1
00:00:00,570 --> 00:00:04,860
Welcome to Part Five of this module in this video.

2
00:00:04,880 --> 00:00:10,730
We're going to be taking a look at how to completely and securely wipe a hard drive so that the data

3
00:00:10,760 --> 00:00:12,380
cannot be recovered from it.

4
00:00:12,410 --> 00:00:18,560
Using Derek's boot and nuke it is always a good idea to do this before you get rid of an old computer

5
00:00:18,950 --> 00:00:20,630
simply deleting files.

6
00:00:20,690 --> 00:00:23,330
As you know doesn't really get rid of them.

7
00:00:23,360 --> 00:00:30,980
They can still be recovered using various tools and techniques for that reason it is necessary to repeatedly

8
00:00:31,010 --> 00:00:35,020
overwrite deleted information with pseudo random data.

9
00:00:35,030 --> 00:00:41,510
You might also want to wipe a hard drive any race the partition tables if you want to start over from

10
00:00:41,510 --> 00:00:44,150
scratch with a particular machine.

11
00:00:44,150 --> 00:00:50,600
Remember that when you do this everything gets destroyed and what you are left with is an un formatted

12
00:00:50,600 --> 00:00:53,070
hard drive with no operating system.

13
00:00:53,150 --> 00:00:58,400
From there you'd need to install whatever operating system or systems that you desire.

14
00:00:58,400 --> 00:01:05,390
I make it a personal policy to wipe any used or refurbished machine that I purchase very thoroughly.

15
00:01:05,390 --> 00:01:09,640
After I first made certain that I've written down my Windows product key.

16
00:01:09,680 --> 00:01:15,220
This is because you can never be sure that he used system doesn't have some kind of malware on it.

17
00:01:15,230 --> 00:01:21,530
There is also the fact that you can't be sure what the system was previously used for and should the

18
00:01:21,530 --> 00:01:23,800
authorities ever wished to take a look at it.

19
00:01:23,810 --> 00:01:28,110
You don't want any nasty surprises from the former owner being recovered.

20
00:01:28,250 --> 00:01:34,850
In fact periodically wiping your machine and reinstalling fresh isn't a bad idea from a simple security

21
00:01:34,850 --> 00:01:36,080
perspective.

22
00:01:36,140 --> 00:01:42,180
If your situation allows for it to be convenient the procedure is actually very simple.

23
00:01:42,200 --> 00:01:52,040
We're going to first download Derek's boot and nuke from D band dot org by pressing the download link

24
00:01:52,790 --> 00:02:04,470
and the next we're going to download Rufus from Rufus start I a simple search should bring you here.

25
00:02:04,470 --> 00:02:06,000
I've already gone ahead and done this.

26
00:02:06,000 --> 00:02:12,720
As you can see I should mention that if you have a C.D. burner and a drive on the machine that you're

27
00:02:12,720 --> 00:02:19,020
working with you could burn the DB and ISO twist C.D. and use that instead.

28
00:02:19,020 --> 00:02:24,450
So I've gone ahead and I've inserted a USP device and we're going to launch Rufus.

29
00:02:24,570 --> 00:02:28,780
If you haven't used it before Rufus is pretty straightforward.

30
00:02:28,830 --> 00:02:33,930
Select the U.S. B device that you wish to use from the drag down menu.

31
00:02:33,930 --> 00:02:39,120
Keep in mind that you need to select the right one because whichever device you do end up picking will

32
00:02:39,120 --> 00:02:40,520
be completely wiped.

33
00:02:40,520 --> 00:02:46,620
By this process next you want to make sure that in the second drag down menu under boot selection disk

34
00:02:46,650 --> 00:02:49,200
or iso image is selected.

35
00:02:49,200 --> 00:02:56,140
Once that is done press the select button and go ahead and choose the D band iso image.

36
00:02:56,150 --> 00:03:04,070
Now you do have the option to change the partition scheme from NBER to GP t in case your computer lacks

37
00:03:04,130 --> 00:03:10,250
a legacy boot option or for whatever reason you've chosen not to enable it for this demonstration.

38
00:03:10,250 --> 00:03:16,140
I will be using MPR and embers what she would use with any older system or virtual box.

39
00:03:16,160 --> 00:03:21,890
Once that is done you can leave all of the other options as default and press the start button.

40
00:03:21,890 --> 00:03:27,500
This will of course warn you that all of the data on the device you have chosen is about to be erased.

41
00:03:27,500 --> 00:03:33,010
This should take only a minute because D ban is actually quite a small file.

42
00:03:33,020 --> 00:03:33,820
There we go.

43
00:03:33,830 --> 00:03:34,870
All done.

44
00:03:35,180 --> 00:03:42,500
We can now close Rufus and we'll probably want to inject the USP device until we're actually ready to

45
00:03:42,500 --> 00:03:44,990
use it in this demonstration.

46
00:03:44,990 --> 00:03:49,930
I'll be using virtual box in order to illustrate how this process works.

47
00:03:49,970 --> 00:03:56,000
If you want to follow along and test it for yourself using virtual box you could use the USP device

48
00:03:56,030 --> 00:04:06,140
that you just chose or simply add the DB an image to the drive and click ok and then go ahead and launch

49
00:04:06,140 --> 00:04:07,070
the system.

50
00:04:07,070 --> 00:04:13,760
By the way if you decide to experiment with D ban using virtual box please make sure that you select

51
00:04:13,790 --> 00:04:20,420
a fixed size for the virtual machine that you create 10 gigs or so is really more than enough.

52
00:04:20,420 --> 00:04:25,750
So here we are in D ban if you booted your system using the USP device.

53
00:04:25,760 --> 00:04:27,490
This will be full screen.

54
00:04:27,500 --> 00:04:33,930
I apologize for the rather small aspect ratio that is an artifact of virtual box.

55
00:04:33,950 --> 00:04:36,510
The menu here is pretty self-explanatory.

56
00:04:36,530 --> 00:04:42,520
I recommend against using the auto nuke feature because it is lazy and you may not like it.

57
00:04:42,620 --> 00:04:49,070
Instead press the Enter key DB n is now going to register USP devices.

58
00:04:49,070 --> 00:04:57,080
This can take a few minutes and I've noticed that it can be really slow on older machines particularly

59
00:04:57,080 --> 00:05:01,070
older laptops that use USP 1.0.

60
00:05:01,100 --> 00:05:02,560
Please be patient.

61
00:05:02,600 --> 00:05:04,560
Now this next step is crucial.

62
00:05:04,580 --> 00:05:08,130
We need to select which partitions that we want to wipe.

63
00:05:08,300 --> 00:05:11,150
In this example only one partition is listed.

64
00:05:11,150 --> 00:05:17,270
But if you have multiple partitions you would want to use the arrow keys to move up and down the list

65
00:05:17,360 --> 00:05:22,770
and press the spacebar to designate which partitions you want to wipe.

66
00:05:22,880 --> 00:05:27,830
If you boot from a USP device the device that you use will also be listed.

67
00:05:27,920 --> 00:05:32,390
So make sure that that is not selected unless it is your intention to wipe it.

68
00:05:32,480 --> 00:05:36,500
Once you've selected the partitions that you want to wipe it should say wipe.

69
00:05:36,500 --> 00:05:38,350
Next to them in brackets.

70
00:05:38,630 --> 00:05:43,330
With this being done press the end key to set the method that you want.

71
00:05:43,330 --> 00:05:50,930
DB And to use if you watched any of the prior videos in this module you already know what these options

72
00:05:50,960 --> 00:05:54,270
are but if not I will quickly go over them now.

73
00:05:54,290 --> 00:05:59,980
The more times you overwrite deleted data the harder it is to recover that data.

74
00:06:00,050 --> 00:06:07,460
Forensic experts and hackers with sophisticated tools can usually recover information pretty easily

75
00:06:07,460 --> 00:06:10,100
when it has only been overwritten once or twice.

76
00:06:10,130 --> 00:06:17,720
If all you want to do is delete a partition or partitions and you don't care about security quicker

77
00:06:17,720 --> 00:06:20,920
race is really the option that you want to pick.

78
00:06:20,930 --> 00:06:22,860
It should be just fine.

79
00:06:22,880 --> 00:06:24,600
This is what you should choose.

80
00:06:24,620 --> 00:06:30,110
If you're just fooling around with an old laptop installing different operating systems trying different

81
00:06:30,110 --> 00:06:36,920
encryption schemes and you just want to start over and security isn't a consideration duty short is

82
00:06:36,920 --> 00:06:39,530
considered the default selection.

83
00:06:39,530 --> 00:06:45,680
It is the method used for short wipes by the American Department of Defense and is typically used for

84
00:06:46,040 --> 00:06:48,440
the secure removal of secret data.

85
00:06:48,440 --> 00:06:55,640
This method uses three passes which means it's going to go over any partitions and drives selected and

86
00:06:55,640 --> 00:06:58,970
right random data to them three times.

87
00:06:58,970 --> 00:07:05,600
If you're one of those people who makes it a practice to routinely wipe your computer for security reasons

88
00:07:05,990 --> 00:07:11,360
say every month or so then three passes is probably your best selection.

89
00:07:11,590 --> 00:07:19,040
D 52 20 is the standard WIP used by the American Department of Defense to delete information classified

90
00:07:19,070 --> 00:07:20,550
as top secret.

91
00:07:20,570 --> 00:07:25,220
It will apply seven passes to all partitions and drive selected.

92
00:07:25,220 --> 00:07:28,250
Keep in mind this will take a very long time.

93
00:07:28,250 --> 00:07:32,870
This is the method I would recommend to wipe a computer before selling it.

94
00:07:32,900 --> 00:07:38,600
RCMP is short for the Royal Canadian Mounted Police technical security standard.

95
00:07:38,630 --> 00:07:41,310
You can read about it online and how it differs.

96
00:07:41,360 --> 00:07:48,220
If you care but the only really important thing to note here is that it uses 8 passes instead of 7.

97
00:07:48,260 --> 00:07:52,250
The Gutman wipe will conduct 35 passes.

98
00:07:52,250 --> 00:07:57,370
It takes an extremely long time and it is very hard on your computer.

99
00:07:57,380 --> 00:08:02,810
This is not recommended for solid state hard drives which have a limited number of read rights before

100
00:08:02,810 --> 00:08:04,400
they begin to fail.

101
00:08:04,400 --> 00:08:07,050
I wouldn't use it on EMC.

102
00:08:07,070 --> 00:08:08,540
Flash memory or the like.

103
00:08:08,540 --> 00:08:12,170
Either Guttman is what you select when you want to.

104
00:08:12,170 --> 00:08:18,950
Absolutely and totally wipe out a drive because you're done with it or because it held information that

105
00:08:18,950 --> 00:08:26,540
you need to be very sure is gone forever even if it means potentially harming your drive 35 passes will

106
00:08:26,540 --> 00:08:29,530
take a very very long time.

107
00:08:29,570 --> 00:08:38,090
Finally pure energy stream is suggested for newer machines it will use a random number of rounds between

108
00:08:38,180 --> 00:08:40,850
foreign aid for this demonstration.

109
00:08:40,850 --> 00:08:45,380
I will select the quicker race option when you've made your choice.

110
00:08:45,410 --> 00:08:53,090
Press the space bar then to start the process we just need to press the f 10 key.

111
00:08:53,090 --> 00:08:58,130
Be aware that on some machines you will need to press an additional key.

112
00:08:58,130 --> 00:09:07,250
For example the windows plus f 10 key or the F N plus f 10 key some systems seem to require that you

113
00:09:07,250 --> 00:09:09,850
hold control plus f 10.

114
00:09:09,890 --> 00:09:13,190
If you find that f 10 alone is unresponsive.

115
00:09:13,190 --> 00:09:19,740
Please try these combinations one at a time until you find the one that is applicable for your system.

116
00:09:19,760 --> 00:09:22,180
Now the wiping process has begun.

117
00:09:22,190 --> 00:09:29,120
Remember that this destroys absolutely all data on all the partitions selected including the partition

118
00:09:29,120 --> 00:09:31,020
tables themselves.

119
00:09:31,070 --> 00:09:37,010
If you wipe your whole computer you will be presented with a message telling you that no operating system

120
00:09:37,010 --> 00:09:38,650
is detected when you boot up.

121
00:09:38,660 --> 00:09:45,410
This allows you to install your own OS and setup the partition table however you desire and that is

122
00:09:45,410 --> 00:09:46,460
really about it.

123
00:09:46,490 --> 00:09:53,420
It is possible to use DB band to wipe USP devices only if you were to select the USP device from the

124
00:09:53,420 --> 00:09:57,620
list and make sure that your system partitions are not selected.

125
00:09:57,620 --> 00:10:01,700
This video was included in this module for two reasons.

126
00:10:01,820 --> 00:10:08,960
First if anything goes wrong when you are trying to create hidden encrypted operating systems DB n is

127
00:10:08,960 --> 00:10:12,200
the simplest way to start over from scratch.

128
00:10:12,200 --> 00:10:19,130
Second if you read through the true crypt and very script documentation you will see that pseudo random

129
00:10:19,130 --> 00:10:25,940
data generated by these encryption programs to wipe out their activity is of the same character as that

130
00:10:25,940 --> 00:10:27,700
generated by D.

131
00:10:27,920 --> 00:10:35,480
In other words using DB and periodically or even once when you first get a used computer enhances plausible

132
00:10:35,480 --> 00:10:36,920
deniability.

133
00:10:36,920 --> 00:10:44,270
You can quite honestly say that you used such a program to wipe the driving question and that is why

134
00:10:44,330 --> 00:10:47,180
such random data exists on the drive.

135
00:10:47,180 --> 00:10:48,410
Thank you for your attention.