sign in sign up
<<
Home , System Restore

Guidelines for PC Data Destruction

Purpose

The purpose of this document is to record procedures for the irretrievable destruction of data from computers donated to the Turing Trust (www.turingtrust.co.uk) for the benefit of schools in Africa. It is intended for readers who have at least semi-technical experience with PCs.

Background

The Trust collects donated PCs and laptops less than 10 years old, wipes them of all personally-identifiable data, rebuilds them with an and Educational software and despatches them to schools in Ghana run by Integrated Community Centres for Employable Skills.

Understanding File Management

When files are created and saved on a PC they are generally stored on magnetic, optical or electronic memory using the functions of the PC Operating System (usually Windows or Apple MacOS) version on the machine. Typically files are stored on a Hard Disk and need to be completely removed before that equipment is passed to any other user.

Pieces of a file are stored in data sectors on the hard disk. Sectors are grouped together into Clusters to form the minimum usable space that can be written to by a file. Details of all the positions of the clusters of data for a file are stored in a (FAT) also held on the hard disk. A separate Directory Table (DT) stores the filename and first cluster, and when the file needs to be located the OS finds the name and first cluster in the DT then all the linked clusters in the FAT containing the entire file.

When a file is deleted by a User its data is not actually removed, rather it is marked as “deleted” in the DT so as to make the Operating System (OS) aware that the space can be re-used. Many modern OS also support a Recycle Bin where the deleted file is made visible to the User and can be recovered to its original location. In this instance the file will not be overwritten by the OS until it has run out of other available free space on the disk, and so can usually still be recovered by a user.

It is possible for the user to delete a file so that it no longer appears in the Recycle Bin (for example in Windows Explorer by holding down the “Shift” key whilst pressing delete). However whilst no longer visible to the user the DATA IS STILL PRESENT on the disk. It is simply marked in the DT as deleted and can still be retrieved using data recovery tools. It is even possible to recover a file after a disk or partition has been formatted so we need to ensure that this cannot happen by ensuring that every sector of the disk containing user data is overwritten using professional wiping tools before it leaves our control. This is usually done by writing patterns of 1’s or 0’s over the sectors, sometimes with multiple passes, using specialist wiping tools.

Full Wipe or Factory Restore?

Many modern PCs produced since 2004 come equipped with a facility to restore the Operating System and Application Software back to exactly the way it was when originally delivered from the factory. This is achieved by using a special Boot Record that allows the user to interrupt the normal PC boot procedure so that it does not run the OS but instead runs a process to overwrite it and rebuild the original OS from an image stored either on a

Prepared by: A Clark Version 1.0 2 January 2014 hidden partition or on optical media (CD or DVD). This method is preferred to wiping the entire hard disk as:-

1. It retains the original OS and licence for that machine 2. It restores all necessary specific hardware drivers, utilities and Applications that came with that machine in the manufacturers recommended configuration. 3. It is much quicker (typically taking only 5 – 15 minutes) than wiping the entire hard disk and reinstalling the original OS (or a new one) from scratch, searching for and installing all the drivers and configuring the system.

HOWEVER if a Factory Restore option is used free space on the disk must still be wiped afterwards to ensure any files left in sectors are irretrievable.

Appendix A lists some procedures to invoke factory restore processes for some manufacturers (they do differ, so google the manufacturer, model number and “factory restore” to find suggestions for a particular machine as to the keystrokes/procedure required).

If a potential PC donor asks how they should delete files prior to donation it is best to advise them to let us do it as unless they know what they are doing they can destroy the special boot record and make the factory restore option impossible.

Tools to enable wiping to professional standards are available to download from the internet. A suggested list of proven ones is contained in Table B, but others are available too.

Table B Tool Source Comment Paragon Hard http://www.paragon-software.com/ Full suite of Disk Manager partitioning, wiping (including Free Space only) and disk management options. Cost about £30 HDDERASE http://www.pcworld.com/article/232164/hdderase.html Boots from Floppy disk. Free tool MHDD http://hddguru.com/software/2005.10.02-MHDD/ Boots from Floppy disk. Free tool DBAN http://www.dban.org/ Boots from CD or floppy. Free tool

Note that not all of these tools will work on a particular machine or hard disk configuration. For example Paragon won’t work on old machines with limited memory. HDDERASE relies on ATA secure erase commands built in to hard disk and doesn’t work with all disks. So it is best to have a selection at hand when setting out to wipe machines. Some of them will only handle wiping the entire disk, not free space only, so you can’t safely use the Factory Restore procedure1. If you can’t access that option then the disk will need to be fully wiped before despatch, and TT partners in Ghana will then load it with a Linux-based OS (Xubuntu) and teaching materials from Hyperion.

Prepared by: A Clark Version 1.0 2 January 2014 You will also need to know how to boot a machine from external media (Floppy Disk, CD or USB Drive), as the tools usually boot their own OS. Many modern PCs have a “Boot Menu” option at startup where you have to hit F12 (or similar) at the splash screen before it starts booting from its hard disk to select the appropriate external drive. On older machines you may need to go into BIOS setup and change the boot order in there. Again it usually requires a key (e.g. Delete or F2) to be hit on startup varying according to the BIOS manufacturer in order to access the Setup screens.

If the machine is unbootable (perhaps due to failed motherboard or memory components) a hard disk can be removed and either installed as an external drive in a suitable USB caddy or connected as a second drive internally on another PC, then wiped using that machine. But make sure you have full protection running on it first as donated PCs are sometimes infected and you don’t want anything spreading to your PC. For the same reason don’t connect a donated PC to any form of network until you are confident it is clean (e.g. fully restored to Factory condition). Caddy devices are available for both Parallel and Serial ATA device interfaces and will usually handle both 3.5” and 2.5” formats.

Ideally a clean area should be set up for wiping purposes allowing recording of machine Serial Numbers, Specifications and OS Licence details with segregation between machines ready for wiping and those already done. A sample Wipe Record spreadsheet is provided with this document package to record all the above details as well as donor Name and Address. If required a separate, linked Word Document will generate a suitable Certificate of Destruction for each of the wiped PCs.

Image 1 – Restoring two systems simultaneously

Image 1 shows the Authors wiping area. The machine on the left is restoring using HP’s Factory Restore option; the one on the right is using Dell’s (by Symantec) Factory Restore.

Prepared by: A Clark Version 1.0 2 January 2014 After restoring the machines’ Free Space is wiped using Paragon and then booted up with an internet connection to allow Windows OS patches to be installed up to date. As these processes can take hours, it makes best use of time to do more than one at the same time. Bags or boxes can be used to keep accessories like mice, keyboards and speakers for donated items together with each PC.

Details of what has been done on a PC should be recorded on the “TuringTrustWipeRecords1.xls” spreadsheet2, a sample of which is included with the package. This permits us to record by machine Serial Number what we did in the event of any subsequent query by donor or recipient. A convenient way to grab a serial number is to use a digital camera to photograph the label then enlarge it in the viewfinder screen and type it into the spreadsheet. Appendix B details how this spreadsheet can be used to generate a Certificate of Data Destruction should the donor require one.

Finally a white sticky label should be attached to the desktop or tower unit summarising the Specification and what has been done to it. This makes it much easier for TT partners in Ghana to select machines for either Windows or Xubuntu usage in school computer labs.

In the event that you are unable to wipe a particular machine disk due to technical issues stick a coloured label on it and record it as unwiped. The Turing Trust will then be alerted on receipt of the machine and will ensure it does not get shipped until securely wiped.

Key to Annotations 1. It may still be possible to use the Factory Restore procedure provided you overwrite all remaining free space by copying large files to fill it completely then deleting them again. Windows CAB (cabinet) files are useful for this as they are large and condensed, but any large file can be copied and renamed multiple times to fill the disk. 2. This sample spreadsheet shows the format for recording PC details, and can be used as a MailMerge source to produce Certificates of Destruction (See Appendix B).

Some useful Hardware Tools to have

Whilst not essential, the following tools tend to make life easier when undertaking wiping and restore tasks.

1. USB floppy disk drive. Many modern machines don’t come equipped with a floppy drive but need a boot floppy to run certain disk erase tools. 2. USB hard drive caddy. If all else fails to wipe the disk insitu it can be removed from the machine and run as an external drive on another working PC. 3. USB data stick. Can be used to run some erase tools where USB ports are available. 4. Stack of recordable CD media. Needed to create boot CD’s for some erase tools. Has the advantage of being read-only so cannot pass on a malware infection. It is usually necessary to download the tool as an ISO image then write it to the CD to create the boot disk. 5. Philips screwdriver selection. To remove PC case covers and hard disks where necessary, and reseat add-on cards where a PC won’t boot.

Prepared by: A Clark Version 1.0 2 January 2014 Appendix A – Notes on Factory Restore and Wiping

The following notes may be helpful in getting started on machines from specific manufacturers. Always try the Factory Restore option first if it is available.

It is also worth trying to boot the machine “as-is” before starting to determine machine specifications (Rt-click My Computer in XP, Computer in Vista or Win 7). You can also run Windows Explorer to check how many visible partitions are present to ensure you don’t miss any. Tools like Paragon will allow you to manage partitions including wiping and resizing them and viewing any hidden partitions such as the Recovery one, if present.

Hewlett Packard (HP) Hitting F10 at the splash screen should give an option for System Recovery from which a Factory Restore can be achieved.

Dell Dell Dimension machines since April 2004 give access to the Factory Restore option by pressing Ctrl-F11once only at the splash screen. There are slightly different procedures depending on whether the PC is running XP or Vista. See http://www.ehow.co.uk/how_4926884_restore-dell-dimension-factory-.html

Dell Inspiron laptops often have an F8 option at the splash screen that gives Advanced Boot Options including Repair your Computer. From there choose Dell Factory Image Recovery.

Packard Bell Pressing F11 at the splash screen will give system restore options including Partial and Complete Recovery. Choose complete.

Acer At the splash screen hit Alt-F10 to run the eRecovery system. (Can also be run from within Windows if the OS is able to run).

Toshiba Satellite Laptops Make sure the computer is turned off ("Shut-down" from the Windows ) Remove any peripherals such an external mouse, keyboard, monitor, USB flash drive etc. Make sure the AC Adapter is plugged in and working. On machines with the F key numbers on the top edge of the keys and in White: • Press and hold the 0 (zero) key and power up the laptop. • Release the 0 (zero) key when the recovery warning screen appears. On machines with the F key numbers on the bottom edge of the keys and in Gray: • Power up the laptop. • When the initial TOSHIBA screen displays, press the F12 key to enter the boot menu. • Use the arrow keys to select the HDD Recovery option and press the enter key to begin.

Other machines Google is your friend. There is a wealth of information on forums to restore different machines but not all of it will work. You may need to use trial and error.

Unable to Wipe? Stick a coloured label on the machine and mark it clearly for TT to wipe.

Prepared by: A Clark Version 1.0 2 January 2014 Appendix B – Use of the sample templates

To make it easier to record PC information and generate (if requested) a Certificate of Data Destruction the following files are provided in Microsoft Office formats. Note that the files should be stored together in a suitable PC folder and you may need to adjust the MailMerge settings to suit your setup.

TuringTrustWipeRecords1.xls This Excel spreadsheet contains suitable fields for recording the required record information with one line for each wiped PC. The last column “CertGen” allows you to put in a “Y” if you want to generate a Certificate for that machine and can be left blank if not. This way the sheet can be used to continually build up your records and can be forwarded periodically to the Trust with each batch of newly-wiped machines.

CertDataDestrn3.doc This Word document can generate a Certificate (double sided) with the PC details being MailMerged on the front page and details of the Trust on the back. You will need to edit the Source Data to point to wherever you have put the Excel spreadsheet. It should start merging from Line 6 and include only records that have a “Y” in the CertGen column as above. You should sign the Certificate when you are satisfied that all personally identifiable data has been wiped from the machine.

Prepared by: A Clark Version 1.0 2 January 2014