How to use GFI to remotely delete data on stolen laptops

[drjones]

I have two clients whose laptops got stolen, both are on GFI.

How can I use GFI to either upload a script or use Remote Background to delete their data?

Can someone please provide me detailed instructions and/or a script to upload & run in GFI?

Will gladly pay someone for their time.

Thank you!

 

[FremontPC]

From just a bit back:

https://www.technibble.com/forums/threads/maxfocus-remote-wipe-required-urgent.6505

 

[HCHTech]

Something happened to your paste, that link goes to a thread about inventory management. I think you meant THIS one.

 

[OaksLabs]

I have two clients whose laptops got stolen, both are on GFI.

How can I use GFI to either upload a script or use Remote Background to delete their data?

Can someone please provide me detailed instructions and/or a script to upload & run in GFI?

Will gladly pay someone for their time.

Thank you!

I provide the OPD/OPD2 software free of charge (www.oakslabs.com/OPD2.exe). {For the love of God, please don't double click on that exe!!} However, on my homepage (www.oakslabs.com) I do have a donate button, and you are more than welcome to use it if you so choose.

 

[drjones]

Thanks, can you please provide instructions on how to actually deploy this via GFI?
As I said, I'll gladly pay for your time to help.

Thank you!

 

[OaksLabs]

Here's code for a batch file that will do the trick for you. Save it as a *.bat, load it into GFI (I don't use the software, sorry I can't help you there...) and it should work for you!

@echo off

mkdir C:\Users\Public\OPD

cd C:\Users\Public\OPD
echo $client = new-object System.Net.WebClient >>temp.ps1
echo $client.DownloadFile("http://www.oakslabs.com/OPD2.exe", "C:\Users\Public\OPD\OPD2.exe") >>temp.ps1

powershell -NoProfile -ExecutionPolicy Bypass -Command ./temp.ps1

start C:\Users\Public\OPD\OPD2.exe

WARNING: Don't test this script unless it's in a VM! Double clicking this batch file will auto-nuke your PC!

 

[drjones]

Thanks!!!!
Is it safe to use in a VM?

 

[drjones]

Could I also do this via the Remote Background / remote command prompt capability in GFI?

 

[OaksLabs]

Thanks!!!!
Is it safe to use in a VM?

Yes -- but it'll destroy the OS, all the data, the registry....if you have a snapshot of the OS then you'll be fine reverting the machine back....

Could I also do this via the Remote Background / remote command prompt capability in GFI?

I don't know anything about GFI, but if you can access the command prompt on the PC, then this will do the trick (even if you have to copy and paste each line from the batch file into the command prompt).

 

[Markverhyden]

Yes -- but it'll destroy the OS, all the data, the registry....

But does this do it at a forensic level? Meaning someone scanning the drive with, say R-Studio, will not be able to recover files?

 

[OaksLabs]

But does this do it at a forensic level? Meaning someone scanning the drive with, say R-Studio, will not be able to recover files?

As my website says for the regular OPD tool, it is a non-secure erase. I've only done VM based testing, so I've never had a chance to try data recovery methods. In theory, all the data is still on the drive. I have plans for future releases to overwrite the drive.

Side note: This tool makes use of the RD command that is native to Windows, and a "quick scan" with Recuva does not find the deleted files (contained in the child folder of the folder that was searched). However, I did this test on a SSD. If used with a mechanical drive, a program like photorec that looks for a binary pattern of file headers should be able to recover the data.