranged in the video.

Step 3: Now time to image the storage volume. For this we will be using the dcfldd command. In the terminal type “dcfldd if=/dev/sdb1 of=/media/USB.dd”. This command creates a disk image of the volume. To further break down the command, the if=/dev/sdb1 part of the command is the input volume. In our situation we were using a flash drive that had the volume name sdb1. The second part of the command, of=/media/USB.dd, is the output location. This location could be anywhere you’d like and you may also name the disk image anything you'd like (but leave the .dd extension).

[pic]

Step 4: With the image retrieved you may now go to the browser where you have autopsy open and start a new case.

[pic]

Step 5: When creating a new case you will have to provide a name for the case and an investigator, fill in these fields and click “new case”.

Step 6: Autopsy will then ask you to add a host to the case. At the add a new host screen you can just bypass it and just add the host. For our purposes for this demonstration the default values would be enough.

[pic]

Step 7: Then it's time to add an image. Select the add image file button which will send you the page to add the location of the image. For our demonstration this location is /media/USB.dd. The Type option can be left at default and for the Import Method select copy. Now you can hit next. The next screen will ask if it is a disk or volume image. Select volume image and hit ok. The next page titled “Image File Details” can be left at defaults. You can hit Add on this page. Click ok on the next page.

[pic]

Step 8: Now it's time to analyze the disk image. This can be on by selecting the analyze option on the next screen. We then want to select the “file analysis” mode. Here you can see what files are on the drive. Any files that are in red were insecurely deleted. Often time these files can be recovered by selecting the file and exporting it. These are the steps to recover an insecurely deleted file.

[pic]

Secure Deletion

Step 1: The secure delete will be done with the program Secure-Delete. This can be downloaded and installed by typing “apt-get install secure-delete”.

Step 2: Now move a file over to the volume you want to delete from.

Step 3: In the terminal we will be using Secure-Delete to delete this file. The command that is is “srm -z ”. The -z tag indicates that on the final write over the program will write all zeros. Upon using this command the file will be permanently unrecoverable since it had been written over with random bits several times and zeroed out.

Macintosh

This section illustrates the insecure nature of deleting files in MAC OS using the standard deletion methodologies. Then, we illustrate how to securely delete files and make them unable to be recovered.

Insecure Deletion

Step 1: Open the “Applications” Folder

Step 2: Open the “Utilities” Folder

Step 3: Select “Disc Utilities”

Step 4: Select “ERASE ME” drive

Step 5: Click “Erase”

Secure Deletion

Step 1: Open the “Applications” Folder

Step 2: Open the “Utilities” Folder

Step 3: Select “Disc Utilities”

Step 4: Select “ERASE ME” drive

Step 5: Select “Security”

Step 6: Select “7-Pass Wipe”

Step 7: Click “Erase”

Recovery

Use Autopsy on Ubuntu to attempt to recover the file

Physical Destruction

Proper Destruction Example #1 - Microwave

Destruction

Step 1: Plug microwave oven into grounded surge protector

Step 2: Open microwave door

Step 3: Place hard drive on microwave plate

Step 4: Set microwave to ‘Popcorn’

**Warning** If hard drive catches fire, do NOT attempt to open door. Switch off the surge protector and wait until smoke clears.

Recovery

*If hard drive has not melted, continue to recovery. ALSO if hard drive is still hot do not attempt to handle*

Step 1: Plug the drive into its corresponding socket

Step 2: Boot into operating system

Step 3: Attempt to open a file

Proper Destruction Example #2 - Thermite

Utilization of Thermite to render the drive unusable

Step 1: Set up wood table.

Step 2: Place hard drive on wood table

Step 3: Place small terracotta clay gardening pot on top of hard drive

Step 4: Add Thermite mixture to clay pot

Step 5: Place magnesium ribbon in middle of Thermite mixture.

Step 6: Using propane torch, light magnesium ribbon *RETREAT TO SAFE DISTANCE*

Step 7: Allow Thermite reaction to finish completely before attempting to recover

drive.

Conclusion

Whether it may be a computer’s hard drive, external drives or other media with hard drives, making sure sensitive information is removed properly is imperative. While the methods of proper deletion have improved over the years, so has the technology to retrieve sensitive information. Today, it is even more important to make sure information is removed properly to make sure that the sensitive data does not fall into the wrong hands. While there are many variations to deleting this information, Team Gamma suggests these methods for the average computer user: Recuva and “Secure Delete” functions. If properly deleting the hard drive is not enough, our team suggests using either Thermite, contracted hardware shredders, or other physical method to completely destroy the drives.

Works Cited

Active. "Hard Drive Eraser." Active@ Kill Disk Hard Drive Eraser. Low Level Format. Web. 28 Feb. 2011. .

● This source is another program which that is able to wipe hard drives as well as floppy disks. This website also has a bit more information on why normal deletion methods do not fully remove the deleted information. This website has a free version of

CamStudio. "CamStudio Open Source." CamStudio - Free Screen Recording Software. Web. 28 Feb. 2011. .

● This link is what we plan on using for recording on the Windows desktop. This program is free to use.

ChimooSoft. "Capture Me - Screen Capture Software for Mac OS X." Chimoosoft - Freeware and Shareware Software for Mac OS X. Web. 28 Feb. 2011. .

● This website is for Mac desktop recording. The site has information about the product as well as an updates and feature list.

"DoD Secure Erase." . StorageSecrets, 3 Jan. 2009. Web. 6 Feb. 2011. .

● This article outlines the various Department of Defense standards surrounding secure deletion of electronic media. Various issues are discussed in this article such as how DoD protocols compare with other data destruction strategies such as the “Secure Erase”, and “Usual Computer Erase” methodologies.

Enselic. "RecordMyDesktop | Download RecordMyDesktop Software for Free at ." : Find, Create, and Publish Open Source Software for Free. Web. 28 Feb. 2011. .

● This is a link for the software that we will use to record our shots in Linux. It has up to date downloads as well as reviews of the product.

Fenton, Eric. "Why Do Magnets Damage Computers? | ." EHow | How To Do Just About Everything! | How To Videos & Articles. Web. 06 Feb. 2011. .

● The article from EHow, dispels many of the preconceptions on the idea that magnets can affect computers. That note that in the past, this would have been the case, but since technology has improved greatly, normal house-hold magnets will not be strong enough to cause enough damage to a hard drive.

Gallagher, Patrick R. "A Guide to Understanding Data Remanence in Automated Information Systems." Rainbow Books. N.p., 7 Dec. 2005. Web. 6 Feb. 2011. .

● This resource compares and contrasts various data removal procedures from various types of media such as hard disk drives, CD-ROM drives, and tape storage. This paper also discusses the possible dangerous outcomes of data recovery resulting from improper data removal.

GEEP EDS LLC. "About DBAN." Darik's Boot And Nuke | Hard Drive Disk Wipe and Data Clearing. Web. 28 Feb. 2011. .

● This source links us to a possible software, specifically a .iso file, that should be able to zero out a hard dive to the current DoD standards.

Gutierrez, Carlos M., and William Jeffrey. Minimum Security Requirements for Federal Information and Information Systems. Gaithersburg, MD: Federal Information Processing Standards, Mar. 2006. PDF.

● This document was published and released to the public from the government group FIPS. Within the document, it lays out the minimum security requirements for government issued technologies as well as indicating how to properly dispose of said technology.

Hughes, Gordon, and Tom Coughlin. "University of California Sandiego - Center for Magnetic Recording Research." Tutorial on Disk Drive Data Sanitization. University of California, 20 Apr. 2007. Web. 6 Feb. 2011. .

● This paper, written by the University of California at Sandiego outlines a number of issues regarding proper disposal of electronic media. This paper covers various laws and regulations about properly disposing of media that will meet HIPPA and Department of Defense security standards.

MaximumPC. "Leave No Trace: How to Completely Erase Your Hard Drives, SSDs and Thumb Drives." Gizmodo, the Gadget Guide. 16 Mar. 2010. Web. 28 Feb. 2011. .

● This website discusses why just deleting a file is not enough to safely discard information from an operating system. It says that while it is no longer visible to the user, anyone who uses a 3rd party recovery software could still extract the deleted information. It then discusses different ways to “safely” discard information.

Mary, Bellis. "The History of Computers - Computer History Timeline." Inventors. . Web. 08 Apr. 2011. .

● This website is basic information about the history of computers. It is in the format of a timeline with links for more information.

Rothke, Ben. "Why Information Must Be Destroyed, Part Two." CSO Online. CSO, 5 May 2009. Web. 6 Feb. 2011.

● This resource is an in-depth article which virtually covers the full spectrum of securely erasing data from physical media. This article outlines various end-user solutions for securely erasing data such as open source software applications and commercially available software that enable users to apply secure deletion protocols to their personal computers.

Seagate. Drive Disposal Best Practices: Guidelines for Removing Sensitive Data Prior to Drive Disposal. Scotts Valley, California: Seagate Technology LLC., 2007. PDF.

● This document informs the reader of common information left on old storage media and why proper removal of data is needed. It also discusses many different variations on how to properly remove sensitive data from electronic storage devices.

Taylor, Dave. "How Can I Securely Delete Files on My Mac? :: Free Tech Support :: Ask Dave Taylor!®." Free Tech Support from Ask Dave Taylor! ®. Web. 28 Feb. 2011. .

● While not the most trusted source, this blog gives one possible solution to securely deleting information on a Macintosh computer. This does not use any software but what is currently on a Mac, and does not use a command prompt.

TechThrob. "How to Delete Files Permanently and Securely in Linux." Howto Delete Files Permanently and Securely in Linux | . TechThrob, 2 Mar. 2009. Web. 28 Feb. 2011. .

● This website has information about how to properly delete files from a Linux operating system. It gives step by step instructions as well as an explanation of the commands used to erase the files. This is not a program. This form of file deletion is from the command line in Linux.

The Gutmann Method. PC Data Rescue, 2011. Web. 29 Mar. 2011. .

● This site describes the Gutmann Method, an algorithm sued to securely erase the contents of a computer hard drive.

"Thermite Material Safety Data Sheet." Chemwatch Materials Safety Data Sheet. 14 Mar 2008: 01-09. Print.

● This Materials Safety Data Sheet allows for the use of ferric oxide and powdered aluminum in a safe, controlled manner. It provides information pertaining to the mitigation of hazards which may arise during the use of this welding compound.

White Canyon. "Get the SecureClean Download - Try SecureClean for Free!" WhiteCanyon: Tools to Erase Hard Drive Data & Prevent Identity Theft. Web. 28 Feb. 2011. .

● This website was recommended to us by our text book. While the full version is available to us if we choose to pay for it, we can work with a trial version. According to the website, this software allows for data on a Window’s machine to be properly destroyed and verification of the destroyed data.

Trent, Garret. Eraser. Ed. Joel Low. GNU, n.d. Web. 21 Mar. 2011. .

● We utilized this software to perform the secure delete procedures on Microsoft Windows 7. This website also contains a helpful guide on how to use the basic features of the software.

Piriform Recuva. Prirform, n.d. Web. 19 Mar. 2011. .

● Recuva is the name of the software package we utilized in order to perform file recovery on Microsoft Windows.

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download