Is it possible to remove user data without a nuke and pave?

T

TheITGuy

Member
Reaction score
0
I received a task from a client to wipe all of their data and leaving the computer with the programs still installed. I thought about wiping all restoration points then wiping all existing user accounts. Would this be a viable method of attack or should i nuke a pave it. I guess essentially what I'm asking is if the first method is just as effective as a nuke and pave when it comes to not being able to pull the old data from it. Which to my understanding isn't actually as safe as everyone thinks it is. Thanks guys!
 
I wonder why they want to do this?

I think you can use a program like Eraser to do this, though I'm not sure I'd trust it if there were easily accesible information that might do harm in the wrong hands.

Like lets say they though it'd be a good idea to make a text file on the desktop containing all their personal and financial information and named it so it would be easy to spot. Don't know that I'd trust a data shredder here, don't know that I'd want to let that hard drive live. I'd personally destroy it.
 
Why? If they've got 3rd party software that they're afraid they wouldn't be able to reinstall properly, it's a sound request. They might not understand all the steps involved but, as a request, it makes perfect sense.
 
TheITGuy said:
I received a task from a client to wipe all of their data and leaving the computer with the programs still installed. I thought about wiping all restoration points then wiping all existing user accounts. Would this be a viable method of attack or should i nuke a pave it. I guess essentially what I'm asking is if the first method is just as effective as a nuke and pave when it comes to not being able to pull the old data from it. Which to my understanding isn't actually as safe as everyone thinks it is. Thanks guys!
Click to expand...

I've often performed what I think of as a "light wipe" of deleting profiles, user files, etc. so it's essentially fresh & new from the standpoint of the casual user with no obvious leftovers from the previous user.

That certainly isn't as effective as a nuke and pave. But then again, a nuke and pave (by itself) isn't effective either if someone makes a reasonable effort to recover whatever may have been wiped.

A key issue is how sensitive is the data is that is being removed. And what will be done with the computer after it's cleaned up. If it's being handed from family member to trusted family member, or employee to trusted employee, then a light wipe might be OK as long as the client clearly understands it's not guaranteed security. If the absolute destruction of past data is of ultimate importance, then you shouldn't take this approach.
 
From the OP, I didn't read in that it would necessarily be handed off to someone else. IF that were the case, I would also recommend a free space wipe after everything else was done.
 
Option 1 is to delete all unwanted user data then erase all unallocated sectors
Option 2 is to get a full sector-by-sector clone, do a full erase of the original drive, delete the unwanted data off the clone, then use a program like ghost to just copy the up-front data
Option 3 is to delete the data and simply ghost what is left to a new drive

Option 3 is the safest and fastest method.
 
Thanks a ton guys, I ended up. Backing up the data (music,pics,documents etc) cloned the hdd. Then used DBAN to wipe the drive, I just wished I knew before hand that it would take 14hrs to complete using the rcmp method. And I dont think I can stop it :facepalm:
 
mraikes said:
I've often performed what I think of as a "light wipe" of deleting profiles, user files, etc. so it's essentially fresh & new from the standpoint of the casual user with no obvious leftovers from the previous user.

That certainly isn't as effective as a nuke and pave. But then again, a nuke and pave (by itself) isn't effective either if someone makes a reasonable effort to recover whatever may have been wiped.

A key issue is how sensitive is the data is that is being removed. And what will be done with the computer after it's cleaned up. If it's being handed from family member to trusted family member, or employee to trusted employee, then a light wipe might be OK as long as the client clearly understands it's not guaranteed security. If the absolute destruction of past data is of ultimate importance, then you shouldn't take this approach.
Click to expand...

+1

We do this quite often.

Rick
 
You must log in or register to reply here.

Similar threads

HCHTech
Slow opening times for files on a network drive
Replies
10
Views
355
trevm999
trevm999
backwoodsman
Windows 11 without a Microsoft account?
2 3
Replies
51
Views
3K
Rigo
Rigo
Appletax
[SOLVED] Is it bad that I installed a device driver for a non-existent device?
Replies
6
Views
383
ThatPlace928
ThatPlace928
Appletax
[SOLVED] Can't remove fake BSOD that might use mshta.exe
Replies
5
Views
263
NviGate Systems
NviGate Systems
mrccocking
GDPR and Drives
Replies
6
Views
363
mrccocking
mrccocking
Back
Top