Hi,
I was wondering if there was a good application out there for linux that would allow me to "scrub" my hard drive, or specifically a partition. Meaning, perminatly remove all evidence of deleted files on a filesystem so they couldn't be accessed later via forensics or file recovery software. Possible partitions I would use this on include Ext2fs, Ext3fs, and ReiserFS.

Thanks,
Marshall

"I was wondering if there was a good application out there for linux that would allow me to "scrub" my hard drive, or specifically a partition. Meaning, perminatly remove all evidence of deleted files on a filesystem so they couldn't be accessed later via forensics or file recovery software. Possible partitions I would use this on include Ext2fs, Ext3fs, and ReiserFS."

Whenever I hear the police pounding up the steps I reach for dban.

http://dban.sourceforge.net/

-------------------------------
Steve Stites

Simple solution is write zeros to the drive e.g.;

dd if=/dev/zero of=/dev/hdaX

I was going to suggest the same thing.

1. DBAN is my wipe utility of choice.
2. Better than zeros is random. dd if=/dev/urandom of=/dev/hdaN
3. Consider other applications (eg: THC Secure Delete)
4. Check previous threads in the forum (eg: advice on secure delete tools)

Also, there is KillDisk. It's floppy based and has the potential to wipe your hard drive to DoD standards. It has a free version. Google for it. I've used it and it's not bad.

I was going to suggest that also, but than I started wondering if there would be enough entropy generated by the kernel to fill an entire partition. Anyone have experience wiping a disk wtih /dev/random or /dev/urandom?

The method I most commonly use when completely erasing a drive is the following:
Running urandom over a drive twice removes just about any possibility of any data being recovered via software or hardware, and you could even run it a third time if you're extremely paranoid. I like to throw on the /dev/zero at the end just to have a nice clean drive when I go to put something else on it.. not to mention it's nice to cat /dev/hdX and see nothing just to be sure.

Be sure to boot with a kernel using a driver for your drive's interface, as this process isn't quick as it is; using a generic driver at half the speed won't make your life any easier.

Good luck!

Just to add to the zero and random methods, I read before that it should be done with multiple passes - 3 to 5.

If you're disposing the drive there's always the sledgehammer method.

After reading this great info about wiping data, what data recovery methods would you recommend?

When I need to erase the contents of a hard drive quickly and forever I start by opening it up and proceeding to

http://www.bbspot.com/Images/News_Fe...ing_hammer.jpg

Then I move on and proceed to dispose of the remains.

http://www.chem.psu.edu/ncs/Hallowee...3/Thermite.jpg

You said it man DBAN!

I have a firewire drive with 2 partitions on it. let's say I only want to wipe 1 partition

will

dd if=/dev/urandom of=/dev/disk2s5

do the trick?(/dev/disk2s5 is the partition I want to wipe). Will it write random data inside the partition or will it overwrite the entire partition with random data

Is it a problem if bs and conv=notrunc are NOT specified?

It's actually an HFS+ partition(OS X journaled) but I don't htink that makes a big difference


thanks

Have you tried "man shred" ? Part of coreutils, and made for what you are doing.

yup... penguinsRgreat, your shred could look kinda like this:"-n 3" makes it overwrite the partition with random data three times... "-z" makes it zero the drive after it's done...

http://www.die.net/doc/linux/man/man1/shred.1.html

the filesystem is not relevant, it will be blown-away regardless...

keep in mind that if you were talking about overwriting files only, then you really need to consider which filesystem the file resides on, cuz it won't work properly on journalized filesystems, etc...