BTW, I want to add two more pints
e) Would add any valid and useful level of extra security if after #3, performing any of these software-provided free space winpings?
f)How is an external HDD fully wiped from a main computer?
Really, better understood now 😉
Good. )
a) How is #2 performed?
Through using *any* tool that has "physical sector" or "direct disk" access (such as dd, any disk editor, wiping tools wink ) from within the OS .
The point is that - whatever OS you are running - the physical sectors (on modern hard disks) are *whatever* the (intelligent) disk controller "exposes" on the outside.
It is fairly extensive, but as said some areas (while "present" on the actual platters may have been prevented from being "exposed" to the OS).
That is when the internal ATA commands have an advantage, they basically run "on" the disk controller (and not on the OS and "through" the disk controller translations).
b) #3 corresponds to a format(not quick format) that on vista, Windows 7 and 8 does perform a 0s wiping, correct?.
Yep.
This format is only done by inserting Windows CD (or using a Recovering System), or can be done from DOS using any command?
From "pure" DOS you would need a DOS wiping software, all MS systems (up to Vista) have not a tool/utility that can write 00's to physical disk sectors, with the exception (obviously) of debug (in DOS, as in any windows NT based system it has NOT direct disk access) but there are tens of these, the issue may be performance, and, in the case of largish (beyond the 28 bit LBA limit) disks also actual "reach" of the DOS tools.
Among the softwares, as said DBAN (Linux based) is among the most convenient ones.
If you mean from the (Vista or later) booted OS cmd.exe command prompt (which is NOT DOS) of course you can use it, but you cannot use it "on self", which makes anyway for the need of a Linux Live or a PE of some kind (or a pure DOS boot disk).
Or the use of "external" enclosures (USB or firewire or eSatat, etc.) and using *another* PC.
c) If I decided to make a copy of recovery partition and then installing after the new Windows installation has that partition to be wiped, or that one doesn´t contain any sensitive data?
That's an issue.
Consider the recovery partition as you would any of the areas on disk that you simply "cannot reach" with method #2 and following, with the difference that a recovery partition is (unlike the areas that only #1 can reach) easily accessible by *any* OS.
If you are positive that NOTHING might have EVER used EVEN A SINGLE SECTOR belonging to the "recovery partition" to store data (even if temporarily) then you don't have to worry about it's contents.
Also, depending on the specific method you use to "copy" or "backup" or "image" the recovery partition, you might have higher or lower probabilities of having *something* remain after having restored it.
d)As it seems that HPA/DCO nor G-lists do not contain any kind of data linked to the user nor his activity, then..what does it contain?
In theory, only data that the hard disk controller might want (or *need*), but still in theory (and also in practice) some of these areas are actually accessible (through specially crafted code/programs) so a malware may well use some of these techniques to store there *something*.
Improbable? Yes.
Impossible? No.
thank you )
You are welcome.
jaclaz
BTW, I want to add two more pints
e) Would add any valid and useful level of extra security if after #3, performing any of these software-provided free space winpings?
No.
Once something is zero, it is zero.
Rewriting to it zero, still makes it 0.
f)How is an external HDD fully wiped from a main computer?
Quite comfortably wink (starting from #2).
Basically you initiate the wiping and you have before you several hours that you can use for taking a long walk in the woods, or watch TV, etc.
Seriously, with the exception of #1 there is normally not any difference (or particular issue) with wiping an external disk compared to an internal one.
Again, issue might be performance, that depends on the (external) bus with which the device is connected (and related controllers/OS drivers, etc.)
Examples
USB 1.1 <- FORGET about it
USB 2.0 <- may do but SLOW
Firewire 400 <- may do
USB 3.0 <- may do
eSata <- will do, as fast as internal
jaclaz
Regarding #3
-Are installing S.O using System Recovery similarly effective in wiping since Vista, or only installing fro CD does he job?
Is there any mode similar to #3 of wiping, when we are speaking of XP, or in that case we have to use DBAN or similar outside the OS in order to wipe?
Regarding #3
-Are installing S.O using System Recovery similarly effective in wiping since Vista, or only installing fro CD does he job?
It depends.
Some "recovery partitions" are not exactly "recovery partitions", i.e. some contain a "minimal" PE (or the like) capable of running an install (let's call these "re-install partitions").
These won' t wipe anything, kust like a "plain" install does not wipe anything.
Some "recovery partitions" are actually "recovery partitions", i.e. they contain a "minimal" OS (PE or the like) capable of restoring an image of the whole (or part) of the OS partition.
But - here we are not yet on the same wavelength - if you do #3 (i.e. write 00's to the volume) before, there is NOTHING to be wiped, everything that the install/recovery mechanism can access is already 00.
Admittedly some (NOT *all*, and not even *many*) "recovery partitions" may by themselves wipe the volume(s) thus making the "preventive" #3 unneeded.
Is there any mode similar to #3 of wiping, when we are speaking of XP, or in that case we have to use DBAN or similar outside the OS in order to wipe?
It is exactly the same as Vista and later, the only difference is that there is not a OS built-in tool and FORMAT does NOT perform any wiping.
There are wiping tools that can run from a booted XP alright, but of course you can not wipe "self".
Which means that, exactly like with Vista and above you will need to use an external dive case/connection and wipe from *another* PC (most times slower).
jaclaz
It seems that, according all what you have explained, the best option could be reboot from DBAN, wipe whole drive(only 1 pass, or better 3?) and then reinstall operating system.
a- Perhaps could do a second wipingm rebooting from BCWIPE total which is said to wipe -1pass- even HPA/DCO?
b- By the way What to do when you want to delete files from an external USB hard drive(containing encrypted volumes with files), and then wipe, overwriting free space? Would be very annoyant do move all files and then do a fukk DBAN wiping.
c)Booting from live USB stivk with DBAN and wipinng whole disk, and then install Windows, would be accoring your 4 points lists of differents manners of wiping a HDD, which of them would match to?
It seems that, according all what you have explained, the best option could be reboot from DBAN, wipe whole drive(only 1 pass, or better 3?) and then reinstall operating system.
a- Perhaps could do a second wipingm rebooting from BCWIPE total which is said to wipe -1pass- even HPA/DCO?
NO.
Anything BUT a SINGLE (ONLY ONE or ONCE) pass with 00's is enough.
Doing more than a single pass on the same area is unneeded.
Using more than one program to write 00's on the same areas is foolish.
Once a byte is set to 00, it is set to 00, and remains set to 00.
The above are facts, the following are opinions
The best option (IMHO) is to use the internal ATA commands (because they are faster and actually implemented by the actual hard disk manufacturers, who in theory should know how their disks behave and how to write an internal command)
This is however more than what is normally *needed* and applying the one, only, single 00 pass to the whole disk (\\PhysicalDrive) or just to the actual volume(s) (\\LogicalDrive(s)) cover all normal needs.
And in all the above a re-install from scratch is to be performed (if the disk is hosting an OS and is to be re-sold as part of a working PC).
Using a third party app to wipe only slack space, unused files, clean the registry, etc. gives NO guarantee whatsoever.
b- By the way What to do when you want to delete files from an external USB hard drive(containing encrypted volumes with files), and then wipe, overwriting free space? Would be very annoyant do move all files and then do a fukk DBAN wiping.
Of course if you have a disk that is not an OS disk, and it's contents are one or more (encrypted) container files, a tool like sdelete or similar will do the wiping of the "unallocated space" outside said container files alright.
c)Booting from live USB stivk with DBAN and wipinng whole disk, and then install Windows, would be accoring your 4 points lists of differents manners of wiping a HDD, which of them would match to?
#2
2. Parts of the entire disk accessible by software (\\.\PhysicalDrive)
jaclaz
Jaclaz, first of all, thank you very much for all your very valuable and friendly information 😉
a. You said 'Of course if you have a disk that is not an OS disk, and it's contents are one or more (encrypted) container files, a tool like sdelete or similar will do the wiping of the "unallocated space" outside said container files alright.'
Do you mean that using a tool like sdelete would erase ONLY all free space OUTSIDE the volumes contained in the disk? The disk only contains a few Truecrypt encrypted volumes, inside, there are files. So, I think what I should erase is when I delete inside any of these encrypted volumes any file(sometimes, the deleted files goes to the own volume recycle bin, sometimes, do not why, deleted files go to Pc´s recycle bin).
b. I have read a sdelete tutorial, which is run by commands. However, me being ignorant about these subjects, don´t feel very secure with this as I am afraid of accidentally delete not free space but any volume or file Do you know any free and similarly reliable and effective tool for securely wiping free space from an external HDD or Flash USB memory(card, pendrive, etc.)?
c.Then, a wiping made on an external HDD or USB stick using a software as sdelete or any similar software not run by commands will be AS SECURE as that wiping performed on a laptop or PC,s HARD DRIVE Operating System run, using DBAN? Have both the same security level?
b. is incomplete. I wanted to say that if you know any other software similarly effective but not run by commands.