Erasing data from your drives

Disclaimer

I take no responsibility for any damage caused by following any of the directions in this post. These tools and methods are destructive and likely to destroy your data or worse.

Deleting files from your drives does not remove them, it simply dereferences the memory. The data still exists. For further details, there is a good read here. This also covers some recovery tools.

Zero filling your disk/s

This is the process of setting all the bits on a drive to 0. Some say this is not the most secure way and that someone who knows what they’re doing can still in many cases recover the original data and that at least multiple passes of this technique are required. Others however disagree with this and say that a single pass is enough.
Thanks Miles for pointing this out and providing another view point.

dd

A cloning tool. AKA “data destroyer”.
To zero-fill: direct the output of the character file /dev/zero to the device you want zero-filled.

How?
Boot your machine from a live Linux disk that includes the dd programme. Most Linux distros will have dd included. I’ve done this using Knoppix as it loads reasonably fast.
From the shell terminal as root:

dd if=/dev/zero of=/dev/[device you want to wipe] bs=1M

/dev/zero, /dev/random and /dev/urandom are character special files. /dev/random and /dev/urandom are interfaces to the Linux kernel’s random number generator.

To find the device you want to wipe, run

fdisk

You’ll get something along these lines:

/dev/hda = primary master IDE
/dev/hdb = primary slave IDE
/dev/hdc = secondary master IDE
/dev/hdd = secondary slave IDE
/dev/sda = first SCSI hard drive
/dev/sdb = second SCSI hard drive

So for example if you want to zero your primary master:

sudo dd if=/dev/zero of=/dev/hda bs=1M

UBCD

AKA Ultimate Boot CD.
Once you’ve downloaded UBCD and have it written to your boot media and have your machine booted into it.
Press F2 to enter the Hard Drive tool section.
Press right arrow key to enter the diagnostic tools.
Select the most recent version of the diagnostic tool under the name of the manufacturer of your drive.

Applying patterns to the bits

A more effective approach to zero-filling, is to use bit flipping patterns in your wiping approach and perform multiple passes.

dd if=/dev/random of=/dev/[device you want to wipe] bs=1M

should be a little more effective.

Better still, run the following 3 – 7 times, as discussed here


dd if=/dev/random of=/dev/[device you want to wipe] && dd if=/dev/zero of=/dev/[device you want to wipe]

Wipe

I haven’t used this, but it looks good.

dban

Recommended by Stanford University’s Disk and Data Sanitisation Policy and Guidelines.
Stanford also lists a collection of other useful disk sanitisation tools.
Download the iso from https://sourceforge.net/projects/dban/
Burn the image to a CD / DVD or USB drive (using something like ISO to USB.
Set your BIOS to boot from which ever device has the ISO image.

Once dban loads you’ll be given options to proceed.
dban start options

I hit Enter to start in interactive mode.

In the next screen, you’ll be able to see that dban is using urandom as it’s Entropy. This must be /dev/urandom which will be used to set your bits on/off randomly rather than just zeroing or oneing (probably not a word ;-)).
This is considered a far better technique to make it forensically close to impossible to reconstruct the original contents of the disk.

NukeOptions

In this screen you can also select other options.
Method: allows you to use a selection of different techniques.
The current default is DoD Short.
Both DoD 5220.22-M Short and DoD 5220.22-M Standard are used by the American Department of Defense
DoD 5220.22-M Short performs 3 passes
DoD 5220.22-M Standard performs 7 passes

See here for the standards for data erasure

Once dban has performed the sanitisation, you’ll see a screen similar to the following with the details

FinishDetails

As always, feel free to offer corrections and comments on things I may have missed out that you think worth mentioning.

Advertisements

Tags: , , ,

3 Responses to “Erasing data from your drives”

  1. Mike Says:

    GNU Shred should definitely be added to this list of disk wiping utilities.
    http://www.gnu.org/software/coreutils/manual/html_node/shred-invocation.html

    Note:
    My examples below have verbosity (-v) enabled but not have -f. Forcing shred to begin wiping drives may be necessary to overcome file permissions. For any other options the manpages are your friend!

    Defaults (to three passes):
    shred -v /dev/sdX
    same as three passes with
    shred -v -n3 /dev/sdX

    Zero the drive:
    shred -vz -n0 /dev/sdX

    One pass of random data and zeroing at the end:
    shred -vz -n1 /dev/sdX

    A few other utilities not mentioned are:
    – dcfldd : http://dcfldd.sourceforge.net/
    – wipe : http://wipe.sourceforge.net/
    – secure-delete toolset : http://srm.sourceforge.net/
    – scrub : https://code.google.com/p/diskscrub/

  2. Flash Says:

    Good article. I certainly love this website. Continue the good work!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s


%d bloggers like this: