Security - best way to make laptop data unrecoverable?

Posted on 2003-11-29
Last Modified: 2010-04-03
I'd like to put some security on my laptop.  Specifically I want to detect an attempted login.  After N failed attempts (or even a boot into bios), I want to wipe/overwrite a few sections of the drive where the critical data is stored.  Finally, I'd like to rig some sort of physical failure as well (Ie - flash fire or similar)

In other words, if this laptop gets out of proper hands, I not only want to remove the data but I also want to doubly make sure it is unrecoverable by nuking the drive itself.

Is there anything out there like this?  I've googled and not found anything like this.

Question by:maxout6
  • 2
  • 2
  • 2
  • +1
LVL 18

Accepted Solution

chicagoan earned 40 total points
ID: 9842871
You'd have to get some operating system running to nuke the data, and what's to stop someone from removing the drive? Really nuking the data would take multiple passes and give a determined person time to rip the drive from it's moorings unless you're going to pack the laptop with thermite and a tamper switch... a homemade setup like that could be a problem it it goes off and you're in a window seat next to a pair of sumo wrestlers.

IBM and others have incorporated  security into the hardware

You can also use PGP (or windoze) or other software to create an encrypted volume.

for how well PGP works...

In theory you could boot up to some shell operating system that would give the theif a false sense of accomplishment and be scrubbing the disk in the background, but that's not foresic computers investigators work if they know their stuff.


Expert Comment

ID: 9843158
As seen in Mission Impossible:

This message will self desruct in 10, 9, ....1 boom.

Expert Comment

ID: 9843791

By running Windows 2000 you can set any folder(s) or even entire drives as being encrypted. I don't know how strong this encryption is or how hard it is to get the key to decrypt it, but i know its there...

You can also configure it to "lock out" user accounts after X invalid password attempts, but even the passwords in windows are subject to being discovered fairly easily

There is also a way to add a password to the BIOS at a very low level before it even looks to see if you have an OS installed, however a determined person can remove that password easily, in some cases just by removing the battery from your laptop...

In short, you need to determine exactly how secure you need this data to be--- if you just need to keep honest people honest then any of these will work... for more then that use a combination of these... if you need more then that then i begin to question exactly what it is you need secured here...

Hope this helps,
NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud


Author Comment

ID: 9844585
Ok - so what I've gathered is:
- Encrypt it using PGP or whatever
- Use windows standard encryption as well
- Tie in some sort of OS bad login switch to run an eraser program on the specified directories (Apparently 10x overwrite on 1GB takes about 20 seconds, or so they say)
- Thermite for physical descruction.  Yowsa.
- Tin foil hat, a must for the truely paranoid
- EMF shielding so PGP keys can't be sniffed by Tempest tech

Any other good ideas?

Assisted Solution

IrishFBall32 earned 35 total points
ID: 9845400
i suppose depending on the size of the files needing protecting you could store them on a USB keyfob style drive that you keep on your regular keychain, that way if someone does get ahold of your laptop they are much less likely to have your files as well...

mentioning that i am now reminded that there are USB "system keys" that must be inserted into a USB port on power up in order for the OS to even load... that might be a solution as well
LVL 18

Expert Comment

ID: 9845417
>Apparently 10x overwrite on 1GB takes about 20 seconds, or so they say
golly - where can I get one of those?
If you figure a sustained throughput of 10MBs... well.. u do the math
BTW: make sure you use foil labled for OVEN use... as each aluminum atom is only about 1.48 angstroms, standard grade foil may not stand up to close range particle beams.
see for detailed plans


Author Comment

ID: 9850623
Thanks for the good tips.  This was a fun diversion and I'll probably implement many of these - without the exploding laptop!  I like the idea of a USB drive for the most sensitive data.  Now I need to do some research and find out where/what Windows keeps its temp files.  I seem to recall Word keeping a couple of copies in odd directories that'll need to be nuked to remain secure.  

Oh - thanks for the link on the tin foil hats.  I was wondering about proper construction techniques!


Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I previously wrote an article addressing the use of UBCD4WIN and SARDU. All are great, but I have always been an advocate of SARDU. Recently it was suggested that I go back and take a look at Easy2Boot in comparison.
In this article we will learn how to backup a VMware farm using Nakivo Backup & Replication. In this tutorial we will install the software on a Windows 2012 R2 Server.
This video teaches viewers how to encrypt an external drive that requires a password to read and edit the drive. All tasks are done in Disk Utility. Plug in the external drive you wish to encrypt: Make sure all previous data on the drive has been …
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…

820 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question