Encrypting computers that will be recycled

S

sevenuser9

New member
Local time
11:50 AM
Messages
13
Hello,

I will soon be recycling two old computers. For the sake of argument, let's suppose that a hacker gains possession of the hard drives and tries to retrieve data from them. So far, I have used the following programs to erase all of the data:

1) BCWipe Total WipeOut
2) DBAN

After running these programs, I used a program called Recuva to see if any old files could be recovered. From my testing, the software could not recover any relevant data.

However, there might be other more sophisticated recovery software that I do not have time to research or test. Let's suppose the software exists and that it is capable of recovering data because it is more advanced than BCWipe and DBAN.

If I reinstall Windows 7 on the hard drives and then install VeraCrypt, wouldn't that be a virtually guaranteed way to prevent hackers from gaining access to any data that might still be lurking on the drives? I would encrypt the entire devices and use VeraCrypt's pre-boot authentication method.

Thanks
 

My Computer

Computer type
PC/Desktop
OS
Windows 7 Home Premium
sevenuser9 said:
Let's suppose the software exists and that it is capable of recovering data because it is more advanced than BCWipe and DBAN
Click to expand...
All data can be recovered, regardless of which tool is used to wipe the disk - it's simply a matter of:

- time
- computing power
- highly specialist recovery software
- cost

The wiping you performed is significant (some would argue overkill) and more than adequate to deter someone from trying to determine if is even worth considering trying to recover any information. No offense intended, but you are probably not a worthwhile target for a hacker to invest significant resources into. If you were the CEO of Chase Manhattan Bank, and your disks were labelled as such, then it might be a different story - see where I am coming from? You don't need to do anything further.

If I reinstall Windows 7 on the hard drives and then install VeraCrypt, wouldn't that be a virtually guaranteed way to prevent hackers from gaining access to any data that might still be lurking on the drives? I would encrypt the entire devices and use VeraCrypt's pre-boot authentication method.
Click to expand...
Nothing is guaranteed - see above. Encrypting the whole drive makes selling it/giving it away useless to the next person. Who is going to buy a Windows 7 installation that can't be used because it is encrypted? They will simply wipe the drive, and reinstall Windows 7 - the encryption achieves nothing. However, if you encrypted the free space first with a reliable algorithm (say AES-256...which has yet to be broken), then performed the wipe, and then installed a vanilla Windows 7, well then that adds more certainty that data can't be recovered, but I still think that is overkill.

If you want a guarantee that data can never be recovered, then the ONLY method available to you is to physically destroy the disks.
 
Last edited:

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Golden Mk. I.4
OS
Windows 10 Pro x64 ; Xubuntu x64
CPU
Intel i7 860 @ 2.80 GHz O/C'ed to 4.0GHz
Motherboard
Gigabyte P55A-UD3R Rev.1. Award BIOS F13
Memory
16GB Corsair Vengance DDR3 @ 661 MHz Dual Channel (9-9-9-24)
Graphics Card(s)
EVGA NVidia GTX 560 1024MB
Sound Card
Realtek Integrated
Monitor(s) Displays
Dual Samsung SyncMaster 2494HS
Screen Resolution
1920*1080 and 1920*1080
Hard Drives
1*Samsung 840 EVO 120GB SSD;
1*OCZ Vertex 2 60GB SSD;
2*Samsung F3 SpinPoint 1TB in RAID0;
1*Samsung F1 SpinPoint 1TB;
2*Western Digital 1TB External USB 3.0
1*Western Digital 500GB External USB 3.0
1*Seagate 500GB External USB 2.0
PSU
Thermaltake ToughPower QFan 750W
Case
Thermaltake Element S VK60001W2Z
Cooling
Corsair H60 Water Cooling, 2*230mm and 2*80mm case fans
Keyboard
Logitech G110
Mouse
Logitech MX518
Using encryption after the fact will mean nothing. If you were using encryption with VeraCrypt all the while then a simple format would probably be all that is needed. Add a DOD 3 pass wipe to be sure. But again, encryption is only good for data that is being written to the disk in it usage.

This is why I use FDE (Full Disk Encryption) all the time. My hard drives can be pulled from the machine and the data can never be recovered so long as AES 256 hasn't been broken and no one tortures me out of my 30+ character password that's only committed to memory and only memory. One day I may do a cascade of ciphers of AES 256 and Twofish. You don't want to go beyond that as it will slow your hard drive speed down considerably.

So if your data as was written on the hard drive was never encrypted to begin with, just use a DoD wipe and call it a day. Adding encryption on top of that is useless as that only applies to data being written to the drive.

If you were like me and had deployed encryption from the get go, then a plain format of the HDD is all that's really needed as the file recovery would only recover encrypted data and nothing will come of it. But you could take it up a notch to thort cryptanalysis and wipe the drive with DoD 3 to 7 passes.

In your case, just a DoD 3 pass wipe should be sufficient. If you can't retrieve any pictures, etc after that you know you're good to go.

Have a look here on all the recovery software you can try: Search for freeware and shareware at SnapFiles
 

My Computer

Computer type
PC/Desktop
OS
Windows 7 Ultimate x64
There is a very expensive machine sold on Amazon that degausses a hard drive and that is what the government uses. You could try buying some very rare earth magnets on eBay that have like a 30 pound weight capacity. But to use those you need to open the drive and run that magnet over each platter I'm sure. So it's destructive. Also, rare earth magnets are VERY dangerous and can break fingers. Anyone looking into this be warned.

Interesting to note, I know of a trick using a rare earth magnet to open a safe. LOL

Edit-

Looking at Amazon, I see many products that pretty much do what DBAN already does for free. But if you want to go federal level, this is what you want
: Robot Check
 

My Computer

Computer type
PC/Desktop
OS
Windows 7 Ultimate x64
sevenuser9 said:
If I reinstall Windows 7 on the hard drives and then install VeraCrypt, wouldn't that be a virtually guaranteed way to prevent hackers from gaining access to any data that might still be lurking on the drives?
Click to expand...
You've done more than enough already. Assuming you ran DBAN properly, and wrote more than one pass, then nobody, not even the NSA, will be able to retrieve anything. It doesn't matter what tools may be developed in the future, the physics of magnetism don't change.

No need to deal with VeraCrypt. That's just an alternative to the DBAN step. DBAN writes gobbledygook so there's no residual magnetism left from the prior contents. VeraCrypt writes gobbledygook pursuant to an encryption key, so the gobbledygook can still be used to store contents. Gobbledygook is gobbledygook, so without the encryption key, VeraCrypt and DBAN will produce the same end result. With the key, VeraCrypt can make sense of the gobbledygook it generates, but without it it's just more gobbledygook.

All of the above assumes you're talking about magnetic hard drives. SSDs are different. Because of TRIM and over-provisioning, a SSD is constantly swapping "visible" sectors in and out of the over-provisioning area, so just erasing the visible area may not be enough because old data may still be trapped in the hidden, over-provisioning area.
 

My Computer

Computer type
PC/Desktop
Computer Manufacturer/Model Number
Dell Optiplex 7050
OS
Windows 7/8.1/10 multiboot
CPU
Intel Core i7-7700
Motherboard
Dell, Intel Q270 chipset
Memory
48GB (2x16GB Crucial DDR4-3200 + 2x8GB Hynix DDR4-2400)
Graphics Card(s)
Intel HD630 + AMD Radeon R7 450 PCIe
Monitor(s) Displays
Asus VC279 (27")
Screen Resolution
1920x1080
Hard Drives
Toshiba M.2 NVMe (256GB),
Samsung 960 Evo (500GB),
WD Red Plus 80EFBX (8TB)
Here is a summary of the steps that I have taken so far:

Computer A

- Ran CCleaner to wipe free space based on the suggestions here (Run time: ~3 hours)
- Ran Recuva to try to uncover deleted files to test effectiveness of CCleaner
-> Found sensitive deleted files which prompted me to find alternatives to CCleaner
- Ran BCWipe Total WipeOut (Run time: ~4 hours)
-> Re-ran Recuva
-> Could not find sensitive deleted files - success!
- Ran BCWipe Total Wipeout for the second time just for the heck of it (Run time: ~4 hours)
- Ran DBAN dod method (Run time: ~40 hours)

Computer B

- Ran CCleaner to wipe free space based on the suggestions here (Run time: ~1 hours)
- Ran Recuva to try to uncover deleted files to test effectiveness of CCleaner
-> Could not find sensitive deleted files but I had my doubts given my testing with Computer A
- Tried to run BCWipe Total WipeOut but my evaluation expired
- Ran DBAN dodshort method (Run time: ~0.5 hours)
- Ran DBAN dod method (Run time: ~12 hours)
- Ran DBAN dod method for a second time just for the heck of it (Run time: ~12 hours)

I'm pretty sure my computers are safe for recycling now :cool:
 

My Computer

Computer type
PC/Desktop
OS
Windows 7 Home Premium
I was a state contractor for a few months and when they recycled a computer they used DBAN so you've gone well beyond it. You don't have to include the drives if you are giving the computers away. If you want you can take the hard drives out, open them up, and physically destroy them using either a magnet (you don't need a fancy one) and/or breaking the disks. Another possibility is to use a hard drive recycling service. I found one during a google search. Free Hard Drive Recycling | Hard Drive Shredding I don't know where you are so I can't do a more in-depth search.
 

My Computers

System One System Two

You must log in or register to reply here.
Back
Top