Recovering deleted wallet/files from HDD

Ultegra134

hero member

Activity: 1750

Merit: 904

Quote from: QuickAccount on December 08, 2021, 02:40:26 PM

Quote from: larry_vw_1955 on December 07, 2021, 10:48:39 PM

Quote from: HCP on December 02, 2021, 12:17:27 AM

A very confusing answer to be sure...

User1: "It's bad for the environment to destroy perfectly functional drives, you should zero it and reuse it"
User2: "I agree, I smashed my harddrive with a hammer"

Ummm what??!? Huh

Still, the amount of time required to properly zerofill a drive can be quite massive... especially when you're talking Terabyte+ sized drives! Shocked

whereas... 5 minutes and a hammer? Tongue

a strong enough magnet should do the trick. in seconds.

The reason I use a hammer is because If I can hear the disks rattling inside, I know the job is done and that the data cant be recovered.

If I were to hammer them, I'd just keep them aside. Not keen on generating electrical/hardware waste. You could potentially use them as a backup, or an external HDD, I don't see the reason to smash them.

QuickAccount

member

Activity: 189

Merit: 52

In a world of coins, use them.

Quote from: larry_vw_1955 on December 07, 2021, 10:48:39 PM

Quote from: HCP on December 02, 2021, 12:17:27 AM

A very confusing answer to be sure...

User1: "It's bad for the environment to destroy perfectly functional drives, you should zero it and reuse it"
User2: "I agree, I smashed my harddrive with a hammer"

Ummm what??!? Huh

Still, the amount of time required to properly zerofill a drive can be quite massive... especially when you're talking Terabyte+ sized drives! Shocked

whereas... 5 minutes and a hammer? Tongue

a strong enough magnet should do the trick. in seconds.

The reason I use a hammer is because If I can hear the disks rattling inside, I know the job is done and that the data cant be recovered.

larry_vw_1955

sr. member

Activity: 1190

Merit: 469

Quote from: HCP on December 02, 2021, 12:17:27 AM

A very confusing answer to be sure...

User1: "It's bad for the environment to destroy perfectly functional drives, you should zero it and reuse it"
User2: "I agree, I smashed my harddrive with a hammer"

Ummm what??!? Huh

Still, the amount of time required to properly zerofill a drive can be quite massive... especially when you're talking Terabyte+ sized drives! Shocked

whereas... 5 minutes and a hammer? Tongue

a strong enough magnet should do the trick. in seconds.

nc50lc

legendary

Activity: 2534

Merit: 6080

Self-proclaimed Genius

Quote from: HCP on December 02, 2021, 12:17:27 AM

Still, the amount of time required to properly zerofill a drive can be quite massive... especially when you're talking Terabyte+ sized drives! Shocked

whereas... 5 minutes and a hammer? Tongue

Yeah, last time I zero-filled a 500GB WD Hard Drive, it took more or less 3 hours if my memory serves me right (that was 3 years ago).
Double that for a 1TB same speed HDD; although, the amount of time is still inconsequential if you want to re-use the disk.

HCP

legendary

Activity: 2086

Merit: 4361

A very confusing answer to be sure...

User1: "It's bad for the environment to destroy perfectly functional drives, you should zero it and reuse it"
User2: "I agree, I smashed my harddrive with a hammer"

Ummm what??!? Huh

Still, the amount of time required to properly zerofill a drive can be quite massive... especially when you're talking Terabyte+ sized drives! Shocked

whereas... 5 minutes and a hammer? Tongue

nc50lc

legendary

Activity: 2534

Merit: 6080

Self-proclaimed Genius

Quote from: QuickAccount on December 01, 2021, 03:20:42 PM

Quote from: larry_vw_1955 on November 21, 2021, 01:20:09 AM

Quote

If you're offloading your own computer, and the hard drive has to be included for whatever reason, then I would recommend writing 0's to it, with multiple checks. You can do this within Linux or you can use a program like DBAN if you wish.

That's a much better solution for the environment than destroying a perfectly good hard drive. IMO, it's kind of the height of conceit to destroy a perfectly good hard drive. Remember guys, someone out there needs that hard drive. :D

I second this.

-snip- Even if you overwrite "everything" data is still recoverable with highly accessible software such as this one off of github:

You second~ed the replies yet you've countered their points :/

Anyways, what they meant by "writing 0's" is to 'low-level format' the drives which will turn all of the data on the drive into 0's (binary: 0 or 1).
There's nothing recoverable after that, your example software can only restore deleted files or a formatted drive, those are files which aren't really deleted but flagged as "overwritable".

BitMaxz

legendary

Activity: 3374

Merit: 3095

Playbet.io - Crypto Casino and Sportsbook

Quote from: QuickAccount on December 01, 2021, 03:20:42 PM

I second this.

Recovering data from a Hard drive that has been "wiped" isnt hard. When I bought an ssd to replace my computer's hard drive, I overwrote everything on it, then went out to the driveway and slammed it with a hammer until I could hear the disk plates rattling inside. No data is every coming out of that drive. Even if you overwrite "everything" data is still recoverable with highly accessible software such as this one off of github:

https://github.com/qayshp/TestDisk

Have you checked the GitHub page it was developed years ago which is very old?

And they only support Windows NT/2K/XP for NTFS drive so do you think you can recover files from Windows 7 and up?
That tool is outdated you can't just easily recover files using that tool you should use a tool that is updated and support almost all newer OS.

QuickAccount

member

Activity: 189

Merit: 52

In a world of coins, use them.

Quote from: larry_vw_1955 on November 21, 2021, 01:20:09 AM

Quote

If you're offloading your own computer, and the hard drive has to be included for whatever reason, then I would recommend writing 0's to it, with multiple checks. You can do this within Linux or you can use a program like DBAN if you wish.

That's a much better solution for the environment than destroying a perfectly good hard drive. IMO, it's kind of the height of conceit to destroy a perfectly good hard drive. Remember guys, someone out there needs that hard drive. Cheesy

I disagree with this.

Recovering data from a Hard drive that has been "wiped" isnt hard. When I bought an ssd to replace my computer's hard drive, I overwrote everything on it, then went out to the driveway and slammed it with a hammer until I could hear the disk plates rattling inside. No data is every coming out of that drive. Even if you overwrite "everything" data is still recoverable with highly accessible software such as this one off of github:

https://github.com/qayshp/TestDisk

larry_vw_1955

sr. member

Activity: 1190

Merit: 469

Quote

If you're offloading your own computer, and the hard drive has to be included for whatever reason, then I would recommend writing 0's to it, with multiple checks. You can do this within Linux or you can use a program like DBAN if you wish.

That's a much better solution for the environment than destroying a perfectly good hard drive. IMO, it's kind of the height of conceit to destroy a perfectly good hard drive. Remember guys, someone out there needs that hard drive. Cheesy

fillippone

legendary

Activity: 2268

Merit: 16328

Fully fledged Merit Cycler - Golden Feather 22-23

Quote from: Welsh on November 10, 2021, 02:06:38 PM

If you're offloading your own computer, and the hard drive has to be included for whatever reason, then I would recommend writing 0's to it, with multiple checks. You can do this within Linux or you can use a program like DBAN if you wish.

Great advice.
I have been doing that since a long time. Usually I am declaring this to the buyer stating only that "HDD has just been formatted for YOUR convenience". They even look quite pleased by this innocent lie.

Ultegra134

hero member

Activity: 1750

Merit: 904

Quote from: Welsh on November 10, 2021, 02:06:38 PM

Quote from: Ultegra134 on November 10, 2021, 11:37:38 AM

I wasn't really concerned before I made this thread, the other users here warned me about the dangers of leaving a computer unattended, especially to a technician. I wasn't too concerned about my Metamask wallet, since it's encrypted and requires my password, the Bitcoin one though was at a higher risk.

Thinking back to it, i shouldn't have handed my laptop without removing the HDD, which was merely a two minute job.

Yeah, my personal rule set is never include your hard drive with the laptop when you're offloading it to someone else. You don't know what people's intentions are, though most will likely be innocent, and wouldn't even think about checking for previous data. Then, the more, and more they use it the less likely it becomes to recover anything substantial.

If you are purchasing old hard drives it is usually enough to wipe the hard drive via a format, and not worry too much about malicious code. Though, there is a small amount of risk involved with that too. If you're offloading your own computer, and the hard drive has to be included for whatever reason, then I would recommend writing 0's to it, with multiple checks. You can do this within Linux or you can use a program like DBAN if you wish.

Thanks for your feedback, it's definitely a concerning matter, to be honest, I didn't even think about checking the hard drive, when I bought this refurbished laptop, (HDD was used, so I would probably find something if I was willing to), but it didn't even cross my mind to snoop into someone's files like that.

I haven't made up my mind yet, on whether to sell it or not, but I appreciate your feedback regarding the HDD overwriting.

Welsh

staff

Activity: 3304

Merit: 4115

Quote from: Ultegra134 on November 10, 2021, 11:37:38 AM

I wasn't really concerned before I made this thread, the other users here warned me about the dangers of leaving a computer unattended, especially to a technician. I wasn't too concerned about my Metamask wallet, since it's encrypted and requires my password, the Bitcoin one though was at a higher risk.

Thinking back to it, i shouldn't have handed my laptop without removing the HDD, which was merely a two minute job.

Yeah, my personal rule set is never include your hard drive with the laptop when you're offloading it to someone else. You don't know what people's intentions are, though most will likely be innocent, and wouldn't even think about checking for previous data. Then, the more, and more they use it the less likely it becomes to recover anything substantial.

If you are purchasing old hard drives it is usually enough to wipe the hard drive via a format, and not worry too much about malicious code. Though, there is a small amount of risk involved with that too. If you're offloading your own computer, and the hard drive has to be included for whatever reason, then I would recommend writing 0's to it, with multiple checks. You can do this within Linux or you can use a program like DBAN if you wish.

Ultegra134

hero member

Activity: 1750

Merit: 904

Quote from: examplens on November 09, 2021, 06:45:15 PM

Interesting discussion here. I have had cases like this where users were concerned about the possibility of unauthorized duplication of data.
as far as I know, it was enough to do low-level format, then 100% disk capacity is filled with some garbage (usually pornography) and this cycle is repeated two or three times depending on the level of paranoia.

I wasn't really concerned before I made this thread, the other users here warned me about the dangers of leaving a computer unattended, especially to a technician. I wasn't too concerned about my Metamask wallet, since it's encrypted and requires my password, the Bitcoin one though was at a higher risk.

Thinking back to it, i shouldn't have handed my laptop without removing the HDD, which was merely a two minute job.

examplens

legendary

Activity: 3472

Merit: 3507

Crypto Swap Exchange

Interesting discussion here. I have had cases like this where users were concerned about the possibility of unauthorized duplication of data.
as far as I know, it was enough to do low-level format, then 100% disk capacity is filled with some garbage (usually pornography) and this cycle is repeated two or three times depending on the level of paranoia.

fillippone

legendary

Activity: 2268

Merit: 16328

Fully fledged Merit Cycler - Golden Feather 22-23

Quote from: figliar0 on November 08, 2021, 11:45:08 AM

Quote from: Lucius on November 07, 2021, 10:10:21 AM

Quote from: fillippone on November 07, 2021, 05:02:19 AM

Maybe it’s worth asking him to assist in person to your repair, so that you don’t leave him with your datas alone. This could be counterproductive for opsec reasons anyway.

I have seen that some of the services that offer data rescue in my country offer just such a service - means that the client is present when rescuing data (which of course means a higher price). Yet even in such a situation, is it possible to be 100% sure that the data is being copied to only one location, and that this person is not doing another secret backup simultaneously?

Of course not. If he will use his computer how can you say that data is not copied somewhere else? You cannot be sure if he do not have som program copying your data elsewhere on the background.

I think that, being on the place while my PC is repaired , I could personally be pretty sure about what's getting on, and being able to spot any fraudulent action.

Just remember that self custody is hard. So you can securely hand over the custody of your assets to a professional custodian (not an exchange).

figliar0

member

Activity: 110

Merit: 19

Quote from: Lucius on November 07, 2021, 10:10:21 AM

Quote from: fillippone on November 07, 2021, 05:02:19 AM

Maybe it’s worth asking him to assist in person to your repair, so that you don’t leave him with your datas alone. This could be counterproductive for opsec reasons anyway.

I have seen that some of the services that offer data rescue in my country offer just such a service - means that the client is present when rescuing data (which of course means a higher price). Yet even in such a situation, is it possible to be 100% sure that the data is being copied to only one location, and that this person is not doing another secret backup simultaneously?

Of course not. If he will use his computer how can you say that data is not copied somewhere else? You cannot be sure if he do not have som program copying your data elsewhere on the background.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

Quote from: fillippone on November 07, 2021, 05:02:19 AM

Maybe it’s worth asking him to assist in person to your repair, so that you don’t leave him with your datas alone. This could be counterproductive for opsec reasons anyway.

I have seen that some of the services that offer data rescue in my country offer just such a service - means that the client is present when rescuing data (which of course means a higher price). Yet even in such a situation, is it possible to be 100% sure that the data is being copied to only one location, and that this person is not doing another secret backup simultaneously?

Quote from: vapourminer on November 07, 2021, 08:47:19 AM

i never leave any old or failed disks anywhere or in anything i giveaway or sell. the drives are destroyed. even if it dies when in the warranty period im not sending a drive back for a replacement so i just write it off.

Exactly what I do all my life, I never sell or throw away old computers or mobile phones. I still have my first cell phone over the age of 20 which was state-of-the-art technology at the time, but quite inconvenient to carry because of its size and weight - who would say that today's smartphones are even bigger and similar in weight

vapourminer

legendary

Activity: 4354

Merit: 3614

what is this "brake pedal" you speak of?

Quote from: DaveF on November 05, 2021, 06:48:23 AM

I don't know how the $80 generic ones work, but the 'real' ones are just running an embedded linux controller and dd 'ing (more or less) the entire drive.
The source is only ever mounted in read only so having it come back as 'raw' is just about impossible.

This: https://www.amazon.com/SATA-Hard-Drive-Duplicator-Eraser/dp/B00G6TG5YE
is not the same as this: https://www.mediaduplicationsystems.com/fx2125-sata-sas-usb3.0-hard-drive-duplicator

If you walk into a shop or your tech is using something like the StarTech one. Run away as fast as you can.

can confirm the startech is junk. i have it (maybe not exactly this model but a similar startech) and while its never corrupted the source drive its only successfully duplicated maybe half the drives i tried. like 4 or 5 drives out of 10 or so. and man its slow af. waste of money.

i never leave any old or failed disks anywhere or in anything i giveaway or sell. the drives are destroyed. even if it dies when in the warranty period im not sending a drive back for a replacement so i just write it off.

Ultegra134

hero member

Activity: 1750

Merit: 904

Quote from: fillippone on November 07, 2021, 05:02:19 AM

Quote from: ?? on ??

Just like @LoyceV said, remove the HDD before giving the device to someone else. If they ask why the HDD is missing, you could say you need the data for urgent work and ask them to use their own HDD/USB drive for testing.

I am not sure many laptop allows for an easy HDD removal, even more without breaking warrant (Mac User anyone?).
Also,even if I haven’t any wallet in it, just having access to my email a malicious user could do extremely dangerous actions.
Basically, when to give your laptop to an external technician, you are trusting him not to rip you off.
Maybe it’s worth asking him to assist in person to your repair, so that you don’t leave him with your datas alone. This could be counterproductive for opsec reasons anyway.

The main reason I bought a refurbished laptop was firstly, because it was cheap, and secondly, they are easily accessible. I do not even need a screwdriver to take the back out. On top of that, in case something breaks, it's easily replaceable, even if we're talking about a full replacement.

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: fillippone on November 07, 2021, 05:02:19 AM

Quote from: ?? on ??

Just like @LoyceV said, remove the HDD before giving the device to someone else. If they ask why the HDD is missing, you could say you need the data for urgent work and ask them to use their own HDD/USB drive for testing.

I am not sure many laptop allows for an easy HDD removal, even more without breaking warrant (Mac User anyone?).

Then you're either forced to,
1. Learn removing HDD from your laptop and buy necessary tool (e.g. screwdriver for screw type used on your laptop).
2. Perform secure disk wipe using bootable OS on flash drive.
3. Fully trust the technician.

Quote from: fillippone on November 07, 2021, 05:02:19 AM

Basically, when to give your laptop to an external technician, you are trusting him not to rip you off.

True, but it's less likely they will do something obvious (e.g. charging very high "repair" cost) rather than cloning HDD which hardly could be detected.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: fillippone on November 07, 2021, 05:02:19 AM

I am not sure many laptop allows for an easy HDD removal, even more without breaking warrant (Mac User anyone?).

Suggestion: add it to your opsec-checklist to only buy laptops that allows to easily take out the drive.

fillippone

legendary

Activity: 2268

Merit: 16328

Fully fledged Merit Cycler - Golden Feather 22-23

Quote from: ?? on ??

Just like @LoyceV said, remove the HDD before giving the device to someone else. If they ask why the HDD is missing, you could say you need the data for urgent work and ask them to use their own HDD/USB drive for testing.

I am not sure many laptop allows for an easy HDD removal, even more without breaking warrant (Mac User anyone?).
Also,even if I haven’t any wallet in it, just having access to my email a malicious user could do extremely dangerous actions.
Basically, when to give your laptop to an external technician, you are trusting him not to rip you off.
Maybe it’s worth asking him to assist in person to your repair, so that you don’t leave him with your datas alone. This could be counterproductive for opsec reasons anyway.

cabron

hero member

Activity: 2800

Merit: 595

https://www.betcoin.ag

Giving the laptop with its drive will likely give that computer guy access to old passwords saved on browsers.

I would probably just follow what LoyceV suggested that you take out the HD and then sell it to that computer guy, that's the best and easiest way to do it unless you want the risky option. There could be more files you have there in the hard drive which you can slave later on another computer and scan it all like pictures, txt files, and downloaded files.

Lotus

jr. member

Activity: 107

Merit: 7

If you ever send it to "anybody" then assume it's been compromised. As to how to handle it, the answer is still the same. Use a hardware wallet. That way, even if all its content is stolen and you get it back with keyloggers and trojans, they still can't access your assets.
At the very least, transfer everything off the machine before sending it off and don't use it for local wallets again until you wipe it off.

jerry0

full member

Activity: 1750

Merit: 186

So how do you guys handle when there is an issue and you need to bring it your laptop to a repair shop or return it to the company? Assuming you can just check your hard drive which is to see what is the problem, isn't this already a big issue? Like imagine it just shows ledger live or electrum as an icon on you computer when they turn it on.

I mean wouldn't they most likely inspect it?

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: fillippone on November 06, 2021, 06:37:07 AM

what if something break on your laptop where you have critical informations?

I was serious when I wrote this:

Quote from: LoyceV on November 05, 2021, 04:10:49 AM

Or use a screwdriver, as that's all it takes to take out the drive.

Quote from: fillippone on November 06, 2021, 06:37:07 AM

What if your power supply breaks on your laptop?

I'd probably fix it myself

Quote

Can you trust your repair shop will not duplicate your hdd?

You can assume this, but you can only be sure if you don't let your HDD out of sight.

Quote

When I gave my phone to repair shop, I resettled it to factory setting, but had the luxury of being able to prepare for the event.
What should you do in case of an “ unforeseeable” event?

Phones are much worse: you can't just take out the disk to send it in for repairs. But phones are also much more likely to get stolen, so I'd say don't store more data on it than you're willing to lose.

Ultegra134

hero member

Activity: 1750

Merit: 904

Quote from: fillippone on November 06, 2021, 06:37:07 AM

Quote from: DaveF on November 05, 2021, 06:48:23 AM

The point is the professional ones can do 30+GB a minute if the drives can keep up so yes, you can pull and clone and replace a filled 1TB drive in about an hour.

-Dave

Interesting question then is: what if something break on your laptop where you have critical informations? What if your power supply breaks on your laptop? Can you trust your repair shop will not duplicate your hdd?

Any ways of mitigating this? Even if the wallet.dats are encrypted, I bet there will still be loads of passwords saved while browsing, that can do a lot of damage.

When I gave my phone to repair shop, I resettled it to factory setting, but had the luxury of being able to prepare for the event.
What should you do in case of an “ unforeseeable” event?

I used to have a desktop computer but the motherboard died on me and never bothered to repair it. Supposing you have a desktop PC, it's not that hard to mount a HDD and recover your data. If I had one myself, I wouldn't have bothered taking it to a technician, since the laptop itself is pretty cheap.

fillippone

legendary

Activity: 2268

Merit: 16328

Fully fledged Merit Cycler - Golden Feather 22-23

Quote from: DaveF on November 05, 2021, 06:48:23 AM

The point is the professional ones can do 30+GB a minute if the drives can keep up so yes, you can pull and clone and replace a filled 1TB drive in about an hour.

-Dave

Interesting question then is: what if something break on your laptop where you have critical informations? What if your power supply breaks on your laptop? Can you trust your repair shop will not duplicate your hdd?

Any ways of mitigating this? Even if the wallet.dats are encrypted, I bet there will still be loads of passwords saved while browsing, that can do a lot of damage.

When I gave my phone to repair shop, I resettled it to factory setting, but had the luxury of being able to prepare for the event.
What should you do in case of an “ unforeseeable” event?

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: larry_vw_1955 on November 04, 2021, 10:44:17 PM

Quote from: DaveF on November 04, 2021, 04:20:32 PM

Or buy a hardware cloner, clone the drives and read them later.
Put client disk in slot 1 blank disk in slot 2 & push a button. Drink beer. Then put disk back in client PC.
-Dave

those little sata 2 port "docking stations" are not so good as what you might think. if there's one constant about them it is people complaining how it f***ed up their hard drives and made them "raw". doesn't matter the brand.

Looking at my work notes we have done over 170 Spinning drives to SSD since Jan 1 2020 for a client who was extending the life of some older machines so either you and the people you are talking to are using cheap cloners or we have some amazing luck.

I don't know how the $80 generic ones work, but the 'real' ones are just running an embedded linux controller and dd 'ing (more or less) the entire drive.
The source is only ever mounted in read only so having it come back as 'raw' is just about impossible.

This: https://www.amazon.com/SATA-Hard-Drive-Duplicator-Eraser/dp/B00G6TG5YE
is not the same as this: https://www.mediaduplicationsystems.com/fx2125-sata-sas-usb3.0-hard-drive-duplicator

If you walk into a shop or your tech is using something like the StarTech one. Run away as fast as you can.

The point is the professional ones can do 30+GB a minute if the drives can keep up so yes, you can pull and clone and replace a filled 1TB drive in about an hour.

-Dave

fillippone

legendary

Activity: 2268

Merit: 16328

Fully fledged Merit Cycler - Golden Feather 22-23

Quote from: LoyceV on November 05, 2021, 04:10:49 AM

Quote from: fillippone on November 04, 2021, 07:17:27 PM

Next time I have a problem I will destroy my laptop with an hammer. I am not going to leave my HHDD unattended anymore!

Or use a screwdriver, as that's all it takes to take out the drive.
Or use full disk encryption.
Or an industrial shredder. I prefer a more subtle approach to my hardware.
Seriously though: there's no point to destroy any hardware that doesn't hold data.

Apparently your AI is not sophisticated enough to detect the rhetorical construction known as “Metonym”.
Or actually your AI is so advanced that pretends to misunderstand something in order to appear more human.

Or it’s just me, who think a joke is fun, while it is not.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: fillippone on November 04, 2021, 07:17:27 PM

Next time I have a problem I will destroy my laptop with an hammer. I am not going to leave my HHDD unattended anymore!

Or use a screwdriver, as that's all it takes to take out the drive.
Or use full disk encryption.
Or an industrial shredder. I prefer a more subtle approach to my hardware.
Seriously though: there's no point to destroy any hardware that doesn't hold data.

Lotus

jr. member

Activity: 107

Merit: 7

Quote from: fillippone on November 04, 2021, 07:17:27 PM

Dang.
Now you scared me.
Next time I have a problem I will destroy my laptop with an hammer. I am not going to leave my HHDD unattended anymore!

Exactly. Anything glitches, you nuke the entire thing out. Would be bad though if you later discover it was just an OS bug a day later...

larry_vw_1955

sr. member

Activity: 1190

Merit: 469

Quote from: DaveF on November 04, 2021, 04:20:32 PM

Or buy a hardware cloner, clone the drives and read them later.
Put client disk in slot 1 blank disk in slot 2 & push a button. Drink beer. Then put disk back in client PC.
-Dave

those little sata 2 port "docking stations" are not so good as what you might think. if there's one constant about them it is people complaining how it f***ed up their hard drives and made them "raw". doesn't matter the brand.

fillippone

legendary

Activity: 2268

Merit: 16328

Fully fledged Merit Cycler - Golden Feather 22-23

Quote from: DaveF on November 04, 2021, 04:20:32 PM

Quote from: LoyceV on October 30, 2021, 02:03:12 AM

Quote from: Ultegra134 on October 29, 2021, 01:48:08 PM

I see that he hasn't snooped into Chrome at least, can never be too sure about the rest of the hard drive.

If I would want to read someone's files without them knowing about it, I would create an image of the entire drive. This can easily be done by booting a Linux LIVE OS, or by temporarily plugging the drive into another computer. You wouldn't see any of this on your file system.

Or buy a hardware cloner, clone the drives and read them later.
Put client disk in slot 1 blank disk in slot 2 & push a button. Drink beer. Then put disk back in client PC.
PCs / phones / tablets. We live our life on them now, and even the paranoid people can't remember everything that they may have accidentally stored on one.

-Dave

Dang.
Now you scared me.
Next time I have a problem I will destroy my laptop with an hammer. I am not going to leave my HHDD unattended anymore!

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Quote from: LoyceV on October 30, 2021, 02:03:12 AM

Quote from: Ultegra134 on October 29, 2021, 01:48:08 PM

I see that he hasn't snooped into Chrome at least, can never be too sure about the rest of the hard drive.

If I would want to read someone's files without them knowing about it, I would create an image of the entire drive. This can easily be done by booting a Linux LIVE OS, or by temporarily plugging the drive into another computer. You wouldn't see any of this on your file system.

Or buy a hardware cloner, clone the drives and read them later.
Put client disk in slot 1 blank disk in slot 2 & push a button. Drink beer. Then put disk back in client PC.
PCs / phones / tablets. We live our life on them now, and even the paranoid people can't remember everything that they may have accidentally stored on one.

-Dave

danuker

newbie

Activity: 18

Merit: 1

Quote from: Ultegra134 on October 29, 2021, 01:48:08 PM

I see that he hasn't snooped into Chrome at least

It would be trivial to mount a drive without touching the files on it (such as Chrome history). Any Linux live USB offers read-only mount support.

Quote from: Ultegra134 on October 28, 2021, 02:46:11 PM

Yeah, I'll move everything to new wallets just in case, you can never be safe enough. On top of that, if we suppose that he has snooped through my files, he could potentially try to compromise the wallets at a much later date. That way, no accusation can actually be directed to him.

Absolutely. If I were you, I would definitely pay the transaction fee to move the coins to a new wallet.

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: Ultegra134 on November 03, 2021, 03:17:21 PM

On the other hand, do you know any kind of similar software that is safe to use?

There are open source version of such software, but i wouldn't recommend it unless you bother audit/test it properly. Besides there's saying "Prevention is better than cure". If you haven't done any action, you could start from enabling 2FA on your online account and using stronger password.

Quote from: QuickAccount on November 03, 2021, 04:24:50 PM

or encrypt your computer files when you leave for a long period of time.

It's not practical if you also want to secure your cryptocurrency wallet or browser data, where the file could be scattered on different folder. You could use full disk encryption (such as BitLocker for Windows and LUKS for Linux), but usually you need to enter password/PIN every time you turn on your laptop and recovery process is harder (if the disk is corrupted).

QuickAccount

member

Activity: 189

Merit: 52

In a world of coins, use them.

Quote from: Ultegra134 on November 03, 2021, 03:17:21 PM

Quote from: QuickAccount on November 03, 2021, 03:09:32 PM

Quote from: Ultegra134 on November 03, 2021, 02:25:22 PM

Quote from: QuickAccount on November 03, 2021, 01:22:10 PM

Quote from: Ultegra134 on October 30, 2021, 05:47:47 AM

~snip

From what it claims, it doesn't send any data, and it's stored locally, however, I don't see a reason to keep it anymore, nevertheless, it does look like a safety concern.

What is the name of the extension? I would like to dump the source code of of it to see if it sends data anywhere.

The name of the extension is Fea Keylogger, it mentions that it stores all data locally, or at least I hope it does. It'd be interesting to check if it's actually true or not, make sure to report back when you're done testing.

Link: https://chrome.google.com/webstore/detail/fea-keylogger/fgkghpghjcbfcflhoklkcincndlpobja?hl=en

I installed the extension on a Virtual Machine, found a few issues right off the bat.

The extension communicates with the internet, something that "Only saves data locally" shouldn't connect to the internet. They're is also another issue with the extension, it logs specifically logins, not just web pages visited and such. After further analysis, the data that it saves isn't even hashed, meaning that all of your logins are compromised if someone gets the data from your local storage of the extension.

My advice would be to uninstall the extension, reinstall chrome, then change all of your passwords.

Interesting, I remember looking it up to find anything suspicious but couldn't, anyway, good detective work. It logs any kind of text input, it often saved my posts here. Anyway, I've now uninstalled it, since I do not need it anymore and due to the suspicion of it being a security hazard.

On the other hand, do you know any kind of similar software that is safe to use?

I couldn't really recommend any monitoring software for your own machine, but I think you'll be safe enough by pressing WIN + L when you get up to lock your screen, or encrypt your computer files when you leave for a long period of time.

Ultegra134

hero member

Activity: 1750

Merit: 904

Quote from: QuickAccount on November 03, 2021, 03:09:32 PM

Quote from: Ultegra134 on November 03, 2021, 02:25:22 PM

Quote from: QuickAccount on November 03, 2021, 01:22:10 PM

Quote from: Ultegra134 on October 30, 2021, 05:47:47 AM

~snip

From what it claims, it doesn't send any data, and it's stored locally, however, I don't see a reason to keep it anymore, nevertheless, it does look like a safety concern.

What is the name of the extension? I would like to dump the source code of of it to see if it sends data anywhere.

The name of the extension is Fea Keylogger, it mentions that it stores all data locally, or at least I hope it does. It'd be interesting to check if it's actually true or not, make sure to report back when you're done testing.

Link: https://chrome.google.com/webstore/detail/fea-keylogger/fgkghpghjcbfcflhoklkcincndlpobja?hl=en

I installed the extension on a Virtual Machine, found a few issues right off the bat.

The extension communicates with the internet, something that "Only saves data locally" shouldn't connect to the internet. They're is also another issue with the extension, it logs specifically logins, not just web pages visited and such. After further analysis, the data that it saves isn't even hashed, meaning that all of your logins are compromised if someone gets the data from your local storage of the extension.

My advice would be to uninstall the extension, reinstall chrome, then change all of your passwords.

Interesting, I remember looking it up to find anything suspicious but couldn't, anyway, good detective work. It logs any kind of text input, it often saved my posts here. Anyway, I've now uninstalled it, since I do not need it anymore and due to the suspicion of it being a security hazard.

On the other hand, do you know any kind of similar software that is safe to use?

QuickAccount

member

Activity: 189

Merit: 52

In a world of coins, use them.

Quote from: Ultegra134 on November 03, 2021, 02:25:22 PM

Quote from: QuickAccount on November 03, 2021, 01:22:10 PM

Quote from: Ultegra134 on October 30, 2021, 05:47:47 AM

~snip

From what it claims, it doesn't send any data, and it's stored locally, however, I don't see a reason to keep it anymore, nevertheless, it does look like a safety concern.

What is the name of the extension? I would like to dump the source code of of it to see if it sends data anywhere.

The name of the extension is Fea Keylogger, it mentions that it stores all data locally, or at least I hope it does. It'd be interesting to check if it's actually true or not, make sure to report back when you're done testing.

Link: https://chrome.google.com/webstore/detail/fea-keylogger/fgkghpghjcbfcflhoklkcincndlpobja?hl=en

I installed the extension on a Virtual Machine, found a few issues right off the bat.

The extension communicates with the internet, something that "Only saves data locally" shouldn't connect to the internet. They're is also another issue with the extension, it logs specifically logins, not just web pages visited and such. After further analysis, the data that it saves isn't even hashed, meaning that all of your logins are compromised if someone gets the data from your local storage of the extension.

My advice would be to uninstall the extension, reinstall chrome, then change all of your passwords.

Ultegra134

hero member

Activity: 1750

Merit: 904

Quote from: QuickAccount on November 03, 2021, 01:22:10 PM

Quote from: Ultegra134 on October 30, 2021, 05:47:47 AM

~snip

From what it claims, it doesn't send any data, and it's stored locally, however, I don't see a reason to keep it anymore, nevertheless, it does look like a safety concern.

What is the name of the extension? I would like to dump the source code of of it to see if it sends data anywhere.

The name of the extension is Fea Keylogger, it mentions that it stores all data locally, or at least I hope it does. It'd be interesting to check if it's actually true or not, make sure to report back when you're done testing.

Link: https://chrome.google.com/webstore/detail/fea-keylogger/fgkghpghjcbfcflhoklkcincndlpobja?hl=en

QuickAccount

member

Activity: 189

Merit: 52

In a world of coins, use them.

Quote from: Ultegra134 on October 30, 2021, 05:47:47 AM

~snip

From what it claims, it doesn't send any data, and it's stored locally, however, I don't see a reason to keep it anymore, nevertheless, it does look like a safety concern.

What is the name of the extension? I would like to dump the source code of of it to see if it sends data anywhere.

Lotus

jr. member

Activity: 107

Merit: 7

Of course. In a sense, a hardware wallet still stores the content locally in its own stores, but you get the point.

HCP

legendary

Activity: 2086

Merit: 4361

Quote from: Lotus on October 31, 2021, 05:34:09 PM

Safest option is not to use file-based wallets anyway if you can afford it.

What would you recommend if not "file-based wallets"? Are you talking about hardware wallets? Huh

Lotus

jr. member

Activity: 107

Merit: 7

Yes, someone might have cloned your content and is still working on recovering & scanning the relevant files. Safest option is not to use file-based wallets anyway if you can afford it.

Stalker22

legendary

Activity: 1526

Merit: 1359

Quote from: Ultegra134 on October 29, 2021, 01:48:08 PM

Anyway, I'm going to move all my funds into new wallets, just in case, it doesn't cost me much in either time or money

I would strongly recommend it. Although you got your laptop back, your wallet can still be compromised. You cannot be absolutely sure that someone did not copy your wallet (or your entire hard drive) or exported your private keys. I wouldn't use that wallet for serious money again if I were you.

figliar0

member

Activity: 110

Merit: 19

Quote from: LoyceV on October 30, 2021, 05:59:31 AM

Quote from: Ultegra134 on October 30, 2021, 05:47:47 AM

its sole purpose was to catch someone snooping through my laptop, (I mean in the same household)

That's why I always lock my screen (set a shortcut if you don't have it yet) when I walk away. No matter how short, I don't get up before locking it.

I do the same - habit from past job where I had a little bit strange collegue. Just for the record: this is not very secure solution, some lock screen in linux environment can by bypassed, don't know about other OSes. It is good to prevent children from play with your workstation, but if someone has enough time, it won't help.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Ultegra134 on October 30, 2021, 05:47:47 AM

its sole purpose was to catch someone snooping through my laptop, (I mean in the same household)

That's why I always lock my screen (set a shortcut if you don't have it yet) when I walk away. No matter how short, I don't get up before locking it.

Ultegra134

hero member

Activity: 1750

Merit: 904

Quote from: ?? on ??

Quote from: Ultegra134 on October 30, 2021, 04:18:22 AM

Quote from: fillippone on October 29, 2021, 06:23:43 PM

Well, this is an interesting plot twist: has your laptop an integrated key logger? How comes that?

Also: move your coins now. You are already late.

Just some kind of extension on Chrome, records every tap of the keyboard, nothing special. It just looks like Chrome has been left untouched. The whole HDD might be left untouched but it's definitely better to stand on the safe side.

Excuse me for being a bit paranoid, but are you sure the extension doesn't steal your personal data or everything you type on Chrome? At very least, check what kind of permission the extension ask.

I've checked the permissions before, it only logs locally user inputs, they are not sent anywhere, it doesn't have access to anything else.

Quote from: LoyceV on October 30, 2021, 04:47:24 AM

Quote from: Ultegra134 on October 30, 2021, 04:18:22 AM

Just some kind of extension on Chrome, records every tap of the keyboard, nothing special.

This sounds like a security risk, is there a reason you've installed some sort of spyware in your browser?

Thinking back to it, I shouldn't have installed such a thing, its sole purpose was to catch someone snooping through my laptop, (I mean in the same household) and have solid proof they did it, since history could be deleted and be done with it.

From what it claims, it doesn't send any data, and it's stored locally, however, I don't see a reason to keep it anymore, nevertheless, it does look like a safety concern.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Ultegra134 on October 30, 2021, 04:18:22 AM

Just some kind of extension on Chrome, records every tap of the keyboard, nothing special.

This sounds like a security risk, is there a reason you've installed some sort of spyware in your browser?

Ultegra134

hero member

Activity: 1750

Merit: 904

Quote from: HCP on October 29, 2021, 05:38:00 PM

Quote from: Ultegra134 on October 29, 2021, 01:48:08 PM

Anyway, I'm going to move all my funds into new wallets, just in case, it doesn't cost me much in either time or money

*ETH Gas fees have entered the chat* Roll Eyes

Based on the fact that you mentioned Metamask... you might get hammered with some serious fees depending on how many different tokens you need to move around Undecided

It's a few hundred of BUSD and a pair of stablecoins staking on Beefy.Finance, which I was planning to withdraw and deposit to another contract anyway. Despite how much it might end up costing, at least, I'll be on the safe side and not have to worry about it anymore.

Quote from: LoyceV on October 30, 2021, 02:03:12 AM

Quote from: Ultegra134 on October 29, 2021, 01:48:08 PM

I see that he hasn't snooped into Chrome at least, can never be too sure about the rest of the hard drive.

If I would want to read someone's files without them knowing about it, I would create an image of the entire drive. This can easily be done by booting a Linux LIVE OS, or by temporarily plugging the drive into another computer. You wouldn't see any of this on your file system.

Definitely, it's not a hard thing to do, if he wanted to compromise my files, then it's up to him, since I stupidly gave a stranger full permission on my computer, what was I thinking.

Quote from: fillippone on October 29, 2021, 06:23:43 PM

Quote from: Ultegra134 on October 29, 2021, 01:48:08 PM

Just got my laptop back, which has an integrated keylogger as well

Well, this is an interesting plot twist: has your laptop an integrated key logger? How comes that?

Also: move your coins now. You are already late.

Just some kind of extension on Chrome, records every tap of the keyboard, nothing special. It just looks like Chrome has been left untouched. The whole HDD might be left untouched but it's definitely better to stand on the safe side.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Ultegra134 on October 29, 2021, 01:48:08 PM

I see that he hasn't snooped into Chrome at least, can never be too sure about the rest of the hard drive.

If I would want to read someone's files without them knowing about it, I would create an image of the entire drive. This can easily be done by booting a Linux LIVE OS, or by temporarily plugging the drive into another computer. You wouldn't see any of this on your file system.

fillippone

legendary

Activity: 2268

Merit: 16328

Fully fledged Merit Cycler - Golden Feather 22-23

Quote from: Ultegra134 on October 29, 2021, 01:48:08 PM

Just got my laptop back, which has an integrated keylogger as well

Well, this is an interesting plot twist: has your laptop an integrated key logger? How comes that?

Also: move your coins now. You are already late.

HCP

legendary

Activity: 2086

Merit: 4361

Quote from: Ultegra134 on October 29, 2021, 01:48:08 PM

Anyway, I'm going to move all my funds into new wallets, just in case, it doesn't cost me much in either time or money

*ETH Gas fees have entered the chat* Roll Eyes

Based on the fact that you mentioned Metamask... you might get hammered with some serious fees depending on how many different tokens you need to move around Undecided

Ultegra134

hero member

Activity: 1750

Merit: 904

Thank you for all the replies, made me realize how cautious we need to be when dealing with personal files, whether that has to do with wallets/money or simply passwords and any sensitive data.

Just got my laptop back, which has an integrated keylogger as well, I see that he hasn't snooped into Chrome at least, can never be too sure about the rest of the hard drive. Anyway, I'm going to move all my funds into new wallets, just in case, it doesn't cost me much in either time or money, so I don't see why not be on the safe side.

Thanks again for all the advice, I really appreciate it.

figliar0

member

Activity: 110

Merit: 19

Pesonally I never put my computers to someone else, I do repairs myself. If you cannot repair computer, just put it to technician without drive, that is totally OK.

If you want to sell or throw away computer, I definitelly recommend to wipe drive (or destroy it). Some live linux distribution is the best for that, because system is only in RAM and whole drive can be securelly wiped. If you are not friend with linux commands, I can recommend Parted Magic, which have GUI tool to do the thing, but you have to pay for it. But you can wipe drive with (almost) any distro.

I do the wipe in two steps:

write zeroes to whole drive,
apply ATA/NVME secure erase command.

It is useful to do both, because regular zeroing do not overwrite backup sectors and are not very efective on flash devices in general (because of various techniques of physical sector abstraction like wear leveling). On other hand secure erase command may not be properly implemented in firmware of the drive.

Forget about some many-many-pass total-random-pattern algorithms - those are useless and time consuming. I don't trust to zeroing only empty space from running OS, nor even wiping single file - various snapshots, shadow copies, backups, hardlinks, etc prevent to do this trustworthy (and do not forget for backup sectors and firmware sector abstraction mechanisms on flash devices).

NotATether

legendary

Activity: 1568

Merit: 6660

bitcoincleanup.com / bitmixlist.org

Quote from: PawGo on October 27, 2021, 08:23:47 AM

One of options: https://www.howtogeek.com/howto/15037/use-an-ubuntu-live-cd-to-securely-wipe-your-pcs-hard-drive/

He can just ask the technician to put the hard disk in an external enclosure first and run something like Recuva to overwrite the hard disk with random bytes first so that the data is unrecoverable (there's a particular 38-pass military-grade algo that I like as it is very secure).

Ultegra134

hero member

Activity: 1750

Merit: 904

Quote from: ABCbits on October 28, 2021, 04:41:42 AM

Quote from: Ultegra134 on October 27, 2021, 05:08:58 PM

I do, I've successfully recovered both wallets (Electrum and Metamask) and they are up and running on another computer.

Just confirming, did you only enter the seed phrase or also move the coin to newly generated wallet? If you did the former and the technician have malicious intent, he/she/they still could steal the coin.

Quote from: Ultegra134 on October 27, 2021, 05:08:58 PM

Even if data loss is presented, both wallets are fine, however, my only concern would be the technician to snoop through my files, which may sound too paranoid (or not, you never know).

Without knowing technician history or license, your concern is normal.

I only recovered my wallets through the 12 word seed phrase. I haven't moved my funds to a new wallet.

Quote from: Lucius on October 28, 2021, 05:38:53 AM

I personally don't sell my old cell phones or computers, I don't even throw them in the trash - not only to prevent anyone from getting any data, but also because one day all these old devices will be a good reminder of how technology has evolved over time. In case someone still wants to sell an old computer, I wouldn't risk deleting the files - just take out the HDD/SSD and sell it that way.

Quote from: Ultegra134 on October 27, 2021, 05:08:58 PM

I do, I've successfully recovered both wallets (Electrum and Metamask) and they are up and running on another computer. Even if data loss is presented, both wallets are fine, however, my only concern would be the technician to snoop through my files, which may sound too paranoid (or not, you never know).

I would just in case transfer everything to new wallets, no matter how much you believe or not that person who did the diagnostics on your computer. Although we all think that such people keep their reputation and will not do anything bad that would endanger it, sometimes it is hard to resist not peeking into other people's secrets if you already have the opportunity.

Yeah, I'll move everything to new wallets just in case, you can never be safe enough. On top of that, if we suppose that he has snooped through my files, he could potentially try to compromise the wallets at a much later date. That way, no accusation can actually be directed to him.

Lucius

legendary

Activity: 3234

Merit: 5637

Blackjack.fun-Free Raffle-Join&Win $50🎲

I personally don't sell my old cell phones or computers, I don't even throw them in the trash - not only to prevent anyone from getting any data, but also because one day all these old devices will be a good reminder of how technology has evolved over time. In case someone still wants to sell an old computer, I wouldn't risk deleting the files - just take out the HDD/SSD and sell it that way.

Quote from: Ultegra134 on October 27, 2021, 05:08:58 PM

I do, I've successfully recovered both wallets (Electrum and Metamask) and they are up and running on another computer. Even if data loss is presented, both wallets are fine, however, my only concern would be the technician to snoop through my files, which may sound too paranoid (or not, you never know).

I would just in case transfer everything to new wallets, no matter how much you believe or not that person who did the diagnostics on your computer. Although we all think that such people keep their reputation and will not do anything bad that would endanger it, sometimes it is hard to resist not peeking into other people's secrets if you already have the opportunity.

ABCbits

legendary

Activity: 2870

Merit: 7490

Crypto Swap Exchange

Quote from: Ultegra134 on October 27, 2021, 05:08:58 PM

I do, I've successfully recovered both wallets (Electrum and Metamask) and they are up and running on another computer.

Just confirming, did you only enter the seed phrase or also move the coin to newly generated wallet? If you did the former and the technician have malicious intent, he/she/they still could steal the coin.

Quote from: Ultegra134 on October 27, 2021, 05:08:58 PM

Even if data loss is presented, both wallets are fine, however, my only concern would be the technician to snoop through my files, which may sound too paranoid (or not, you never know).

Without knowing technician history or license, your concern is normal.

larry_vw_1955

sr. member

Activity: 1190

Merit: 469

Quote from: Ultegra134 on October 27, 2021, 08:11:31 AM

My laptop broke down this morning, taking my Bitcoin and Metamask wallet with it. Fortunately, I had both backed up so no losses there. Took it to a technician who claims that it's power unit or something is broken and it's not receiving power.

that was the first security blunder right there. once you hand it off to somebody, you can't really say "once i get it back, ..."

nc50lc

legendary

Activity: 2534

Merit: 6080

Self-proclaimed Genius

"Zero Fill" is the term you might be looking for. Some call it "Full Overwrite".
It's a complete wipe where all the data is rewritten into '0' compared to "format" that'll just delete the partition or file system but leave the other data untouched.

Depending on your Disk's manufacturer, there are official tools that can perform 'zero fill' like:
"SeaTools" from Seagate for Seagate HDD | "Western Digital SSD Dashboard" for WD SSD's.
So check for your HDD/SSD's manufacturer's website for Disk tools.

BitMaxz

legendary

Activity: 3374

Merit: 3095

Playbet.io - Crypto Casino and Sportsbook

That's the problem that I don't like sending my PC to a repair shop with my assets is pretty risky. Even you trust the technician it is still risky.
There are lots of guides and tutorials on Youtube and Google if you have a problem with your PC because mine I learned a lot on youtube and apply what I learned to repair my own Laptop/PC.

I have a few HDD and SSD with the corrupted OS but a few of my wallets are still there but I can still extract them out from corrupted HDD/SSD and never use them again I just put them near on my table but never put it back alive on my PC. It's more likely an SSD/HDD backup for future recovery if needed.
It's way more safety than sending your own personal PC/Laptop to anyone and researching and learning on Youtube/Google doesn't cost you anything other than sending it to the technician.

Ultegra134

hero member

Activity: 1750

Merit: 904

Quote from: Stalker22 on October 27, 2021, 02:49:07 PM

Quote from: Ultegra134 on October 27, 2021, 02:29:57 PM

Quote from: LoyceV on October 27, 2021, 01:12:12 PM

Quote from: Ultegra134 on October 27, 2021, 11:55:46 AM

I'll try not to be paranoid about it.

For what it's worth: I do try to be paranoid about my Bitcoin security. As they say: "Just because you're paranoid doesn't mean they aren't after you."

I can definitely see why. On top of that, I wasn't exactly sure on where I had backed up my Metamask wallet, and until I found my seed phrase, I almost collapsed to the thought of losing my funds. Since it's based on Chrome, I'll have to physically boot the HDD in order to run Chrome and export the private keys/seed phrase. All thoughts crossed to my mind, from a corrupted HDD, to a stuck BIOS etc., it haunted me.

So you have a backup seed phrase or not? If you do, I recommend restoring your wallet on a new device and moving your coins as soon as possible to a new wallet. Unless your wallet is password protected, your funds are not safe even from your technician (I'm not saying to doubt a man, I'm just saying he's not responsible for your data).

I do, I've successfully recovered both wallets (Electrum and Metamask) and they are up and running on another computer. Even if data loss is presented, both wallets are fine, however, my only concern would be the technician to snoop through my files, which may sound too paranoid (or not, you never know).

Stalker22

legendary

Activity: 1526

Merit: 1359

Quote from: Ultegra134 on October 27, 2021, 02:29:57 PM

Quote from: LoyceV on October 27, 2021, 01:12:12 PM

Quote from: Ultegra134 on October 27, 2021, 11:55:46 AM

I'll try not to be paranoid about it.

For what it's worth: I do try to be paranoid about my Bitcoin security. As they say: "Just because you're paranoid doesn't mean they aren't after you."

I can definitely see why. On top of that, I wasn't exactly sure on where I had backed up my Metamask wallet, and until I found my seed phrase, I almost collapsed to the thought of losing my funds. Since it's based on Chrome, I'll have to physically boot the HDD in order to run Chrome and export the private keys/seed phrase. All thoughts crossed to my mind, from a corrupted HDD, to a stuck BIOS etc., it haunted me.

So you have a backup seed phrase or not? If you do, I recommend restoring your wallet on a new device and moving your coins as soon as possible to a new wallet. Unless your wallet is password protected, your funds are not safe even from your technician (I'm not saying to doubt a man, I'm just saying he's not responsible for your data).

Ultegra134

hero member

Activity: 1750

Merit: 904

Quote from: LoyceV on October 27, 2021, 01:12:12 PM

Quote from: Ultegra134 on October 27, 2021, 11:55:46 AM

I'll try not to be paranoid about it.

For what it's worth: I do try to be paranoid about my Bitcoin security. As they say: "Just because you're paranoid doesn't mean they aren't after you."

I can definitely see why. On top of that, I wasn't exactly sure on where I had backed up my Metamask wallet, and until I found my seed phrase, I almost collapsed to the thought of losing my funds. Since it's based on Chrome, I'll have to physically boot the HDD in order to run Chrome and export the private keys/seed phrase. All thoughts crossed to my mind, from a corrupted HDD, to a stuck BIOS etc., it haunted me.

Quote from: dkbit98 on October 27, 2021, 01:41:57 PM

Quote from: Ultegra134 on October 27, 2021, 08:11:31 AM

Is there an actual way to permanently delete such files from the HDD, forever?

You could just sell him your laptop without HDD, just open it and remove the drive yourself, that would be the safest way and nobody would be able get your keys.

Other option is to fully format your hard drive, but since your laptop is still at technician I would move all your coins to new addresses that you fully control, without any connection with keys on that laptop.

I'll get it back on Friday, if everything goes according to plan, if it's working fine, I might sell it without the HDD, it will also save me the time to back up my files and overwrite it.

dkbit98

legendary

Activity: 2212

Merit: 7064

Quote from: Ultegra134 on October 27, 2021, 08:11:31 AM

Is there an actual way to permanently delete such files from the HDD, forever?

You could just sell him your laptop without HDD, just open it and remove the drive yourself, that would be the safest way and nobody would be able get your keys.

Other option is to fully format your hard drive, but since your laptop is still at technician I would move all your coins to new addresses that you fully control, without any connection with keys on that laptop.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Ultegra134 on October 27, 2021, 11:55:46 AM

I'll try not to be paranoid about it.

For what it's worth: I do try to be paranoid about my Bitcoin security. As they say: "Just because you're paranoid doesn't mean they aren't after you."

Ultegra134

hero member

Activity: 1750

Merit: 904

Firstly, I'd like to thank you for your replies, they mean a lot to me.

Quote from: LoyceV on October 27, 2021, 09:51:10 AM

Quote from: Ultegra134 on October 27, 2021, 08:11:31 AM

Took it to a technician who claims that it's power unit or something is broken and it's not receiving power.

Depending on the laptop this could be a cheap part to replace.

It's relatively cheap to replace, about €60 for both the replacement part and the labor. It's a refurbished laptop, not of too much value, but gets the job done.

Quote from: LoyceV on October 27, 2021, 09:51:10 AM

While I wouldn't really bother about the rest of my files, I'd rather not have someone recovering my wallets this way.
How about passwords? Creating a new wallet and moving all your coins is quite easy, but your browser might have access to many accounts too.

That's right, that's something I forgot about, but the most important thing there is my wallets, therefore, I completely forgot about anything else but them.

Quote from: LoyceV on October 27, 2021, 09:51:10 AM

Is there an actual way to permanently delete such files from the HDD, forever?
There's a software shred and there's the hardware shredder.
I would prefer not to trust anyone with my data, so I would have removed the drive before sending the laptop to a repair guy.

Stupid of me for not thinking it earlier, tomorrow is not a working day here and pretty much rushed to get it somewhere to get it fixed, since I used it for most of my daily and work stuff. He's a quite known and reputable guy, so I believe nothing will be done in the first place, I'll try not to be paranoid about it. Definitely took my lesson in case something like this ever happens again.

If I'm to sell it, I'll either replace the HDD with an old one I have here or use one of the recommended software to overwrite the files.

LoyceV

legendary

Activity: 3290

Merit: 16489

Thick-Skinned Gang Leader and Golden Feather 2021

Quote from: Ultegra134 on October 27, 2021, 08:11:31 AM

Took it to a technician who claims that it's power unit or something is broken and it's not receiving power.

Depending on the laptop this could be a cheap part to replace.

Quote

While I wouldn't really bother about the rest of my files, I'd rather not have someone recovering my wallets this way.

How about passwords? Creating a new wallet and moving all your coins is quite easy, but your browser might have access to many accounts too.

Quote

Is there an actual way to permanently delete such files from the HDD, forever?

There's a software shred and there's the hardware shredder.
I would prefer not to trust anyone with my data, so I would have removed the drive before sending the laptop to a repair guy.

DaveF

legendary

Activity: 3500

Merit: 6320

Crypto Swap Exchange

Yes you can easily recover most deleted files unless the drive has been properly wiped.
If he had access the the laptop out of your site he has access already to your wallet files.

Depending on the make / model of the laptop pulling the hard drive and putting it in a device that can read it takes less then 15 minutes.

If that is the case MOVE YOUR COINS NOW.
Create a new wallet securely on a different machine and move them.

This is why so many of us recommend hardware wallets. Take my laptop, get my wallet files, whatever I don't care. Without getting my hardware wallet it's worthless to someone.

-Dave

NeuroticFish

legendary

Activity: 3668

Merit: 6382

Looking for campaign manager? Contact icopress!

Quote from: Ultegra134 on October 27, 2021, 08:11:31 AM

Is there an actual way to permanently delete such files from the HDD, forever?

If the HDD is working, there are various software around that can overwrite existing files with garbage before removing them (wipe) and there are programs that can do similar stuff with the current free space on your HDD.
If you're under Windows I recommend SysInternals SDelete for the job, since SysInternals were bought by Microsoft many years ago, hence it should be safe.

Quote from: Ultegra134 on October 27, 2021, 08:11:31 AM

I'd rather not have someone recovering my wallets this way.

If you want to super-sure and super-safe, why don't you just create brand new wallets and move your coins there?

PawGo

legendary

Activity: 952

Merit: 1385

Yes, it is doable. You will need a program which in fact not "delete" files, but overwrites the whole disk with a new content - and do it several times.
Normal "delete" only removes information about file, but file stays on it's place. It is more like removing plate with your name from the front door - it does not mean you will disappear inside your flat Wink

One of options: https://www.howtogeek.com/howto/15037/use-an-ubuntu-live-cd-to-securely-wipe-your-pcs-hard-drive/

BTW: Why not sell laptop without HDD?

Ultegra134

hero member

Activity: 1750

Merit: 904

Not sure on where to post this, I apologize in advance if this isn't the correct section.

My laptop broke down this morning, taking my Bitcoin and Metamask wallet with it. Fortunately, I had both backed up so no losses there. Took it to a technician who claims that it's power unit or something is broken and it's not receiving power.

Anyway, back to the subject now, he's interested in purchasing it in case I do not want repair it, which is something I'm considering. However, my wallets are inside that laptop, someone who specializes in computers could potentially recover deleted files from the HDD.

I'm not sure if he wants to resell the laptop or he wants it for himself, my main concern though is that there's a way to recover deleted data. While I wouldn't really bother about the rest of my files, I'd rather not have someone recovering my wallets this way.

Is there an actual way to permanently delete such files from the HDD, forever?

Topic: Recovering deleted wallet/files from HDD (Read 715 times)