35

I'm changing my employer, and I'm about to leave my office computer. Due to internal regulations and my supervisor's orders, I'm unable to format the disk drive. I was hoping I would be able to do this, as I was using that computer partially for my private purposes. The computer is running Windows 7.

Beside uninstalling any software that contains my personal data (like Google Chrome or Dropbox) and clearing everything in every browser cache / history, what other steps should I undertake or take into consideration in order to leave my office computer without any personal data-related concerns?

Note that I understand that formatting the drive is the best option here (and thus I really regret that such an option was taken from me). As far as I know and understand, using an office computer for private purposes isn't the best idea. A bad thing happened, however, so comments about that won't help me in this situation.

As per comments: My computer must be fully usable after I leave the office and thus I can't simply trash my disk! :> And my Windows is not a part of a domain.

trejder
  • 3,329
  • 5
  • 23
  • 33
  • If your employer used a domain network, it would be easy to perform a wipe + the computer would be perfectly usable after. I've recently set-up my own home domain network and it's brilliant; my Windows profile is centrally stored and I can reinstall my computers with all programs installed in around 30 minutes. Sounds to me like your employer doesn't know much about computers, and if they do, they certainly aren't following 'best practices'; if one of the computers was infected with a virus and had to be nuked, would your employer really want to wait a couple of days for reinstallation? – AStopher Sep 29 '15 at 13:29
  • 11
    Is it actually written down that you are banned from reinstalling windows OR is it simply that the computer must be usable for the next person? I would argue a clean install for the next person would be the RESPONSIBLE thing since it guarantees a cleaner, faster experience. I'd be irritated if I got a half loaded-down sluggish system as the next person... – WernerCD Sep 29 '15 at 13:48
  • @WernerCD At a work environment it's likely not allowed or certainly frowned upon; corporate environments are locked down and each update is vetted by the security/desktop team. A fresh Windows wouldn't be set up to run on the work network properly (Active Domain, all the work software, etc.), so would be treated as a personal device. This would cause a lot more headache for the employer than is necessary. – TylerH Sep 29 '15 at 14:25
  • 2
    @TylerH As the OP's employer does not use a domain network, I wouldn't think I.T security would be *too* tight. – AStopher Sep 29 '15 at 16:02
  • 1
    Just reinstall that Windows. Be a bad person. – polkovnikov.ph Sep 30 '15 at 02:36
  • Hi, I was wondering if you ended up choosing a solution which satisfies your needs? – MonkeyZeus Sep 30 '15 at 15:55
  • You did not mention (or tag) the country you are in. The use or not of a work computer for personal activities may be regulated by law (as it is in France for instance). If you are legally allowed to use your work computer for reasonable private activities then you can also have the right to enforce the wipe of this data. Either your employer can guarantee you that your personal data is gone (including backups) or you have the right to protect them, suggesting a secure wipe. – WoJ Sep 30 '15 at 18:39
  • PS. I see from your profile that you are from Poland, bad luck then as the regulation in Poland do not cover the case of private data on a work computer, leaving this to the internal regulations of the company (or associated laws in case there are no internal regulations on that subject) – WoJ Sep 30 '15 at 18:40
  • @MonkeyZeus We use `Accept Button` here on Stack Exchange! :> So, I ended up with [SliverlightFox's solution](http://security.stackexchange.com/a/101391/11996), just as I the answer, that I picked as accepted! :> – trejder Sep 30 '15 at 20:34
  • @WoJ Exactly. There are no law regulation for this matter here and the allowance for using office computer partially for private work was kind of "genetelmans agreement" between me and my boss. Thus I had no legal right to enforce him for wiping entire disk and thus this question. – trejder Sep 30 '15 at 20:35

6 Answers6

38

Note that if you were on an AD Domain, domain administrators would have had full access to your computer anyway. The usual caveats about physical access, unencrypted drives, etc, all apply, so this is not real security but will prevent subsequent users of your computer from getting easy access to your data.

If you were not part of a domain, then the best you can do is create a new administrator account, and then delete your old account and profile from the new one.

Make sure that the recycle bin has been emptied. If the Volume Snapshot Service is running, delete any volume shadow copies by running cmd with elevated privileges:

vssadmin delete shadows /for=c:

Finally run the following command for each drive:

cipher /w:c:\

Where c: in both cases is the drive letter designation. This will wipe all free space, making it unrecoverable. See this answer for more information.

Community
  • 1
SilverlightFox
  • 33,408
  • 6
  • 67
  • 178
  • Personally I disagree with simply using `cipher`. It's enough to stop standard computer users from accessing your data. But it won't stop more advanced users. I'm not sure how it's called in English, but HDD have something called "side tracks". There are about 36 of them if I remember correctly. Everytime data is overwritten, the old data is moved sideways. The further it goes, the more corrupted and inaccessable it becomes. But at least parts of it can always be recovered. You need to do at least 36 passes on empty data to completely get rid of it. – icecub Sep 29 '15 at 13:36
  • 22
    @icecub do you have a *recent* citation for that? It's generally reckoned that data can't be read once overwritten, a few (e.g. 3) passes are used to be absolutely sure. Very old hard drives had some issues with data still being recoverable but there's just not enough space for that to be the case any more. It was always an analogue problem, no magic "36" or similar. More of an issue is making sure that everything including deleted files is overwritten. – Chris H Sep 29 '15 at 13:45
  • @ChrisH I'm afraid not since I have no idea how it's called in English. Google doesn't provide much help either. I just know because that's how forensic data recovery works. I agree it only works on normal hard discs though. A SSD for example has a build in garbage collector. Deleted data simply can't be recovered from it. – icecub Sep 29 '15 at 13:50
  • 11
    @icecub now SSDs are a different matter, but the moving sideways you mention was never a deliberate act. [Here](http://www.vidarholen.net/~vidar/overwriting_hard_drive_data.pdf)'s a paper with an up-to-date picture demonstrating why a deliberately over-cautious approach from the 90s is no longer required. – Chris H Sep 29 '15 at 13:53
  • 11
    I see. I don't fully understand that document yet, but it seems my info is quite outdated. Thanks for pointing it out @ChrisH – icecub Sep 29 '15 at 14:53
  • Would this method also clean up residual information in the registry, or would one want to run something like Ccleaner against the registry to clear personal preferences stored there? Regardless, excellent answer. – phyrfox Sep 29 '15 at 18:07
  • @phyrfox: Thanks. Deleting the profile will also delete the user profile hive. – SilverlightFox Sep 29 '15 at 18:11
  • 2
    @icecub: You're talking about drift of head alignment, which was a very real problem with tapes, less so with platters where as one track drifts away from an area, another drifts over it, and the whole platter is still covered. And modern hard drives have nearly done away with drift. – Ben Voigt Sep 29 '15 at 18:33
  • 1
    Heck, modern drives _on purpose_ overwrite adjacent tracks. By intentionally doing so, they guarantee that there is no wasted space between tracks. – MSalters Sep 30 '15 at 08:00
  • @icecub There are have been a few "challenges" posted online where someone offered a high bounty (hundreds of thousands of dollars) if someone could manage to recover data from a hard drive after it's been erased only once. Nobody ever succeeded. – N.I. Sep 30 '15 at 15:30
  • @icecub You might be confused by bad block remapping. If a bad block develops on the drive the disk will substitute in its place a block from a section of the disk reserved for this purpose. The cipher command won't erase the (probably corrupted) data in the old bad block, but neither will overwriting 36 or any amount of times, as the disk simply will never read or write to the block again. To access the data stored in the old bad block you'd need to download hacked firmware into the drive, so for most purposes the data old bad block is unrecoverable and doesn't need to be erased. – Ross Ridge Sep 30 '15 at 18:53
  • @RossRidge If you don't mind, could you provide a source for that, and explain a bit more? Mainly about what level its at – does it send a message to the OS saying "don't read/write here anymore" or does it keep track internally and not tell the OS? Or is it part of the disc itself, so if you were to theoretically pop that out and put it in another drive it still wouldn't read it? – Nic Oct 01 '15 at 00:51
  • @QPaysTaxes It's performed by the hard disk controller. To the OS it looks like there aren't any remapped bad blocks. If you took all the platters out and put it into a same model hard drive then the controller of that drive should continue to not use the old bad blocks and use the replacements. If you put the platters into a different model of drive then it wouldn't be able to read the data as it wouldn't be formatted in a compatible way. – Ross Ridge Oct 01 '15 at 04:49
  • @SilverlightFox - If running any of these commands, how are they logged if part of a domain or a workgroup? – Motivated Feb 18 '16 at 07:04
10

First, use a software to securely delete files like Recuva or Eraser.

Apart from formatting, you will have to rewrite the empty space with 0's or 1's like @Begueradj has suggested.

There are softwares which will just do this for the empty space in the drives like CCleaner.

Just run a 3 or 7 pass wipe to rewrite and securely delete any traces of your personal data from the empty space after your delete them.

What CCleaner does is create a file and start writing 0's or 1's till your drives empty space is filled. Then it deletes the file.

Good Read: Learn How to Securely Delete Files in Windows

feral_fenrir
  • 713
  • 5
  • 15
  • It may be worth commenting on what difference your type of drive makes (SSD vs. HDD), if any. – jpmc26 Sep 30 '15 at 19:53
3

I suggest you a naive, tedious but still effective methode:

When you purge the data (also from recycle bin), Windows marks the related hard drive space as available for future reuse but the deleted data remains there until you use that space. Thus, you may think of storing lot of data on your hard drives so that you can reuse those available for reuse spaces. This is what you can call simply as overwriting data. As I said, this method can be manually tedious, but it is still effective.

P.S.

Note that you can overwrite those deleted data with random data (sequences of 0's and 1's) Darik's Boot and Nuke (DBAN) in case you can clear a full hard drive.

  • Thanks for your answer, however, using _cipher_ suggested in above answer sound like an easier way, than overwriting hard disk with large amount of data. And third-party software (DBAN) is no option, since I can't clear entire disk. – trejder Sep 29 '15 at 10:23
  • 1
    I did **NOT** ask him to wipe his HDD. My answer is described through the **long** paragraph. The DBAN I mentioned it as a **P.S.** to inform him the manual option I described can be automated but in his case he can not except if he has permission to wipe a specific HDD @cybermonkey –  Sep 29 '15 at 15:59
3

I've never actually performed and verified the process outlined in the steps below but it looks like using CloneZilla could be a viable option based on the opening paragraph:

Clonezilla is a partition and disk imaging/cloning program similar to True Image® or Norton Ghost®. It helps you to do system deployment, bare metal backup and recovery. Two types of Clonezilla are available, Clonezilla live and Clonezilla SE (server edition). Clonezilla live is suitable for single machine backup and restore. While Clonezilla SE is for massive deployment, it can clone many (40 plus!) computers simultaneously. Clonezilla saves and restores only used blocks in the harddisk. This increases the clone efficiency. With some high-end hardware in a 42-node cluster, a multicast restoring at rate 8 GB/min was reported.

Based on this, the steps you would take are:

  1. Remove/backup all known personal apps/data off of company disk
  2. Buy a hdd of equal or greater size (USB preferably)
  3. Clone company disk to USB disk
  4. Erasing the disk:
    • DBAN the company disk (effective for HDDs)
    • If using an SSD then look up the manufacturer's specific process for wiping the disk properly (Kingston SSDs)
  5. Clone USB disk to company disk

If everything goes smoothly then there should be absolutely no residual personal data left on the company disk.

MonkeyZeus
  • 507
  • 3
  • 10
2

Windows has guidelines on where application stores its data, but, unlike Linux, it does not enforce them. So you can not do any general action and be sure that you deleted all data.
The only 100% sure way is formatting the disk and zeroing it out afterwards. The only.
Otherwise, you should research on every application you used to learn where it puts data. In 90% cases this is somewhere in user profile, but in other 10% it is anywhere else, especially for old software and software made by amateurs. Then check that the data was not copied somewhere by backup software or read access boosters, did not go to swap or Temp folder.
Do not forget that files you delete go to Recycle bin. When you empty recycle bin, it may be configured so that files are copied somewhere else. Even if it is not rigged, the files "deleted" can still be read directly from HDD for some time. So you need a special application for secure file deletion.
In short, format the HDD.

Barafu Albino
  • 211
  • 1
  • 2
  • There are multiple potential "temp" locations especially with old hardcoded paths. You should be able to find a list online. Disabling swap and deleting the swap file before cleaning the empty space would seem to be a good idea as well. – Chris H Sep 29 '15 at 13:47
  • 7
    Linux does not enforce any standards about where applications can store data beyond the program needing write access to where it is storing data. – Doryx Sep 29 '15 at 17:56
  • 1
    And application usually has write access only where it is supposed to store data, that is the user profile. Some distros go even stricter. – Barafu Albino Sep 29 '15 at 17:59
  • Not *the only*. You can also encrypt the disk and forget the key. – WoJ Sep 30 '15 at 18:41
-2

Were you sensible and do everything as a user and not as admin? If so, AFTER installing everything personal, use the admin account to remove your user account. If you are paranoid, then use cipher etc. to clean up the free space but I suspect that wont be required as if you had reason to be paranoid, they would not have given you the opportunity to clean up the machine.

Paul Smith
  • 123
  • 2
  • Down votes without comments or reasons are not especially useful. – Paul Smith Sep 30 '15 at 10:31
  • I did not downvote but your answer sounds like conjecture. You should comment on the question requesting for more info and then provide coherent steps to take based on known info. – MonkeyZeus Sep 30 '15 at 15:53