Linux tools to wipe out a hard drive
 

Hi guys!

Here is the thing:

There's confidential information in a client's system that could lead to major problems if this should fall into the wrong hands.

I have to make sure the data contained in this hard drive is completely cleaned, and that NO ONE in the world could ever recover it, even forensically. :)

Would you know about:

• A (ideally) light Linux tool used to wipe the data from a device (well, ok... could be Windows based as well);

• One secure method to certify it was correctly wiped.

I can do the wipe using EnCase software from Guidance Software, but I find it very time consuming for this task.

Thanks a lot!
sl33p

here's a light way to do it.
dd if=/tmp/0 of=/dev/sda1 bs=1
dd if=/tmp/1 of=/dev/sda1 bs=1
dd if=/tmp/2 of=/dev/sda1 bs=1

/tmp/0 has 1 byte that is 0
/tmp/1 has 1 byte that is 1
/tmp/2 has 1 byte that is 2

by writing all of the drive with 3 bytes, you make forensics have to go back 4 versions to find data. If you need more than that, just magnetize the drive.

dd

dban

SimplyOr, if you believe the probably mythical idea that HDD secondary level residual magnetism is strong enough to allow significant data to be extracted after new values have been written, run this a few times.
Either way a blocksize of 1 will take a very long time; the default 512 blocksize is not a bad choice.

EDIT: if it's the whole HDD you need to wipe rather than the first partition change /dev/sda1 to /dev/sda in the above suggestions. "sda" is, of course (!) just an example.

The absolutely 100% sure method would be to take the disk apart and grind/shred up the platters.

DBAN is a commonly used tool for sanitizing hard drives and is approved by many government agencies for clearing sensitive data. If it's good enough for them, it's probably good enough for you. However, as others mentioned, the only way to guarantee that no one can retrieve data is to physically destroy the drives.

If you want maximum confidence that the data is unrecoverable even with electron microscopes (I don't think any lab exists that has successfully used this technology for this purpose with any degree of accuracy), use DBAN (like many above say).

If you don't plan on keeping the HDD, then simply use thermite:
http://en.wikipedia.org/wiki/Aluminothermic_reaction

You can also use a powerful magnet and rub it on the platters ... or a sledgehammer, or explosives, or corrosives, or many things...

In the real world you can just use 'dd if=/dev/zero of=/dev/sda'.

I don't know about DBan, but one tool I love for this task is 'shred'
which can be used like this:
The cool thing about 'shred' is it is included in base Slax (www.slax.com) which means you can boot from CD-Rom or USB key and erase the drive very easily (and since you can boot in 'copy to RAM' using Slax, quite fast too).

Hope this helps.
Regards,
Vhann

We are required to use BCWipe.
BCWipe

even the feds claim they cant recover shreded HDD's.
Oh wow apparently the same is true for BCWipe. Learn something new every day.

The choice for using Encase, DBAN or BCWipe and 'dd' is founded in the regulations you've got to adhere to (we used DBAN but I could have opted for Encase as well). Encase, Dban and BCWipe are all good if used with the right options. The difference with GNU/Linux vs mcrsft software, generally speaking, is that it exercises your HW more directly meaning better performance.


Those with practical experience will appreciate one step that's almost always forgotten: performing a post-ops check. You can wipe all you will but unless you've verified results you shouldn't (procedurally be able to) sign off on it.

I use my good ole friend Mr. Crowbar.

A few hits (full swings) with him and the drive is no good.

Make sure you hit it hard enough so it damages the platters, and I do a few hits on each side.

I know someone mentioned sledgehammer, but that gets a little heavy after a while, especially if you are trying to damage the drive in multiple places and doing several drives at once. I find the crowbar is the perfect weight.