WEBVTT

00:00.510 --> 00:07.560
Now in this lecture, I'm going to show you how to securely format and wipe a USB device and encrypted

00:07.560 --> 00:15.810
so everything stored on that USB device will be unreadable unless you know, the passphrase used for

00:15.810 --> 00:16.740
the encryption.

00:17.250 --> 00:22.320
And to do this again tells what comes with pre-installed tools that allow us to do this.

00:22.440 --> 00:29.640
All we need to do is go to applications, utilities, and we're going to go to the disk utility right

00:29.640 --> 00:30.240
here.

00:31.200 --> 00:38.430
Now this utility can be used to format and encrypt any storage device connected to your computer right

00:38.430 --> 00:39.010
now.

00:39.030 --> 00:44.790
So as you can see right here, it's listing all of the storage media that I have connected to this computer.

00:44.820 --> 00:51.150
And as you can see, even if we look here on my file manager, you can see that I have an eight gigabyte

00:51.150 --> 00:51.690
volume.

00:51.690 --> 00:56.310
This is another USB device, not the one that I'm using to boot tales.

00:57.060 --> 01:02.160
And let's assume that I want to securely wipe everything that is in here.

01:02.670 --> 01:07.290
To do that, we're going to go and select it from here, from the left.

01:07.650 --> 01:10.890
And in here, you can obviously mount it.

01:10.920 --> 01:18.000
You can delete the selected partition, or you can click on the cogs here to get more options.

01:18.450 --> 01:21.870
And what I want to do right now is format the partition.

01:22.680 --> 01:27.810
And when you click on format, you'll see the first option is the erase option.

01:27.900 --> 01:35.310
So this is set to don't overwrite the existing data, which will be quick, but it's not secure because

01:35.310 --> 01:41.910
like I said, it will only mark the locations for available for writing, but the data will still be

01:41.910 --> 01:45.060
available and it will be easily recoverable.

01:45.450 --> 01:50.880
Therefore, if you want to securely wipe your device, the selected device in here, you want to click

01:50.880 --> 01:55.170
on this and set it to overwrite existing data with zeros.

01:55.200 --> 02:01.080
This will be slow, as you can see, but it will overwrite everything with random data which will make

02:01.080 --> 02:04.740
your previous data that you stored on it harder to recover.

02:05.730 --> 02:12.510
The next option in this window is the file system type that will be used on the storage device.

02:12.540 --> 02:15.420
Now you usually see this in any operating system.

02:15.420 --> 02:20.970
When you try to format a storage device, you can set it to whatever type you want.

02:21.150 --> 02:26.610
As long as this type is compatible with the operating system that you're going to use it on.

02:27.000 --> 02:31.950
You can use fat or NTFS for Windows XP four for Linux.

02:32.130 --> 02:37.500
Then set the name of the storage media and click on format to format it.

02:39.180 --> 02:47.340
Now this whole application can also be used to encrypt your storage media after formatting it so that

02:47.340 --> 02:54.090
whenever you store data in it, everything that you store will be encrypted and nobody will be able

02:54.090 --> 02:58.320
to read it unless they know the passphrase used to encrypt it.

02:58.440 --> 03:04.380
So it's similar to the way the persistence storage is configured on tables because as you remember,

03:04.380 --> 03:11.610
when we set it up to use persistence, I said that this will be an encrypted storage and we set a passphrase

03:11.610 --> 03:15.580
that we need to use in order to unlock the persistence part.

03:15.600 --> 03:21.780
So this is very similar and here you can use this program to encrypt a whole USB device.

03:21.900 --> 03:28.560
And to do this, you just need to click here on the type and set it to encrypt it compatible with Linux

03:28.560 --> 03:31.350
systems, which will use loose encryption.

03:31.980 --> 03:35.850
Now when you click this, as you can see, again, you'll have to fill up the name.

03:35.850 --> 03:45.120
So let's say encrypted drive and then we'll have two new input boxes asking us for the passphrase that

03:45.120 --> 03:52.110
will be used to encrypt the storage device so you can pick any strong passphrase you want.

03:53.230 --> 03:54.670
Click on format.

03:55.480 --> 04:01.000
It's going to ask us to confirm that we're formatting the right drive because keep in mind, this will

04:01.000 --> 04:05.100
remove everything that is stored on this device.

04:05.110 --> 04:09.130
It will securely remove that actually to make it very difficult to recover.

04:09.130 --> 04:15.760
And it's going to encrypt it so that whatever we store on that device will be unreadable unless the

04:15.760 --> 04:18.100
right passphrase is used.

04:18.580 --> 04:20.620
Now, I'm going to say, yes, I want to do this.

04:20.620 --> 04:26.290
I'm going to click on format, give it its time, because like we said, this will not just remove the

04:26.290 --> 04:32.920
files, it will overwrite everything that's there on the device with random data and then remove this

04:32.920 --> 04:39.130
random data to make sure that our previously stored data is very hard to recover.

04:39.400 --> 04:46.240
Once it does all of this, it will also encrypt the storage so that everything we have on it is unreadable.

04:46.240 --> 04:47.770
Without the passphrase.

04:48.490 --> 04:53.380
Now, once done you'll see the loading circular icon is gone from here.

04:53.440 --> 04:58.390
So that means that the device has been securely wiped and encrypted.

04:58.390 --> 05:04.510
So what I'm going to do right now is I'll close this and I'm actually going to disconnect it from this

05:04.510 --> 05:10.810
computer just to show you what happens when you go ahead and connect it to a computer.

05:10.810 --> 05:17.410
So I'm going to physically remove it now from my Thales computer and I'm going to connect it again.

05:18.070 --> 05:23.350
And as you can see, it appears in here again on the left saying it's an encrypted device.

05:23.350 --> 05:27.580
And if I click on it, you'll see that I can't open it.

05:27.580 --> 05:35.320
I can't see its content because we encrypted this device and like I said, it's not going to be accessible

05:35.320 --> 05:40.780
unless we know the passphrase in order to decrypt it and see its content.

05:41.020 --> 05:45.250
So I'm going to put the passphrase that I set when I encrypted the device.

05:46.410 --> 05:48.930
I'm going to click on unlock to unlock it.

05:49.290 --> 05:55.360
And only now, as you can see, the lock is gone and it opened the device for me.

05:55.380 --> 06:00.270
Now, obviously it's empty because we just wiped it and we securely wiped it.

06:00.270 --> 06:05.670
So the data that previously was stored on it should be very difficult to recover.

06:05.760 --> 06:13.290
And now, if I put any data on this and this can make the device, even if someone manages to get their

06:13.290 --> 06:20.790
hands on the device and read the content of it, the contents will be gibberish because everything is

06:20.790 --> 06:25.290
encrypted and it's not readable unless they know the passphrase.