Secure wipe of a hard drive using WinPE.
- by Derek Meier
Normal
0
false
false
false
EN-US
X-NONE
X-NONE
MicrosoftInternetExplorer4
/* Style Definitions */
table.MsoNormalTable
{mso-style-name:"Table Normal";
mso-tstyle-rowband-size:0;
mso-tstyle-colband-size:0;
mso-style-noshow:yes;
mso-style-priority:99;
mso-style-qformat:yes;
mso-style-parent:"";
mso-padding-alt:0in 5.4pt 0in 5.4pt;
mso-para-margin-top:0in;
mso-para-margin-right:0in;
mso-para-margin-bottom:10.0pt;
mso-para-margin-left:0in;
line-height:115%;
mso-pagination:widow-orphan;
font-size:11.0pt;
font-family:"Calibri","sans-serif";
mso-ascii-font-family:Calibri;
mso-ascii-theme-font:minor-latin;
mso-fareast-font-family:"Times New Roman";
mso-fareast-theme-font:minor-fareast;
mso-hansi-font-family:Calibri;
mso-hansi-theme-font:minor-latin;}
The wiping of a hard drive is typically seen as fairly trivial. There are tons of applications out there that will do it for you. Point àClickàGlobal-Thermo Nuclear War.
However, these applications are typically expensive or unreliable. Plus, if you have a laptop or lack a secondary computer to put the hard drive into – how on earth do you wipe it quickly and easily while still conforming to a 7 pass rule (this means that every possible bit on the hard drive is set to 0 and then to 1 seven times in a row)? Yes, one pass should be enough – as turning every bit from a 1 to a zero will wipe the data from existence. But, we’re dealing with tinfoil hat wearing types here people. DOD standards dictate at least 3 passes, and typically 7 is the preferred amount. I’m not going to argue about data recovery. I have been told to use 7 passes, and so I will. So say we all!
Quite some time ago I used to make a BartPE XP-based boot cd for the original purpose of securely wiping data. I loved BartPE and integrated so many plugins into my builds that I could do pretty much anything directly from CD. Reset passwords, uninstall security updates, wipe drives, chkdsk, remove spyware, install Windows, etc. However, with the newer multi-core systems and new chipsets coming out from vendors, I found that BartPE was rather difficult to keep up to date.
I have since switched to WinPE 3.0 (Windows Preinstallation Environment). http://technet.microsoft.com/en-us/library/cc748933(WS.10).aspx
It is fairly simple to create your own CD, and I have made a few helpful scripts to easily integrate drivers and rebuild the ISO file for you. I’ll cover making your own boot CD utilizing WinPE 3.0 in a later post – I can talk about WinPE forever and need to collect my thoughts!! My wife loves talking about WinPE almost as much as talking about Doctor Who. Wait, did I say loves? Hmmmm, I may have meant loathes.
The topic at hand? Right. Wiping a drive! I must have drunk too much coffee this morning. I like to use a simple batch script that calls a combination of diskpart.exe from Microsoft® and Sdelete.exe created by our friend Mark Russinovich. http://technet.microsoft.com/en-us/sysinternals/bb897443.aspx
All of the following files are located within the same directory on my WinPE boot CD.
Here are the contents of wipe_me.bat, script.txt and sdelete.reg.
Wipe_me.bat:
@echo off
echo.
echo I will completely wipe the local hard drives using
echo 7 individual wipes. The data will NOT
echo be recoverable. I will begin after you
pause
echo.
echo Preparing to partition and format disk.
Diskpart.exe /s "script.txt"
REM I was annoyed by not having a completely automated script – and Sdelete wants you to accept the license agreement. So, I added a registry file to skip doing that.
regedit /S sdelete.reg
rem sdelete options selected are: -p (passes) -c (zero free space) -s (recurse through subdirectories, if any) -z (clean free space) [drive letter]
sdelete.exe -p 7 -c -s -z c:
echo.
echo Pass seven complete.
echo.
echo Wiping complete.
Pause
exit
script.txt:
list disk
select disk 0
clean
create partition primary
select partition 1
active
format FS=NTFS LABEL="New Volume" QUICK
assign letter=c
exit
*Notes: This script assumes one local hard drive – change the script as you see fit for your environment. The clean command will overwrite the master boot record and any hidden sector information – so be careful!
sdelete.reg:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\Sysinternals\SDelete]
"EulaAccepted"=dword:00000001
With a combination of WinPE, sdelete.exe and your friendly neighborhood text editor you can begin wiping drives as quickly and easily as possible! I hope this helps, I get asked this a lot in my line of work.
Best of luck,
Derek
