Page 1 of 5 123 ... LastLast
Results 1 to 10 of 48

Thread: Securely earsing your harddrive the hard way

  1. #1
    Join Date
    Apr 2010
    Location
    i am location
    Posts
    1,421

    Default Securely earsing your harddrive the hard way

    There is always a concern that, if you give you hard-drive away, you may have data left on the hard-drive you don't like for anyone to see.

    Usually, if you just format a hard-drive it will reset the tables but still has all the datas present on the actual hard-drive.
    To counter this, there is this method that will simply write every bit with a zero, thus ensuring that any data on the hard-drive will be 'really' overwritten and not retrievable. Of course there is not real 100% solution, but it comes close.

    This should be done by anyone who calls him/herself advanced. Otherwise you might erase your disk you don't want to. So be careful. I am not taking any responsibility on either your hard-drive or your data.

    Its a mere two commands you want to enter.

    Starting with you becoming root.

    Open your terminal and enter

    Code:
    fdisk -l
    You do this to find your hard-drive, the one you want to erase.

    It looks like this.
    linux-ia48:/home/yourname # fdisk -l

    Disk /dev/sda: 500.1 GB, 500107862016 bytes
    255 heads, 63 sectors/track, 60801 cylinders, total 976773168 sectors
    Units = sectors of 1 * 512 = 512 bytes
    Sector size (logical/physical): 512 bytes / 512 bytes
    I/O size (minimum/optimal): 512 bytes / 512 bytes
    Disk identifier: 0x5d8c637e

    Device Boot Start End Blocks Id System
    /dev/sda1 63 198643786 99321862 7 HPFS/NTFS/exFAT
    /dev/sda2 311965696 976773119 332403712 f W95 Ext'd (LBA)
    /dev/sda3 303581184 311965695 4192256 82 Linux swap / Solaris
    /dev/sda4 * 198660096 240670719 21005312 83 Linux
    /dev/sda5 311967744 376948735 32490496 83 Linux
    /dev/sda6 376950784 976752639 299900928 83 Linux

    Partition table entries are not in disk order

    Disk /dev/sdb: 2000.4 GB, 2000398934016 bytes
    255 heads, 63 sectors/track, 243201 cylinders, total 3907029168 sectors
    Units = sectors of 1 * 512 = 512 bytes
    Sector size (logical/physical): 512 bytes / 512 bytes
    I/O size (minimum/optimal): 512 bytes / 512 bytes
    Disk identifier: 0x000c4672

    Device Boot Start End Blocks Id System
    /dev/sdb1 2048 3907028991 1953513472 83 Linux

    Disk /dev/sdc: 160.0 GB, 160041885696 bytes
    256 heads, 63 sectors/track, 19381 cylinders, total 312581808 sectors
    Units = sectors of 1 * 512 = 512 bytes
    Sector size (logical/physical): 512 bytes / 512 bytes
    I/O size (minimum/optimal): 512 bytes / 512 bytes
    Disk identifier: 0xa8a8a8a8

    Device Boot Start End Blocks Id System
    /dev/sdc1 * 2016 312578783 156288384 a5 FreeBSD
    In my example we will erase the very last hard-drive named FreeBSD which is device sdc1.
    You may want to write the name of the hard-drive down just not to forget in your real life.

    Now, after we know the hard-drive, and you sure about it, you only need to enter this command.

    Code:
    dd if=/dev/zero of=/dev/sdc1
    dd will duplicate and copy onto sdc1, thus erasing every single bit.

    Also, this method will take time. In fact a lot of time. I did it with a 160GB HD and it took about 3 hours. So, depending on the size of your drive you may want to let it run till its done and go out or do some shopping, reading or whatever you feel like.

    P.s. if you feel to comment or add to this faq, please do so since i do it to the best of my knowledge and it may not complete.
    Thank You
    +++ ATH0

    . . . . . . . .
    LOGOFF COMPLETE

  2. #2
    Join Date
    Apr 2011
    Location
    Northamptonshire, UK
    Posts
    37

    Default Re: Securely earsing your harddrive the hard way

    I like to throw in a pass of
    Code:
    if=/dev/urandom
    in before zeroing the drive if I REALLY want any data to be unrecoverable.

  3. #3
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Securely earsing your harddrive the hard way

    On 2011-05-24 04:36, skaterich wrote:
    >
    > I like to throw in a pass of
    > Code:
    > --------------------
    > if=/dev/urandom
    > --------------------
    > in before zeroing the drive if I REALLY want any data to be
    > unrecoverable.


    Doubtful. And very slow.

    Rather, write all with zeros once, then another with 0xFF.

    Or you can try hdparm --security-erase (see man first).

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.2 x86_64 "Emerald" at Telcontar)

  4. #4
    Join Date
    Apr 2010
    Location
    i am location
    Posts
    1,421

    Default Re: Securely earsing your harddrive the hard way

    I think a simple zero should do it. Since everything is written once with zeros, there is nothing one can retrieve.

    The other method i haven't checked but will look into it.
    +++ ATH0

    . . . . . . . .
    LOGOFF COMPLETE

  5. #5
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,317

    Default Re: Securely earsing your harddrive the hard way

    On Thu, 26 May 2011 02:06:03 +0000, JoergJaeger wrote:

    > I think a simple zero should do it. Since everything is written once
    > with zeros, there is nothing one can retrieve.


    Usually this is sufficient, but advanced forensics can be used to recover
    data from a drive that hasn't been more thoroughly wiped. But recovering
    data from a drive like that is very expensive to do.

    That's why there's a DoD standard that specifies multiple passes of 0x00
    and 0xFF (AFAICR), I want to say it's 6 passes total.

    I usually will run a pass with /dev/urandom over the first couple
    thousand sectors of each partition; not completely unrecoverable, but
    whacking the directory structure and partition table makes it very
    painful to try to reassemble data from a larger drive.

    > The other method i haven't checked but will look into it.


    Typically supported on only some drives (it's a firmware-implementation
    of a wipe, so bypasses the data bus from the PC to the drive itself).

    Jim



    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

  6. #6
    Join Date
    Feb 2009
    Location
    Spain
    Posts
    25,547

    Default Re: Securely earsing your harddrive the hard way

    On 2011-05-26 06:12, Jim Henderson wrote:
    > That's why there's a DoD standard that specifies multiple passes of 0x00
    > and 0xFF (AFAICR), I want to say it's 6 passes total.
    >
    > I usually will run a pass with /dev/urandom over the first couple
    > thousand sectors of each partition; not completely unrecoverable, but
    > whacking the directory structure and partition table makes it very
    > painful to try to reassemble data from a larger drive.


    I fail to see why writing random data would erase better, compared to
    writing zeroes and ones on all bytes.

    However, if you want random data, paranoic mode, you need /dev/random, not
    /dev/urandom. The first one waits till there is enough entropy in the
    system before returning with a "real" random figure. The urandom variant
    will return fast, even if the data is not as random as it should.

    --
    Cheers / Saludos,

    Carlos E. R.
    (from 11.2 x86_64 "Emerald" at Telcontar)

  7. #7
    Will Honea NNTP User

    Default Re: Securely earsing your harddrive the hard way

    Jim Henderson wrote:

    > That's why there's a DoD standard that specifies multiple passes of 0x00
    > and 0xFF (AFAICR), I want to say it's 6 passes total.


    Last time I looked, the Orange Book now approves a 3-pass method. One pass
    writes a pattern, the second pass write the binary complement of the pattern
    and a third pass writes the random pattern. They specify the first two
    patterns but I'm too lazy to look it up just now so if anyone wants to know
    what they are email me and I'll dig it out.

    As I read the DOD spec, that is sufficient up through some ridiculous
    security level. Above that that, complete mechanical destruction/burn is
    the only way.

    --
    Will Honea

  8. #8
    Join Date
    Apr 2010
    Location
    i am location
    Posts
    1,421

    Default Re: Securely earsing your harddrive the hard way

    I would seriously question that anyone you may sell your drive with the first method, will have any luck to retrieve information from the harddrive.
    Are there any tools i can test this?

    Anyway, from the input i would say that the faq is ok, isn't it and we can add the other methods for a advance secure way of erasing data's. Or do you think it is not good really.

    Thank You for the input.
    +++ ATH0

    . . . . . . . .
    LOGOFF COMPLETE

  9. #9
    Join Date
    Aug 2010
    Location
    Chicago suburbs
    Posts
    15,676
    Blog Entries
    3

    Default Re: Securely earsing your harddrive the hard way

    For use with a recent linux,
    Code:
    shred /dev/sdc1
    would probably work. And it should be easier for people to remember.

    Currently, I am encrypting the partitions with sensitive data (including swap). When it comes time to ditch this system, I shouldn't have to worry about it.
    openSUSE Leap 15.3; KDE Plasma 5.18.6;

  10. #10
    Join Date
    Jul 2008
    Location
    Seattle, WA
    Posts
    17,317

    Default Re: Securely earsing your harddrive the hard way

    On Thu, 26 May 2011 10:08:07 +0000, Carlos E. R. wrote:

    > On 2011-05-26 06:12, Jim Henderson wrote:
    >> That's why there's a DoD standard that specifies multiple passes of
    >> 0x00 and 0xFF (AFAICR), I want to say it's 6 passes total.
    >>
    >> I usually will run a pass with /dev/urandom over the first couple
    >> thousand sectors of each partition; not completely unrecoverable, but
    >> whacking the directory structure and partition table makes it very
    >> painful to try to reassemble data from a larger drive.

    >
    > I fail to see why writing random data would erase better, compared to
    > writing zeroes and ones on all bytes.


    It probably doesn't, but since the data is stored in magnetic domains,
    having varying magnetic domains seems like a better idea.

    > However, if you want random data, paranoic mode, you need /dev/random,
    > not /dev/urandom. The first one waits till there is enough entropy in
    > the system before returning with a "real" random figure. The urandom
    > variant will return fast, even if the data is not as random as it
    > should.


    Yeah, but the point isn't about the random seed for the data, more about
    varying the magnetic signatures. Whether it's "truly" random or pseudo-
    random, it achieves that goal.

    Jim
    --
    Jim Henderson
    openSUSE Forums Administrator
    Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C

Page 1 of 5 123 ... LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •