Secure wipe of a hard drive using WinPE.
Posted
by Derek Meier
on Geeks with Blogs
See other posts from Geeks with Blogs
or by Derek Meier
Published on Wed, 02 Jun 2010 15:03:55 GMT
Indexed on
2010/06/02
22:25 UTC
Read the original article
Hit count: 1209
The wiping of a hard drive is typically seen as fairly trivial. There are tons of applications out there that will do it for you. Point àClickàGlobal-Thermo Nuclear War.
However, these applications are typically expensive or unreliable. Plus, if you have a laptop or lack a secondary computer to put the hard drive into – how on earth do you wipe it quickly and easily while still conforming to a 7 pass rule (this means that every possible bit on the hard drive is set to 0 and then to 1 seven times in a row)? Yes, one pass should be enough – as turning every bit from a 1 to a zero will wipe the data from existence. But, we’re dealing with tinfoil hat wearing types here people. DOD standards dictate at least 3 passes, and typically 7 is the preferred amount. I’m not going to argue about data recovery. I have been told to use 7 passes, and so I will. So say we all!
Quite some time ago I used to make a BartPE XP-based boot cd for the original purpose of securely wiping data. I loved BartPE and integrated so many plugins into my builds that I could do pretty much anything directly from CD. Reset passwords, uninstall security updates, wipe drives, chkdsk, remove spyware, install Windows, etc. However, with the newer multi-core systems and new chipsets coming out from vendors, I found that BartPE was rather difficult to keep up to date.
I have since switched to WinPE 3.0 (Windows Preinstallation Environment). http://technet.microsoft.com/en-us/library/cc748933(WS.10).aspx
It is fairly simple to create your own CD, and I have made a few helpful scripts to easily integrate drivers and rebuild the ISO file for you. I’ll cover making your own boot CD utilizing WinPE 3.0 in a later post – I can talk about WinPE forever and need to collect my thoughts!! My wife loves talking about WinPE almost as much as talking about Doctor Who. Wait, did I say loves? Hmmmm, I may have meant loathes.
The topic at hand? Right. Wiping a drive! I must have drunk too much coffee this morning. I like to use a simple batch script that calls a combination of diskpart.exe from Microsoft® and Sdelete.exe created by our friend Mark Russinovich. http://technet.microsoft.com/en-us/sysinternals/bb897443.aspx
All of the following files are located within the same directory on my WinPE boot CD.
Here are the contents of wipe_me.bat, script.txt and sdelete.reg.
Wipe_me.bat:
@echo off
echo.
echo I will completely wipe the local hard drives using
echo 7 individual wipes. The data will NOT
echo be recoverable. I will begin after you
pause
echo.
echo Preparing to partition and format disk.
Diskpart.exe /s "script.txt"
REM I was annoyed by not having a completely automated script – and Sdelete wants you to accept the license agreement. So, I added a registry file to skip doing that.
regedit /S sdelete.reg
rem sdelete options selected are: -p (passes) -c (zero free space) -s (recurse through subdirectories, if any) -z (clean free space) [drive letter]
sdelete.exe -p 7 -c -s -z c:
echo.
echo Pass seven complete.
echo.
echo Wiping complete.
Pause
exit
list disk
select disk 0
clean
create partition primary
select partition 1
active
format FS=NTFS LABEL="New Volume" QUICK
assign letter=c
exit
*Notes: This script assumes one local hard drive – change the script as you see fit for your environment. The clean command will overwrite the master boot record and any hidden sector information – so be careful!
sdelete.reg:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Sysinternals\SDelete]
"EulaAccepted"=dword:00000001
Best of luck,
Derek
© Geeks with Blogs or respective owner