PimmelScholz Posted May 14, 2022 Share Posted May 14, 2022 Hello, i would like to be able to fully erase the content of the memory. How could this be possible? I would like to prevent forensic investigation of what i have stored after using the device. Thank u. Link to comment Share on other sites More sharing options...
digininja Posted May 14, 2022 Share Posted May 14, 2022 Memory is volatile, just turn the power off and it will be cleared within a few seconds. Link to comment Share on other sites More sharing options...
PimmelScholz Posted May 14, 2022 Author Share Posted May 14, 2022 But, when i turn on device, i see certificate and other settings and the data captured in session before. How to wipe this non volatile memory? Link to comment Share on other sites More sharing options...
digininja Posted May 14, 2022 Share Posted May 14, 2022 Why do you need to? What is the threat you are defending against? Link to comment Share on other sites More sharing options...
jholbrookftl Posted May 15, 2022 Share Posted May 15, 2022 He may not be defending against a threat, it is one of the most important steps in pentesting to start each new engagement with a clean slate to prevent old data and findings from contaminating the new environment. Link to comment Share on other sites More sharing options...
jholbrookftl Posted May 15, 2022 Share Posted May 15, 2022 19 hours ago, PimmelScholz said: But, when i turn on device, i see certificate and other settings and the data captured in session before. How to wipe this non volatile memory? you may try reinstalling the firmware to see if that does the trick, beyond that the only thought i would have is to go into the terminal and manually delete the items, which is a mind-numbing thought. Link to comment Share on other sites More sharing options...
digininja Posted May 15, 2022 Share Posted May 15, 2022 This is where threat modelling comes in. If all you want to do is to clear down between engagements then doing a simple rm on the command line will do. If you've done an engagement where you are asked to do a full erase after the job (I have to do this after some military and financial jobs) then an rm won't be good enough as all that does is to clear the file allocation tables but leaves the content on disk. For something like that you would want to do an overwrite. If the OP isn't a tester and has done something illegal and wants to destroy the evidence then a wipe and a hammer would be best. At any level you have to first come up with the reason you are doing the action before you can work out what action fits best. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.