Quote:
Originally Posted by unSpawn
Here it is about sanitation, as in making certain versus "I thought".
Have disk, erase MBR and PT, run file carver?
Exactly. Saying "will look like" does not equal to making certain.
|
I absolutely don't understand your reply about "making certain". The OP talks about viruses. Virus is a computer program, which have to be run to make damage. It won't magically restore itself from the remnants old partition or junk data in unused sectors. If you wipe MBR/PartitionTable - there "will be no partitions" on HDD (all data will be still here, but it won't be accessible without special software or recovering MBR/PT). When you'll try installing WinXP(or whatever) after that, new OS will see unformatted space, will ask for repartitioning it, after that it'll write new FS structures, new partition table, etc., wiping all data of locations of former files. So even if there still will be former infected *.exe available on disk at ofset 0xXXXXXXXX, this data won't be accessible, program won't be launched by anything, etc. In worst case virus could install itself in MBR as boot loader (AFAIK, "Format C:" won't fix such problem), which we already handled by Wiping MBR. So, what's the logic in wasting time and filling
entire HDD with zeros(or random data) in this case? For me this makes sense only when destroying sensitive data completely (so it won't be recovered by manual data analysis), not when cleaning virus-infected HDD.
--EDIT--
If there is *really* need to exactly fill HDD with zeros, I think it should be possible to do so on any other windows machine (although with Linux LiveCD it will be much easier) by using any HEX-editor software that support direct access to phisycal disk (WinHEX should be able to do that, maybe something else).