1
00:00:00,000 --> 00:00:06,000
In this lecture, I'm going to show you how to securely format and wipe a USB device and encrypt it

2
00:00:06,000 --> 00:00:15,000
so everything stored on that USB device will be unreadable unless you know the passphrase used for the

3
00:00:15,000 --> 00:00:16,000
encryption.

4
00:00:16,000 --> 00:00:21,000
And to do this again tells what comes with pre-installed tools that allow us to do this.

5
00:00:21,000 --> 00:00:24,000
All we need to do is go to applications.

6
00:00:25,000 --> 00:00:26,000
Utilities.

7
00:00:26,000 --> 00:00:29,000
And we're going to go to the disk utility right here.

8
00:00:30,000 --> 00:00:37,000
Now this utility can be used to format and encrypt any storage device connected to your computer right

9
00:00:37,000 --> 00:00:38,000
now.

10
00:00:38,000 --> 00:00:44,000
So as you can see right here, it's listing all of the storage media that I have connected to this computer.

11
00:00:44,000 --> 00:00:50,000
And as you can see, even if we look here on my file manager, you can see that I have an eight gigabyte

12
00:00:50,000 --> 00:00:50,000
volume.

13
00:00:50,000 --> 00:00:55,000
This is another USB device, not the one that I'm using to boot tails.

14
00:00:56,000 --> 00:01:01,000
And let's assume that I want to securely wipe everything that is in here.

15
00:01:01,000 --> 00:01:06,000
To do that, we're going to go and select it from here, from the left.

16
00:01:06,000 --> 00:01:10,000
And in here you can obviously unmount it.

17
00:01:10,000 --> 00:01:17,000
You can delete the selected partition or you can click on the COGS here to get more options.

18
00:01:17,000 --> 00:01:21,000
And what I want to do right now is format the partition.

19
00:01:21,000 --> 00:01:27,000
And when you click on format, you'll see the first option is the erase option.

20
00:01:27,000 --> 00:01:34,000
So this is set to don't overwrite the existing data, which will be quick, but it's not secure because

21
00:01:34,000 --> 00:01:41,000
it will only mark the locations for available for writing, but the data will still be available and

22
00:01:41,000 --> 00:01:43,000
it'll be easily recoverable.

23
00:01:43,000 --> 00:01:49,000
Therefore, if you want to securely wipe your device, the selected device in here, you want to click

24
00:01:49,000 --> 00:01:50,000
on this.

25
00:01:50,000 --> 00:01:56,000
This will be slow, as you can see, but it will overwrite everything with random data which will make

26
00:01:56,000 --> 00:01:59,000
your previous data that you stored on it harder to recover.

27
00:02:00,000 --> 00:02:07,000
The next option in this window is the file system type that will be used on the storage device.

28
00:02:07,000 --> 00:02:10,000
Now, you usually see this in any operating system.

29
00:02:10,000 --> 00:02:15,000
When you try to format a storage device, you can set it to whatever type you want.

30
00:02:15,000 --> 00:02:22,000
As long as this type is compatible with the operating system that you're going to use it on, you can

31
00:02:22,000 --> 00:02:26,000
use fat or NTFS for windows ext4 for Linux.

32
00:02:26,000 --> 00:02:32,000
Then set the name of the storage media and click on format to format it.

33
00:02:33,000 --> 00:02:41,000
Now, this whole application can also be used to encrypt your storage media after formatting it so that

34
00:02:41,000 --> 00:02:48,000
whenever you store data in it, everything that you store will be encrypted and nobody will be able

35
00:02:48,000 --> 00:02:52,000
to read it unless they know the passphrase used to encrypt it.

36
00:02:52,000 --> 00:02:59,000
So it's similar to the way the persistence storage is configured on tales, because as you remember,

37
00:02:59,000 --> 00:03:06,000
when we set it up to use persistence, I said that this will be an encrypted storage and we set a passphrase

38
00:03:06,000 --> 00:03:10,000
that we need to use in order to unlock the persistence part.

39
00:03:10,000 --> 00:03:12,000
So this is very similar in here.

40
00:03:12,000 --> 00:03:19,000
You can use this program to encrypt a whole USB device, and to do this you just need to click here

41
00:03:19,000 --> 00:03:25,000
on the type and set it to encrypted compatible with Linux systems, which will use Linux encryption.

42
00:03:26,000 --> 00:03:30,000
Now when you click this, as you can see again, you'll have to fill up the name.

43
00:03:30,000 --> 00:03:39,000
So let's say encrypted drive and then we'll have to new input boxes asking us for the passphrase that

44
00:03:39,000 --> 00:03:46,000
will be used to encrypt the storage device so you can pick any strong passphrase you want.

45
00:03:47,000 --> 00:03:48,000
Click on format.

46
00:03:49,000 --> 00:03:55,000
It's going to ask us to confirm that we're formatting the right drive because keep in mind, this will

47
00:03:55,000 --> 00:03:59,000
remove everything that is stored on this device.

48
00:03:59,000 --> 00:04:04,000
It will securely remove that actually to make it very difficult to recover and it's going to encrypt

49
00:04:04,000 --> 00:04:12,000
it so that whatever we store on that device will be unreadable unless the right passphrase is used.

50
00:04:12,000 --> 00:04:14,000
Now, I'm going to say, yes, I want to do this.

51
00:04:14,000 --> 00:04:20,000
I'm going to click on format, give it its time, because like we said, this will not just remove the

52
00:04:20,000 --> 00:04:26,000
files, it will overwrite everything that's there on the device with random data and then remove this

53
00:04:26,000 --> 00:04:33,000
random data to make sure that our previously stored data is very hard to recover.

54
00:04:33,000 --> 00:04:40,000
Once it does all of this, it will also encrypt the storage so that everything we have on it is unreadable.

55
00:04:40,000 --> 00:04:41,000
Without the passphrase.

56
00:04:42,000 --> 00:04:47,000
Now, once done, you'll see the loading circular icon is gone from here.

57
00:04:47,000 --> 00:04:52,000
So that means that the device has been securely wiped and encrypted.

58
00:04:52,000 --> 00:04:58,000
So what I'm going to do right now is I'll close this and I'm actually going to disconnect it from this

59
00:04:58,000 --> 00:05:04,000
computer just to show you what happens when you go ahead and connect it to a computer.

60
00:05:04,000 --> 00:05:11,000
So I'm going to physically remove it now from my Tales computer and I'm going to connect it again.

61
00:05:12,000 --> 00:05:17,000
And as you can see, it appears in here again on the left saying it's an encrypted device.

62
00:05:17,000 --> 00:05:21,000
And if I click on it, you'll see that I can't open it.

63
00:05:21,000 --> 00:05:26,000
I can't see its content because we encrypted this device.

64
00:05:26,000 --> 00:05:33,000
And like I said, it's not going to be accessible unless we know the passphrase in order to decrypt

65
00:05:33,000 --> 00:05:34,000
it and see its content.

66
00:05:34,000 --> 00:05:39,000
So I'm going to put the passphrase that I set when I encrypted the device.

67
00:05:40,000 --> 00:05:44,000
And only now, as you can see, the lock is gone.

68
00:05:44,000 --> 00:05:46,000
And it opened the device for me.

69
00:05:46,000 --> 00:05:51,000
Now, obviously it's empty because we just wiped it and we securely wiped it.

70
00:05:51,000 --> 00:05:56,000
So the data that previously was stored on it should be very difficult to recover.

71
00:05:56,000 --> 00:06:04,000
And now if I put any data on this and disconnect the device, even if someone manages to get their hands

72
00:06:04,000 --> 00:06:12,000
on the device and read the content of it, the contents will be gibberish because everything is encrypted

73
00:06:12,000 --> 00:06:16,000
and it's not readable unless they know the passphrase.