1
00:00:00,660 --> 00:00:08,160
Now in this lecture I'm gonna show you how to securely format and wipe a US b device and encrypted so

2
00:00:08,250 --> 00:00:15,930
everything stored on that USP device will be unreadable unless you know the passphrase used for the

3
00:00:15,930 --> 00:00:17,050
encryption.

4
00:00:17,430 --> 00:00:22,460
And to do this again tells comes with pre installed tools that allow us to do this.

5
00:00:22,620 --> 00:00:30,000
All we need to do is go to applications utilities and we're going to go to the Disk Utility right here

6
00:00:31,350 --> 00:00:38,430
now this utility can be used to format and encrypt any storage device connected to your computer right

7
00:00:38,460 --> 00:00:39,190
now.

8
00:00:39,240 --> 00:00:44,980
So as you can see right here it's listing all of the storage media that I have connected to this computer.

9
00:00:45,060 --> 00:00:51,120
And as you can see even if we look here on my file manager you can see that I have an eight gigabyte

10
00:00:51,150 --> 00:00:51,690
volume.

11
00:00:51,690 --> 00:00:56,700
This is another USP device not the one that I'm using to boot tails.

12
00:00:57,210 --> 00:01:02,750
And let's assume that I want to securely wipe everything that is in here.

13
00:01:02,850 --> 00:01:06,330
To do that we're going to go and select it from here.

14
00:01:06,330 --> 00:01:10,940
From the left and in here you can obviously it.

15
00:01:11,040 --> 00:01:17,810
You can delete the selected partition or you can click on the COGS here to get more options.

16
00:01:18,660 --> 00:01:22,430
And what I want to do right now is for multi partition.

17
00:01:22,920 --> 00:01:28,110
And when you click on format you'll see the first option is the erase option.

18
00:01:28,110 --> 00:01:35,340
So this is said to don't overwrite the existing data which will be quick but it's not secure because

19
00:01:35,340 --> 00:01:39,890
like I said it'll only mark the locations for available for writing.

20
00:01:40,080 --> 00:01:45,470
But the data will still be available and it'll be easily recoverable.

21
00:01:45,600 --> 00:01:51,510
Therefore if you want a security wipe your device the selected device in here you want to click on this

22
00:01:51,870 --> 00:01:55,400
and set it to overwrite existing data with zeros.

23
00:01:55,410 --> 00:02:01,260
This will be slow as you can see but it will overwrite everything with random data which will make your

24
00:02:01,260 --> 00:02:05,830
previous data that you stored on it harder to recover.

25
00:02:05,880 --> 00:02:12,720
The next option in this window is the file system type that will be used on the storage device.

26
00:02:12,720 --> 00:02:15,440
Now usually see this in any operating system.

27
00:02:15,450 --> 00:02:22,440
When you try to format a storage device you can set it to whatever type you want as long as this type

28
00:02:22,440 --> 00:02:26,830
is compatible with the operating system that you're going to use it on.

29
00:02:27,120 --> 00:02:35,400
You can use part or NTFS for Windows XP for or for Linux then set the name of the storage media and

30
00:02:35,400 --> 00:02:45,420
click on format to formatted now this whole application can also be used to encrypt your storage media

31
00:02:45,660 --> 00:02:49,440
after formatting it so that whenever you stored data in it.

32
00:02:49,590 --> 00:02:56,010
Everything that you store will be encrypted and nobody will be able to read it unless they know the

33
00:02:56,010 --> 00:02:58,550
passphrase used to encrypted.

34
00:02:58,650 --> 00:03:04,710
So it's similar to the way the persistent storage is configured on tables because as you remember when

35
00:03:04,710 --> 00:03:11,610
we set it up to use persistence I said that this will be an encrypted storage and we set passphrase

36
00:03:11,610 --> 00:03:15,450
that we need to use in order to unlock the persistence part.

37
00:03:15,780 --> 00:03:17,830
So this is very similar in here.

38
00:03:17,910 --> 00:03:24,960
You can use this program to encrypt a whole USB device and to do this you just need to click here on

39
00:03:24,960 --> 00:03:32,190
the tape and set it to encrypted compatible with Linux systems which will use Luke's encryption.

40
00:03:32,190 --> 00:03:36,030
Now when you click this as you can see again you'll have to fill up the name.

41
00:03:36,030 --> 00:03:39,000
So let's say encrypted drive.

42
00:03:39,810 --> 00:03:47,040
And then we'll have two new input boxes asking us for the passphrase that will be used to encrypt the

43
00:03:47,040 --> 00:03:56,690
storage device so you can pick any strong passphrase you want click on format it's going to ask us to

44
00:03:56,690 --> 00:04:02,810
confirm that we're formatting the right drive because keep in mind this will remove everything that

45
00:04:02,870 --> 00:04:05,210
is stored on this device.

46
00:04:05,210 --> 00:04:09,180
It will securely remove that actually to make it very difficult to recover.

47
00:04:09,320 --> 00:04:16,190
And it's going to encrypted so that whatever we store on that device will be unreadable unless the right

48
00:04:16,280 --> 00:04:18,770
passphrase is used.

49
00:04:18,770 --> 00:04:24,350
Now I'm gonna say yes I want to do this I'm going to click on format give it its time because like we

50
00:04:24,350 --> 00:04:30,830
said this will not just remove the files it'll overwrite everything that's there on the device with

51
00:04:30,830 --> 00:04:38,210
random data and then remove this random data to make sure that our previously stored data is very hard

52
00:04:38,210 --> 00:04:44,960
to recover once it does all of this it will also encrypt the storage so that everything we have on it

53
00:04:45,200 --> 00:04:48,680
is unreadable without the passphrase.

54
00:04:48,680 --> 00:04:53,630
Now once done you'll see the loading circular icon is gone from here.

55
00:04:53,630 --> 00:04:58,160
So that means that the device has been securely wiped and encrypted.

56
00:04:58,580 --> 00:05:04,520
So what I'm going to do right now is I'll close this and I'm actually going to disconnected from this

57
00:05:04,520 --> 00:05:10,970
computer just to show you what happens when you go ahead and connected to a computer.

58
00:05:11,000 --> 00:05:17,900
So I'm going to physically remove it now from my tells computer and I'm going to connect it again.

59
00:05:18,260 --> 00:05:21,510
And as you can see it appears in here again on the left scene.

60
00:05:21,530 --> 00:05:23,480
It's an encrypted device.

61
00:05:23,570 --> 00:05:27,650
And if I click on it you'll see that I can't open it.

62
00:05:27,650 --> 00:05:32,170
I can't see its content because we encrypted this device.

63
00:05:32,210 --> 00:05:39,140
And like I said it's not going to be accessible unless we know the passphrase in order to decrypt it

64
00:05:39,380 --> 00:05:41,240
and see its content.

65
00:05:41,240 --> 00:05:47,870
So I'm gonna put the passphrase that I set when I encrypted the device I'm going to click on unlock

66
00:05:47,870 --> 00:05:49,190
to unlock it.

67
00:05:49,550 --> 00:05:55,470
And only now as you can see the lock is gone and it opened the device for me.

68
00:05:55,490 --> 00:06:00,360
Now obviously it's empty because we just wiped it and we security wiped it.

69
00:06:00,410 --> 00:06:05,950
So the data that previously was stored on it should be very difficult to recover.

70
00:06:06,020 --> 00:06:13,610
And now if I put any data on this and disconnect the device even if someone manages to get their hands

71
00:06:13,610 --> 00:06:21,470
on the device and read the content of it the contents will be gibberish because everything is encrypted

72
00:06:21,710 --> 00:06:25,070
and it's not readable unless they know the passphrase.