LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 03-14-2013, 08:57 PM   #1
albikat2013
LQ Newbie
 
Registered: Mar 2013
Posts: 1

Rep: Reputation: Disabled
Verifying a hard drive has been wiped.


Hello,

I recently had a vendor come in to my organization and wipe about 20 hard drives using Linux (Centos6) based computer and an 8 port RAID controller. I need to verify that there is no data on these hard drives. I have tried connecting the RAID controller to a Windows based pc but was unsuccessful in getting the correct drivers.

Is there a Linux based utility or command that will allow me to verify that all the data has been removed from the hard drive?


Thank you
 
Old 03-14-2013, 11:18 PM   #2
kbp
Senior Member
 
Registered: Aug 2009
Posts: 3,790

Rep: Reputation: 650Reputation: 650Reputation: 650Reputation: 650Reputation: 650Reputation: 650
You could grab the first sector of each drive to ensure no partition info or bootloader is present, from memory bootloader is the first 446 bytes followed by partition table (could be wrong)

Code:
dd if=/dev/sdX of=/tmp/disk1 bs=512 count=1
file /tmp/disk1
 
Old 03-15-2013, 01:29 AM   #3
chrism01
LQ Guru
 
Registered: Aug 2004
Location: Sydney
Distribution: Centos 6.9, Centos 7.3
Posts: 17,356

Rep: Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367Reputation: 2367
Try the usual data rescue tools like testdisk, photorec etc.

Re MBR https://en.wikipedia.org/wiki/Master_boot_record
 
Old 03-15-2013, 02:16 AM   #4
bloody
Member
 
Registered: Feb 2013
Location: Berlin
Distribution: Gentoo, Debian
Posts: 172

Rep: Reputation: 25
Okay here's a rather unusual approach - if the disk was wiped with zero-bytes (instead of random data), you could use:
Code:
dd if=/dev/sdX | gzip -c -2 >/path/to/other/disk/file.gz
and see how small the .gz file gets. You can even re-gzip the .gz file which will become even smaller if the source were all zero-bytes. Repeat re-gzipping the .gz[.gz[...]] until it doesn't get smaller and if the result is a very tiny file, the disk is clean.
 
Old 03-15-2013, 02:20 AM   #5
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,353
Blog Entries: 55

Rep: Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541Reputation: 3541
Quote:
Originally Posted by albikat2013 View Post
I recently had a vendor (..) wipe about 20 hard drives (..)
What kind of vendor? (HW, SW, forensic services, etc, etc)
What was the purpose of the wipe? (HW, SW, regulatory compilance, etc, etc)
What SW or dedicated HW did the vendor use?
Did you check one of the disks to see if it's filled with zeroes or a pattern or random data?
 
Old 03-15-2013, 01:52 PM   #6
jpollard
Senior Member
 
Registered: Dec 2012
Location: Washington DC area
Distribution: Fedora, CentOS, Slackware
Posts: 4,688

Rep: Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259Reputation: 1259
Quote:
Originally Posted by kbp View Post
You could grab the first sector of each drive to ensure no partition info or bootloader is present, from memory bootloader is the first 446 bytes followed by partition table (could be wrong)

Code:
dd if=/dev/sdX of=/tmp/disk1 bs=512 count=1
file /tmp/disk1
I have used:
Code:
dd if=/dev/sdX bs=1M | od -cb >file
The od utility dumps the output (cb ascii/byte). Since zeroing the disk leaves 0s on disk, od will show these as "*" lines meaning they are all duplicate. When you reach the end of the disk od will put the last line on there as well.

Anything non-zero is an incomplete write.

This works as long as the last thing done to the disk is to write a repeating pattern (not just zeros).

This DOESN'T work when a degausser is used - in that case, there IS no data, and to read the disk at all first requires a low level reformat (which doesn't always work - EMP may have damaged the formatter).

Oh - I use 1 MB for the buffer because it is much faster that way than by reading 512 bytes at a time.

Last edited by jpollard; 03-15-2013 at 01:54 PM.
 
Old 03-15-2013, 03:59 PM   #7
jefro
Moderator
 
Registered: Mar 2008
Posts: 16,357

Rep: Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377Reputation: 2377
Try to recover data with tools. Simple ones might be testdisk.

The only way to be sure is to nuke it from high orbit.

Physically destroy the platten(s). Usually prevents any security issues. The recycle company pays the same for broken and usable ones.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
how do i install grub onto hard drive after the mbr has been wiped baronobeefdip Linux - Software 7 02-26-2011 05:49 PM
Installing Linux to a wiped hard drive Crashware Linux - Newbie 5 05-15-2010 01:11 AM
Possible hacking; wiped - now hard drive space missing? - hidden files? trekk Linux - Security 9 11-10-2006 10:17 AM
Wiped Entire Hard Drive and Want To Install Slackware Midnyt Slackware 3 09-04-2006 05:58 PM
ghost cd of xp wiped my hard drive supraman4eva Linux - General 4 10-19-2005 05:40 PM


All times are GMT -5. The time now is 02:59 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration