Geeks With Blogs
Derek Meier Geocentric Forensics

 

 

The wiping of a hard drive is typically seen as fairly trivial.  There are tons of applications out there that will do it for you.  Point-->Click-->Global-Thermo Nuclear War.

However, these applications are typically expensive or unreliable.  Plus, if you have a laptop or lack a secondary computer to put the hard drive into – how on earth do you wipe it quickly and easily while still conforming to a 7 pass rule (this means that every possible bit on the hard drive is set to 0 and then to 1 seven times in a row)?  Yes, one pass should be enough – as turning every bit from a 1 to a zero will wipe the data from existence.  But, we’re dealing with tinfoil hat wearing types here people.  DOD standards dictate at least 3 passes, and typically 7 is the preferred amount.  I’m not going to argue about data recovery.  I have been told to use 7 passes, and so I will.  So say we all!

Quite some time ago I used to make a BartPE XP-based boot cd for the original purpose of securely wiping data.  I loved BartPE and integrated so many plugins into my builds that I could do pretty much anything directly from CD.  Reset passwords, uninstall security updates, wipe drives, chkdsk, remove spyware, install Windows, etc.  However, with the newer multi-core systems and new chipsets coming out from vendors, I found that BartPE was rather difficult to keep up to date. 

I have since switched to WinPE 3.0 (Windows Preinstallation Environment). http://technet.microsoft.com/en-us/library/cc748933(WS.10).aspx

 It is fairly simple to create your own CD, and I have made a few helpful scripts to easily integrate drivers and rebuild the ISO file for you.  I’ll cover making your own boot CD utilizing WinPE 3.0 in a later post – I can talk about WinPE forever and need to collect my thoughts!!  My wife loves talking about WinPE almost as much as talking about Doctor Who.  Wait, did I say loves?  Hmmmm, I may have meant loathes.

The topic at hand?  Right. Wiping a drive! I must have drunk too much coffee this morning.  I like to use a simple batch script that calls a combination of diskpart.exe from Microsoft® and Sdelete.exe created by our friend Mark Russinovich. http://technet.microsoft.com/en-us/sysinternals/bb897443.aspx

All of the following files are located within the same directory on my WinPE boot CD.

Here are the contents of wipe_me.bat, script.txt and sdelete.reg.

Wipe_me.bat:

 

@echo off
echo.
echo     I will completely wipe the local hard drives using
echo     7 individual wipes. The data will NOT
echo     be recoverable.  I will begin after you
pause
echo.
echo Preparing to partition and format disk.
Diskpart.exe /s "script.txt"
REM I was annoyed by not having a completely automated script – and Sdelete wants you to accept the license agreement. So, I added a registry file to skip doing that.
regedit /S sdelete.reg
rem sdelete options selected are: -p (passes) -c (zero free space) -s (recurse through subdirectories, if any) -z (clean free space) [drive letter]
sdelete.exe -p 7 -c -s -z c:
echo.
echo Pass seven complete.
echo.
echo Wiping complete.
Pause
exit
 

script.txt:

list disk
select disk 0
clean
create partition primary
select partition 1
active
format FS=NTFS LABEL="New Volume" QUICK
assign letter=c
exit

 

 *Notes: This script assumes one local hard drive – change the script as you see fit for your environment.  The clean command will overwrite the master boot record and any hidden sector information – so be careful!

sdelete.reg:

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Sysinternals\SDelete]

"EulaAccepted"=dword:00000001

 
With a combination of WinPE, sdelete.exe and your friendly neighborhood text editor you can begin wiping drives as quickly and easily as possible!  I hope this helps, I get asked this a lot in my line of work.

Best of luck,

Derek

Posted on Wednesday, June 2, 2010 5:03 PM | Back to top


Comments on this post: Secure wipe of a hard drive using WinPE.

Comments are closed.
Comments have been closed on this topic.
Copyright © Derek Meier | Powered by: GeeksWithBlogs.net