For the past two months, we’ve been tinkering with Cipher (cipher.exe), the Windows command- line tool for controlling Encrypting File System (EFS). The bulk of EFS’s job is to encrypt data files and manage the keys it uses for that encryption, as I demonstrated with the previous two column’s looks at the tool’s /e, /d, /r, and other options. But Cipher offers other cool functionality, not least of which is its ability— with its /w option—to simplify the decommissioning of old systems.
Disk Decommissioning
What do you do with old computers—sell them or
donate them to a charity? The answer to that question is
important because those old systems probably contain
one or more hard disks that contain all sorts of confidential
information. I always wince when I see someone
selling an old laptop or desktop computer because I’m
almost certain the seller hasn’t removed his or her personal
data from the system’s hard disk. Perhaps the seller
has formatted the disk, but there are so many tools on
the market for restoring data from formatted disks that
I wonder how many people have been embarrassed
after selling a computer. A few times, I’ve purchased
used computers and discovered personal-finance files,
old email messages—you name it, all recovered without
any genius.
So, before letting go of a computer, you need to ensure that its data won’t fall into the wrong hands. One solution is to get rid of the computer but keep the hard disk, but then we’re back to the question, “How do I get rid of the data on the disk?” Some people use old hard disks for target practice, which is fine if you live near a rifle range. I’ve seen an amazing US Army machine that shreds hard disks, but unfortunately I can’t afford a toy like that. The best solution is to overwrite every sector on the disk with random patterns, and—according to some—repeat that several times. One erasure might not entirely overwrite a magnetic area. (Having said that, I’m not aware of an off-the-shelf hardware or software solution that can reliably read a hard disk that’s been overwritten once.)
Cipher’s Solution
Cipher offers a method for erasing a hard disk so that
you can feel fairly secure that none but the most technologically
savvy bad guys can get to its erstwhile data.
You perform the process in two steps. First, format the
target disk. The easiest format procedure is probably to
put the disk in a USB-compatible external hard-drive
enclosure, then connect it to your new computer. Then, once you’ve emptied the disk, open a command prompt
(I’m assuming your new computer is running at least
Windows XP) and type
cipher /w:<d:>
where d: is the drive letter of the disk you’re decommissioning. Cipher /w will overwrite all unused sectors on the disk with zeroes, then ones, and finally a random number. The key to understanding the process is the phrase “unused sectors.” If you don’t first format the disk, Cipher won’t touch the sectors that contain your data!
You might be wondering why you need to go through the whole process of connecting the soon-to-be-decommissioned drive to a working system rather than, say, booting Windows Preinstallation Environment (PE) and running Cipher from Vista. I tried that latter solution with no success. Apparently, Windows PE lacks the suite of cryptographic support routines that Vista contains. Oh, and don’t expect to get Cipher’s overwrite process done quickly. In my experience, Cipher requires a minute or two per gigabyte. Start the encryption at night, and your disk will be clean as a whistle by the time you wake.
Don’t Worry
On a final note, let me save you some time and aggravation.
When you make it known that you plan to use
Cipher /w to decommission a drive, someone—inevitably
a security guy—will no doubt claim that overwriting
a drive a mere three times is insufficient to truly protect
that drive from a determined hacker. Now, I freely admit
to being a card-carrying security guy, but some of my
compatriots seem more interested in worrying people
than truly analyzing a security situation. Could the
NSA or CIA retrieve data that has been overwritten
only three times? Yes, those agencies probably could.
But as long as you’re not a member of Al Qaeda, you
can surely rest easy after accomplishing a “mere” three
overwrites.
