Windows 7 Forums
Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: Encrypting computers that will be recycled

3 Weeks Ago   #1
sevenuser9

Windows 7 Home Premium
 
 
Encrypting computers that will be recycled

Hello,

I will soon be recycling two old computers. For the sake of argument, let's suppose that a hacker gains possession of the hard drives and tries to retrieve data from them. So far, I have used the following programs to erase all of the data:

1) BCWipe Total WipeOut
2) DBAN

After running these programs, I used a program called Recuva to see if any old files could be recovered. From my testing, the software could not recover any relevant data.

However, there might be other more sophisticated recovery software that I do not have time to research or test. Let's suppose the software exists and that it is capable of recovering data because it is more advanced than BCWipe and DBAN.

If I reinstall Windows 7 on the hard drives and then install VeraCrypt, wouldn't that be a virtually guaranteed way to prevent hackers from gaining access to any data that might still be lurking on the drives? I would encrypt the entire devices and use VeraCrypt's pre-boot authentication method.

Thanks


My System SpecsSystem Spec
.
3 Weeks Ago   #2
Golden
Microsoft MVP

Windows 10 Pro x64 ; Xubuntu x64
 
 

Quote   Quote: Originally Posted by sevenuser9 View Post
Let's suppose the software exists and that it is capable of recovering data because it is more advanced than BCWipe and DBAN
All data can be recovered, regardless of which tool is used to wipe the disk - it's simply a matter of:

- time
- computing power
- highly specialist recovery software
- cost

The wiping you performed is significant (some would argue overkill) and more than adequate to deter someone from trying to determine if is even worth considering trying to recover any information. No offense intended, but you are probably not a worthwhile target for a hacker to invest significant resources into. If you were the CEO of Chase Manhattan Bank, and your disks were labelled as such, then it might be a different story - see where I am coming from? You don't need to do anything further.

Quote:
If I reinstall Windows 7 on the hard drives and then install VeraCrypt, wouldn't that be a virtually guaranteed way to prevent hackers from gaining access to any data that might still be lurking on the drives? I would encrypt the entire devices and use VeraCrypt's pre-boot authentication method.
Nothing is guaranteed - see above. Encrypting the whole drive makes selling it/giving it away useless to the next person. Who is going to buy a Windows 7 installation that can't be used because it is encrypted? They will simply wipe the drive, and reinstall Windows 7 - the encryption achieves nothing. However, if you encrypted the free space first with a reliable algorithm (say AES-256...which has yet to be broken), then performed the wipe, and then installed a vanilla Windows 7, well then that adds more certainty that data can't be recovered, but I still think that is overkill.

If you want a guarantee that data can never be recovered, then the ONLY method available to you is to physically destroy the disks.
My System SpecsSystem Spec
3 Weeks Ago   #3
F22 Simpilot

Windows 7 Ultimate x64
 
 

Using encryption after the fact will mean nothing. If you were using encryption with VeraCrypt all the while then a simple format would probably be all that is needed. Add a DOD 3 pass wipe to be sure. But again, encryption is only good for data that is being written to the disk in it usage.

This is why I use FDE (Full Disk Encryption) all the time. My hard drives can be pulled from the machine and the data can never be recovered so long as AES 256 hasn't been broken and no one tortures me out of my 30+ character password that's only committed to memory and only memory. One day I may do a cascade of ciphers of AES 256 and Twofish. You don't want to go beyond that as it will slow your hard drive speed down considerably.

So if your data as was written on the hard drive was never encrypted to begin with, just use a DoD wipe and call it a day. Adding encryption on top of that is useless as that only applies to data being written to the drive.

If you were like me and had deployed encryption from the get go, then a plain format of the HDD is all that's really needed as the file recovery would only recover encrypted data and nothing will come of it. But you could take it up a notch to thort cryptanalysis and wipe the drive with DoD 3 to 7 passes.

In your case, just a DoD 3 pass wipe should be sufficient. If you can't retrieve any pictures, etc after that you know you're good to go.

Have a look here on all the recovery software you can try: Search for freeware and shareware at SnapFiles
My System SpecsSystem Spec
.

3 Weeks Ago   #4
F22 Simpilot

Windows 7 Ultimate x64
 
 

There is a very expensive machine sold on Amazon that degausses a hard drive and that is what the government uses. You could try buying some very rare earth magnets on eBay that have like a 30 pound weight capacity. But to use those you need to open the drive and run that magnet over each platter I'm sure. So it's destructive. Also, rare earth magnets are VERY dangerous and can break fingers. Anyone looking into this be warned.

Interesting to note, I know of a trick using a rare earth magnet to open a safe. LOL

Edit-

Looking at Amazon, I see many products that pretty much do what DBAN already does for free. But if you want to go federal level, this is what you want
: Robot Check
My System SpecsSystem Spec
3 Weeks Ago   #5
dg1261

Windows 7/8.1/10 multiboot
 
 

Quote   Quote: Originally Posted by sevenuser9 View Post
If I reinstall Windows 7 on the hard drives and then install VeraCrypt, wouldn't that be a virtually guaranteed way to prevent hackers from gaining access to any data that might still be lurking on the drives?
You've done more than enough already. Assuming you ran DBAN properly, and wrote more than one pass, then nobody, not even the NSA, will be able to retrieve anything. It doesn't matter what tools may be developed in the future, the physics of magnetism don't change.

No need to deal with VeraCrypt. That's just an alternative to the DBAN step. DBAN writes gobbledygook so there's no residual magnetism left from the prior contents. VeraCrypt writes gobbledygook pursuant to an encryption key, so the gobbledygook can still be used to store contents. Gobbledygook is gobbledygook, so without the encryption key, VeraCrypt and DBAN will produce the same end result. With the key, VeraCrypt can make sense of the gobbledygook it generates, but without it it's just more gobbledygook.

All of the above assumes you're talking about magnetic hard drives. SSDs are different. Because of TRIM and over-provisioning, a SSD is constantly swapping "visible" sectors in and out of the over-provisioning area, so just erasing the visible area may not be enough because old data may still be trapped in the hidden, over-provisioning area.
My System SpecsSystem Spec
2 Weeks Ago   #6
sevenuser9

Windows 7 Home Premium
 
 

Here is a summary of the steps that I have taken so far:

Computer A

- Ran CCleaner to wipe free space based on the suggestions here (Run time: ~3 hours)
- Ran Recuva to try to uncover deleted files to test effectiveness of CCleaner
-> Found sensitive deleted files which prompted me to find alternatives to CCleaner
- Ran BCWipe Total WipeOut (Run time: ~4 hours)
-> Re-ran Recuva
-> Could not find sensitive deleted files - success!
- Ran BCWipe Total Wipeout for the second time just for the heck of it (Run time: ~4 hours)
- Ran DBAN dod method (Run time: ~40 hours)

Computer B

- Ran CCleaner to wipe free space based on the suggestions here (Run time: ~1 hours)
- Ran Recuva to try to uncover deleted files to test effectiveness of CCleaner
-> Could not find sensitive deleted files but I had my doubts given my testing with Computer A
- Tried to run BCWipe Total WipeOut but my evaluation expired
- Ran DBAN dodshort method (Run time: ~0.5 hours)
- Ran DBAN dod method (Run time: ~12 hours)
- Ran DBAN dod method for a second time just for the heck of it (Run time: ~12 hours)

I'm pretty sure my computers are safe for recycling now
My System SpecsSystem Spec
2 Weeks Ago   #7
townsbg

Windows 7 pro 64-bit sp 1
 
 

I was a state contractor for a few months and when they recycled a computer they used DBAN so you've gone well beyond it. You don't have to include the drives if you are giving the computers away. If you want you can take the hard drives out, open them up, and physically destroy them using either a magnet (you don't need a fancy one) and/or breaking the disks. Another possibility is to use a hard drive recycling service. I found one during a google search. Free Hard Drive Recycling | Hard Drive Shredding I don't know where you are so I can't do a more in-depth search.
My System SpecsSystem Spec
.
Reply

 Encrypting computers that will be recycled




Thread Tools




Similar help and support threads
Thread Forum
Show recycled files in context menu?
I would like to have a list of the Recycle Bin's contents in the right-click context menu (of the recycle bin.) I found the registry key for the Recycle Bin's context menu, but I have no idea how to 'reference' the files that are in the bin so as to list them in the menu. I know it's possible...
Customization
Recycled Ink Cartridges
Another printer problem: I have an HP Deskjet 4480 with recycled ink cartridges in which I never had problems printing from XP. When I bought another computer that had W7 and hooked up the same HP, it printed fine. However, I just replaced the old cartridges with new (recycled) ink cartridges,...
Hardware & Devices
New Build with some recycled parts... Questions/Advice! Please
current computer: HP PAVILION A6347C It's specs are as follows 16X DVD(+/-)R/RW 12X RAM (+/-)R DL LightScribe SATA drive Windows 7 Ultimate 64Bit AMD ATHLON64 X2 DUAL CORE 5600+ 2.8GHZ
PC Custom Builds and Overclocking
recycled.scr and autorun.ini
mse does not detect these 2 as viruses.
System Security
Phenom Recycled: Athlon X2 7000-Series
Phenom Recycled: Athlon X2 7000-Series : AMD Introduces Dual-Core Phenom Everybody is getting excited about the upcoming Phenom II launch. AMD has already released a bit of information, saying that the 45 nm Phenom II has reached 6.3 GHz cooled with liquid nitrogen, and...
Hardware & Devices


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 13:38.
Twitter Facebook