Thursday, June 17, 2010

How to Erase a Hard Drive and Encrypt Your Files


3:39 PM |

Learn how to truly erase your hard drive and encrypt your files from prying eyes.

We discussed the importance of backing up the data stored on your computer’s hard drive in a previous story. But what happens if your computer is lost or stolen? Notebooks are particularly vulnerable. A thoroughly executed back-up plan will alleviate data loss, but do you want strangers perusing the highly personal information you’ve stored on that machine? We didn’t think so; that’s why we put together this guide to keeping your electronic data secure.
First, we’ll take you through the process of encrypting the data on your hard drive, so that you can use passwords to control who can see it. And since no computer lasts forever, we’ll show you how to scrub your hard drive so that no one will ever be able to retrieve anything from it when you decide it’s time to put it out to pasture.
Hide in Plain Sight
One of the best ways to secure your private data is to encrypt it on your hard drive. Encryption uses an algorithm to scramble data in such a way that it can be read only by someone who possesses the special key that’s required to descramble it. You can use a free program (the authors do accept donations) called TrueCrypt to create a virtual encrypted disk in which you can stash sensitive information. Download the software here.
 If you’re truly paranoid, you can create a hidden TrueCrypt volume that won’t be displayed in any directory.
Download, install, and launch TrueCrypt. TrueCrypt’s main window will display all of your computer’s unreserved drive letters. Click the button labeled “create volume” to launch the Volume Creation Wizard. For the sake of simplicity, we’ll choose the first option to create a virtual encrypted drive; you might think of this as an electronic safe in which you’re going to hide your sensitive files. Click the “next” button and choose the default value, Standard TrueCrypt Volume, in the next step.
Now we need to choose the physical location for our virtual disk and give it a name. Click the “select file” button and navigate to the disk, disk partition, folder, or network location you’ve chosen. You have the option of using an external drive, too. At this stage, it’s absolutely critical that you do not use a name that already exists in the directory you’ve selected; if you do, you’ll wind up overwriting that existing file. Click the “save” button when you’ve decided on a new name. Once you’ve created this new container, you’ll be able to copy or move it anywhere, just like any other file. But you won’t be able to open it without a password, which we’ll create later.
Click the “next” button to choose an encryption algorithm. We’ll stick with the default value of AES here (hey, the U.S. government considers it strong enough to encrypt data classified as top secret), so click the “next” button. Now we have to decide how large we want our secure container to be. We still haven’t actually encrypted anything at this point; encryption will happen on the fly when we move files into the container.

TrueCrypt will warn that your password is too weak if it contains less than 20 characters.

Now we’re at the most critical stage in this entire process: Choosing a password. There’s not much of a point in encrypting data if you’re going to make it easy for someone to guess the one word that’s protecting it. A strong password should consist of a random collection of upper- and lower-case letters, numbers, and special characters (such as *, +, =, %, and $). Never use a word that can be found in the dictionary, and never use a name or birth date. A long password is always better than a short one; TrueCrypt can handle passwords with up to 64 characters, and it will produce a warning if you create one with fewer than 20 characters. Type in your password and click “next.”
The software is now finally ready to create an encryption container for you. You have the option of creating a virtual disk using either the old FAT or the new NTFS file systems, and you can also designate the disk’s cluster size here. We’ll accept the default values; but before clicking on the “format” button, move your mouse pointer inside the box and wiggle it around randomly for five or 10 seconds. TrueCrypt will use the mouse movements to create the keys it will use to encrypt your data; the longer you make random mouse movements, the stronger the encryption key will be. Click the “format” button when you’re ready. When TrueCrypt displays a message that it has finished creating your new volume, click the “exit” button to close the wizard.

Using Your Encrypted Container
You’ll need to mount your encrypted container before you can store or access anything in it. The main TrueCrypt window should still be open at this point; if it’s not, launch it from the Start menu. Select a drive letter from the window and then click the “select file” button. Navigate to the volume you created in the previous steps, select it, and then click the “open” button. Finally, click the “mount” button and enter the password you created to secure the container. If you’re using a portable storage device, such as a USB hard drive, click the “mount options” button, place a checkmark next to the phrase “mount volume as removable media,” and click “OK.”

Burn After Reading
When your PC (or its hard drive) has reached the end of its useful life, you should remove all traces of your personal information before sending it into retirement; especially if your disposal plan entails donating it to someone whose computing needs are more modest than yours. Simply deleting the files isn’t good enough, even if you empty the PC’s recycle bin. All that really does is tell the operating system that the storage space those files occupy is available for storing new data. What’s more, unidentified copies of sensitive files could be scattered in other places on your drive. Reformatting the drive isn’t a sure-fire solution, either. Anyone with the least bit of skill will still be able to recover files in either scenario with minimal effort.
The solution is to use software that’s specifically designed for the purpose of wiping a hard drive clean. You’ll find a number of programs capable of doing this, but we like LSoft Technologies’ Active@ KillDisk because it’s very thorough and it’s free (the developer sells a more comprehensive version for $54.95). Download Active@ KillDisk from here and launch it. You’ll need a CD burner and a blank CD for the next step.



The first step in installing Active@ KillDisk is to create a CD that you can use to boot the PC with the drive you want to wipe.


Put the blank CD in your burner and initiate the installation process, which will burn an ISO image to the disc. If your computer isn’t already set up to boot from its optical drive, you’ll need to tweak your computer’s BIOS. Restart your machine and click the hot key—typically the “delete” key—to access the BIOS settings. Tab over to the “boot” menu and configure the BIOS so that the CD/DVD drive tops the list of boot devices. After you save this setting and exit the BIOS menu, your machine should boot from the CD/DVD drive and automatically launch Active@ KillDisk.
Use the arrow keys to highlight Active@ KillDisk in the right-hand menu and tap the Enter key. A message will pop up to inform you that the free version supports only a “one pass zeros” method, this means that the software will write zeroes or random characters across the entire hard drive, destroying any data in the process. This will make it nearly impossible for a casual user to access any old data on the drive.


The free version of Active@ KillDisk isn’t as thorough as the retail version, but it’s good enough for most purposes.


Tap the “enter” key to acknowledge the message and Active@ KillDisk will display all the drives attached to your computer. Use the arrow keys to select the drive you wish to wipe clean and press the F10 key. In the next window, use the arrow key to highlight the “confirm and erase” message, and hit the “enter” key. Just to make sure you really intend to destroy the data on this drive, Active@ KillDisk will ask you to type the phrase “ERASE-ALL-DATA” into a box and kit the “enter” key once more. The program will then do its thing. When it’s finished, it will display a report showing what it did and how long it took. Repeat this process for any additional hard drives or partitions on your computer. When you’re finished, hit the “escape” key to exit the program. You can now safely dispose of your PC with little worry that someone will be able to resurrect any of the information you had stored on it.

Leave A Comment