Asking for a friend...

If someone is terminated without notice, does an app exist that could burn all user data (browser, local files, etc.) on a Win10 machine without resetting the OS or network settings? You know - so the employer couldn't claim any damage was done to their machine?

Looking for an "emergency button" sort of solution.

Thanks.

-Rob

By "burn" do you mean "make a copy of" or "delete irretrievably?"

In the former case I suppose such an app could exist, but I'm not certain what would be the point. Without a trustworthy chain of custody there's no way anybody could prove such a snapshot was legitimate.

In the latter case: Yes, there are "secure erase" programs. But, unless you target explicit sub-directories, and you'd have to know where they all are, you'd have to wipe out everything in that user's space, and you couldn't do that while logged-in as that user. Plus they take a relatively long time to run.

For email none of that would likely be effective as it'd probably still be recoverable on the server. (If the company's doing it right, anyway.)

Btw: The mere act of destroying, or attempting to destroy, data in this manner may constitute "damage" in the eyes of both said employer and the law. All data on company-owned property is usually deemed property of said company.

We had an employee attempt to delete all the data on his laptop immediately prior to his being dismissed. I un-deleted every last bit of it, unlocked his account, and turned the laptop over to HR for examination. If was a stupid thing to do, because all we normally would have done was scrub the laptop before re-issuing it, anyway. We might have archived it, beforehand, but never once was I called-upon to retrieve such an archive.

The latter - sorry. Delete. Erase. Wipe (but not with a rag).

Aware of the legalities. Just looking for a solution.

Thanks.

-Rob

quote:

Originally posted by BurtonRW:
The latter - sorry. Delete. Erase. Wipe (but not with a rag).

There are "secure erase" programs. They work by attempting to over-write, in-place, with multiple pseudo-random patterns, all specified files, then deleting the directory entry references to those files. I used to use them to scrub machines being re-issued.

Using them on a live account is problematical, as I noted. Furthermore, the key word above is "attempting." There are various reasons such programs may not be entirely successful.

quote:

Originally posted by BurtonRW:
Aware of the legalities. Just looking for a solution.

I'm not a MS-Win guy, so I can't suggest any specific solutions. (Under Linux I use a command-line tool called "shred.") I'd be disinclined to recommend anything, anyway, because I wouldn't want to make myself a party to whatever it is your friend is doing, even indirectly.

quote:

Originally posted by BurtonRW:
Asking for a friend...

If someone is terminated without notice, does an app exist that could burn all user data (browser, local files, etc.) on a Win10 machine without resetting the OS or network settings? You know - so the employer couldn't claim any damage was done to their machine?

Looking for an "emergency button" sort of solution.

Thanks.

-Rob

That is the employer's computer. An employee doesn't have the right to delete data on an employer's machine. Even if it is allegedly personal information. If you don't want personal information on your employer's computer, don't put it there.

Real, effective wiping software is not fast. It makes several passes over hard drive sectors and re-writes them. It takes time.

But, an employee doesn't have the right to do that anyway.

Most organizations don't give users administrator privileges, so running software from within the OS will be problematic. You also wouldn't be able to wipe anything that was currently in use, which on a windows machine can be sorta random what with temp files and caches and the like.

Also, most organizations (should) have a backup scheme which dumps user data into a backup periodically for continuity purposes. The backup is usually kept on the network separate and apart from the user computer.

If I needed to get rid of personal data that would be personally damaging to me or my reputation, I would do it long before I was being considered for dismissal. I would use an app like DBAN that can be run from a USB drive and just securely wipe the entire drive. I would upload work related files onto the designated networked repositories (which he should be doing all along) weeks before nuking the computer. Once nuked, I would feign ignorance and have IT image a fresh OS onto my computer or issue me a new machine while they trouble shoot the old one, and then pray that the backup archives are never looked at upon dismissal and that those archives are eventually purged in accordance with the company's data retention policy.

I'm theory, if I was dismissed weeks or months down the road, HR will not know or have considered that the machine I turned in upon dismissal is not the same as the one with I had weeks and months ago. They'll unlock my machine, see nothing unusual, make an image of it for record keeping, and go on their merry way. With nothing incriminating, HR has no reason to ask IT to dig further, and the archives with incriminating data sits for a couple of years until deletion.

If records are requested, IT provides the "clean" image taken and kept from my computer when I was dismissed.

But then someone like me comes along who considers these things and requests that prior backups are provided as well...

Could you just run an old style degaussing machine (giant electromagnet) next to the machine?

I know some files are on other machines, but would that erase your machine?

Yes, it's a printer, but will work for computer too...

Ensigmatic and Aeteocles provide solid, knowledgeable information as usual, however there are another approaches someone who wants to delete "evidence" can take.

Probably the easiest, obtain a free downloadable linux installer image and create a boot thumb drive from it. Boot the thumb drive, and start the installation procedure, specifying that you want to use the whole disk for the new OS. Early in the install process, the installer will re-write the partition table and boot sector of the hard disk/SSD to make it ready for a fresh install. After this point, casual recovery efforts will be much less effective, a full recovery attempt performed by a firm that specializes in such will likely cost multiple thousands of dollars. In all likelihood, the system owner will probably not even bother getting a quote, and reinstall their standard OS as they would in a disk failure/replacement scenario. This is marginally more civilized than removing the hard disk and putting some rounds through it, but it will royally piss off your soon-to-be-ex-employer. And this does not protect from any backups that were taken before the procedure. You may be able to explain that you "wanted to try out this Linux thing I keep hearing about, but I think I screwed up" - just don't expect anyone with half a clue to believe you.

There are software distributions that are specifically intended for wiping disks, some of them are free, but I am too lazy to chase them down. If all the OP's client is worried about are the porn sites in his browser history, personal site passwords, credit card info, etc. using the browser functions to clear this data is probably prudent, but it isn't easy to determine all the places where this kind of information might be stashed away.

Talking to your client's soon-to-be-ex-employer's system administrator about your concerns (credit card info and personal passwords, don't mention the kiddie porn), might inform you of their standard procedures upon employee dismissal. These usually include some form of account deletion and/or re-imaging the system either of which will effectively remove user data.

Be careful how you deal with this, those who have no issue wasting a companies assets to pursue you, can make your life difficult.

It becomes a game for them.

The cost can be greater than you might imagine.

"Speaking for a friend..."



And even posting this on the internet, you have set the linstock to your pitard.

The Sigmonkey is back in the house! Good to see you - I for one have missed your posts.

quote:

Originally posted by Dakor:
The Sigmonkey is back in the house! Good to see you - I for one have missed your posts.

He's been posting on a fairly regular basis.

Jim

quote:

Originally posted by BurtonRW:
Asking for a friend...

If someone is terminated without notice, does an app exist that could burn all user data (browser, local files, etc.) on a Win10 machine without resetting the OS or network settings? You know - so the employer couldn't claim any damage was done to their machine?

Looking for an "emergency button" sort of solution.

Thanks.

-Rob

Not necessarily an answer to the specific question asked, but something I recommend to all my friends who own their own businesses and employ staff. Make sure all your PC's have two drives installed in them. Install all application software on the primary or C: drive and lock it down from user modification. Then point all user data to the second or D: drive. This makes what you're trying to accomplish simpler, as well as making backup ad recovery routines easier to configure.

quote:

Originally posted by sigmonkey:
Be careful how you deal with this, those who have no issue wasting a companies assets to pursue you, can make your life difficult.

It becomes a game for them.

The cost can be greater than you might imagine.

"Speaking for a friend..."



And even posting this on the internet, you have set the linstock to your pitard.

Hey, you! Glad to see you returned.

Is this meant to be as a FU to the employer on the way out? Essentially "Well if you're getting rid of me you're getting rid of all the work I've done as well" ?

quote:

Originally posted by Aeteocles:
Most organizations don't give users administrator privileges, so running software from within the OS will be problematic. You also wouldn't be able to wipe anything that was currently in use, which on a windows machine can be sorta random what with temp files and caches and the like.

Also, most organizations (should) have a backup scheme which dumps user data into a backup periodically for continuity purposes. The backup is usually kept on the network separate and apart from the user computer.

If I needed to get rid of personal data that would be personally damaging to me or my reputation, I would do it long before I was being considered for dismissal. I would use an app like DBAN that can be run from a USB drive and just securely wipe the entire drive. I would upload work related files onto the designated networked repositories (which he should be doing all along) weeks before nuking the computer. Once nuked, I would feign ignorance and have IT image a fresh OS onto my computer or issue me a new machine while they trouble shoot the old one, and then pray that the backup archives are never looked at upon dismissal and that those archives are eventually purged in accordance with the company's data retention policy.

I'm theory, if I was dismissed weeks or months down the road, HR will not know or have considered that the machine I turned in upon dismissal is not the same as the one with I had weeks and months ago. They'll unlock my machine, see nothing unusual, make an image of it for record keeping, and go on their merry way. With nothing incriminating, HR has no reason to ask IT to dig further, and the archives with incriminating data sits for a couple of years until deletion.

If records are requested, IT provides the "clean" image taken and kept from my computer when I was dismissed.

But then someone like me comes along who considers these things and requests that prior backups are provided as well...

Aetocles is right about how to do this, but it doesn't mean that you should do this. As I said, it isn't your computer, and once you put it on their computer, it is their data. If they detect these acts and want to make a stink out of it, they can, and they do, as someone else said, have much deeper pockets than you.

Most employers wouldn't care, too much. But if you were to destroy valuable company data or evidence of malfeasance, they might well care.

Again, if you don't want personal information on your work computer, DO NOT PUT IT THERE.

There are plenty of technical ways to skin this cat but the real question is: what is the end game?
And what control over the device does he have?
What is he really trying to hide, prevent or secure?
The reason I ask is this can determine what effort is needed to accomplish the task.

on the device its doable. but any competent employer will have it all on numerous backups so exactly what would be the point?

Legalities aside, if you're just an end user without IT Admin power, don't bother wasting effort. What you wipe from "your" machine is meaningless. They already have all your data. I am probably the least computer savvy of all, but even I know this.

This message has been edited. Last edited by: 12131,