How do I wipe an encrypted USB flash drive?

Question

My company has issued an encrypted USB flash drive which I stored my personal data in it. I am resigning from the company and I wanted to wipe the data in the usb drive but I have forgotten the password.

I tried using dban and nuke to wipe the data but it is an unrecognised device shown in dban.

The USB flash drive comes with an EXE program which I need to enter a password before the drive can be mounted.

How do I remove my personal data in the encrypted USB flash drive?

Updates

1. I tried gpart and the disk couldnt be found
2. I tried diskpart and the disk was 0 bytes, neither can I find any partition or able to clean it.
3. I did a live ubuntu cd boot and the usb thumb drive was detected as a cd-rom

There is no way of wiping the data and I have returned the device and trust the sysadmin to have integrity of wiping the device.

Lesson learnt: Never store your personal data on company device.

Answer 1

How do I remove my personal data in the encrypted thumb drive? ... I have forgotten the password … unrecognised device

Crush it to small particles using a large hammer then buy your employer a new one (or ask them to deduct the replacement cost from your wages).

It is always a mistake to store personal data on the property of someone who you do not (or in future might not) wish to have access to your personal data.

---

A note on overwriting USB devices that use Flash memory.

Formatting any kind of storage device does not completely destroy data, it normally just recreates the filesystem structures without affecting much of the data contents.

For a hard disk, overwriting every data sector once with zeroes (or any character/octet) is sufficient to erase data. However this does not apply to flash-memory based devices such as typical USB memory sticks.

Flash memory devices use a concept known as wear-levelling, this means that some areas of storage will be rotated out of use and will not normally be accessible when using normal filesystem operations like writing a file. This makes erasing these devices more complicated. You need to make sure that any erasure tool you use is designed to work with devices that use wear-levelling.

---

A note on encrypted USB drives

I have an old Sandisk Cruzer device that uses the infamous U3 encryption system. When you first plug this in, all your computer sees is a small "CD-ROM" device that contains the U3 software and an autorun file. The encrypted data is in a non-visible "device" that the computer cannot see.

Only when you enter the password into the U3 software does the software make the encrypted device visible to the computer - which then assigns it a separate drive-letter (in the case of Windows) to that assigned to the pseudo-CD-ROM.

So if you don't enter the password, your computer cannot see the encrypted storage at all. Therefore no recovery/formatting/overwriting software can help.

U3 has some security weaknesses which allow you to bypass the password (Google will find this) but it is likely your device is better than U3.

---

A note on corporate USB drives.

Large serious companies that take security seriously are likely to purchase devices that can be centrally managed. Part of this is making provision for lost passwords by having a separate administrative password that can allow an administrator to regain full access to a device where the user's personal password has been lost.

This means that, just because you have forgotten the password, it doesn't mean a corporate administrator can't gain access to the data secured on the device.

---

A note on professionalism.

I would give some consideration to explaining the situation to your employer and working with them to resolve the issue to mutual satisfaction. This would be the "right" thing to do.

However, having stored personal data on a corporate resource, I sense that you are now looking for a solution that doesn't take corporate ethics and professionalism as a key point of reference.

---

A note about Rottweilers.

All in all, someone might regard it as a lucky blessing unfortunate minor disaster if their sister's Rottweiler chewed the device up and crushed the storage chips inside before they could rescue it. Make sure that doesn't happen to you.

If that happened to me, I'd offer to pay my employer the costs (hardware and administrative) to them caused by my foolish carelessness. Taking responsibility for their actions and paying for mistakes is something that adults are expected to do.

Answer 2

As @jehad mentioned, use gparted utility. It is an open-source utility for disk managment, supporting a bunch of file systems.

You didn't mention what OS are you using — for most of them you can get it with package manager. Otherwise, you can download Live CD, burn it to a disk, and boot from it.

There's a few possible ways to get rid of the data — one of them is to just remove the partition with gparted, and create a new empty one. Note, that theoretically it is still possible to restore the data, in this case you can use something like dd utility, but you have to mention specifically if that's the case.

Answer 3

Since you're using Windows 10, you might be able to use DiskPart, depending on how the encryption works. If the flash drive doesn't even present the encrypted partition's storage space to the OS without unlocking it via some special low-level mechanism, then the only thing you can do is physical destruction, but this might help somebody:

1. Run diskpart.
2. Type list disk to see the disks available to Windows.
3. Type select disk N, where N is the number of the flash drive, e.g. select disk 2 if it was listed as Disk 2 in the previous step. Danger! Be very careful that you get the right drive, otherwise you'll blow away something important in the next step.
4. Type clean all to scribble over every sector of the drive with zeroes. If your data destroyer can handle the drive now, you can stop following these steps. If it needs a normal volume, read on.
5. Do list disk again to see the amount of free space the drive now has.
6. Run create partition primary size=N where N is the free space in megabytes.
7. Type list partition to see the ID of the new partition (it's probably 1).
8. Type select partition N where N is the partition number you just got.
9. Type format fs=ntfs quick to create a new NTFS volume.
10. Exit DiskPart with exit.
11. Use your data destroyer of choice to obliterate any chance of recovering the data that was under the space now occupied by this new partition.

Answer 4

The thumb drive comes with an EXE program which I need to enter a password before the drive can be mounted.

If it is just an .exe file that auto-runs on startup, just arrange a Linux PC (or download -- it's free) from someone and format. Wine can run .exe files fairly well.

Answer 5

If is a dedicated drive, you may try a few runs of:

cat /dev/urandom > /dev/usbdevicetowipe

...issued from a Linux live CD of your choice.

It may take a while if the drive is big, but you will get a wiped drive.

Answer 6

IMHO there's no need for a Linux disk or similar. If you can see the Exe on the USB stick, the USB stick has already been mounted.

In that case you can:

1. Go into Windows' disk partition management (diskmgmt.msc)
2. Delete all partitions on the USB stick (there might be some without drive letter)
3. Create a new single partition that uses all USB disk space
4. Use SDelete -z to wipe all disk space

Due to the nature of Flash memory, some data may remain on the disk, but if I understood you correctly, the data was encrypted anyway, so there should not be something that can be recovered.

Answer 7

At the company I work at, we use similar encrypted USB keys to transfer data. The drive contains a partition which presents itself as being an optical drive. This partition contains the executable files to decrypt and mount the second encrypted "data" partition to the system.

The software included on our USB keys has a 'forgot password' functionality, which wipes the data off the data partition.
I suppose that the tool actually changes the encryption keys used to decrypt the data partition, making the data irretrievable for anyone who didn't know the private encryption key of the data partition.

Check whether your key's software has an option to flash the drive or to reset the password.
Actually, as long as your company doesn't know the passphrase used to unlock the decryption (private) key or the decryption key itself, there's no risk of the company being able to extract your data from the key (unless the encryption scheme is really weak and trivially reversible, which would defy the purpose of those encrypted keys).

Maybe you could edit your post to include some information on the process you would have to go through to access the data on your key, if you did remember the password.

• How is the USB key presented to the host? Does it act like an optical drive, like mine?
• How do you open the tool to decrypt the key?
• Where/When do you need to enter the passphrase?
• Is the decrypted drive mounted as a new USB drive, or is it browseable through some sort of software?
• ...

Answer 8

What type of disk? If it's like an IronKey, where the drive renders itself unreadable after a number of failed attempts, you can just enter an incorrect password enough times to trigger the self-destruct mechanism.

If it's just a standard encrypted drive, one where you chose the encryption password and no other password will unlock it, no problem. If you don't know the password, they don't know it either - so the data on it is secure even if you do turn it in.

If it has multiple passwords (e.g. like my work computer, where more than one user has a password that will unlock the full-disk encryption), in that case (and in that case ONLY) should you consider physically destroying the drive.

Answer 9

You could use an utility for magnetic disks (nwipe for example), but the several hidden layers between the USB/SCSI layer and the actual memory cell will prevent making a perfect job.

On top, the reserved area used for wear leveling is only accessible for the wear leveling logic, not for the USB/SCSI layer directly.

To make sure, that you remove all data from a memory technology device, meanwhile you are not in control of the encryption, is unfortunately to physically destroy the device itself.

Answer 10

You can explain the situation, refuse to give the disk back, and accept to assume the replacement cost, if any.

Since it is a matter of personal data, you don't need to go into any detail. Simply state you have some personal information on the disk, and therefore are not able to give the disk back.

This is similar to having lost the disk, and the company should be able to deal with the situation.

How this goes depends a lot on the type of relation you maintain with the company and the type of personnel you are dealing with for this.