Contributed by:
/usr/share/bong
Submitted: 03-15-2003
Introduction:
You can delete files on a Windows-based machine by
clicking the file, then click the delete button on your
keyboard. Yes, this works. Or you could click a file in
Windows Explorer and right-click, then go to Delete,
then clear our your Recycle Bin. This all works, but
there's a problem. The way Windows deletes files is
pretty strange.
YOUR FILES ARE NOT PERMANENTLY
DELETED. Windows deletes files by removing the first
three letters from a filename. Let's say porn.jpg was on
your computer and you ?deleted? it. This file would
still reside on your hard drive, renamed as ?_.jpg?.
Windows is waiting for you to over-write that file later
on, which *SHOULD* delete the file, but doesn't.
There are many file wiping utilities out on the
market these days, but I know of one that works. Believe
me, I know this one works. A nameless state police
department once had to examine one of my hard drives on
one of my machines by court order years ago, and thanks
to this piece of software, I never did any jail time.
Downloading BCWipe: The program's
name is BCWipe for Windows 95/98/ME/NT/2000/XP v.3.04
and we're going to install it on a Windows 95 machine.
We picked this type of machine because it's the oldest
machine we have and most people will probably have
Win95/98/ME and not the newer NT/2000/XP.
If you
go to
http://www.jetico.com/, there is a
program called BestCrypt which encrypts files/folders as
an encrypted file, then BestCrypt mounts that file as a
hard drive, so all your encrypted stuff would show up as
the E:\ drive, or whatever directory you specify.
BCWipe can be downloaded from:
http://www.jetico.com/bcwipe3.exe
(note: BCWipe supports Linux, SunOS, Solaris, IRIX,
Digital Unix, *BSD)
Installing:
Double-click bcwipe3.exe and follow the
instructions. You must agree to a licensing agreement.
This piece of software is a demo. If you like this
program, you should buy it. It will save your life one
day when you seriously need it.
Wiping:
Go to
Start - Programs - BC Wipe 3.0 - BCWipe Task Manager
We then go to Tasks - Create new Task - Wipe
free space.
WHY DO WE WIPE FREE SPACE?
Sure,
we could delete individual files, but when you know the
cops are coming, it's better to wipe your free space
because the free space contains all the webpages you
went to, all the e-mails you thought you deleted, etc.
ALSO MAKE SURE TO DELETE IRC/AIM/MSN/YAHOO/ICQ CHAT LOGS
OR DON'T LOG AT ALL. Believe me, they will come back to
haunt you.
First: we
must decide what drives we want to get wiped. BCwipe
estimates to wipe my C: drive in 59 minutes with the DoD
7 pass wiping scheme -- not too bad with a 350Mhz
machine with 128mb of ram.
Second: we
must decide when we want to wipe. You could setup a
daily wipe at 12:00am when you sleep to wipe all your
sensitive stuff out if you're a paranoid person. For
this instance, we are going to wipe once.
Third:
wipe options. We must decide what scheme we want to do.
The U.S. DoD 5200.28-STD wiping standard wipes
your hard drive 7 times, while the Peter Guttman scheme
does it 35 times. Compare 59 minutes for the DoD to 4
hours of Peter Guttman. Security is essential -- I'm
doing the Peter Guttman scheme.
Keep every box
checked unless you know what you are doing. In the
Wiping Scheme Editor, the Peter Guttman scheme looks far
more superior. In the first 4 passes, random bytes are
written to the free space on the hard drive, and in the
last 4 passes, this is done also. This is very good for
us and very bad for the guys who want to read our hard
drive.
Note: the Peter Gutmann scheme would work
excellent if you wiped your hard drive that way let's
say weekly, then you DoD wiped your hard drive daily. 4
hours? That's not too long. You could get it started,
then go see a movie, go shopping, etc. You can leave
your computer for more than 4 hours, you know.
7
passes on the DoD scheme means that the DoD thinks that
7 passes is enough to destroy sensitive data, but in
this world of electronic uncertainty, 35 passes works
for me. Also, do not log your wipe. This is something
that has the potential of being used against you.
I clicked back on the Schedule tab and clicked
the big button that says Start Now! BCWipe wipes your
slack files, your free space, and your deleted
directory entries.
NOTE: you might see this
screen and believe it won't take very long. If you look
up at the very top, it says Pass 1 (total 35) -- don't
forget about it takes a very long time to wipe your hard
drive 35 times. 35 times might seem like over-kill, but
over-kill will probably save you one day.
Tip:
install a 2gb hard drive for all your sensitive stuff.
How long would it take to wipe a 2gb hard drive with the
fast computers we have today? No time at all.
