LinuxQuestions.org
Visit the LQ Articles and Editorials section
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices



Reply
 
Search this Thread
Old 09-16-2005, 12:25 PM   #1
Oxagast
Member
 
Registered: Aug 2003
Location: Mocksville, NC, USA
Distribution: Gentoo, Slackware.
Posts: 410

Rep: Reputation: 30
Need a Hard Drive Scrubber


Hi,
I was wondering if there was a good application out there for linux that would allow me to "scrub" my hard drive, or specifically a partition. Meaning, perminatly remove all evidence of deleted files on a filesystem so they couldn't be accessed later via forensics or file recovery software. Possible partitions I would use this on include Ext2fs, Ext3fs, and ReiserFS.

Thanks,
Marshall
 
Old 09-16-2005, 12:32 PM   #2
jailbait
Guru
 
Registered: Feb 2003
Location: Blue Ridge Mountain
Distribution: Debian Wheezy, Debian Jessie
Posts: 7,593

Rep: Reputation: 188Reputation: 188
"I was wondering if there was a good application out there for linux that would allow me to "scrub" my hard drive, or specifically a partition. Meaning, perminatly remove all evidence of deleted files on a filesystem so they couldn't be accessed later via forensics or file recovery software. Possible partitions I would use this on include Ext2fs, Ext3fs, and ReiserFS."

Whenever I hear the police pounding up the steps I reach for dban.

http://dban.sourceforge.net/

-------------------------------
Steve Stites
 
Old 09-17-2005, 04:17 AM   #3
TigerOC
Senior Member
 
Registered: Jan 2003
Location: Devon, UK
Distribution: Debian Etc/kernel 2.6.18-4K7
Posts: 2,380

Rep: Reputation: 49
Simple solution is write zeros to the drive e.g.;

dd if=/dev/zero of=/dev/hdaX
 
Old 09-17-2005, 10:54 AM   #4
TruckStuff
Member
 
Registered: Apr 2002
Posts: 498

Rep: Reputation: 30
Quote:
Originally posted by TigerOC
Simple solution is write zeros to the drive e.g.;

dd if=/dev/zero of=/dev/hdaX
I was going to suggest the same thing.
 
Old 09-17-2005, 11:33 AM   #5
int0x80
Member
 
Registered: Sep 2002
Location: Cincinnati
Distribution: Debian GNU/Linux
Posts: 310

Rep: Reputation: 31
1. DBAN is my wipe utility of choice.
2. Better than zeros is random. dd if=/dev/urandom of=/dev/hdaN
3. Consider other applications (eg: THC Secure Delete)
4. Check previous threads in the forum (eg: advice on secure delete tools)
 
Old 09-17-2005, 11:48 AM   #6
alaskazimm
Member
 
Registered: Mar 2004
Location: Watching it snow in bush Alaska
Distribution: *ubuntu, Smoothwall, WinXP Pro
Posts: 126

Rep: Reputation: 15
Also, there is KillDisk. It's floppy based and has the potential to wipe your hard drive to DoD standards. It has a free version. Google for it. I've used it and it's not bad.
 
Old 09-17-2005, 10:16 PM   #7
TruckStuff
Member
 
Registered: Apr 2002
Posts: 498

Rep: Reputation: 30
Quote:
Originally posted by GNUbie
2. Better than zeros is random. dd if=/dev/urandom of=/dev/hdaN
I was going to suggest that also, but than I started wondering if there would be enough entropy generated by the kernel to fill an entire partition. Anyone have experience wiping a disk wtih /dev/random or /dev/urandom?
 
Old 09-18-2005, 01:49 PM   #8
KPOM
LQ Newbie
 
Registered: Feb 2004
Location: Milwaukee
Distribution: Slackware 10.2, FreeBSD 5.4, LFS 6.1
Posts: 16

Rep: Reputation: 0
Quote:
I was going to suggest that also, but than I started wondering if there would be enough entropy generated by the kernel to fill an entire partition. Anyone have experience wiping a disk wtih /dev/random or /dev/urandom?
The method I most commonly use when completely erasing a drive is the following:
Code:
cat /dev/urandom > /dev/hdX;cat /dev/urandom > /dev/hdX;cat /dev/zero > /dev/hdX
Running urandom over a drive twice removes just about any possibility of any data being recovered via software or hardware, and you could even run it a third time if you're extremely paranoid. I like to throw on the /dev/zero at the end just to have a nice clean drive when I go to put something else on it.. not to mention it's nice to cat /dev/hdX and see nothing just to be sure.

Be sure to boot with a kernel using a driver for your drive's interface, as this process isn't quick as it is; using a generic driver at half the speed won't make your life any easier.

Good luck!
 
Old 09-18-2005, 01:55 PM   #9
dracolich
Senior Member
 
Registered: Jul 2005
Distribution: Slackware
Posts: 1,173

Rep: Reputation: 47
Just to add to the zero and random methods, I read before that it should be done with multiple passes - 3 to 5.

If you're disposing the drive there's always the sledgehammer method.
 
Old 09-24-2005, 04:23 PM   #10
ginda
Member
 
Registered: Mar 2004
Distribution: SUSE8.2, 9.2, Knoppix
Posts: 323

Rep: Reputation: 31
After reading this great info about wiping data, what data recovery methods would you recommend?
 
Old 09-28-2005, 06:06 PM   #11
jer2eydevil88
LQ Newbie
 
Registered: Sep 2003
Posts: 19

Rep: Reputation: 0
When I need to erase the contents of a hard drive quickly and forever I start by opening it up and proceeding to

http://www.bbspot.com/Images/News_Fe...ing_hammer.jpg

Then I move on and proceed to dispose of the remains.

http://www.chem.psu.edu/ncs/Hallowee...3/Thermite.jpg
 
Old 10-06-2005, 03:28 PM   #12
doublejoon
Member
 
Registered: Oct 2003
Location: King George, VA
Distribution: RHEL/CentOS/Scientific/Fedora, LinuxMint
Posts: 366

Rep: Reputation: 44
Quote:
Originally posted by GNUbie
1. DBAN is my wipe utility of choice.
2. Better than zeros is random. dd if=/dev/urandom of=/dev/hdaN
3. Consider other applications (eg: THC Secure Delete)
4. Check previous threads in the forum (eg: advice on secure delete tools)
You said it man DBAN!
 
Old 01-12-2006, 03:05 PM   #13
penguinsRgreat
LQ Newbie
 
Registered: Jan 2006
Posts: 2

Rep: Reputation: 0
I have a firewire drive with 2 partitions on it. let's say I only want to wipe 1 partition

will

dd if=/dev/urandom of=/dev/disk2s5

do the trick?(/dev/disk2s5 is the partition I want to wipe). Will it write random data inside the partition or will it overwrite the entire partition with random data

Is it a problem if bs and conv=notrunc are NOT specified?

It's actually an HFS+ partition(OS X journaled) but I don't htink that makes a big difference


thanks

Last edited by penguinsRgreat; 01-12-2006 at 03:07 PM.
 
Old 01-13-2006, 12:15 PM   #14
business_kid
Guru
 
Registered: Jan 2006
Location: Ireland
Distribution: Slackware & Android
Posts: 6,635

Rep: Reputation: 586Reputation: 586Reputation: 586Reputation: 586Reputation: 586Reputation: 586
Have you tried "man shred" ? Part of coreutils, and made for what you are doing.
 
Old 01-13-2006, 01:36 PM   #15
win32sux
Guru
 
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870

Rep: Reputation: 371Reputation: 371Reputation: 371Reputation: 371
yup... penguinsRgreat, your shred could look kinda like this:
Code:
shred -n 3 -z -v /dev/disk2s5
"-n 3" makes it overwrite the partition with random data three times... "-z" makes it zero the drive after it's done...

http://www.die.net/doc/linux/man/man1/shred.1.html

the filesystem is not relevant, it will be blown-away regardless...

keep in mind that if you were talking about overwriting files only, then you really need to consider which filesystem the file resides on, cuz it won't work properly on journalized filesystems, etc...

Last edited by win32sux; 01-13-2006 at 01:37 PM.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Installing grub to external USB hard drive for later use as internal hard drive dhave Linux From Scratch 2 12-10-2005 09:48 AM
Reiser file system / Hard Disk/ Hard Drive Problems Oxyacetylene Linux - Software 4 10-10-2005 03:24 PM
2 hard drive in system mirror 1st hard drive sburns76247 Linux - General 2 12-21-2004 02:47 AM
Grub to access new hard drive and old multi os hard drive ? gedi1 Linux - Hardware 0 06-03-2004 01:01 PM
STUCK--Trying to copy old Hard Drive to new Hard Drive. Please Help tsw Linux - Newbie 8 05-26-2004 03:47 AM


All times are GMT -5. The time now is 08:30 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration