How do I wipe an encrypted USB flash drive?

My company has issued an encrypted USB flash drive which I stored my personal data in it. I am resigning from the company and I wanted to wipe the data in the usb drive but I have forgotten the password.

I tried using dban and nuke to wipe the data but it is an unrecognised device shown in dban.

The USB flash drive comes with an EXE program which I need to enter a password before the drive can be mounted.

How do I remove my personal data in the encrypted USB flash drive?

Updates

  1. I tried gpart and the disk couldnt be found
  2. I tried diskpart and the disk was 0 bytes, neither can I find any partition or able to clean it.
  3. I did a live ubuntu cd boot and the usb thumb drive was detected as a cd-rom

There is no way of wiping the data and I have returned the device and trust the sysadmin to have integrity of wiping the device.

Lesson learnt: Never store your personal data on company device.


Solution 1:

How do I remove my personal data in the encrypted thumb drive? ... I have forgotten the password … unrecognised device

Crush it to small particles using a large hammer then buy your employer a new one (or ask them to deduct the replacement cost from your wages).

It is always a mistake to store personal data on the property of someone who you do not (or in future might not) wish to have access to your personal data.


A note on overwriting USB devices that use Flash memory.

Formatting any kind of storage device does not completely destroy data, it normally just recreates the filesystem structures without affecting much of the data contents.

For a hard disk, overwriting every data sector once with zeroes (or any character/octet) is sufficient to erase data. However this does not apply to flash-memory based devices such as typical USB memory sticks.

Flash memory devices use a concept known as wear-levelling, this means that some areas of storage will be rotated out of use and will not normally be accessible when using normal filesystem operations like writing a file. This makes erasing these devices more complicated. You need to make sure that any erasure tool you use is designed to work with devices that use wear-levelling.


A note on encrypted USB drives

I have an old Sandisk Cruzer device that uses the infamous U3 encryption system. When you first plug this in, all your computer sees is a small "CD-ROM" device that contains the U3 software and an autorun file. The encrypted data is in a non-visible "device" that the computer cannot see.

Only when you enter the password into the U3 software does the software make the encrypted device visible to the computer - which then assigns it a separate drive-letter (in the case of Windows) to that assigned to the pseudo-CD-ROM.

So if you don't enter the password, your computer cannot see the encrypted storage at all. Therefore no recovery/formatting/overwriting software can help.

U3 has some security weaknesses which allow you to bypass the password (Google will find this) but it is likely your device is better than U3.


A note on corporate USB drives.

Large serious companies that take security seriously are likely to purchase devices that can be centrally managed. Part of this is making provision for lost passwords by having a separate administrative password that can allow an administrator to regain full access to a device where the user's personal password has been lost.

This means that, just because you have forgotten the password, it doesn't mean a corporate administrator can't gain access to the data secured on the device.


A note on professionalism.

I would give some consideration to explaining the situation to your employer and working with them to resolve the issue to mutual satisfaction. This would be the "right" thing to do.

However, having stored personal data on a corporate resource, I sense that you are now looking for a solution that doesn't take corporate ethics and professionalism as a key point of reference.


A note about Rottweilers.

All in all, someone might regard it as a lucky blessing unfortunate minor disaster if their sister's Rottweiler chewed the device up and crushed the storage chips inside before they could rescue it. Make sure that doesn't happen to you.

If that happened to me, I'd offer to pay my employer the costs (hardware and administrative) to them caused by my foolish carelessness. Taking responsibility for their actions and paying for mistakes is something that adults are expected to do.

Solution 2:

As @jehad mentioned, use gparted utility. It is an open-source utility for disk managment, supporting a bunch of file systems.

You didn't mention what OS are you using — for most of them you can get it with package manager. Otherwise, you can download Live CD, burn it to a disk, and boot from it.

There's a few possible ways to get rid of the data — one of them is to just remove the partition with gparted, and create a new empty one. Note, that theoretically it is still possible to restore the data, in this case you can use something like dd utility, but you have to mention specifically if that's the case.

Solution 3:

Since you're using Windows 10, you might be able to use DiskPart, depending on how the encryption works. If the flash drive doesn't even present the encrypted partition's storage space to the OS without unlocking it via some special low-level mechanism, then the only thing you can do is physical destruction, but this might help somebody:

  1. Run diskpart.
  2. Type list disk to see the disks available to Windows.
  3. Type select disk N, where N is the number of the flash drive, e.g. select disk 2 if it was listed as Disk 2 in the previous step. Danger! Be very careful that you get the right drive, otherwise you'll blow away something important in the next step.
  4. Type clean all to scribble over every sector of the drive with zeroes. If your data destroyer can handle the drive now, you can stop following these steps. If it needs a normal volume, read on.
  5. Do list disk again to see the amount of free space the drive now has.
  6. Run create partition primary size=N where N is the free space in megabytes.
  7. Type list partition to see the ID of the new partition (it's probably 1).
  8. Type select partition N where N is the partition number you just got.
  9. Type format fs=ntfs quick to create a new NTFS volume.
  10. Exit DiskPart with exit.
  11. Use your data destroyer of choice to obliterate any chance of recovering the data that was under the space now occupied by this new partition.

Solution 4:

The thumb drive comes with an EXE program which I need to enter a password before the drive can be mounted.

If it is just an .exe file that auto-runs on startup, just arrange a Linux PC (or download -- it's free) from someone and format. Wine can run .exe files fairly well.