Can the government tell you wiped your hd?

ch33zw1z · Nov 6, 2016

So I keep looking at this thread, and I guess I'll toss in my 2 cents...

Can the government tell you wiped your drive?

Short answer, yes.

Does it matter? hardly.

They can't determine what used to be there, and the onus is on them to prove something.

I often times dban drives while cleaning up after working on people's pc's

Red Squirrel · Nov 6, 2016

Mike64 said:
Hardly...

Tell that to Aaron Swartz and countless "pirates" that got sentenced to 25+ years in jail. I hate to even use the word pirate as it makes it sound like it's some huge high profile crime or something, but that's how the government treats it. Heck look at what Kim Dotcom went through, he was not even a pirate, he just hosted a file site that happened to be used by some people for pirated content.

But back to original topic another good idea is to simply get into the habit of zeroing drives in general. If the government notices you only did it to one drive and not the others it looks more like you have something to hide. But if it's just a habit you could easily just argue that you think it makes the system faster and more fresh when you reinstall, or some BS like that.

But the best bet is to not land yourself in a situation where the government can possess one of your drives.

Rifter · Nov 10, 2016

This is why all my hard drives are in a single stack with a Thermite charge wired ontop of them. Its the only way to be sure.

Mike64 · Nov 13, 2016

Red Squirrel said:
Tell that to Aaron Swartz and countless "pirates" that got sentenced to 25+ years in jail. I hate to even use the word pirate as it makes it sound like it's some huge high profile crime or something, but that's how the government treats it. Heck look at what Kim Dotcom went through, he was not even a pirate, he just hosted a file site that happened to be used by some people for pirated content.

If you seriously believe that sentence makes the least amount of sense, all I can say is....No, on second thought, I'll just say "whatever". You're Canadian, I believe? You are therefore, at least at the moment, among the very least of my worries...<sigh>

ch33zw1z said:
Short answer, yes.
Does it matter?

That depends entirely on why one is wiping one's hard drive and what other evidence exists for whatever gave the "The Government" grounds to seize and then examine your hard drive in the first place ...

They can't determine what used to be there, and the onus is on them to prove something

As I wrote earlier:

And last, but by no means least, don't get hung up on what is and isn't "proof". "Proof" is simply admissible evidence sufficient to convince a judge or a jury, not to counter every, er, imaginative "possible explanation" a bunch of random adolescent-geeks-on-the-Internet come up with, with or without benefit of recreational psychoative substances...

ch33zw1z · Nov 13, 2016

Believing something exists and proving something exists beyond a reasonable doubt is not the same thing.

Admissible evidence is a wiped hard drive? hardly, and believing so doesn't mean you're high.

If you're convicted of a crime based on circumstantial evidence, then our legal system has failed you.

Disk drives can be and will be wiped for quite and few reasons, it's not a crime.

I don't disagree with your point of why it's being looked at it the first place. just that a wiped disk is specifically evidence.

If your already under investigation, a wiped disk drive, being circumstantial evidence, is moot.

Red Squirrel · Nov 13, 2016

Mike64 said:
If you seriously believe that sentence makes the least amount of sense, all I can say is....No, on second thought, I'll just say "whatever".

As I wrote earlier:

Those sentences never make sense but they happen. They do it to "set an example" and computer related crime has ridiculous sentences compared to actual real harmful crime. And I was actually wrong, it was actually 35 years for Aaron. I would probably kill myself too even without depression. Or at very least find a way to disappear completely.

JEDIYoda · Nov 19, 2016

+Windex works quite well!!

Billb2 · Nov 19, 2016

When a HDD is made the platter(s) are empty. There is no magnetism. In the "olden days" they came that way and you had to do a "low level format" with FDisk to set up the FAT table. Now they come formatted.

Whether the "government" can see if your drive was "wiped" depends on how hard they look. Ultimately, if they look hard enough they can tell no matter what you do. You can make it more difficult, but I don't think you can make it impossible to do.

My guess would be that a strong demagnetizing would make it very, very difficult to see anything. but that may have to be strong enough to demagnetize the magnets that are used for head movement and render the drive inoperable too.

corkyg · Nov 19, 2016

If the situation warrants, the drive can be opened in a lab and platter edges can reveal a lot about what has been done to the drive. If you are really concerned, a good defense is an oxy-acetylene torch.

Savatar · Jan 9, 2017

Red Squirrel said:
Yep just fill it with random "mainstream" data.

I've read that wiping a modern solid state drive (SSD) is fundamentally different than wiping an older mechanical disk. Because of the way the firmware works on an SSD, you do not really have control about where the data is written on the disk, so some software that would work to perform passes to wipe an older mechanical drive would not be effective on an SSD, because you couldn't guarantee every SSD cell was actually written to because of how the firmware tries to ensure the writes are distributed to enhance longevity. Therefore, your recommendation about filling the filesystem to capacity with random benign files after a full format may actually be safer than wiping the drive using passes now. The format is important because in most filesystems including NTFS, residual file pointer entries that contain metadata or even textual data in alternate data streams are separate from the file entries themselves, they can persist long after the files are deleted - a full format helps to guarantee they are removed.

Hope this helps, if someone knows more about that feel free to provide more info or correct me if I'm wrong.

corkyg · Jan 9, 2017

The question was about HDDs, not SSDs. As for SSDs, what does Secure Erase do? Can a qualified entity detect that is has been used?

Savatar · Jan 9, 2017

corkyg said:
The question was about HDDs, not SSDs. As for SSDs, what does Secure Erase do? Can a qualified entity detect that is has been used?

The internal ATA Secure Erase feature locks the drive while it runs, so if anything happens that powers off the system while it's running, the drive is effectively bricked. I've lost a drive that way, so don't use that anymore.

There is data agencies can pull to see how often the cells have been written/re-written, which would give a pretty good indicator that there was data there before. The SSD needs this data to know where to write so that it doesn't prematurely wear out cells.

Red Squirrel · Jan 9, 2017

For SSD I think what you'd have to do is generate a very large file that fills all the space. Though even then some SSDs may have more "sectors" than are needed so that it can do wear leveling and last longer. But probably a safe bet to just generate a really huge file, delete it, and regenerate it and repeat a few times. At least the majority of sectors will be deleted. But yeah not enough info is known about SSDs and data recovery at this point so I probably would not plan to give/sell a used SSD at this point, and just re-purpose for your own uses. If disposing of one you want to open it up and destroy all the flash chips. Throwing the board in the coals of a camp fire would probably do the trick.

Elixer · Jan 9, 2017

Savatar said:
The internal ATA Secure Erase feature locks the drive while it runs, so if anything happens that powers off the system while it's running, the drive is effectively bricked. I've lost a drive that way, so don't use that anymore.

That would be a firmware issue if the drive lost power like that...and didn't recover.

Yes, most SSDs do keep track of secure erasing.

JEDIYoda · Jan 11, 2017

Bird222 said:
How does a new hd look before any thing is done to it? Is it all 0's? What does it look like after a partition and format?

Aren`t you the guy whose hard drive was supoenaed by the Justice department????

Bird222 · Jan 11, 2017

JEDIYoda said:
Aren`t you the guy whose hard drive was supoenaed by the Justice department????

Uh, no. lol.

Red Squirrel · Jan 11, 2017

New drive is all 0's. A formatted drive will have some header info at the start. So if you zero out a drive, format it, install an OS, it will more or less look like a standard pull. Though I might look suspiciously clean if you don't dirty it up a little, install random junk etc. Play with the clock so time stamps arn't all within same time frame. This might be tricky as far as updates go though. Maybe don't update it at all.

lxskllr · Jan 11, 2017

Red Squirrel said:
New drive is all 0's. A formatted drive will have some header info at the start. So if you zero out a drive, format it, install an OS, it will more or less look like a standard pull. Though I might look suspiciously clean if you don't dirty it up a little, install random junk etc. Play with the clock so time stamps arn't all within same time frame. This might be tricky as far as updates go though. Maybe don't update it at all.

It's the drive I use to test gnu/linux distros

should be sufficient

bononos · Jan 24, 2017

John Connor said:
Bleachbit or DBAN. Call it a day. If it's a SSD, Parted Magic will do.

Your welcome.
Oh, pattern? Just use the apparent "DOD 5220 7 pass."
..........

Isn't that 7-pass thing based on a theory about national agencies having the tools to pull out data? Was it even feasible in practice?

Writing the entire disk just takes too long for me and I only zero fill the MFT area.

superstition · Jan 24, 2017

Red Squirrel said:
Those sentences never make sense but they happen. They do it to "set an example" and computer related crime has ridiculous sentences compared to actual real harmful crime. And I was actually wrong, it was actually 35 years for Aaron. I would probably kill myself too even without depression. Or at very least find a way to disappear completely.

He killed himself just like Deborah Palfrey did. Just like Michael Connell's plane just happened to run out of gas.

Pro tip: If you begin a sentence with "Can the government" the answer is always yes.

superstition · Jan 24, 2017

Red Squirrel said:
it looks more like you have something to hide.

People need to stop saying that.

It's not about whether or not someone "has something to hide". Everyone wants privacy. The real issue is "something illegal to hide". (Even better is "something so detrimental to society as to deserve illegal status" but that's too complex for most.)

People need to start saying that instead. It would go a long way toward getting people to stop siding with authoritarianism reflexively.

Glenn Greenwald wrote an article asking anyone who has nothing to hide to send him all their personal information so he can publish it. He said he has never received a single e-mail to that address.

People need to remember that privacy is NOT just about concealing crimes. It's also about just not being exposed to criminals who would do you harm. Information is power. Everyone has some power whether they choose to recognize it or not. Just handing all that power over without thought isn't a great idea nor should someone like that expect everyone else to acquiesce because they chose to.

And, even beyond criminality, do you really want to invite Gladys Kravitz into your bedroom? Because, if you don't have anything to hide, you really have no reason not to, right?

Red Squirrel · Jan 24, 2017

You took that WAY out of context. i had to go back to see where I said that but the context was that if you do something to only one device and not the others the government will think you have something to hide, and be more likely to dig deeper. My suggestion was that you should do it regularly to all drives and not just the one you want to zero out.

Trust me I hate when people say they have nothing to hide and think it's ok to spy on people.

John Connor · Jan 24, 2017

bononos said:
Isn't that 7-pass thing based on a theory about national agencies having the tools to pull out data? Was it even feasible in practice?

Writing the entire disk just takes too long for me and I only zero fill the MFT area.

Just writing over the MFT isn't deleting your data.

bononos · Jan 25, 2017

John Connor said:
Just writing over the MFT isn't deleting your data.

You're right so a overwriting data (zero-fill) once should do it, which for me is a few files which are encrypted.

I don't believe govt agencies can retrieve harddisk data which has been secure erased even once.

John Connor · Jan 25, 2017

bononos said:
I don't believe govt agencies can retrieve harddisk data which has been secure erased even once.

You'd be wrong because the FBI can do it. And they can recover data from HDDs that have been damaged by a hammer, fire, you name it. To be absolutely sure, just thermite it. The components are on eBay.

Can the government tell you wiped your hd?

Lifer

No Lifer

Lifer

Platinum Member

Lifer

No Lifer

Lifer

Diamond Member

Elite Member | Peripherals

Senior member

Elite Member | Peripherals

Senior member

No Lifer

Lifer

Lifer

Diamond Member

No Lifer

No Lifer

Diamond Member

Platinum Member

Platinum Member

No Lifer

Lifer

Diamond Member

Lifer