Linux - General This Linux forum is for general Linux questions and discussion.
If it is Linux Related and doesn't seem to fit in any other forum then this is the place. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
01-18-2014, 03:20 PM
|
#1
|
LQ Newbie
Registered: Feb 2010
Location: Manitoba, Canada
Distribution: Ubuntu 8.04 LTS, CrunchBang 9.04, Lucid Puppy 5.0.1
Posts: 10
Rep:
|
How to PERMANENTLY remove files from a HDD
I tried searching for this question a couple of times and found nothing helpful.
I have an old PC with Win95 on it and I want to Permanently Erase everything from the Hard Drive before I take the computer to e-waste recycling.
I used Tomsrtbt to run "badblocks" with the read/write option. After this had completed I tried booting into Win95 and it showed "no operating system present".
1. Can I assume that All Files have been permanently removed from the hard drive?
2. Is there a way to check that there are no readable files left on the drive?
3. If I use Tomsrtbt to establish a new hard drive partition table and create an "ext2" file system,
will this further insure that none of the previous Dos files are salvageable?
|
|
|
01-18-2014, 03:23 PM
|
#2
|
Senior Member
Registered: Dec 2013
Distribution: Slackware
Posts: 1,982
|
Burn a UBCD disk and use one of the wipe utilities to wipe the disk:
http://www.ultimatebootcd.com/
One pass zero should be enough in most cases. If you are paranoid, you can do one pass random data. If you are really paranoid you can wipe it as many times as you want to relieve anxiety.
|
|
1 members found this post helpful.
|
01-18-2014, 04:13 PM
|
#3
|
Senior Member
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth&Mars (I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that work on freest-HW; has been KDE, CLI, Novena-SBC but open.. http://goo.gl/NqgqJx &c ;-)
Posts: 4,888
|
Hi. Depends on how paranoid you want to be about forensics software and such, I'd say it's fine but others would say destroy the drive and recycle the rest? Best wishes and have fun. 
Last edited by jamison20000e; 01-18-2014 at 08:13 PM.
|
|
1 members found this post helpful.
|
01-18-2014, 05:10 PM
|
#4
|
Member
Registered: Aug 2012
Posts: 185
Rep:
|
These quotes may be interesting:
Quote:
"But if he broke the platters, the likelyhood of data recovery is slim to none."
|
Quote:
On the other hand, Brian Cane, a consultant with ECO Data Recovery, said if Lanza overwrote the drive, the data would be lost.
|
Source
Some say that zero-filling once is enough. Others say that you need several passes of random data. I only know that writing with dd from /dev/zero is significantly faster than /dev/urandom. I did that on an old harddrive -- the random data fill would've taken several hours, but a zero-fill finished in about 20 minutes.
|
|
|
01-18-2014, 05:32 PM
|
#5
|
LQ Addict
Registered: Dec 2011
Location: UK
Distribution: Debian Sid AMD64, Raspbian Wheezy, various VMs
Posts: 7,680
|
Unless you keep the secret formula to Coca-Cola on your hard drive then just one pass of zeros is enough. To get back that data somebody would have to take apart the drive and use specialist equipment to recover the data so I doubt it's worth doing that on the off chance they can hijack your Amazon account through retained cookies.
|
|
|
01-18-2014, 06:23 PM
|
#6
|
Senior Member
Registered: Dec 2013
Distribution: Slackware
Posts: 1,982
|
Quote:
Originally Posted by Soderlund
Some say that zero-filling once is enough. Others say that you need several passes of random data. I only know that writing with dd from /dev/zero is significantly faster than /dev/urandom. I did that on an old harddrive -- the random data fill would've taken several hours, but a zero-fill finished in about 20 minutes.
|
Try:
http://wipe.sourceforge.net/
Certainly, physically destroying the disk with a sledgehammer will NOT clear the data, it will just make it harder to piece together. If you wanted to physically wipe the disk, use a large and powerful magnet. Such a magnet can be found inside the HDD itself as part of the arm movement mechanism. Be careful with it tho, it can crush your fingers and hurts a lot when it does. The HDD writing heads are razor sharp and can easily cut you. How do I know ? From experience 
|
|
|
01-18-2014, 06:26 PM
|
#7
|
Senior Member
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth&Mars (I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that work on freest-HW; has been KDE, CLI, Novena-SBC but open.. http://goo.gl/NqgqJx &c ;-)
Posts: 4,888
|
. ... .) . ,
... (', ( .
...) , ) ..;(
.^^^^^^^^^
Fire t !
Last edited by jamison20000e; 01-18-2014 at 08:35 PM.
Reason: Weekend! :) Sick of violin practise...
|
|
|
01-18-2014, 10:26 PM
|
#8
|
Member
Registered: Jun 2007
Location: 1 AU from a G2V star
Distribution: PCLinuxOS LXDE / Android
Posts: 248
|
Quote:
Originally Posted by 273
Unless you keep the secret formula to Coca-Cola on your hard drive then just one pass of zeros is enough. To get back that data somebody would have to take apart the drive and use specialist equipment to recover the data so I doubt it's worth doing that on the off chance they can hijack your Amazon account through retained cookies.
|
IIRC, involves electron microscopes, a lot of time plus a big chunk of money.
|
|
|
01-18-2014, 11:08 PM
|
#9
|
Senior Member
Registered: Nov 2005
Location: ...uncanny valley... infinity\1975; (randomly born:) Milwaukee, WI, US( + travel,) Earth&Mars (I wish,) END BORDER$!◣◢┌∩┐ Fe26-E,e...
Distribution: any GPL that work on freest-HW; has been KDE, CLI, Novena-SBC but open.. http://goo.gl/NqgqJx &c ;-)
Posts: 4,888
|
You may be shocked at the data I've seen left on second hand PCs from thrift stores and wherever before I wipe to revamp and sell or give with Linux, not to mention some truth-or-dare on a $ony handy cam from a ritzy neighborhoods rummage once ouh là là.  There are some* banking on data but (I imagine) only if it's worth their time and effort? http://www.bullguard.com/bullguard-s...martphone.aspx
|
|
|
01-20-2014, 12:37 AM
|
#10
|
Member
Registered: Apr 2013
Location: Massachusetts
Distribution: Debian
Posts: 529
|
Quote:
Originally Posted by old salt
I used Tomsrtbt to run "badblocks" with the read/write option...
|
Hey, that sounds like a great idea. I have always used dd with if=/dev/urandom to wipe old drives, but that is rather slow. Writing patterns with badblocks should be fast and should provide a thorough wipe much like dd. I will try it next time.
To answer your questions:
Quote:
1. Can I assume that All Files have been permanently removed from the hard drive?
|
With the right badblocks command line, that should be a safe assumption.
Quote:
2. Is there a way to check that there are no readable files left on the drive?
|
If you write zeroes on the last pass, you can use the following command line:
Code:
dd if=/dev/sda | hexdump -C
If the device contains nothing but zeroes, you will get a short output like the following:
Code:
00000000 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 |................|
*
16777216+0 records in
16777216+0 records out
8589934592 bytes (8.6 GB) copied, 108.452 s, 79.2 MB/s
200000000
(The above output was generated with a 8GB file, not a hard drive device, just to test the command line.)
Quote:
3. If I use Tomsrtbt to establish a new hard drive partition table and create an "ext2" file system,
will this further insure that none of the previous Dos files are salvageable?
|
Probably not. I think partitioning does not overwrite the file space. Any data still existing there would be readable.
|
|
|
01-20-2014, 05:13 PM
|
#11
|
LQ Newbie
Registered: Jan 2014
Distribution: Slackware 13
Posts: 14
Rep: 
|
It is also a good idea to run cryptsetup after dding a hard drive for an extra layer of protection. Since you will not use the HDD anymore, use a long complex passphrase as possible.
|
|
1 members found this post helpful.
|
01-20-2014, 05:41 PM
|
#12
|
Moderator
Registered: Dec 2009
Location: Germany
Distribution: Whatever fits the task best
Posts: 17,148
|
To make it short: Neither using badblocks nor dd nor DBAN can by definition reliably delete or overwrite all existing data on the disk. If the disk has reallocated sectors it may be possible that those still contain readable data, but they are not affected at all by any of the mentioned methods for overwriting data. So theoretically there can still be readable data, though practically chances that the data is still readable (sectors get reallocated for a reason) and if so contains anything of value is really really small.
I myself prefer just a single overwrite with zeroes, good enough for me and unrecoverable without technical expertise, specialized equipment and a good bunch of money.
|
|
1 members found this post helpful.
|
01-20-2014, 06:02 PM
|
#13
|
Senior Member
Registered: Dec 2013
Distribution: Slackware
Posts: 1,982
|
Here's something to think about. Many disk wiping utilities use the Mersenne-Twister algorithm to wipe the disk (wipe, dban, and others). However, MT is NOT a cryptographic PRNG. This means that if you have the technology to undo writing to the HDD, then wiping with MT is no better than zeroing the drive. You can easily predict the state of the MT PRNG and know what bits were written, and then be able to undo them.
The only way to prevent this is to use a cryptographic PRNG. There is actually a crypto MT developed by the same authors:
https://en.wikipedia.org/wiki/CryptMT
|
|
1 members found this post helpful.
|
All times are GMT -5. The time now is 02:59 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|