Disk FreeSpace Washer Accuracy Help

[JustinReno]

I programmed a small application that overwrites your free diskspace 35 times (The Gutman method). I'm not sure of its actually secure though... Can anyone give me advice on it?

I used AlamarM's password function to generate random characters.

HotKeySet("{ESC}", "MyExit")
$Drive = "E:\"
$File = $Drive&"Fill"&Random(1, 1000000, 1)&".txt"
$Space = DriveSpaceFree($Drive)
$Password = _Randomize(10000000)
For $i = 1 to 35
Do
    ToolTip(DriveSpaceFree($Drive), 0, 0)
    FileWrite($File, $Password)
Until DriveSpaceFree($Drive) <= 5
FileDelete($File)
Next
Func MyExit()
    Exit
EndFunc
Func _Randomize($Length)
    $Array = StringSplit("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789!@#$%^&*-+=", "")
    $Password = ""
    For $X = 1 To $Length
        $Password &= $Array[Random(1, $Array[0], 1) ]
    Next
    Return $Password
EndFunc   ;==>_Randomize

Thanks!

[mikiutama]

i just use this for mine... slightly different than yours...

HotKeySet("{ESC}", "MyExit")
$Drive = "E:\"
$File = $Drive&"Fill"&Random(1, 1000000, 1)&".txt"
$Space = DriveSpaceFree($Drive)
$Password = _Randomize(10000000)
For $i = 1 to 35
Do
    ToolTip(DriveSpaceFree($Drive), 0, 0)
    FileWrite($File, $Password)
Until DriveSpaceFree($Drive) <= 5
FileDelete($File)
Next
Func MyExit()
    Exit
EndFunc
Func _Randomize($Length)
    $chr1 = Chr(Random(33, 255, 1))
    For $X = 1 To $Length
     $Password =  $Password & $chr1 & $chr1
     Next
     Return $Password
EndFunc   ;==>_Randomize

[The Kandie Man]

Just a warning. This is dangerous. By filling up your entire hard disk with junk information you could potentially cause an OS crash. This is because some programs are constantly writing information here and there to the hard disk. An example might be logs, memory dumps, or registry information. If a program were to attempt to do these actions on a hard drive that is completely filled, a massive crash could result. In addition, if you were to try to reboot your OS(if it crashed), the OS might need additional disk space in order to start and since there is no free space to create temporary files, this could result in total failure. You also don't use file handles, so the program has to open and close the file every time it loops. This is slow, inefficient, and puts extra strain on the processor and hard drive of the system.

The only way I see to safely do this is to create a program that boots off a disk that doesn't require an OS to run. It could then add information to the hard drive without risk of crashing the OS because no Operating System is running. In addition, if the program were to error, you would be able to reboot the machine and then the program would be able to delete the file that it created previously when it crashed.

I am not saying that this isn't possible or that it doesn't work. I am just cautioning you because this has the ability to cause massive Operating System failure if someone runs it, but that of course doesn't mean it will.

Just letting you guys know.

- The Kandie Man ;-)

[weaponx]

I'm kind of skeptical as well. I would recommend something tried and true like SDelete from Sysinternals:

http://www.microsoft.com/technet/sysintern...ty/SDelete.mspx

[JustinReno]

I was testing it, but anyways, it deletes the file when done, and wasn't mean't for a hard drive, it was meant for a thumbdrive.

[weaponx]

Well in that case here is what I would do to test the effectiveness.

1. Write a bunch of files to the thumb drive, maybe fill it to capacity

2. Delete all of the files using standard Windows functions

3. Find a decent file recovery utility: http://www.majorgeeks.com/downloads38.html (you may want to try a couple different ones)

4. Attempt to recover some of the deleted files

5. Run your utility against the thumb drive

6. Repeat step 4

Hopefully at Step 6 none of the files will be recoverable.

[JustinReno]

I tried something like that, it recovered files that I don't think I even put on the thumb drive... Maybe its just me though.

[weaponx]

I tried something like that, it recovered files that I don't think I even put on the thumb drive... Maybe its just me though.

Was this after you ran your utility?

[JustinReno]

Yes.

[mikiutama]

same here... the file can be recovered, but the file contents have been changed totally, rendering the file to be useless

here's the results tested by my friend, btw, i'm attaching all his comments i've received since my version 3 (now is version 5), which was based from MR Bond's AU3 secure deleter v3...

date May 9, 2007 4:16 PM

subject Tested Portable Secure Deleter 3.0 Final

Reply

Dear Miki: The most respected file and free space wiper I know of is BCWipe. The freeware Eraser is probably second best. The best forensic utility I know of is Directory Snoop 5.03. A lot of forensic utilities have popped up in the last three years but DN 5.03 remains the best.

I tested your portable file and free space wiper. My results show the utility is invalid (bogus). Check out the attached screen captures. I tested this out on a very small Seagate 4.0 GIG FAT32 drive that is no longer in use. The drive was completely empty at the very start of the test and had only been formatted with a retail (purchased) Partition Magic 7.0. Anyway, best wishes, Stephen Michael at xxxxxx@xxx.xxx. P.S. Your other thinstalled utilities and programs look very promising. Portable Secure Deleter 3.0 Final is no good.

date May 9, 2007 8:48 PM

subject Re: Tested Portable Secure Deleter 3.0 Final

Reply

Dear Miki: I am happy to help out. I have been 'messing around' with file wipers and encryption software for several years now. Encryption software is not simple stuff and I am not an expert but I do know more than 99% of regular computer users out there. I wrote the password/passphrase tutorial for the freeware open-source password keeper PINS. It's in the CHM file and has been there for about five years I guess. I also re-did the program icon for the file wiper and free space wiper BCWipe (about two and a half years ago, or something like that ( http://www.jetico.com/ ) Jetico decided to use the improved icon for most of their other products. (I attached the image of my improved 'Jetico' BCWipe icon) PINS has not been updated since 19 March 2003 so my tutorial has been in there since prior to that time. ( http://www.mirekw.com/winfreeware/pins.html )

If you decide to re-write the code for your file and freespace wiper, I would use Directory Snoop to do all your testing. Most file wipe and free space wipe utilities fall short with respect to file names ( that is, they fail to scramble the file names (both long and short 8.3) in the file allocation table. The *only* other software that I know of in the entire world that correctly scrambles deleted file names is isafeguard freeware 6.1.1. ( http://www.mxcsoft.com/ ) I know this to be true because I once used Directory Snoop to look at the deleted or wiped file names. What I am saying is-->only three software products correctly scramble deleted or wiped file names: 1) BCWipe 2) Eraser and 3) iSafeGuard

Let me know how things turn out. I am ready to help out any way I can. Stephen Michael at xxxxxx@xxx.xxx.

so i've rebuild the engine and some other settings as he commented and resubmit it back to him...

date May 11, 2007 11:25 AM

subject Forensic Look @ Portable Wiping Utility [PSDv4.0.zip]

Reply

Dear Miki: I checked out your new build of your secure portable file wiper. The attached ZIP file has a bunch of screen captures. You should probably view them in some sort of time sequence (date created or date modified)

I wanted to also make you aware of Peter Gutmann. Peter Gutmann is a professor of computer science or senior computer scientist in New Zealand. He is the 'father' of secure file and freespace wiping. He recommends 35 pass wiping if you want to stop the National Security Agency or other multi-million dollar laboratories. In most cases (>99%) this is OVERKILL *but* there are times when someone might want this level of privacy protection. Seven (7) pass wipe defined by DOD standard procedure (DoD 5220.22-M) is adequate 99.9% of the time. You should implement a one (1) pass free space wipe because a lot of people these days have 300 gigabyte hard drives. Obviously even a seven (7) pass free space wipe would take too long and your portable wiping utility might crash. But have a warning telling people a one (1) pass free space wipe is inadequate as hell but better than nothing. Seven (7) pass free space wipe is still the best overall using DoD 5220.22-M.

The worst 'thing' that I saw was your actual wiping function is just bad. Hard drive is not active enough-->simple as that. I would re-write the code for the actual wiping function. Stephen Michael at xxxxxx@xxx.xxx. P.S. The Seagate hard drive that I used is from 1998 or 1999 and is very slow with only a sustained transfer rate of 7 MB per second and a burst transfer rate of 26.5 MB per second. UDMA 33

this goes on for some time until my latest version 5,

date Dec 9, 2007 8:34 AM

subject Re: Portable File Wiping Utility [PSDv5.0.zip]

Reply

I would be happy to help out (if you are willing) One of the 'things' I distinctly remember was that your program seemed to 'pulse' the file and then hang on very large files. On small files, the wiping utility seemed to 'pulse' the file and the file was never really correctly wiped. By 'pulse' I mean I would note my hard drive light and it would pulsate as the wiping process was going on. No other wipers on the entire internet do that--the hard drive light is on solid while the wiping process completes.

Just tested your new revision of your program-->no longer 'pulses' and the hard drive light is on (more or less) solid. Take a look at the screen captures. Directory Snoop 5.03 was able to undelete the wiped file. The directory entry in the file allocation table of a correctly wiped file should show zero file size or length and random names assigned in both long file name and DOS 8.3 name. Your program is using close to 100 percent of the CPU. That is a problem. My machine is fairly powerful (even for a three and a half or four year old computer) and while the wiping process was going on, the computer was sluggish as hell. The GUI of your wiping program was flickering a little.

I would say your wiping utility needs a lot of work still. Stephen Michael at xxxxxx@xxx.xxx or Stephen Michael at xxxxxx@xxx.xxx. P.S. One last idea: Ordinarily, the hard drive is controlled not so much by the CPU but by the mainboard chipset. (northbridge I think) CPU usage for a modern hard drive running flat out is usually one or two percent. Wiping process is disk intensive and the CPU should not be pegged out close to 100% usage.

so again, i'm back to programming until one of us is satisfied.... the final product will have to wait...

i'm attaching the pics if you need to see the results...

download: 974kb (11 .png pics)

http://www.mediafire.com/?3eog0adm2je

[Confuzzled]

From recollection flash drives have a limited read/write cycle. This kind of activity (35 overwrites) would probably significantly reduce their operative lifespan.

[JustinReno]

Yes, it would. Usually over 10000 read/writes. Maybe there is an extra 0 at the end.

[mikiutama]

How long is the service life of a USB flash stick? Many store important data on USB sticks, but have no idea how reliable it is. And even fewer people know that there are variations between different types of NAND flash memory sticks according to their lifespan. There are two different kind of NAND flash memory: SLC Single Layer Cell (SLC) and Multi Layer Cell (MLC). They not only vary with respect to their useful life, but also support different read and write speeds.

NAND SLC flash memory stores one 1 bit in every transistor whereas NAND MLC flash packs 2 bits at each memory cell. Hence, with MLC flash one can store more data on a device with the same physical size. Another advantage of MLC is that it is a cheaper than SLC, that is for a given memory size its price is lower.

However, the downside of MLC is that it is slower than SLC. The read/write performance between different types of memory sticks can be huge. Some of the more expensive sticks are almost as fast as hard disks. Ive seen sticks that read data with 34 MB/s and write with 21 MB/s. If the vendor is silent about the speed it could even be below 1 MB/s.

Another disadvantage of MLC memory is their lower reliability. MLC is usually rated to have about 10,000 write/erase cycles whereas SLC can reach 100,000 to 300,000 cycles. However, this doesnt necessarily mean that SLC sticks are 30 times more reliable than MLC memory. Modern USB stick controllers use the so-called wear-leveling technique to extend the lifespan. The German computer magazine Ct (20/2007) tried to destroy a USB stick by writing constantly to the same logical address. They gave up after 16,000,000 cycles.

So some USB sticks seem to be quite reliable. However, I wouldnt rely on those very cheap sticks you can get everywhere now. There is one factor that makes all USB sticks unreliable though, independent of the price or technology: It is their small size. They are easily forgotten or even lost. That is why it is necessary to take some precautions regarding security and backup. In one of my next posts Ill write about the steps that can be taken to secure a USB stick.

taken from:

http://4sysops.com/archives/usb-memory-stick-lifespan-the-different-service-lives-of-slc-and-mlc-flash-drives/