Computer wipes are difficult to do without leaving a trail, experts say.

In court documents unsealed Thursday, it was revealed that the Ontario Provincial Police anti-rackets squad is investigating former Premier Dalton McGuinty’s chief of staff for breach of trust.

Police allege that David Livingston arranged for someone outside the provincial government to access computers in the premier’s office that may have contained information connected to gas plant cancellations. Up to 24 computer hard drives are suspected of being wiped.

The allegations have not been tested in court and Livingston’s lawyer said his client did nothing wrong.

As questions swirl over what may have happened, experts say it’s hard to wipe a computer without leaving substantial clues.

“There’s no such thing as the perfect crime when it comes to forensics and computer wiping,” says Daniel Tobok, managing director, security consulting and forensics for Telus, who was speaking in general terms.

Clues are typically left on the computer’s server, and there are often “remnants” that can even be used to trace computer tools used in any wiping process — clues that can lead back to the purchaser of the wiping devices, says Tobok, adding he’s been able to solve a few mysteries that way.

Depending on the size of the computer, a wipe can be done fairly easily, with tools necessary to do the work costing around $200 or so. The process can take some time to complete, about three to five hours depending on the size of the computer’s memory. Tobok says someone with fairly senior IT experience would know how to do a wipe.

Harold Burt-Gerrans, director of litigation services for H&A eDiscovery Inc. in Toronto, says to completely wipe a computer, one would use a CD-ROM or USB so the computer operated from another device as the primary control during the procedure.

“The computer reboots off the secondary system, allowing someone to wipe out the primary system. Then you would use a tool that essentially writes over the contents of the drive from start to finish,’’ Burt-Gerrans added.

The firm he works for wipes computers, for example, after investigations where clients want to ensure H&A no longer possesses the client’s information on H&A’s computers, says Oleh Hrycko.

Burt-Gerrans says that the U.S. Department of Defence recommends that three overwrites or “passes’’ be done to ensure every scrap of data is scrubbed ruing a wipe, but that means a nine to 12 hour process.

Wiping out the hard drive basically wipes out the “brains’’ of the computer, says Hrycko.

Loading... Loading... Loading... Loading... Loading... Loading...

When a wiped computer is turned back on, typically there’s a default message saying “missing operating system,’’ which means the computer can’t find load instructions to get itself up and running again.

“You’d have to go through the process of inserting an installation disk, and setting up the computer from scratch,’’ Burt-Gerrans says.

Read more about: