« Top 5 #Infosec Reads April 21-25, 2014 | Main | The Commonwealth Cybercrime Initiative: A multi-stakeholder approach to capability building to combat cybercrime »

Wednesday, 30 April 2014

How to Securely Erase Removable Media Using Windows 7

In a companion post, How to Securely Erase Removable Media Using Mac OS X, I explain how physical loss, theft or improper disposal of laptops or removable drives is the most common data breach of electronic personal health information. Personal identifying or health data disclosure are too frequent outcomes of leaving our data on laptops or drives we lose, discard, or sell. Several ways exist to protect these data: encryption, data destruction, archival, or secure erasure.

Encryption does protect data, but once you lose physical possession of a drive, time favors the criminal or attacker. If he feels the improperly disposed data are sufficiently valuable, he can try commercial or custom software to recover encrypted data. Data destruction is permanent but there's little resale value in shredded drive particles. Archival as effective as the physical security measures you employ.

While "encrypt your data" is good advice, secure erase raises the difficulty of recovering sensitive data even further. Secure erase "writes over" the actual contents of your volume, not just the "metadata" that describes them. 

Securely erasing removable drives before disposal or resale makes sense. It’s easy to do using any of several software available for Windows 7. I'll explain how to securely erase a laptop/PC internal drive using Active@ Killdisk and then explain how to securely erase removable media using CCleaner. If you don't like either of these, try the recommendations at PC World or Tech Republic.

Securely Erase Windows 7 Laptop Internal Drives Using KillDisk

Microsoft advises that if you want to securely erase the internal drive of a Windows 7 laptop before you sell or trash it, you should first use the Backup and Restore or  Windows Easy Transfer to save your data. If you don't want to deal with secure erase, Microsoft suggests that you choose a certified third party to refurbish your laptop (or PC). This might be a good choice if you're going to dispose of computers or drives in quantity, but it's relatively simple to perform this task from a bootable external medium (CD, DVD, USB drive) using Active@ KillDisk.  

Figure-1Begin by downloading the zip archive from Active@. Unzip the archive, then use the ISO to USB application to create to create a bootable external drive.  Restart your laptop/PC but hold F12 after restart begins to force a boot device menu where you can choose your USB drive. Killdisk autolaunches following boot. Choose the drive you wish to erase, choose the erase option, (note that the free version only zeroes out data), then select F10 to erase. Remove the USB drive when Killdisk completes, then hit F1 to Quit.

If you're a business with data protection (specifically, remanence) obligations, KillDisk has a certificate-issuing feature that may help you demonstrate compliance to a rule or reg.

Securely Erase Removable (USB) Drives Using 

I use the Drive Wiper Tool of Piriform's CCleaner to securely erase a removable pen/thumb drive or external drive from a Windows 7 laptop or PC. CCleaner has several other features you may find helpful over time as well. To securely erase a drive. launch CCleaner, then:

1) Choose Tools, select your Wipe and Security options, choose the disk you wish to securely erase, then click on the Wipe button...

Ccleaner7pass

2) CCleaner asks you to confirm that you really want to wipe the drive you've selected:

CcleanerERASE
3) A 7-pass secure erase of a 4 GB Thumb Drive takes an hour or so on my 2.4 GHz laptop, so I generally do this as a background task. 

Ccleaner7passtimereqd

 4) For comparison, a 35-pass secure Erase of the same drive can take much longer. I would do this overnight.

Ccleaner35passtimereqd

You can also use this method if you remove the internal drive of a laptop or PC you are retiring and mount it in a USB drive enclosure. It's often not necessary to retire a laptop and everything in it at the same time. Drives may outlast a laptop’s utility, especially if an expensive component other than the drive fails or is damaged. And if the drive does fail, I suggest you either keep it or destroy it.

Should I Bother?

If you have drives or removable media on which you've stored personal identifying information, healthcare information, sensitive business data, confidential or classified data, whether yours or others, you should at least encrypt these data. Secure erase may seem like overkill, but all you're investing is a few minutes to configure Disk Utility. The rest is simply a matter of devoting idle CPU cycles to an effective privacy measure.

Posted at 07:46 AM in All matters security, Stop Think Connect |

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

The ccleaner method works fine in Windows 8.1 and 10.

Posted by: David Levinson | Wednesday, 12 August 2015 at 09:54 AM

The comments to this entry are closed.

Find me on Mastodon and Facebook

Spotlight Posts

  • Interisle Study Reveals Alarming Rise in Online Abuse and Identifies Exploitable Links in Cybercriminal Supply Chains
    My Interisle colleagues and I today published our 2024 Cybercrime Suppy Chain study. We analyzed 16 million cybercrime events to expose a dramatic rise in criminal exploitation of name, address, hosting, and financial supply chains. Our year-over-year findings show that cybercriminals exploit lax policies to easily and cheaply obtain resources for phishing, malware, and spam campaigns. In our report, we provide actionable insights for those aiming to curb cybercrime. Among the major findings in the study, Interisle reports that: The total number of malware, phishing, and spam attacks grew year-over-year by nearly 54%, to nearly 16.3 million attacks. Spam doubled,...
  • Malware quarterly reports for July-September
    Malware quarterly reports for July-September 2024 is now posted at the Cybercrime Information Center. For the period... Malware identified as targeting endpoint devices increased 277% over the prior period. WordPress blog sites used for malware accounted for nearly all the malicious documents reported for this period. We continue to see an uptick in malicious scripts. IPv4 addresses reported for exhibiting characteristics of attackware and traffic injectors increased 38% to just under 1 million. ASNs in China and India again have the most IPv4 addresses reported for hosting malware. More malware trends for the period at https://www.cybercrimeinfocenter.org/malware-trends-july-september-2024. For historical reporting of...
  • Interisle's Phishing Landscape 2024 is here
    Our Interisle team today announced the publication of an industry report, Phishing Landscape 2024, A Study of the Scope and Distribution of Phishing. Interisle’s fourth annual study examines nearly four million phishing reports collected from May 2023 to April 2024 and provides historical measurements using over 15 million phishing reports collected at the Cybercrime Information Center over a four year period. Findings from the study: • The total number of phishing attacks grew to ~1.9 million incidents worldwide. • Phishing attacks hosted at subdomain providers increased by 450,000+ reported names, representing 24% of all phishing attacks. • The use of...
  • Malware Trends, January - March, 2024 posted at the Cybercrime Information Center
    2024 began with a rise in domain names reported for hosting malware unlike any we have seen since we began measuring malware attacks in 2021. The 1Q2024 Top 20 TLDs included 10 new gTLDs, 6 ccTLDs, and 4 legacy gTLDs. Only three TLDs remained in the top 5 TLDs (COM, NET, INFO) from the prior quarter. The ORG and BR TLDs were replaced by SHOP (over 3,000% increase) and TOP (over 700% increase). All but one registrar in 1Q2024’s Top 20 registrar ranking showed increases of 100% or more. Several registrars had 4- and 5-figure percentage increases in domains reported....
  • Malware Trends, January - March, 2024 posted at the Cybercrime Information Center
    2024 began with a rise in domain names reported for hosting malware unlike any we have seen since we began measuring malware attacks in 2021. The 1Q2024 Top 20 TLDs included 10 new gTLDs, 6 ccTLDs, and 4 legacy gTLDs. Only three TLDs remained in the top 5 TLDs (COM, NET, INFO) from the prior quarter. The ORG and BR TLDs were replaced by SHOP (over 3,000% increase) and TOP (over 700% increase). All but one registrar in 1Q2024’s Top 20 registrar ranking showed increases of 100% or more. Several registrars had 4- and 5-figure percentage increases in domains reported....

Search

My Photo

Categories