Ask Slashdot: How To Clean Up My Work Computer Before I Leave?

An anonymous reader writes "I'm leaving my current job for a new one. I've been at this job for 10+ years so I'm sure there is tons of personal stuff stored on my machine. Since I can't take it with me does any one have a suggestions of tools or practices to clean off all of that data. I've already got my personal documents and files. I'm most worried about CC, debit card numbers and web site passwords I've used in browsers. Does clearing the cache, cookies, temp files do a good enough job? BTW it's a Windows 7 system if that makes a difference."

Nuke it from orbit

[GameboyRMH]

It's the only way to be sure.

Re:Nuke it from orbit

[admdrew]

Agreed. http://www.dban.org/ (although you should probably verify with your IT that they simply reimage old machines).

Re:Nuke it from orbit

[camperdave]

Nuke it from orbit. It's the only way to be sure.

You may not need to go that far. Just re-image the machine. However, that won't take care of backups. Hmm... how far offsite are the backups kept? The parent poster may be on the right track after all.

Re:Nuke it from orbit

Reformatting DOES NOT get rid of files. Programs like TestDisk can easily recover the data. I know from personal experience, reformatted my NTFS XP hard drive to FAT32. Used TestDisk to completely recover the drive, like nothing every happened. Well, I had to use SuperGrub to fix the MBR, but a minor hitch.

Re:Nuke it from orbit

[lorenlal]

If the IT department doesn't reimage old machines, then original poster should be even more inclined to DBAN that thing.

Re:Nuke it from orbit

[logical_failure]

DBAN is the only thing I would recommend. Simply re-imaging the machine is not enough.

Re:Nuke it from orbit

[dAzED1]

damaging the computer in any way (yes, I know the "nuke it" comment was a joke...but the other comments in the thread aren't) is a great way to lose a final paycheck, or otherwise have your former employer be very unhappy with you. You have work on your computer that shows your thought processes while you were doing certain tasks...notes, etc. If something goes wrong 4 months from now, they may want to check those notes.

Why would your credit card info be on the box, again? I know I already asked, but...huh? What year is this...did I go back in time?

Re:Nuke it from orbit

[jellomizer]

For systems with limited access. Where Whipping the PC isn't an option. I would suggest the following.
Delete Cache, and Cookies, Clear up your Document Folders.

Then I would run a program that fills the disk with a large file ( or several large files, of random data)
then Delete that file.
Then Defragment the drive.

Re:Nuke it from orbit

[Thundaaa+Struk]

Bit Locker the SOB and then take a crap on it...ain't no one touching it after that.

Re:Nuke it from orbit

[JohnFen]

This is true, but for his purposes, reformatting is very likely just fine. No employer is going to go to the hassle and expense of data recovery unless they're actively investigating wrongdoing or the employee deleted critical data. And if the employer suspects wrongdoing, then the employee is probably already busted by the keylogging & monitoring software they would have installed.

Re:Nuke it from orbit

[SkimTony]

Given that it's Windows 7, I'd recommend sdelete (http://technet.microsoft.com/en-us/sysinternals/bb897443.aspx) for the free-space wipe.

Re:Nuke it from orbit

Just because an company as an entity is not going to do so, doesn't mean that some guy in the IT will use completely free programs, like TestDisk, to poke around on a computer. People do do this you know. I have heard stories from IT guys I knew about people in their department doing this, though I have no proof it ever occurs anywhere. I do know that employees at restaurants have gotten got stealing CC numbers and the like, hotels etc. The point is, just because you can trust the company as a whole, doesn't mean you can trust that all the individuals in it are ethical/moral. Indeed I would argue the exact opposite that you can trust that at least one employee in the company is not ethical/moral.

Re:Nuke it from orbit

[tripleevenfall]

He writes his credit card information in notepad documents, just like his passwords, so they're in a safe place.

Re:Nuke it from orbit

[mcgrew]

A ten year old computer running Win 7? And why does he have CC#s and other personal info in his WORK computer?

I'll bet the poor guy got fired for disobeying IT policy. Or more likely, the submission was a troll. How many businesses upgrade an OS without upgrading the hardware? And what business computer from ten years ago will run Win 7? Maybe a gaming rig, but not a work computer. Hell, my work computer is 10 years old and it will barely run XP!

I say his problem is his own damned fault. Entering your CC#s in someone else's computer? Is he nuts??

Re:Nuke it from orbit

[tripleevenfall]

When a problem comes along, you must whip it.

Re:Nuke it from orbit

[durrr]

Leave a DBAN disk labled "Private moments with my wife" in the optic drive as you walk out the door for the last time.

Call in two months later and ask how long your replacement lasted.

Re:Nuke it from orbit

[fluffythedestroyer]

Even if you grenade that PC to hell and make him sufer, , me...an admin, can have access to his files on his computer. All I need is the network admin access or his own access and I have everything he had since it's stored on the network. All I have to do is access his account and I'll will start to sync all the info and data that is syncable...even cookies if I did that. So dban is useless in a network environment. He just has to delete the files, cookies and other data on his computer so the data on the network will be wiped out in the next even (logoff or next log on usually)

Re:Nuke it from orbit

[PastBlast]

I agree with this. Copy your personal files off... that shouldn't have been there to begin with then scrub the disk. I have about 100 employees and I really don't want to see what they have on their laptops or worry what the big boys up the chain might see. I give them a bootable CD that does one thing: scrubs that disk. I use the don't ask don't tell policy. Whatever you've been doing in that computer, I don't want to know. Go tell your priest. It can be reformatted/reimaged later. Oh yeah, I prefer DBAN... just because of the cool name.

Re:Nuke it from orbit

[Joce640k]

Disk imaging only needs to overwrite as man sectors as are needed for the new files.

If the disk had been imaged when you started using it, those sectors aren't going to be the ones with your personal stuff in them.

Re:Nuke it from orbit

[Joce640k]

Who says there's an "IT department"? It might be three guys in a basement.

(As per usual, Ask Slashdot has posted an incomplete question...)

Re:Nuke it from orbit

[Culture20]

Why not? Reimaging the disk should write to every bit on the disk, right?

no, it doesn't.

That is, unless "reimaging" has been changed to mean "create a new partition over the old one and recursively copy the appropriate directory structure and files to it". But that would be a misnomer. If it's not bit for bit identical, it's not a disk image.

"Reimage" hasn't meant "dd" is a long time. Most programs like ghost or partimage create a new partition over the old one and recursively copy the appropriate directory structure and files to it. There's a reason why wiping a 3TB disk with one pass takes two days but deploying an image to it can take as little as five minutes.

Re:Nuke it from orbit

Alternatively if unable to download files from the 'net, run this from within CMD:

cipher /w:c:\

It'll achieve the same thing as sdelete-ing - wiping free space on c: and it's built into windows.

Re:Nuke it from orbit

[RatherBeAnonymous]

Windows Pro versions contain cipher.exe, and that can wipe free space as well

cipher /W:[drive letter]:\

Re:Nuke it from orbit

[djl4570]

INAL but a complete wipe could be construed as destruction of employer owned data. I suggest a less invasive approach using Eraser from http://sourceforge.net/projects/eraser/ Uninstall the non standard software, use Eraser to wipe the personal and non business related files. Shrink the paging file to minimum size and run an erase of free space. A single pass should be adequate*. Then go to http://hubblesite.org/gallery/album/entire/pr2003011a/warn/ and download the 16,000x16000 pixel image of the Helix nebula. Open multiple copies of this image until the system forces an expansion of the paging file. While this isn't a military grade approach it will leave the system intact. An intact system with business docs isn't suspicious. A freshly wiped system might draw attention.

* Guttman only proposed his thirty-five pass hypothesis; so far as I can tell the hypothesis has never been tested on a real hard drive. The original hypothesis was based on disk drive technology in the mid nineties about the time magneto resistive technology entered the supply chain which suggests Guttman's research was on older disk drive technology. Does anyone know if forensics has ever recovered data from an overwritten hard drive?

Re:Nuke it from orbit

[Culture20]

How many businesses upgrade an OS without upgrading the hardware?

Every one I've ever worked for from hole in the wall, university, and fortune 500. The only place I've seen where they want to get rid of out of warranty computers is in the medical field where uptime was critical (but even then, they re-used the desktops until they died or became too obsolete).

And what business computer from ten years ago will run Win 7?

A computer from the drafting/design department could have been reallocated to less intensive work as a general mail/browser system.

Re:Nuke it from orbit

[MartyBorg]

A full format does NOT. The difference between a Quick and a Full format is that a Full format will attempt to READ the full disk after a format, while the Quick, simply writes a new table.

Re:Nuke it from orbit

[VolciMaster]

For a Mac or Linux machine, I run a dd from /dev/urandom into a file until it crashes (that way apps are still "ok" .. but a reimage is an option, too).

For Windows, I either reimage myself, or erase/uninstall everything and then run a simple script to dump 1s into a file till it crashes.

If you're really worried people are going to be poking around your laptop, don't use it for personal work. It IS a work machine, after all.

If you "need" to use the work machine for personal work, do it in a VM. You can move the VM off later, and then just overwrite that part of the disk on the host.

Re:Nuke it from orbit

[mosherkl]

A ten year old computer running Win 7?

I get an computer upgrade every 3-4 years. That doesn't mean I lose every file and document I have every 3-4 years. The OP was simply stating he's been employed there for 10+ years and has accumulated a lot of personal data. I'm sure he's had new hardware a few times since then.

Re:Nuke it from orbit

[ottothecow]

I'm always confused by posts like this (which pop up every time there is a topic about use of work hardware).

People use their work computer to do personal things all of the time in ways that are allowed by policy. Your company may not allow personal/incidental use but are you so thick-headed that you can't realize that most companies do?

Same with the old data. Is it not conceivable that IT might move the user's home directory and similar things to a new machine? I thought this was pretty much standard practice. I certainly have files on my current desktop dating back to when I was in middle school...maybe its a carpenter's hammer type of thing ("its my favorite computer, I've had it for 15 years, and only replaced the OS 6 times and the hardware 4 times") but its certainly not unreasonable to have a large accumulation of stuff on a "new" machine after 10 years. What kind of slashdot poster wouldn't realize that this kind of stuff is easy to transfer to a new system?

Then again, you say your work computer is 10 years old so maybe your company really doesn't have a clue what its doing and yet you continue to work there.

Re:Nuke it from orbit

[icebike]

Forensics has never recovered more than a few random bytes, not so much as a single sentence in real world tests of single pass over-writes.
Even using electron microscopes and the whole nine yards. The more you research this issue the more you realize all (yes ALL) the stories are based on contrived situations where they researchers knew EXACTLY what was written previously, EXACTLY where, and EXACTLY what it was over written with.

Even three letter agencies don't even bother trying on disks they know have been overwritten. Nobody has demonstrated it in the real world on ANY hard drive, let alone a recent one.

Re:Nuke it from orbit

[jhoegl]

Regardless, he cannot do anything like this to the computer. He is liable if something goes missing and they suspect he deleted it.
If he was that concerned about this information, he should have used his own computer.

Re:Nuke it from orbit

[datavirtue]

A stupid "PC World-ish" question at that. Every time a I see something that looks genuinely retarded posted to /. I look up and see timothy's name. Fucking format the drive, or just delete your shit. WTF?!

Re:Nuke it from orbit

[lgw]

Seriously. There's even a song about it:
"FDISK, format, re-install, do-dah, do-dah
FDISK, format. re-install, all the do-dah day"

Re:Nuke it from orbit

[JoeMerchant]

Thermite?

http://youtu.be/4PKB5nnHGAk

Re:Nuke it from orbit

[Yaztromo]

Why would your credit card info be on the box, again? I know I already asked, but...huh?

I don't know about the askers workplace, but at my workplace if we need to book work-related travel we use a corporate website to book, but have to provide a credit card to charge the flights, hotels, and car rentals. We then get to expense it, along with whatever meals and incidentals were required for the trip.

Some people in the organization have a corporate credit card, but most of us don't. The benefit of using a personal card for this sort of booking is that if you have a card that gives you any sort of points per dollar purchase, you get them. The company has always been responsive to quickly repaying the expense.

So one day I'll probably be in a similar position as the asker, with the exception that I run an OS that has a secure free space wipe feature built-in to get rid of any traces of anything I delete.

Yaz

Re:Nuke it from orbit

[shaitand]

He isn't liable financially for anything he does within the scope of his employment. If you screw up work in a way that costs the company a million dollars they are more than justified in canning you but you don't owe them the million.

I would definitely at least do a couple passes with random data on the drive.

Re:Nuke it from orbit

[shaitand]

Formatting doesn't get rid of the data. Before seeing your post I thought it was stupid question too. Now I see that some people actually think a format and reinstall is sufficient to clean a system.

Re:Nuke it from orbit

[hairyfeet]

I have yet to see anyone pull more than a couple of random words from a disc that has had a single pass wipe. When we ended up with a bunch of used 20Gb-60Gb at the shop we decided to try it ourselves and couldn't get back squat no matter what software we tried. These were all wiped with a single zero pass, nothing fancy, and we couldn't even get back a complete text file.

That said if it were me I'd buy East Tec Eraser and put it on a stick. I've been using it for years to wipe drives from used PCs here at the shop, gives you a frankly insane amount of options for the wipe, 1 pass zeroes, ones, random ones and zeroes, multipass, pretty much anything you can want and it has a nice feature that will also wipe the slack space of existing files. Well worth the $40 IMHO, just buy it and copy it to your stick and you'll be good to go.

Re:Nuke it from orbit

[Minwee]

Nice try. Which three letter agency do you work for?

AOL.

Re:Nuke it from orbit

[platypussrex]

Sounds to me what he's really worried about is them finding all the porn he's downloaded to the computer over the years.

Re:Nuke it from orbit

[lgw]

With Windows 7 and SBS everything on the desktop gets backed up on the desktop automatically.

Did you mean "backed up off the desktop"? Otherwise formatting would certainly solve that problem. In any case, formatting your drive will remove any personal info from the hands of the next owner of the machine, and casual glimpses by IT staff - it rmeoves temptation form the honest. Worrying about some BOFH who's going to restore backups just to get your personal info? That BOFH has far easier ways of messing with you anyhow.

Re:Nuke it from orbit

[jmerlin]

When I was doing re-imaging, it was SOP to make a ghost copy of the current drive for backup purposes (this step was only done when we were moving a person to a new computer, so as to keep their data intact, for leaving employees, there was no backup), DBAN the machine, then re-image it with a golden image.

When we said "re-image" that's what we meant. We had stations set up with like 10 drives attached for DBAN purposes. I always meant to make a little device that could run DBAN that would plug directly into an IDE device (or use an IDE/SATA converter) and DBAN the entire disk by simply plugging in the cable, the power, and hitting the big red button. I could probably sell those. Hold on, brb, getting a patent.

Re:Nuke it from orbit

[shaitand]

How does it look like he damaged systems if nothing is damaged? He prep'd the system for re-issue. This is recommended security practice 101 and it is trivial to prove it. People do it daily and I've yet to hear of anyone being sued for it.

Why would someone sue you for something that can be fixed with 20 minutes of imaging they have to do anyway?

Re:Nuke it from orbit

[jr88keys]

Who says there's an "IT department"? It might be three guys in a basement.

Or two guys and a "relationship manager."

Re:Nuke it from orbit

[AYeomans]

ccleaner for Windows http://www.piriform.com/CCLEANER has an option for overwriting free space. So you could delete all your files, profile, user registry, temp files. Empty waste bin, then use the ccleaner wipe free space option. And hope you remembered everything that needed deleting.

dd

Boot a Linux live-cd and type dd if=/dev/zero of=/dev/sda

Re:dd

[Tukz]

Yes, and completely wipe it.
Isn't that what is being asked?

Re:dd

dd if=/dev/zero | tee | /dev/sda will write them to your screen as well

dd if=/dev/urandom bs 1024k | tee | dd of=/dev/sda bs=1024k is better for security and ASCII bells, as well as ruining your termcap temporarily and erasing faster.

pv -ptres "Size of disk in gigabytes followed by a G" /dev/urandom | dd of=/dev/sda bs=1024k will provide a nifty progress bar

Re:dd

[jabuzz]

Better yet a few days or a week or so before you leave do

dd if=/dev/zero of=/dev/sda skip=512

That way you leave the partition table and first stage of the boot loader so it will look like the install is busted. You can then ring up IT and say your computer no longer boots and can they fix it. They will then happily reimage the machine :-)

Re:dd

[JWSmythe]

    Why the tee?

    dd if=/dev/urandom of=/dev/sda bs=1024k

    Or use my favorite method. Don't do anything at work that you wouldn't want your bosses seeing. Assume you could be called away from your desktop without having a chance to lock it, and someone else will sit down to do a forensic investigation.

      I've had to access all kinds of workstations for various reasons. It's less embarrassing for the user if there's nothing embarrassing to find. Most workplaces appreciate this. They are paying you to work for them, not to mess around with any of your personal stuff.

OK more seriously

[GameboyRMH]

Clear your browser including flash cookies and cache, clear temp folders, uninstall and wipe the folders of any chat apps you may have been using, and that's good enough unless you think they're going to use a file recovery app on your hard disk.

Re:OK more seriously

[funwithBSD]

His first mistake was using a company machine for private transactions.

Use your smart phone/iPad/whatever to that sort of stuff. Browse all you like at Newegg, but don't buy it at work!

Re:OK more seriously

CCleaner does pretty good. It also has secure delete for the tinfoil hat people. Chances are you'll forget about storing something important.

DBAN!

[brandor]

http://www.dban.org/ Works wonders :)

Re:DBAN!

[halfEvilTech]

I second this - the UBCD4Win project also has it built in.

But running dban is a surefire way to nuke all your files permanently. The autonuke option is sufficient to all but the most determined state agencies.

Re:DBAN!

[slim]

Yes, DBAN works very well. Google around and you'll find instructions on how to put it on a bootable USB stick. I recently ran this before taking my girlfriend's old desktop to the tip.

I don't know your employers' culture, but a reasonable approach seems to me:
  - call the IT dept
  - say "I'm going to completely wipe this laptop; you'll be OK to re-image it, right?"
  - run DBAN

Re:DBAN!

[cpu6502]

It's Windows 7. The guy's probably not allowed to install it.

I keep all my stuff in a "personal" folder so when the time comes for me to leave I just drag the folder to my USB: drive and then delete it from the computer. Technically the IT guys could undelete and recover, but it's doubtful they would. More likely they just reinstall the whole OS for the next guy.

My browsers are Opera and Chrome portable. When I delete the personal folder, they disappear too. Not that it really matters; the proxy server has a record of every place I've ever visited. (There is no privacy on a work computer.)

Re:DBAN!

[Reschekle]

DBAN is a bootable CD/USB key. Unless IT has locked down the BIOS and locked down the boot options menu, he can run it regardless of what security measures are in effect in Windows.

Re:DBAN!

[war4peace]

I am not worried about erasing/hiding/formatting or anything. When I leave current company, I just shutdown the laptop and hand it over, because I have encryption on it and only I know the password. They will HAVE to delete partitions and reformat anyway.
Encrypt the damn thing, it's actually good business practice if you have company data on it.

shred early, often

Start shred'ing your files as soon as you know you're leaving - especially if your shit is being backed up...it keeps the file sizes the same, so they will propagate through any backups or archives.

Wipe

[Anrego]

Depend on your IT setup, but if an option, just ask your sysadmin to re-image it. Don't discount the obvious and direct route. It's a reasonable request, you have justification, and if you are on good terms with the IT department I'm sure they'll hook you up.

Re:Wipe

[Anrego]

That too..

If I started a new job, I'd want the machine they give me to be a new install.. who knows what the previous guy was up to..

I don't think I've ever started a job where they were like.. "Yeah, you can use Bill's old computer. We had to get rid of him cause he was always muttering about how he'll show us all some day..".

Re:Wipe

[sandytaru]

When I first started at my current job, I was given a refreshly re-imaged PC, but I had to clean out my predecessor's desk, as he was fired about an hour after I was hired. (Not my fault - he was two hours late with no notice.) I put everything in a box, including the Playboy calendar he had stashed in a bottom drawer, and a few other rather questionable things. After my new boss saw the contents of the box, he ordered me a new desk, too.

Piece of Cake

[mackil]

Remove your files and profiles manually, then delete your windows user account. Create a new one, and use one of the many delete utilities (Like Hard Disk Scrupper) to wipe out the present free space so they cannot be recovered.

If you work for the NSA, that might not be good enough, but it should be for the majority of people.

Can you install things?

[Electricity+Likes+Me]

Eraser for Windows is probably what you want. Though if you can't install anything, sdelete is probably more useful.

Don't worry they have already copied it

[cvtan]

Why were you doing this kind of stuff at work?

Re:Don't worry they have already copied it

[ztexas]

Wow, only took a few minutes for judgmental dude to jump in, and get modded up +5 insightful. That's what I love about Slashdot. Many employers (especially small companies) allow for personal use within certain restrictions. Many personal details can be left behind from work-related tasks such as registrations on intraweb sites, HR forms, and travel sites (including personal credit card to charge business trips later refunded). It's a valid question. But I feel your need to judge. In fact, I am doing it right now. Maybe you are at work right now. Are you stealing the company's electricity to charge your phone?

Re:Don't worry they have already copied it

[Rob+Riggs]

It's the headline that is insightful. Most companies backup all desktops and have those backups stored off-site, sometimes for years.

All this BS about DBAN, dd and re-imaging the machines are kinda silly from that perspective. Just talk to the IT group and let them know your concerns. They have access to the desktop anyway. If they wanted this stuff, they would have it already.

I do agree with your post though -- most people conduct personal business from work computers. The GP's question was silly. Though I will admit that I don't do *any* personal stuff through my current employer's network. *Everything* is monitored and recorded for compliance.

Change all your porn membership passwords

Who gives a flying fuck about anything else ...

wipe? nah!

1. burn post-it note on monitor.
2. rest assured.

Ask slashdot going way downhill

[gr3yh47]

The quality of questions on slashdot lately is abysmal. You really need a slashdot answer to tell you to reinstall windows and reformat the drive in the process? or to nuke the drive with any easily-googable drive erasing tool and reinstall windows?

Re:Ask slashdot going way downhill

[TheSpoom]

Old-school Slashdot is over here now, complete with Ask section.

Re:Ask slashdot going way downhill

[camperdave]

The quality of questions on slashdot lately is abysmal. You really need a slashdot answer to tell you to reinstall windows and reformat the drive in the process? or to nuke the drive with any easily-googable drive erasing tool and reinstall windows?

That's all well and good if you want to wipe EVERYTHING on the computer. What if there is corporate information on that machine, spreadsheets the guy was working on, etc. Wipe everything and you wipe those as well. The company would be well within its rights to sue him for damages if he did that. So, how can he wipe everything he needs to wipe, without wiping anything he doesn't need to, or shouldn't, wipe.

Re:Ask slashdot going way downhill

[gr3yh47]

Gee, if only corporate networks had places to store documents.... or if only computer files could be moved before something was done to the computer. That's a rough one.

10 year old Win7 comp? Outstanding!

[dAzED1]

That's really impressive, actually...

Easy. Start with not storing personal stuff on a work computer. Next step - assuming you're an admin on your box - create another admin account on the box. Log off your account, log in to that account, delete your profile off the box.

Why would your CC info be on the box, anyway? Do you really type out your CC number into text files and leave them on your PC? Why?

Hard Drive

[ltwally]

Remove or destroy your workstation's hard disk. If you feel they might object to this, replace it with a new one and re-image the machine. Next job: use Portable Apps http://portableapps.com/ from a thumb-drive, and you won't have to worry about it.

Re:Replace the Drive. Don't trust software.

[Khashishi]

Bad idea. The company might come back and accuse you of stealing company data. Which you did.

Is their IT staff?

[na1led]

IT should be taking care of this for you. Don't try and do things yourself without consulting with IT first, I've seen many users mess things up when they try to take maters in their own hands. Remember, you're using company property, and all the data belongs to the company too. If you have personal data, let the IT person know this, and they will be responsible to dealing with it.

Wait...what?

[killmenow]

I've been at this job for 10+ years so I'm sure there is tons of personal stuff stored on my machine...BTW it's a Windows 7 system if that makes a difference."

Ummm...my math may be a bit off here but...

Re:Wait...what?

[cdrudge]

Profiles and user directories can get migrated from old machine to new. User directories may not even be stored on the machine but a network share. He never said that he had a 10 year old Windows 7 system, only that he had been there 10 years and that he currently has a Windows 7 system.

Delete Your Profile

[c0d3r]

Delete your profile Control Panel->System->Advanced system settings->Advanced -> User Profiles -> Select and delete.

A short list

[Caffeine_Coder]

While it isn't the same as destroying the drive, this should be good enough, w/o inconviencing the systems team.  Any 'work' ( documents / files / email ) you generated while using the computer for work is considered property of the company, so only focus on your personal stuff (so you dont get busted for 'destroying company property'.

- Open each browser (firefox, IE, chrome) and delete cache, cookies, etc...
- Move / delete all your files in My (Documents | Pictures | Videos | Music), and desktop
- Uninstall any programs you installed and wasn't for work
- Confirm no personal items stored in root "C:\"
- Delete everything in %USERPROFILE%\AppData\Local\Temp
- Delete everything in %SystemRoot%\TEMP

If you have admin perms
-After you have saved your work files off someplace else, create New admin User, log in as that admin, delete your old profile, and confirm that C:\Users\"OLD LOGIN NAME" does not exists

Reformat the drive

[JohnFen]

And in the future, never put any personal data on your work computer, ever. Never even type personal passwords on it. Don't shop on it. It's not your machine, you cannot control it, your employer has rights to every bit on it, and therefore from your personal data point of view it's hard to think of a less secure system.

Re:Reformat the drive

[Mascot]

That would depend on where you live. Where I live and work, my employer isn't even allowed to check my email without a good reason. The same applies to all "personal areas". The hard drive in the computer the company has provided for you, is considered such an area. The assumption here is that there will always be _some_ personal use of a computer an employee sits at all day and often brings home or on trips with them. And a person has a right to privacy that the employer cannot invade without cause.

On the topic at hand, no place I have ever worked would dream of just handing a computer on to the next one in line without first reinstalling. So the employee wiping it before turning it in would be just fine. Last few jobs I've had, I've Truecrypted my computer (at the start of my employment) and handed it over in that state without any issues.

"personal stuff"

[dmbasso]

To clean your "personal stuff" off of your work computer you should take a rag and some disinfectant and scrub real hard. But I doubt you'll be able to remove all the stuff. You shouldn't be watching porn at work anyway.

Re:Perfect!

[Gordonjcp]

The whole "DoD Wipe" thing is overkill.

One single pass of dd if=/dev/zero of=/dev/ will destroy all the data on the disk, beyond any hope of recovery.

No need for paranoia

[pla]

Ignore everyone telling you about the various forensic techniques that can recover your data - Unless you have recently gotten the company sued, they will make a final-state backup of your current files (no special scans for even the easiest of recoverable crap), maybe wipe it, and redeploy it to New Guy "just until they can get him a new one (in five years or so)".

As your realistic biggest concern, you want to make sure the last X backups have nothing interesting in them. So do a normal cleaning of your system, delete all your old mail, delete all your internet shortcuts (and history and cookies and offline files), delete just about everything in your Documents folder, clean up your desktop, empty the recycle bin, run SpyBot's Usage Tracks cleanup, CClean your registry, and then... Do nothing even remotely interesting for your last few weeks. If you have local admin, in your last hour at work, log in as admin, delete your profile, and defragment your drive(s), but you really don't need to go that far.

The most paranoid I'd personally bother with (and I definitely wear a tinfoil hat when it comes to "my" files on a work computer - I keep them all in a truecrypt archive from day 1), you could boot to Knoppix and run a "dd if=/dev/random of=/dev/sda". Keep in mind that although that will overwrite everything on the disk, it will also definitely get IT's attention. And honestly, you have the best chance of vanishing quietly into obscurity at that company by not doing anything IT finds all that interesting (see my comment on backups - You can bet that if they get interested enough, they'll find a two year old backup that somehow escaped the regular rotation).

the practical method

[v1]

First off I'll say for "next time", don't store personal information on company gear. Anything you've ever put on there is arguably company property. Any backups they've ever mare are also theirs. You shouldn't be in this situation to begin with. But that's not relevant to you now, you want a solution to the spot you're already in so I'll get to that next. Just try to avoid a reoccurrence next time huh?

Any company IT person with a clue will make sure your machine gets wiped and reimaged when you leave anyway. Even the remote possibility of an employee leaving a back door, logic bomb, or incriminating data (kiddy porn, descriptions of corporate illegal activity, made up stuff that could be bad, etc) being on your computer after you leave pretty much makes a nuke of your machine mandatory. So get the go-ahead from your IT person and then do it yourself. You may need to unlicense / deactivate some pro software on there first, make sure you have that taken care of first. Then do a secure wipe using whatever method you're comfortable with. Ask your IT person if you don't know how. It's a process that will take hours to run. If it finishes in under a few minutes, it didn't wipe anything, it merely reset the directory records, and your data is still on the drive.

The most basic mode of any secure wipe is good enough for anything short of DoD-class erasing. In reality, a simple one-pass zero of a drive will prevent anyone with a budget under $50k from getting anything off your drive. No need to go nuts with a seven pass random wipe, it'll just be a waste of your time with no added benefit.

After you've secure-erased it, let them do the reinstallation. That's how it should work, there's no point in wiping it only to give you another crack at installing a back door just before you walk out. If they say no that's ok you can do it, remember this... you are opening yourself to future suspicion because if something shady happens when your replacement has been using the machine, you are a suspect. ("hmmm that shouldn't have happened, how did that get out? I wonder if Jim didn't leave a back door?") Don't take that risk. Leave it blank. Nothing can be attributed to you after they do a fresh installation themselves. If they push you to do the reinstall yourself, push back with this point, you're not refusing to do it to be a dick, you're covering your ass. They should respect that. And explain how this also covers THEIR ass. That should be very difficult to say "no" to. If they still insist on your doing the reinstall before leaving, get it in writing. That will help you later if a wild criminal investigation appears later.

Re:the practical method

[Todd+Knarr]

First off I'll say for "next time", don't store personal information on company gear. Anything you've ever put on there is arguably company property. Any backups they've ever mare are also theirs. You shouldn't be in this situation to begin with.

You can't avoid it, there's always work-related personal information around. For instance, the passwords to my 401K account, health insurance website, prescription drug fulfillment site and so on. All that's work-related, in fact work provides my insurance etc. and expects me to manage it. It's entirely legitimate for me to be accessing those sites from the work machine, as they're part of my benefits package. At the same time, the company doesn't really have any need to know my passwords and should in fact never have access to them. They run the health plan, they don't need my account password to get access to my insurance plan information. I think it's entirely legitimate to want to wipe that kind of sensitive information from a work PC so it doesn't end up in the hands of people who have no need to have it and in fact no right to have it (access to the insurance site would be covered by HIPPA for instance, and the 401K would be covered by financial privacy laws once my employment ends and my employer no longer has any need to interact with that account).

Re:Perfect!

[Gordonjcp]

I was going to say "myth", too. Have you noticed how the only people that insist that a "DoD wipe" is essential for getting rid of old data on drives are the people selling expensive drive-wiping software?

Method I use

[mombodog]

Short answer, no easy way to do what you suggest. Cleaning personal info from W7 is a manual job that takes time, and no way to guarantee you got it all. Best advice is to use the restore partition (if it has one) or clean Install of W7 and then when it is done restoring or the clean install is done, overwrite all the free space on the drive with "Eraser 5.8.8", this guarantee's all info has been overwritten.

Posting your Make and exact Model may prompt us for more suggestions.

If re-installing is Not an option.

Back up data you want to save, then follow the exact order below.

1. Create a new admin user account.

2. Log into that new account and delete any other user accounts (do not delete the hidden admin or guest accounts)

3. Uninstall any software you don't want to pass on. then search the hard drive for those names of software and remove any folders left behind.

4. Delete any folders on the C drive that may have been created manually by the user.

5. Do a IE7-8 reset, then delete browsing history (select all the boxes)

6. Use index.dat suite to delete any .dat files it finds,(requires selecting them to be deleted on a reboot) http://support.it-mate.co.uk/?mode=Products&p=index.datsuite

See this link for instructions using index.dat suite on Vista or W7 http://support.it-mate.co.uk/?mode=Products&act=FAQ&p=index.datsuite#193

Or use a linux live disc to delete all the .dat files.

7. At the command prompt type these 3 commands one at a time hitting enter each time, the erase tmp command may take time to complete.

cd\

erase *.tmp /s

erase *.bak /s

8 . Empty the Recycle Bin

9 . Use eraser version 5.8.8 to erase the free space on the hard drive, install eraser, then right click on the C drive and select "erase unused space". (it may take quite some time if the hard drive is large) http://sourceforge.net/projects/eraser/files/

The spooks know

[davidwr]

Does anyone know if forensics has ever recovered data from an overwritten hard drive?

SOMEONE knows, but he's not allowed to talk about it.

Re:Perfect!

[Gordonjcp]

Again, there's a pointless waste of effort. Zero out the drive, and *nothing* is coming back.