Wiping Data

timwinters

Ejection Handle Pulled
Joined
Feb 23, 2008
Messages
13,732
Location
Conway, MO
Display Name

Display name:
LTD
PLEASE DON'T TURN THIS INTO A POLITICAL DISCUSSION!

Our MO governor has been making news (even nationally) for a few months now. In case you haven't heard, he had an affair in 2015 when he was running for governor and is accused of taking a photo(s) of his mistress as she was bound, blindfolded and naked. He then he threatened that, if she ever told anyone about the affair, he would publish the photo(s). He admits the affair but denies taking a photo(s) and/or blackmailing his mistress.

The case was on the verge of going to trial when the charges were dropped yesterday. One reason being that the prosecutors found NO EVIDENCE of this photo on his phone or his Google account. They don't have proof of a photo.

My question is simply: can one hire a "real data guy" to completely wipe a photo(s) or will there always be traces left behind?

As an aside. He had 16,000 photos and videos on his phone. W(ho)TF has 16,000 photos and videos on their phone? (rhetorical question)
 
IF, and ONLY IF, the data was restricted to physical devices in your control, you can probably remove all traces of the data. It may take extreme measures. (For example, Defense Security Services physically shred hard drives to throw them away. I bet that's loud, but I'd love to see it once...) If it ever went into the cloud, nope. It just depends on how much time somebody ants to spend and how much access they have to the various clouds and backups...
 
My phone has the photos stored on an SD card. Doesn't seem like it would be hard to lose the card.
 
Electromagnets/microwaves/hammers. Easy peasy.
 
Super easy -- destroy & replace whatever media (memory card, SSD, hard drive) you're worried about. Aside from that, regardless of the media type - after a few overwrite cycles it's going to be impossible to recover anything short of NSA involvement.

I hear and read about people getting caught with compromising photos, texts, and emails on their phones and computers. It's really important to understand how things really work. Once anything digital leaves your immediate possession via email, text, so-called "cloud" backup, Google account, iTunes backup, anything at all -- you've lost control of it forever, and you can never really know how many copies exist, who has them or who has access to them. And I don't care WHO you are or who you work for.
 
I sort of got saturated with all that was going on with that guy. I remembered hearing about the lack of evidence, no photos found.

The "official" reason the charges were dropped is that the prosecuting attorney was being named as a witness by the defense. The claim is that the prosecutor hired an investigator that lied about evidence, so the prosecutor was now a witness to that perjury. Maybe that's the missing photos the prosecution always said they had? Maybe the photos never existed in the first place?
 
Much if not most computer memory is magnetic, which can be scrambled by garden variety magnets.
 
I've hit a couple hard drives with a sledgehammer, not that anyone would be interested in what was on them...
 
On a computer, it's not quite as easy as overwriting the files on the storage media where they once lived. There are things like caching and paging to consider. But it's doable. There are even programs designed to do just that with a few clicks of a mouse. But if someone wanted an absolute, one hundred percent guarantee that no data on their hard drive could ever be recovered, the whole drive would have to be wiped using one of the more robust standards. (The government takes it a step further by requiring physical shredding of the drive, which I think is overkill; but then again, they probably know more about data recovery than I do.)

I used to make pretty good (and easy) money wiping people's drives when they replaced their computers. I would just show up and boot the machine into whatever bootable wiping software I was using at the time, give the client instructions to leave the machine running until it said it was done, collect my payment, and leave. That way the drive never left their possession. These were mainly wealthy folks on Long Island's North Shore. They had no problem paying me $175.00 to show up for ten minutes if it meant their data would truly be gone before they set the computer on the curb for recycling. It was good, easy money for me, and they were happy to pay it.

If they wanted, I'd pick up the machine (sans hard drive) and sell it on eBay recycle it when the wipe was finished. The wipes took anywhere from a few hours to a few days depending on the size of the drive and how thoroughly they wanted it wiped. Realistically speaking, three overwrites with random binary garbage should foil any software-based recovery attempts. But I used seven by default, or however many passes of whatever methods the client wanted. The price was the same regardless.

I'm not sure how difficult it is to securely and selectively delete data from a phone. I've never been asked to do that, and I have no idea how or whether phones cache data when it's accessed. Smartphones were still kind of new when I got out of that end of the business.

Rich
 
Compu
Much if not most computer memory is magnetic, which can be scrambled by garden variety magnets.
Computer memory, or hard drives? Even hard drives are going solid state now, and these aren't affected by the magnetic fields most of us can generate. Microwaves damage the circuitry itself. I haven't seen a floppy drive used in many years now. Only museum pieces use magnetic core memory now :)

Maybe you mean something other than what I'm seeing?

Edit: link to a memory card manufacturer showing not susceptible to magnetic fields:
https://kb.sandisk.com/app/answers/...erance-(waterproof,-temperature,-magnetic-and
 
Last edited:
The "official" reason the charges were dropped is that the prosecuting attorney was being named as a witness by the defense. The claim is that the prosecutor hired an investigator that lied about evidence, so the prosecutor was now a witness to that perjury. Maybe that's the missing photos the prosecution always said they had? Maybe the photos never existed in the first place?

Well, without the photo, there is no proof of the alleged felony. It simply became a he said, she said case.

It's not against MO law to be a sleezeball, have an affair, be into S&M, or threaten blackmail. All those alleged things are cool. What made it "a felony invasion of privacy" under Missouri law was putting the photo into a medium that affords electronic transfer. No hard evidence of a photo makes it a he said, she said case.
 
If it has never gone to the cloud, probably not. If it's on physical devices under your control, probably (but it has to be done correctly).

Just hitting "delete" doesn't do it, nor does wiping with a single bit pattern. Good forensics can break that. Multi-pattern/multi-wipe can usually do it with hard drives, SSD is a bit different because of the difference in the way data gets stored & how free space is allocated.
 
Well, without the photo, there is no proof of the alleged felony. It simply became a he said, she said case.

It's not against MO law to be a sleezeball, have an affair, be into S&M, or threaten blackmail. All those alleged things are cool. What made it "a felony invasion of privacy" under Missouri law was putting the photo into a medium that affords electronic transfer. No hard evidence of a photo makes it a he said, she said case.
I don't think it's over yet, an assistant prosecutor will probably take over and the charges refiled.

--

Still -- don't have nekkid pictures of yourself, parts of yourself, or anyone else or their parts, and you don't have to worry about them getting out.
 
If you must take nekkid pictures or other pics that could get you in trouble either know how to turn off the cloud features on your smartphone or use a digital camera and keep the pictures on the SD card or a flash drive you physically control and never ever ever on the internet(this includes the cloud, DUH) or into the hands of anyone who might put it on the internet.

I can't believe how many celebrities... heck not just celebrities regular people too... take their sexy pictures and then put them in cloud storage or somewhere backed up the cloud. Just.... DUH... especially if you are famous. Is this just obvious to me because I'm an IT person and normal people don't get that?

Also, if you take your computer somewhere to be repaired the first thing a lot of tech guys do is search through your files for something interesting. Some of them save copies too for their personal collection. If you must have your sexy pics and you want to keep them private keep them on a thumb drive or something that nobody else can possibly get to.
 
Also, if you take your computer somewhere to be repaired the first thing a lot of tech guys do is search through your files for something interesting. Some of them save copies too for their personal collection. If you must have your sexy pics and you want to keep them private keep them on a thumb drive or something that nobody else can possibly get to.

And some of them will be paid to turn them over to the FBI.
 
Crypto shredding is also effective, which does not require a wipe of anything but the key. All iOS devices using a passcode are encrypted, for example, and wiping the device simply destroys the key and renders data on the device permanently inaccessible.

As others have said, once you give up physical control of the data, there are no guarantees. I suspect that Google and most consumer-oriented cloud providers don't keep backups because the data is non-critical, so it is conceivable that data stored on such services could be lost or may never be lost.

Of course, ensuring that data is secured through the chain of custody takes some planning and ongoing discipline. Most companies struggle with it, and I suspect that most individuals who succeed are more lucky than good.
 
Last edited:
With all the nonsense and corruption in government that's out there for all to read on wikileaks and whatnot, they put some dude on TRIAL for having consensual kinky sex on the side?? Who cares!

And this is why we can't have nice things.

But yeah, to your question, I bet he had help internally at Google, maybe he made a promise to push through a law for them, or help pull strings for a patent or at the FCC or whatever.
 
Last edited:
With all the nonsense and corruption in government that's out there for all to read on wikileaks and whatnot, they put some dude on TRIAL for having consensual kinky sex on the side?? Who cares!

And this is why we can't have nice things.

But yeah, to your question, I bet he had help internally at Google, maybe he made a promise to push through a law for them, or help pull strings for a patent or at the FCC or whatever.
No, they were going to put him on trial for blackmailing his partner into silence. The kinky sex was ok. (Legally)
 
IF, and ONLY IF, the data was restricted to physical devices in your control, you can probably remove all traces of the data. It may take extreme measures. (For example, Defense Security Services physically shred hard drives to throw them away. I bet that's loud, but I'd love to see it once...) If it ever went into the cloud, nope. It just depends on how much time somebody ants to spend and how much access they have to the various clouds and backups...
Seen this before... Worked for a city government, and we shredded probably 1000 hard drives.. they are left as a pile of little metal chips.. and it's loud AF. But one can do a multi pass writes of stuff to the drive. DOD standard:

DoD 5220.22-M Wipe Method
The DoD 5220.22-M data sanitization method is usually implemented in the following way:


  • Pass 1: Writes a zero and verifies the write
  • Pass 2: Writes a one and verifies the write
  • Pass 3: Writes a random character and verifies the write
 
Seen this before... Worked for a city government, and we shredded probably 1000 hard drives.. they are left as a pile of little metal chips.. and it's loud AF. But one can do a multi pass writes of stuff to the drive. DOD standard:

DoD 5220.22-M Wipe Method
The DoD 5220.22-M data sanitization method is usually implemented in the following way:


  • Pass 1: Writes a zero and verifies the write
  • Pass 2: Writes a one and verifies the write
  • Pass 3: Writes a random character and verifies the write
All depends on the data's sensitivity and classification. And that's all I'm going to say about that...
 
I have an older WD Caviar Green 1.5 tb drive that took a mechanical dump. Doesn't spin up.

I will pierce the airtight seals. Then bust the on-board circuit board. Then, the next time I walk out by the (salt water) river, I will throw it in.

That's good enough protection for me!
 
Makes sense :)

You have to understand that when dealing with highly-classified data, the government is concerned with things like remapped sectors possibly containing traces of ultra-classified data. If a bad sector is remapped, that sector would not be available during an overwrite; so in theory, that data could be recovered.

The chances of a significant and usable amount of data being recovered from remapped sectors, however, is so slight that I think physical destruction of the drive is overkill for almost all ordinary people. I only recommended it when drives had failed because it's impossible to overwrite data on a failed drive. If the client wanted shredding of a working drive (or a failed one, for that matter), I gave them a phone number to call after the drive had been overwritten and let them arrange that themselves.

Some people also believe that data can be recovered using techniques like electron microscopy due to data remanence even after the drive has been overwritten with multiple layers of garbage. To my knowledge, this is still in the realm of the theoretical.

Rich
 
You have to understand that when dealing with highly-classified data, the government is concerned with things like remapped sectors possibly containing traces of ultra-classified data. If a bad sector is remapped, that sector would not be available during an overwrite; so in theory, that data could be recovered.

The chances of a significant and usable amount of data being recovered from remapped sectors, however, is so slight that I think physical destruction of the drive is overkill for almost all ordinary people. I only recommended it when drives had failed because it's impossible to overwrite data on a failed drive. If the client wanted shredding of a working drive (or a failed one, for that matter), I gave them a phone number to call after the drive had been overwritten and let them arrange that themselves.

Some people also believe that data can be recovered using techniques like electron microscopy due to data remanence even after the drive has been overwritten with multiple layers of garbage. To my knowledge, this is still in the realm of the theoretical.

Rich


I had a buddy who did some spooky things in the AF, and he was tasking me with destroying RAM and CPUs on decommed servers because there was the possibility of data being recovered from them. I think it was theoretical, but paranoid nonetheless.
 
I had a buddy who did some spooky things in the AF, and he was tasking me with destroying RAM and CPUs on decommed servers because there was the possibility of data being recovered from them. I think it was theoretical, but paranoid nonetheless.

Remember, for smart system admins and security folks the saying is: "Yes. I am paranoid. But am I paranoid enough?"
 
yeah, he was a character for sure.. 6' tall irish redhead who spoke chinese like a native. tripped me out the first time i heard it
 
I had a buddy who did some spooky things in the AF, and he was tasking me with destroying RAM and CPUs on decommed servers because there was the possibility of data being recovered from them. I think it was theoretical, but paranoid nonetheless.

This invokes memories of thermite and good times.

Not exactly the same scene, but close

 
As an aside. He had 16,000 photos and videos on his phone. W(ho)TF has 16,000 photos and videos on their phone? (rhetorical question)

I have 60’000 on my phone. I know several people with more than 100’000 and one guy with more than 1 million.

I always have every picture I’ve ever taken with me.
 
I have 60’000 on my phone. I know several people with more than 100’000 and one guy with more than 1 million.

I always have every picture I’ve ever taken with me.

My wife has a lot of photos - I have "some" ... how in the world do you find what you're looking for, with that many photos? I have a heck of a time finding photos just out of the less than 1000 on my iPhone ...
 
My wife has a lot of photos - I have "some" ... how in the world do you find what you're looking for, with that many photos? I have a heck of a time finding photos just out of the less than 1000 on my iPhone ...
I can't answer for phones, but I've enough pictures from various trips that I've been "tagging" them as I import them to the computer, and giving the directories some sort of meaningful name along with the year_month.
 
My wife has a lot of photos - I have "some" ... how in the world do you find what you're looking for, with that many photos? I have a heck of a time finding photos just out of the less than 1000 on my iPhone ...

Tagging is about the only way. Apple's tools on the desktop do a decent job of picking out "faces," "selfies," etc. automatically, but I don't think those same functions are available on iOS (at least in the default app). My wife was so paranoid about inadvertently uploading location tagged photos to social media, she turned location tagging off for the camera app on her phone. It's pretty easy to find the pictures from Myrtle Beach 2017 if they're location-tagged, it's a nightmare to search through tens of thousands of untagged photos to see if you can remember one that looks like it was taken at the right time and place. She has since turned location tagging back on, and stopped uploading photos to social media except in rare cases where we ensure that all tagging information is stripped. Of course, you can manually add additional tags to photos as well, to help you find what you're looking for in the future.
 
It's pretty easy to find the pictures from Myrtle Beach 2017 if they're location-tagged, it's a nightmare to search through tens of thousands of untagged photos to see if you can remember one that looks like it was taken at the right time and place.

Why wouldn’t you just search by creation date?
 
Back
Top