Windows 10 Reset Options for Data Wipe

We would like more information on the data wipe performed during the Windows 10 reset process, specifically the level of data wipe performed during the "Remove Everything" and "Restore Factory Settings" options. We need specific information to verify that the process is sufficient for compliance with SOX auditing.
ICCNetworkAdminAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Cliff GaliherCommented:
Last I heard, Microsoft has made no claim nor put effort into making their built in reset complaint with any sort of government standard.  You'll want to use a reputable shredding service or appropriate hardware to accomplish that task.  If you are doing large numbers of devices, there are dedicated hardware devices (inexpensive even) that can identify, wipe, and create a label for a compatible printer to verify the full wipe.
1
JohnBusiness Consultant (Owner)Commented:
I agree. Windows 10 Reset does not fully delete everything so you should not depend upon it. As Cliff notes, use a file shredding program.
0
McKnifeCommented:
Or simply run a script after the reset:
Cipher /w:c:
If what cipher does is enough for you (read the documentation).
0
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

ICCNetworkAdminAuthor Commented:
The desire is to be able to donate or resell these assets with the OS intact after a wipe, but prevent any access to proprietary or sensitive data. Microsoft claims that choosing the "Remove Everything" option for a Windows 10 reset makes it more difficult to retrieve any data from the HDD, but doesn't provide specificity as to the method used or its depth. Is there a recommended application or process for leaving the recovery partition intact in this scenario?
0
ICCNetworkAdminAuthor Commented:
Thanks for the suggestion McKnife, I will investigate Cipher further.
0
Cliff GaliherCommented:
If you care about your data, don't worry about leaving the OS intact. Just wipe and then donate.  All it takes is one virus-infected machine where the virus was left on the recovery partition to leave you in a huge liability situation otherwise. While aside from SOX, it is still a legitimate corporate risk.

If you are in the business of reselling second-hand computers then Microsoft has partner program to legally get licenses for reselling second-hand PCs. Do that so what you resell is clean and legal.

And if you aren't in your business, forego the reselling aspect. That's not your business model.  Donate to an outfit that does the above and is a Microsoft partner. Then they'll handle getting the devices licensed and won't need the recovery partition.

Either way, I wouldn't try to do both of your goals. It costs more than its worth.
0
ICCNetworkAdminAuthor Commented:
It appears that the "Remove Everything" option for resetting Windows 10 may be performing Cipher /W: during the process if you select to fully clean the drive. I have a ticket open with MS support, but tier 1 could not verify this. Can anyone verify this is the case?
1
Sandeep KumarAssociate ConsultantCommented:
Data wipe during the reset process of Windows 10 is not enough for what purpose you are looking forward.

As Cliff and John already cleared for you, that only shredding tool can do so.

For the same you can rely on Kernel File Shredder software. It has advanced shredding algorithms for different pass shredding. Visit https://www.nucleustechnologies.com/kernel-file-shredder.html to know more about the software and download the demo version.
0
McKnifeCommented:
"...if you select to fully clean the drive" - where is that option? I don't see it, nor is it documented. No, it will not use cipher on its own.
0
ICCNetworkAdminAuthor Commented:
That was taken directly from Microsoft's description, see the last bullet item below:

Remove everything      
  • Reinstalls Windows 10 and removes all your personal files.
  • Removes apps and drivers you installed.
  • Removes changes you made to settings.
  • Removes any apps your PC manufacturer installed. (If your PC came with Windows 10, apps from your PC manufacturer will be reinstalled.)
  • If you're planning to donate, recycle, or sell your PC, use this option and choose to fully clean the drive. This might take an hour or two, but it makes it harder for other people to recover files you've removed.

This was found at: https://support.microsoft.com/en-us/help/12415/windows-10-recovery-options
0
Cliff GaliherCommented:
All of which is true. It makes it *harder* but that isn't the same as impossible.  For the average home user or even many small businesses, it is "good enough."  But you explicitly asked about Sox compliance. And while Sarbanes-Oxley doesn't specifically call out data wipe standards, you can he held liable if you didn't treat financial files as sensitive data and do a deeper scrub.  There *are* a few data-wipe standards out there. And if windows met them, Microsoft would have listed that almost guaranteed.  They are big about listing complaint standards in their products wherever they can.

So  if you got sued  and you went to court and you had to testify what data-wipe standard you met, could you?

Or would you rather boy a program/device that meets standards such as DoD 5220 or NIST SP-800, so if called upon, you can testify to that?

I stand by my previous answer. When it comes to government Co plane, don't mess around. "I read it on the internet" doesn't hold up in court or in front of a grand jury. If you are subject to SOX, do what you have to in order to exceed any standards you might be called to defend.
0
ICCNetworkAdminAuthor Commented:
The last post was meant more as a reference to McKnife. As far as government wiping would be concerned;  a government (DoD) wipe is likely outside of our need and not necessarily in scope with my question. As well, our risk is very nearly negligible.

Those are decisions above my paygrade however, I am seeking answers about the depth of the process performed during a reset when choosing "Remove Everything", so I may provide that information to our CIO to make a decision regarding our specific need here. I think in this instance the CIO would be deciding if the process would meet due diligence standards in an attempt to remain compliant, but we need the specifics regarding the process in order to make this call. As you have mentioned, SOX only stipulates an effort be made and does not specify details as granular as which process was observed during such an effort. Risk reward is determined by the individual entity's needs in this scenario.

That being said; can anyone lend any specific information regarding the data wipe process used during the Windows 10 reset process when "Remove Everything" has been selected with a fully clean option?

Thanks!
0
Cliff GaliherCommented:
But therein lies my point. Windows is closed-source. So unless Microsoft publishes information (and they haven't) then nobody can answer your question with certainty. And since they don't claim to adhere to any standard, they can change that at any time.  *THAT* is what you should tell your CIO.  Again, "I heard it on the internet" is not a suitable answer in most cases.  Whether in a lawsuit or to a superior.

As for the rest, while the DoD standard *sounds* like overkill, it isn't. It was developed for government use, but has since become a de-facto standard.  Whether you buy a $50 program that adheres to the standard or (my recommendation) a device from Amazon for $200 that adheres to the standard, then you *know* your drive is wiped properly and those are minimal investments.  Unless you are seriously underpaid, you probably have spent more in wages researching and reading/writing on this topic on EE by now.  

With that said, even if you don't want to invest in that kind of thing, that's where shredding services come in.

SOX may not specify any standards, but if someone decides to sue (and disgruntled employees are great for this), and any minimal discovery shows you chose to rely on windows to wipe the drive instead of using a shredding service or doing a verified wipe, you're cooked. And any legal discovery will discover this thread.  Digital forensics is common-place now.  There's a point where you have to do a reasonable risk/reward matrix.

What is the risk of using windows to wipe?
What is the risk and cost of using a better system?
What is the reward of using windows?
What is the reward of using a better system?

If you can honestly say that your company is better using windows, then I really have to wonder why you came here asking for assistance. It seems as though you made up your mind before coming here.
0
McKnifeCommented:
"...specific information regarding the data wipe process used during the Windows 10 reset process when "Remove Everything" has been selected with a fully clean option?" - you could at least try and start task manager from that setup stage while it is doing the "full clean". Press shift F10 and a command prompt will open. There, type taskmgr and task manager will open. Now see if a process cipher.exe is active.
0
ICCNetworkAdminAuthor Commented:
Cliff,

Thanks for your input! First, I did not come here to ask for assistance with anything. Second, Your opinions are valid, but out of scope as I mentioned before. My hope of posting here was to expedite an answer in case anyone here had experience with this already. If they have, they may be able to provide a more definitive answer/explanation while I am still awaiting a response from Microsoft directly.

I came seeking information only (which you clearly do not have) and I am not certain why you interjected again. I did not ask for any suggestions on methods to be used here, or for thoughts on Pros/Cons. Also, as an IT professional of 25+ years, I do not RELY on anything learned from the internet with out further independent verification.

McKnife,

Thanks for the constructive suggestion, I will check on this during the next reset procedure performed.

If anyone else has any specific information regarding my initial inquiry for details regarding the process in question, I would welcome that information.
0
McKnifeCommented:
No need to try, I just did and saw that this option can only be reached from within a running windows. The recovery and overwrite process cannot be witnessed by taskmgr. I also found this:
https://blogs.msdn.microsoft.com/olivnie/2013/04/05/windows-8-recovery-and-troubleshooting/ saying
Fully clean the drive
The behavior of this option will vary depending on if the drive is encrypted with BitLocker.
If the volume is not encrypted, then this option performs a full format of the disk and writes zeroes to every sector. This will take quite a long time. This is similar to running the command below:
format.exe c:\ /P:0
If the volume is encrypted with BitLocker, only a quick format is performed, as that wipes all of the information necessary to decrypt the disk. With no way to decrypt the disk, the data is effectively lost.
1

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
ICCNetworkAdminAuthor Commented:
McKnife,

Thanks for the information and doing the extra footwork here. I have not yet received an answer from Microsoft Support, but I will validate this with their response should I ever receive one. You have been very helpful, I appreciate all of your input!
0
Manish BhicktaData Erasure ConsultantCommented:
Even I agree with the voices of Cliff Galiher & John Hurst, you can't be 100% sure of complete data destruction/erasure using Windows 10 reset option.

Choosing optimum data destruction method may vary from individual to individual. Also, It largely depends on the confidentially of your information.

As mentioned by the questioner, the process should compliance with SOX audit. Why can't you try DIY data erasure software? Most of the modern tool is fulfilling your criteria. Also its a nice alternative to shredding service. Few of the software mentioned by various experts are Jetico, BitRaser, and WhiteCanyon.
0
ICCNetworkAdminAuthor Commented:
Thanks all for your contributions!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 10

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.