Ask Slashdot: How To Clean Up My Work Computer Before I Leave?

An anonymous reader writes "I'm leaving my current job for a new one. I've been at this job for 10+ years so I'm sure there is tons of personal stuff stored on my machine. Since I can't take it with me does any one have a suggestions of tools or practices to clean off all of that data. I've already got my personal documents and files. I'm most worried about CC, debit card numbers and web site passwords I've used in browsers. Does clearing the cache, cookies, temp files do a good enough job? BTW it's a Windows 7 system if that makes a difference."

Nuke it from orbit

[GameboyRMH]

It's the only way to be sure.

Re:Nuke it from orbit

[admdrew]

Agreed. http://www.dban.org/ [dban.org] (although you should probably verify with your IT that they simply reimage old machines).

Re:Nuke it from orbit

[lorenlal]

If the IT department doesn't reimage old machines, then original poster should be even more inclined to DBAN that thing.

Re:Nuke it from orbit

[Joce640k]

Who says there's an "IT department"? It might be three guys in a basement.

(As per usual, Ask Slashdot has posted an incomplete question...)

Re:

[jhoegl]

Regardless, he cannot do anything like this to the computer. He is liable if something goes missing and they suspect he deleted it.
If he was that concerned about this information, he should have used his own computer.

Re:Nuke it from orbit

[shaitand]

He isn't liable financially for anything he does within the scope of his employment. If you screw up work in a way that costs the company a million dollars they are more than justified in canning you but you don't owe them the million.

I would definitely at least do a couple passes with random data on the drive.

Re:

[shaitand]

How does it look like he damaged systems if nothing is damaged? He prep'd the system for re-issue. This is recommended security practice 101 and it is trivial to prove it. People do it daily and I've yet to hear of anyone being sued for it.

Why would someone sue you for something that can be fixed with 20 minutes of imaging they have to do anyway?

Re:

[platypussrex]

Sounds to me what he's really worried about is them finding all the porn he's downloaded to the computer over the years.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:Nuke it from orbit

[lgw]

Seriously. There's even a song about it:
"FDISK, format, re-install, do-dah, do-dah
FDISK, format. re-install, all the do-dah day"

Re:

[lgw]

With Windows 7 and SBS everything on the desktop gets backed up on the desktop automatically.

Did you mean "backed up off the desktop"? Otherwise formatting would certainly solve that problem. In any case, formatting your drive will remove any personal info from the hands of the next owner of the machine, and casual glimpses by IT staff - it rmeoves temptation form the honest. Worrying about some BOFH who's going to restore backups just to get your personal info? That BOFH has far easier ways of messing with you anyhow.

Re:

[shaitand]

Formatting doesn't get rid of the data. Before seeing your post I thought it was stupid question too. Now I see that some people actually think a format and reinstall is sufficient to clean a system.

Re:Nuke it from orbit

[logical_failure]

DBAN is the only thing I would recommend. Simply re-imaging the machine is not enough.

Re:Nuke it from orbit

[durrr]

Leave a DBAN disk labled "Private moments with my wife" in the optic drive as you walk out the door for the last time.

Call in two months later and ask how long your replacement lasted.

Re:

[JoeMerchant]

Thermite?

http://youtu.be/4PKB5nnHGAk [youtu.be]

Re:

[Joce640k]

Disk imaging only needs to overwrite as man sectors as are needed for the new files.

If the disk had been imaged when you started using it, those sectors aren't going to be the ones with your personal stuff in them.

Re:Nuke it from orbit

[Culture20]

Why not? Reimaging the disk should write to every bit on the disk, right?

no, it doesn't.

That is, unless "reimaging" has been changed to mean "create a new partition over the old one and recursively copy the appropriate directory structure and files to it". But that would be a misnomer. If it's not bit for bit identical, it's not a disk image.

"Reimage" hasn't meant "dd" is a long time. Most programs like ghost or partimage create a new partition over the old one and recursively copy the appropriate directory structure and files to it. There's a reason why wiping a 3TB disk with one pass takes two days but deploying an image to it can take as little as five minutes.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Nuke it from orbit

[djl4570]

INAL but a complete wipe could be construed as destruction of employer owned data. I suggest a less invasive approach using Eraser from http://sourceforge.net/projects/eraser/ [sourceforge.net] Uninstall the non standard software, use Eraser to wipe the personal and non business related files. Shrink the paging file to minimum size and run an erase of free space. A single pass should be adequate*. Then go to http://hubblesite.org/gallery/album/entire/pr2003011a/warn/ [hubblesite.org] and download the 16,000x16000 pixel image of the Helix nebula. Open multiple copies of this image until the system forces an expansion of the paging file. While this isn't a military grade approach it will leave the system intact. An intact system with business docs isn't suspicious. A freshly wiped system might draw attention.

* Guttman only proposed his thirty-five pass hypothesis; so far as I can tell the hypothesis has never been tested on a real hard drive. The original hypothesis was based on disk drive technology in the mid nineties about the time magneto resistive technology entered the supply chain which suggests Guttman's research was on older disk drive technology. Does anyone know if forensics has ever recovered data from an overwritten hard drive?

Re:Nuke it from orbit

[icebike]

Forensics has never recovered more than a few random bytes, not so much as a single sentence in real world tests of single pass over-writes.
Even using electron microscopes and the whole nine yards. The more you research this issue the more you realize all (yes ALL) the stories are based on contrived situations where they researchers knew EXACTLY what was written previously, EXACTLY where, and EXACTLY what it was over written with.

Even three letter agencies don't even bother trying on disks they know have been overwritten. Nobody has demonstrated it in the real world on ANY hard drive, let alone a recent one.

Re:Nuke it from orbit

[Minwee]

Nice try. Which three letter agency do you work for?

AOL.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[AYeomans]

ccleaner for Windows http://www.piriform.com/CCLEANER [piriform.com] has an option for overwriting free space. So you could delete all your files, profile, user registry, temp files. Empty waste bin, then use the ccleaner wipe free space option. And hope you remembered everything that needed deleting.

Change all your porn membership passwords

[Anonymous Coward]

Who gives a flying fuck about anything else ...

Re:

[camperdave]

Nuke it from orbit. It's the only way to be sure.

You may not need to go that far. Just re-image the machine. However, that won't take care of backups. Hmm... how far offsite are the backups kept? The parent poster may be on the right track after all.

Re:Nuke it from orbit

[dAzED1]

damaging the computer in any way (yes, I know the "nuke it" comment was a joke...but the other comments in the thread aren't) is a great way to lose a final paycheck, or otherwise have your former employer be very unhappy with you. You have work on your computer that shows your thought processes while you were doing certain tasks...notes, etc. If something goes wrong 4 months from now, they may want to check those notes.

Why would your credit card info be on the box, again? I know I already asked, but...huh? What year is this...did I go back in time?

Re:

[tripleevenfall]

He writes his credit card information in notepad documents, just like his passwords, so they're in a safe place.

Re:Nuke it from orbit

[Yaztromo]

Why would your credit card info be on the box, again? I know I already asked, but...huh?

I don't know about the askers workplace, but at my workplace if we need to book work-related travel we use a corporate website to book, but have to provide a credit card to charge the flights, hotels, and car rentals. We then get to expense it, along with whatever meals and incidentals were required for the trip.

Some people in the organization have a corporate credit card, but most of us don't. The benefit of using a personal card for this sort of booking is that if you have a card that gives you any sort of points per dollar purchase, you get them. The company has always been responsive to quickly repaying the expense.

So one day I'll probably be in a similar position as the asker, with the exception that I run an OS that has a secure free space wipe feature built-in to get rid of any traces of anything I delete.

Yaz

Re:Nuke it from orbit

[jellomizer]

For systems with limited access. Where Whipping the PC isn't an option. I would suggest the following.
Delete Cache, and Cookies, Clear up your Document Folders.

Then I would run a program that fills the disk with a large file ( or several large files, of random data)
then Delete that file.
Then Defragment the drive.

Re:Nuke it from orbit

[SkimTony]

Given that it's Windows 7, I'd recommend sdelete (http://technet.microsoft.com/en-us/sysinternals/bb897443.aspx) for the free-space wipe.

Re:Nuke it from orbit

[tripleevenfall]

When a problem comes along, you must whip it.

Re:Nuke it from orbit

[Thundaaa Struk]

Bit Locker the SOB and then take a crap on it...ain't no one touching it after that.

Re:

[mcgrew]

A ten year old computer running Win 7? And why does he have CC#s and other personal info in his WORK computer?

I'll bet the poor guy got fired for disobeying IT policy. Or more likely, the submission was a troll. How many businesses upgrade an OS without upgrading the hardware? And what business computer from ten years ago will run Win 7? Maybe a gaming rig, but not a work computer. Hell, my work computer is 10 years old and it will barely run XP!

I say his problem is his own damned fault. Entering your CC#s

Re:

[Culture20]

How many businesses upgrade an OS without upgrading the hardware?

Every one I've ever worked for from hole in the wall, university, and fortune 500. The only place I've seen where they want to get rid of out of warranty computers is in the medical field where uptime was critical (but even then, they re-used the desktops until they died or became too obsolete).

And what business computer from ten years ago will run Win 7?

A computer from the drafting/design department could have been reallocated to less intensive work as a general mail/browser system.

Re:Nuke it from orbit

[ottothecow]

I'm always confused by posts like this (which pop up every time there is a topic about use of work hardware).

People use their work computer to do personal things all of the time in ways that are allowed by policy. Your company may not allow personal/incidental use but are you so thick-headed that you can't realize that most companies do?

Same with the old data. Is it not conceivable that IT might move the user's home directory and similar things to a new machine? I thought this was pretty much standard practice. I certainly have files on my current desktop dating back to when I was in middle school...maybe its a carpenter's hammer type of thing ("its my favorite computer, I've had it for 15 years, and only replaced the OS 6 times and the hardware 4 times") but its certainly not unreasonable to have a large accumulation of stuff on a "new" machine after 10 years. What kind of slashdot poster wouldn't realize that this kind of stuff is easy to transfer to a new system?

Then again, you say your work computer is 10 years old so maybe your company really doesn't have a clue what its doing and yet you continue to work there.

Re:

[fluffythedestroyer]

Even if you grenade that PC to hell and make him sufer, , me...an admin, can have access to his files on his computer. All I need is the network admin access or his own access and I have everything he had since it's stored on the network. All I have to do is access his account and I'll will start to sync all the info and data that is syncable...even cookies if I did that. So dban is useless in a network environment. He just has to delete the files, cookies and other data on his computer so the data on the n

Re:

[Anonymous Coward]

Reformatting DOES NOT get rid of files. Programs like TestDisk can easily recover the data. I know from personal experience, reformatted my NTFS XP hard drive to FAT32. Used TestDisk to completely recover the drive, like nothing every happened. Well, I had to use SuperGrub to fix the MBR, but a minor hitch.

Re:

[jellomizer]

True... However if the new employee is reconstructing the old File System... Chances are they are not doing their job very well at all.

Re:Nuke it from orbit

[JohnFen]

This is true, but for his purposes, reformatting is very likely just fine. No employer is going to go to the hassle and expense of data recovery unless they're actively investigating wrongdoing or the employee deleted critical data. And if the employer suspects wrongdoing, then the employee is probably already busted by the keylogging & monitoring software they would have installed.

Re:Nuke it from orbit

[VolciMaster]

For a Mac or Linux machine, I run a dd from /dev/urandom into a file until it crashes (that way apps are still "ok" .. but a reimage is an option, too).

For Windows, I either reimage myself, or erase/uninstall everything and then run a simple script to dump 1s into a file till it crashes.

If you're really worried people are going to be poking around your laptop, don't use it for personal work. It IS a work machine, after all.

If you "need" to use the work machine for personal work, do it in a VM. You can move the VM off later, and then just overwrite that part of the disk on the host.

Re:

[SuricouRaven]

In all but the smallest company, they'll have a 'standard build' configuration, so reinstalling the OS would be pointless: If it isn't done to their procedure, they'll have to redo it anyway. But DBAN would destroy the data, and then they can use their automated reinstall procedure. It's usually a very simple thing to do, because Windows needs reinstalling so often.

Re:Nuke it from orbit

[RatherBeAnonymous]

Windows Pro versions contain cipher.exe, and that can wipe free space as well

cipher /W:[drive letter]:\

dd

[Anonymous Coward]

Boot a Linux live-cd and type dd if=/dev/zero of=/dev/sda

Re:

[caffiend666]

Yes, do this. Logged in to make sure someone included this. DSL on a thumb drive works well for wiping. If you're trying to be nice, do a mkfs.ntfs on the drive afterwards. Also, try to avoid wiping the boot sector. They should be installing a fresh image afterwards, so wiping the drive shouldn't matter. There is also a good chance this system will end up auctioned or recycled, so you're also protecting the company by wiping the drive.

Re:dd

[jabuzz]

Better yet a few days or a week or so before you leave do

dd if=/dev/zero of=/dev/sda skip=512

That way you leave the partition table and first stage of the boot loader so it will look like the install is busted. You can then ring up IT and say your computer no longer boots and can they fix it. They will then happily reimage the machine :-)

Re:

[Tukz]

Yes, and completely wipe it.
Isn't that what is being asked?

Re:dd

[Anonymous Coward]

dd if=/dev/zero | tee | /dev/sda will write them to your screen as well

dd if=/dev/urandom bs 1024k | tee | dd of=/dev/sda bs=1024k is better for security and ASCII bells, as well as ruining your termcap temporarily and erasing faster.

pv -ptres "Size of disk in gigabytes followed by a G" /dev/urandom | dd of=/dev/sda bs=1024k will provide a nifty progress bar

Re:

[JWSmythe]

Why the tee?

dd if=/dev/urandom of=/dev/sda bs=1024k

Or use my favorite method. Don't do anything at work that you wouldn't want your bosses seeing. Assume you could be called away from your desktop without having a chance to lock it, and someone else will sit down to do a forensic investigation.

I've had to access all kinds of workstations for various reasons. It's less embarrassing for the user if there's nothing embarrassing to find. M

Re:

[tom17]

Errr, he was being serious, and the result he mentioned was the intent. I don't suppose you RTFT did you?

Re:

[tom17]

I mean the result YOU mentioned.

OK more seriously

[GameboyRMH]

Clear your browser including flash cookies and cache, clear temp folders, uninstall and wipe the folders of any chat apps you may have been using, and that's good enough unless you think they're going to use a file recovery app on your hard disk.

Re:OK more seriously

[funwithBSD]

His first mistake was using a company machine for private transactions.

Use your smart phone/iPad/whatever to that sort of stuff. Browse all you like at Newegg, but don't buy it at work!

Re:

[Anonymous Coward]

CCleaner [piriform.com] does pretty good. It also has secure delete for the tinfoil hat people. Chances are you'll forget about storing something important.

DBAN!

[brandor]

http://www.dban.org/ [dban.org] Works wonders :)

Re:

[halfEvilTech]

I second this - the UBCD4Win project also has it built in.

But running dban is a surefire way to nuke all your files permanently. The autonuke option is sufficient to all but the most determined state agencies.

Re:

[slim]

Yes, DBAN works very well. Google around and you'll find instructions on how to put it on a bootable USB stick. I recently ran this before taking my girlfriend's old desktop to the tip.

I don't know your employers' culture, but a reasonable approach seems to me:
  - call the IT dept
  - say "I'm going to completely wipe this laptop; you'll be OK to re-image it, right?"
  - run DBAN

Re:DBAN!

[cpu6502]

It's Windows 7. The guy's probably not allowed to install it.

I keep all my stuff in a "personal" folder so when the time comes for me to leave I just drag the folder to my USB: drive and then delete it from the computer. Technically the IT guys could undelete and recover, but it's doubtful they would. More likely they just reinstall the whole OS for the next guy.

My browsers are Opera and Chrome portable. When I delete the personal folder, they disappear too. Not that it really matters; the proxy server has a record of every place I've ever visited. (There is no privacy on a work computer.)

Re:

[Reschekle]

DBAN is a bootable CD/USB key. Unless IT has locked down the BIOS and locked down the boot options menu, he can run it regardless of what security measures are in effect in Windows.

Re:DBAN!

[war4peace]

I am not worried about erasing/hiding/formatting or anything. When I leave current company, I just shutdown the laptop and hand it over, because I have encryption on it and only I know the password. They will HAVE to delete partitions and reformat anyway.
Encrypt the damn thing, it's actually good business practice if you have company data on it.

shred early, often

[Anonymous Coward]

Start shred'ing your files as soon as you know you're leaving - especially if your shit is being backed up...it keeps the file sizes the same, so they will propagate through any backups or archives.

Wipe

[Anrego]

Depend on your IT setup, but if an option, just ask your sysadmin to re-image it. Don't discount the obvious and direct route. It's a reasonable request, you have justification, and if you are on good terms with the IT department I'm sure they'll hook you up.

Re:

[Cthefuture]

I boot off a DVD/USB to a minimal Linux system then write over the whole drive with cryptographically secure random data. That is a bit overkill but I work in security/cryptography and often have or had extremely sensitive data on my machine. "dd if=/dev/zero" works faster and is plenty good for normal people. This "nukes" the whole drive to a blank slate.

From there I'm usually able to install whatever OS they are using and set the machine up fresh. If the company has draconian IT policies and I can't i

Re:

[Anrego]

That too..

If I started a new job, I'd want the machine they give me to be a new install.. who knows what the previous guy was up to..

I don't think I've ever started a job where they were like.. "Yeah, you can use Bill's old computer. We had to get rid of him cause he was always muttering about how he'll show us all some day..".

Re:

[sandytaru]

When I first started at my current job, I was given a refreshly re-imaged PC, but I had to clean out my predecessor's desk, as he was fired about an hour after I was hired. (Not my fault - he was two hours late with no notice.) I put everything in a box, including the Playboy calendar he had stashed in a bottom drawer, and a few other rather questionable things. After my new boss saw the contents of the box, he ordered me a new desk, too.

Piece of Cake

[mackil]

Remove your files and profiles manually, then delete your windows user account. Create a new one, and use one of the many delete utilities (Like Hard Disk Scrupper [summitcn.com]) to wipe out the present free space so they cannot be recovered.

If you work for the NSA, that might not be good enough, but it should be for the majority of people.

Can you install things?

[Electricity Likes Me]

Eraser [heidi.ie] for Windows is probably what you want. Though if you can't install anything, sdelete [microsoft.com] is probably more useful.

Don't worry they have already copied it

[cvtan]

Why were you doing this kind of stuff at work?

Re:

[Rob Riggs]

It's the headline that is insightful. Most companies backup all desktops and have those backups stored off-site, sometimes for years.

All this BS about DBAN, dd and re-imaging the machines are kinda silly from that perspective. Just talk to the IT group and let them know your concerns. They have access to the desktop anyway. If they wanted this stuff, they would have it already.

I do agree with your post though -- most people conduct personal business from work computers. The GP's question was silly. Th

erase

[1u3hr]

Just DBAN it.

If you're on good terms with your IT dept and want to be polite, ask one of them if it's okay for you to do that.

Almost certainly whoever uses it next will want a clean install anyway. Or they may just dump it and your info will be in a used PC for sale on eBay in a couple of weeks.

wipe? nah!

[Anonymous Coward]

1. burn post-it note on monitor.
2. rest assured.

Format the hard drive

[Freddybear]

Wipe the whole thing. Don't worry about causing problems for the next user of the machine, tech support would probably do a format-and-reinstall anyway just to be sure that it's back to company standards.

Ask slashdot going way downhill

[gr3yh47]

The quality of questions on slashdot lately is abysmal. You really need a slashdot answer to tell you to reinstall windows and reformat the drive in the process? or to nuke the drive with any easily-googable drive erasing tool and reinstall windows?

Re:

[TheSpoom]

Old-school Slashdot is over here now [ycombinator.com], complete with Ask section.

Re:

[camperdave]

The quality of questions on slashdot lately is abysmal. You really need a slashdot answer to tell you to reinstall windows and reformat the drive in the process? or to nuke the drive with any easily-googable drive erasing tool and reinstall windows?

That's all well and good if you want to wipe EVERYTHING on the computer. What if there is corporate information on that machine, spreadsheets the guy was working on, etc. Wipe everything and you wipe those as well. The company would be well within its rights to sue him for damages if he did that. So, how can he wipe everything he needs to wipe, without wiping anything he doesn't need to, or shouldn't, wipe.

Re:

[gr3yh47]

Gee, if only corporate networks had places to store documents.... or if only computer files could be moved before something was done to the computer. That's a rough one.

10 year old Win7 comp? Outstanding!

[dAzED1]

That's really impressive, actually...

Easy. Start with not storing personal stuff on a work computer. Next step - assuming you're an admin on your box - create another admin account on the box. Log off your account, log in to that account, delete your profile off the box.

Why would your CC info be on the box, anyway? Do you really type out your CC number into text files and leave them on your PC? Why?

Hard Drive

[ltwally]

Remove or destroy your workstation's hard disk. If you feel they might object to this, replace it with a new one and re-image the machine. Next job: use Portable Apps http://portableapps.com/ [portableapps.com] from a thumb-drive, and you won't have to worry about it.

Just started getting worried?

[azadrozny]

You have been working with a machine(s) that you do not own for some number of years are you are just starting to worry about this now? In most offices, anyone can log on to any machine, probably remotely. There are probably backups of your stuff running around the infrastructure somewhere too. If anyone wanted your info, they already have it. I would simply ask that your machine be re-imaged before you go. If questioned, you want to be courteous to the next person to occupy your desk.

srm

[Quantum_Infinity]

Use srm (secure remove). It will do 35 passes writing random data after deleting your files. It can take a while to run if you have lot of large files to delete.

Is their IT staff?

[na1led]

IT should be taking care of this for you. Don't try and do things yourself without consulting with IT first, I've seen many users mess things up when they try to take maters in their own hands. Remember, you're using company property, and all the data belongs to the company too. If you have personal data, let the IT person know this, and they will be responsible to dealing with it.

Wait...what?

[killmenow]

I've been at this job for 10+ years so I'm sure there is tons of personal stuff stored on my machine...BTW it's a Windows 7 system if that makes a difference."

Ummm...my math may be a bit off here but...

Re:

[cdrudge]

Profiles and user directories can get migrated from old machine to new. User directories may not even be stored on the machine but a network share. He never said that he had a 10 year old Windows 7 system, only that he had been there 10 years and that he currently has a Windows 7 system.

2 options

[slashmydots]

You can boot from a DBAN disc and 0 out the entire hard drive and say it randomly broke
or
Download the secure shredder application that normally comes with Spybot Search and Destroy. They do offer a separate download. Drag in anything sensitive and it overwrites it with garbage data. Then to clear off anything you may have deleted in the past without securely overwriting it, use CCleaner's "wipe free space" feature which by the way is turned off by default. Anything that's listed as available space on t

Delete Your Profile

[c0d3r]

Delete your profile Control Panel->System->Advanced system settings->Advanced -> User Profiles -> Select and delete.

A short list

[Caffeine_Coder]

While it isn't the same as destroying the drive, this should be good enough, w/o inconviencing the systems team.  Any 'work' ( documents / files / email ) you generated while using the computer for work is considered property of the company, so only focus on your personal stuff (so you dont get busted for 'destroying company property'.

- Open each browser (firefox, IE, chrome) and delete cache, cookies, etc...
- Move / delete all your files in My (Documents | Pictures | Videos | Music), and desktop
- Uninstall any programs you installed and wasn't for work
- Confirm no personal items stored in root "C:\"
- Delete everything in %USERPROFILE%\AppData\Local\Temp
- Delete everything in %SystemRoot%\TEMP

If you have admin perms
-After you have saved your work files off someplace else, create New admin User, log in as that admin, delete your old profile, and confirm that C:\Users\"OLD LOGIN NAME" does not exists

Reformat the drive

[JohnFen]

And in the future, never put any personal data on your work computer, ever. Never even type personal passwords on it. Don't shop on it. It's not your machine, you cannot control it, your employer has rights to every bit on it, and therefore from your personal data point of view it's hard to think of a less secure system.

Re:Reformat the drive

[Mascot]

That would depend on where you live. Where I live and work, my employer isn't even allowed to check my email without a good reason. The same applies to all "personal areas". The hard drive in the computer the company has provided for you, is considered such an area. The assumption here is that there will always be _some_ personal use of a computer an employee sits at all day and often brings home or on trips with them. And a person has a right to privacy that the employer cannot invade without cause.

On the topic at hand, no place I have ever worked would dream of just handing a computer on to the next one in line without first reinstalling. So the employee wiping it before turning it in would be just fine. Last few jobs I've had, I've Truecrypted my computer (at the start of my employment) and handed it over in that state without any issues.

"personal stuff"

[dmbasso]

To clean your "personal stuff" off of your work computer you should take a rag and some disinfectant and scrub real hard. But I doubt you'll be able to remove all the stuff. You shouldn't be watching porn at work anyway.

No need for paranoia

[pla]

Ignore everyone telling you about the various forensic techniques that can recover your data - Unless you have recently gotten the company sued, they will make a final-state backup of your current files (no special scans for even the easiest of recoverable crap), maybe wipe it, and redeploy it to New Guy "just until they can get him a new one (in five years or so)".

As your realistic biggest concern, you want to make sure the last X backups have nothing interesting in them. So do a normal cleaning of your system, delete all your old mail, delete all your internet shortcuts (and history and cookies and offline files), delete just about everything in your Documents folder, clean up your desktop, empty the recycle bin, run SpyBot's Usage Tracks cleanup, CClean your registry, and then... Do nothing even remotely interesting for your last few weeks. If you have local admin, in your last hour at work, log in as admin, delete your profile, and defragment your drive(s), but you really don't need to go that far.

The most paranoid I'd personally bother with (and I definitely wear a tinfoil hat when it comes to "my" files on a work computer - I keep them all in a truecrypt archive from day 1), you could boot to Knoppix and run a "dd if=/dev/random of=/dev/sda". Keep in mind that although that will overwrite everything on the disk, it will also definitely get IT's attention. And honestly, you have the best chance of vanishing quietly into obscurity at that company by not doing anything IT finds all that interesting (see my comment on backups - You can bet that if they get interested enough, they'll find a two year old backup that somehow escaped the regular rotation).

the practical method

[v1]

First off I'll say for "next time", don't store personal information on company gear. Anything you've ever put on there is arguably company property. Any backups they've ever mare are also theirs. You shouldn't be in this situation to begin with. But that's not relevant to you now, you want a solution to the spot you're already in so I'll get to that next. Just try to avoid a reoccurrence next time huh?

Any company IT person with a clue will make sure your machine gets wiped and reimaged when you leave anyway. Even the remote possibility of an employee leaving a back door, logic bomb, or incriminating data (kiddy porn, descriptions of corporate illegal activity, made up stuff that could be bad, etc) being on your computer after you leave pretty much makes a nuke of your machine mandatory. So get the go-ahead from your IT person and then do it yourself. You may need to unlicense / deactivate some pro software on there first, make sure you have that taken care of first. Then do a secure wipe using whatever method you're comfortable with. Ask your IT person if you don't know how. It's a process that will take hours to run. If it finishes in under a few minutes, it didn't wipe anything, it merely reset the directory records, and your data is still on the drive.

The most basic mode of any secure wipe is good enough for anything short of DoD-class erasing. In reality, a simple one-pass zero of a drive will prevent anyone with a budget under $50k from getting anything off your drive. No need to go nuts with a seven pass random wipe, it'll just be a waste of your time with no added benefit.

After you've secure-erased it, let them do the reinstallation. That's how it should work, there's no point in wiping it only to give you another crack at installing a back door just before you walk out. If they say no that's ok you can do it, remember this... you are opening yourself to future suspicion because if something shady happens when your replacement has been using the machine, you are a suspect. ("hmmm that shouldn't have happened, how did that get out? I wonder if Jim didn't leave a back door?") Don't take that risk. Leave it blank. Nothing can be attributed to you after they do a fresh installation themselves. If they push you to do the reinstall yourself, push back with this point, you're not refusing to do it to be a dick, you're covering your ass. They should respect that. And explain how this also covers THEIR ass. That should be very difficult to say "no" to. If they still insist on your doing the reinstall before leaving, get it in writing. That will help you later if a wild criminal investigation appears later.

Re:

[Todd Knarr]

First off I'll say for "next time", don't store personal information on company gear. Anything you've ever put on there is arguably company property. Any backups they've ever mare are also theirs. You shouldn't be in this situation to begin with.

You can't avoid it, there's always work-related personal information around. For instance, the passwords to my 401K account, health insurance website, prescription drug fulfillment site and so on. All that's work-related, in fact work provides my insurance etc. an

Re:

[lorenlal]

The answer lies in how paranoid you are. Easiest solution to me is go find a liveCD or USB distro that lets you do a DoD wipe... Let it run... Return the laptop. The IT department will have a re-imaging process that they should be using anyway.

If you want to play around a little more, and if you have administrative privs on the laptop, I have a fun one. Enable BitLocker, but don't use the TPM if there's one present. Use a USB stick to store the keys and make the USB necessary to boot. Encrypt the disk.

Re:Perfect!

[Gordonjcp]

The whole "DoD Wipe" thing is overkill.

One single pass of dd if=/dev/zero of=/dev/ will destroy all the data on the disk, beyond any hope of recovery.

Re:Perfect!

[Gordonjcp]

I was going to say "myth", too. Have you noticed how the only people that insist that a "DoD wipe" is essential for getting rid of old data on drives are the people selling expensive drive-wiping software?

Re:

[Gordonjcp]

Again, there's a pointless waste of effort. Zero out the drive, and *nothing* is coming back.

Re:

[Khashishi]

Bad idea. The company might come back and accuse you of stealing company data. Which you did.

Re:

[bws111]

Yikes. I don't think the company will be too pleased with you keeping THEIR data after you leave.

Re:

[Githaron]

I wish my company was doing automated backups.

Re:

[hawguy]

For any company worth it's salt. They've been doing automated backups in the background for you. Anything you do, even wiping your drive will not take those backups away.

My company doesn't back up any desktops - if it's not put on a fileserver drive, it's not backed up.

Re:

[jxander]

Backing up User machines? Not a chance. We back up our servers, and provide plenty of storage space on those servers for users to store important docs ... but the 2000+ user machines are on their own.

And as a former IT guy, we nuked and reinstalled every computer before it went to a new user. You don't want someone else potentially having access to your old files, and I don't want someone else having to inherit whatever problems have arisen on your PC over the last 10 years.