Specious reasoning. You haven't "proven" anything. Pull drive. Install in another machine (you claim to have at least 3). Examine contents *there*.
Specious reasoning. You haven't "proven" anything. Pull drive. Install in another machine (you claim to have at least 3). Examine contents *there*.
Isn't that what programs are for? Take care of "mundane" details? There are many programs that will display a color BMP file, no fuss.
I think you may be leaping to the wrong conclusion.
I suggest that you repeat the complete disk-wipe on Linux (and remember to have dd overwrite the whole hard drive e.g. /dev/sdb rather than a single partition e.g. /dev/sdb1), "sync", power down the drive, and then use an _independent_ means of determining whether there's still anything on the disk.
By "independent" I mean "not Linux, and not Windows". Boot something else (e.g. a USB-stick-based version of BSD), and see whether anything shows up.
If the drive looks blank to everything but Windows, and then looks non-blank to Windows, it's a fair indication that Windows is lying to you (or, more politely, that Windows has a cache of data that it "believes" is on that drive, and is using that cache rather than accessing the drive itself).
I've used Linux dd to zero out a whole bunch of things, over the years. I've not had it fail (let along anything I would call "lie").
To my knowledge (and I recall looking through its source code some years ago) "dd" isn't doing anything special, programming-wise. It's an ordinary user-mode application. It simply opens whatever destination you direct it to, and then writes data through the normal Linux (Posix) I/O APIs. The actual data transfer to the disk is done via the standard kernel mechanisms.
...and what does that to do with the price of rice in China? There are many programs that will display a BP file on a color screen; details taken care of by the program and screen drivers ALREADY IN PLACE.
But all you're looking for is evidence of wiping.
Just grab the scroll bar in HxD and give it a quick whirl, and that'll tell you whether a wiper was there.
For wiping, I always use zeros, because it simplifies the workflow later when doing forensics (on say, why something broke).
Paul
And there's a Windows one.
dd --list
# Erase the first 4GB or so of the third disk drive on the machine. # The list command allows correlation of the disk identifier with # what you see in Disk Management in Windows.
dd if=/dev/zero of=\\?\Device\Harddisk2\Partition0 bs=4096 count=1000000
I recommend using a block size and count field, with USB Flash sticks, because release 6b3 of that software does not detect the end of a USB flash properly. For hard drives, you can shorten the command to
dd if=/dev/zero of=\\?\Device\Harddisk2\Partition0
and it would erase the whole thing.
That requires an Administrator Command Prompt window, to avoid getting an error #5.
When you want to spray a disk with random data, it would be
dd if=/dev/random of=\\?\Device\Harddisk2\Partition0
By tuning the block size, the command runs at anywhere from
13MB/sec (no block size defined) to as fast as the disk will go. Older disks may prefer a larger block size (221184). Newer disks can max out the rate, with a block size of 4096. That's because the RAM cache and interface, actually work on modern drives, allowing a very high sequential command rate.Paul
"zero" tends to be a "magic value" to many things. So, for "empty", I use a semirandom smattering of data (its a canned pattern but has no easily recognizable subpatterns... no groups of two, four, etc.)
For disk discards, I'll fill it with some little quip: "This disk has been wipedThis disk has been wipedThis..." repeating endlessly across the device.
It's not hard to do in say Python; you can just read in the raw device as a file, seek to the location you want and dump the data bytewise into any data structure you want, e.g. :
with open("/dev/sda","rb") as raw_drive: raw_drive.seek(offset, start_pos) data = bytearray(raw_drive.read(num_bytes)) //do something with data
Can be done in C/C++ too, with more than three lines of code, probably.
I'll try to whip up a little command-line utility to do what you want this week if you wanna comp me a sushi combo or somethin'
^^ Typo, dropped the "4" somehow!
Tim
-- Seven Transistor Labs, LLC Electrical Engineering Consultation and Contract Design Website: http://seventransistorlabs.com
Well, that is exactly what dd diskwipe is _supposed_ to do. What is this mysterious forensics program? Does it read any attached BIOS-recognized HD on a sequential byte-by-byte r cluster-by-cluster basis?
** By this time i was getting pissed and thought to try the internal diskwipe that Parted Magic allows one to use. Well..i got this error message that the drive security state was set as frozen. Parted Magic indicated you could put the drive to sleep, and at a later time you _might_ be able to wake it up. Seemed worth trying. Imagine lightening in an area of the screen, and then total computer shutdown power off. So much for that non-functional "fix".Drive still has security state set as frozen.
Well,one of the diskwipe options that Parted Magic gives, is one that fills with random data. Does not help solve the lie problem where i can easily switch between full of files (damn thing should be erased) to unformatted empty (only in that order).
To start,all i wanted to do is "simply" add a hard drive. That i could use as a data drive for Win2K, WinXP, and Win7. The problem diskwipe not working led me to think of a way to _see_ WTF was happening. AS an example, the lie of formatting in Parted magic is the fact that it not only does NOT format,it seems that it cannot format; all it does is write ONE BYTE in that partition table. even mkfs.ntfs/dev/sda1 does the same lie. A visual look-see of the HD might show that a "special" byte in each "block" may control this funny business.
Remember waay back in the old daze, accounting data on a disk was controller using a combination of deleted sectors and normal sectors one byte did that per sector.
I ought to know,i wrote a copy protection scheme using that fact as well as other obscure titbits that took no space away from data..even gained space from unused FAT space, from unused directory space, from all of second FAT, and one sector beyond last track.
Did i not say i am NOT stuck; i use Win2K, WinXP and Win7; i just prefer Win2K. (oh! yes, i DID say that, you just decided to forget) (how old did you say you were?
Already said i looked at that; NOT USEFUL for what i need to do; it ASSUMES there is something seen on the drive. Not only do i NOT have umpteen TerrorBytes of data,my idea would do what is needed even if i had that kind of storage. Use your imagination if any.
GODDAMNITALLTOHELL i _SAID_ 500megs!!!!!!!!!!!!!!!!. and i did not say i would look all of that
WELL! That is getting somewhere! Looks decent in fact; does not ASSume data layout or directories, or anything like that.
What is this Python that i have been reading about, in what OS and what environment does it work?
Forget C and all of its variants (plus, plusplus, plusminus, minusplus, negative, positive, zero). You can tell that we do NOT get along together.
EXACTLY the same result.
WHy do you need to "see" it. A quick diagnostic program would be a heck of a lot less painful than manually scrolling through an entire disk!!!!
Format means different things to different people. A drive is fast formatted if all the sectors on it are marked as unused. It is no longer necessary to do a full slow physical format on spinning rust (and even less necessary on an SSD).
Then write a program to read it block by block and report any exceptions to your expectations according to taste.
-- Regards, Martin Brown
Does PayPal work with Dominos or PapaJohns? Remember i do not have any flavor of Linux, no Win8 or Win9 (not joking,there are a FEW copies hiding), or Win10, or Win11. Thanks.
ElectronDepot website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.