Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
 |
|
09-16-2005, 11:25 AM
|
#1
|
Member
Registered: Aug 2003
Location: Mocksville, NC, USA
Distribution: Gentoo, Slackware.
Posts: 410
Rep:
|
Need a Hard Drive Scrubber
Hi,
I was wondering if there was a good application out there for linux that would allow me to "scrub" my hard drive, or specifically a partition. Meaning, perminatly remove all evidence of deleted files on a filesystem so they couldn't be accessed later via forensics or file recovery software. Possible partitions I would use this on include Ext2fs, Ext3fs, and ReiserFS.
Thanks,
Marshall
|
|
|
09-16-2005, 11:32 AM
|
#2
|
LQ Guru
Registered: Feb 2003
Location: Virginia, USA
Distribution: Debian 12
Posts: 8,391
|
"I was wondering if there was a good application out there for linux that would allow me to "scrub" my hard drive, or specifically a partition. Meaning, perminatly remove all evidence of deleted files on a filesystem so they couldn't be accessed later via forensics or file recovery software. Possible partitions I would use this on include Ext2fs, Ext3fs, and ReiserFS."
Whenever I hear the police pounding up the steps I reach for dban.
http://dban.sourceforge.net/
-------------------------------
Steve Stites
|
|
|
09-17-2005, 03:17 AM
|
#3
|
Senior Member
Registered: Jan 2003
Location: Devon, UK
Distribution: Debian Etc/kernel 2.6.18-4K7
Posts: 2,380
Rep:
|
Simple solution is write zeros to the drive e.g.;
dd if=/dev/zero of=/dev/hdaX
|
|
|
09-17-2005, 09:54 AM
|
#4
|
Member
Registered: Apr 2002
Posts: 498
Rep:
|
Quote:
Originally posted by TigerOC
Simple solution is write zeros to the drive e.g.;
dd if=/dev/zero of=/dev/hdaX
|
I was going to suggest the same thing. 
|
|
|
09-17-2005, 10:33 AM
|
#5
|
Member
Registered: Sep 2002
Posts: 310
Rep: 
|
1. DBAN is my wipe utility of choice.
2. Better than zeros is random. dd if=/dev/urandom of=/dev/hdaN
3. Consider other applications (eg: THC Secure Delete)
4. Check previous threads in the forum (eg: advice on secure delete tools)
|
|
|
09-17-2005, 10:48 AM
|
#6
|
Member
Registered: Mar 2004
Location: Watching it snow in bush Alaska
Distribution: *ubuntu, Smoothwall, WinXP Pro
Posts: 126
Rep:
|
Also, there is KillDisk. It's floppy based and has the potential to wipe your hard drive to DoD standards. It has a free version. Google for it. I've used it and it's not bad.
|
|
|
09-17-2005, 09:16 PM
|
#7
|
Member
Registered: Apr 2002
Posts: 498
Rep:
|
Quote:
Originally posted by GNUbie
2. Better than zeros is random. dd if=/dev/urandom of=/dev/hdaN
|
I was going to suggest that also, but than I started wondering if there would be enough entropy generated by the kernel to fill an entire partition. Anyone have experience wiping a disk wtih /dev/random or /dev/urandom?
|
|
|
09-18-2005, 12:49 PM
|
#8
|
LQ Newbie
Registered: Feb 2004
Location: Milwaukee
Distribution: Slackware 10.2, FreeBSD 5.4, LFS 6.1
Posts: 16
Rep:
|
Quote:
I was going to suggest that also, but than I started wondering if there would be enough entropy generated by the kernel to fill an entire partition. Anyone have experience wiping a disk wtih /dev/random or /dev/urandom?
|
The method I most commonly use when completely erasing a drive is the following:
Code:
cat /dev/urandom > /dev/hdX;cat /dev/urandom > /dev/hdX;cat /dev/zero > /dev/hdX
Running urandom over a drive twice removes just about any possibility of any data being recovered via software or hardware, and you could even run it a third time if you're extremely paranoid. I like to throw on the /dev/zero at the end just to have a nice clean drive when I go to put something else on it.. not to mention it's nice to cat /dev/hdX and see nothing just to be sure.
Be sure to boot with a kernel using a driver for your drive's interface, as this process isn't quick as it is; using a generic driver at half the speed won't make your life any easier.
Good luck!
|
|
|
09-18-2005, 12:55 PM
|
#9
|
Senior Member
Registered: Jul 2005
Distribution: Slackware
Posts: 1,280
Rep:
|
Just to add to the zero and random methods, I read before that it should be done with multiple passes - 3 to 5.
If you're disposing the drive there's always the sledgehammer method. 
|
|
|
09-24-2005, 03:23 PM
|
#10
|
Member
Registered: Mar 2004
Distribution: SUSE8.2, 9.2, Knoppix
Posts: 323
Rep:
|
After reading this great info about wiping data, what data recovery methods would you recommend?
|
|
|
10-06-2005, 02:28 PM
|
#12
|
Member
Registered: Oct 2003
Location: King George, VA
Distribution: RHEL/CentOS/Scientific/Fedora, LinuxMint
Posts: 370
Rep:
|
Quote:
Originally posted by GNUbie
1. DBAN is my wipe utility of choice.
2. Better than zeros is random. dd if=/dev/urandom of=/dev/hdaN
3. Consider other applications (eg: THC Secure Delete)
4. Check previous threads in the forum (eg: advice on secure delete tools)
|
You said it man DBAN!
|
|
|
01-12-2006, 02:05 PM
|
#13
|
LQ Newbie
Registered: Jan 2006
Posts: 2
Rep:
|
I have a firewire drive with 2 partitions on it. let's say I only want to wipe 1 partition
will
dd if=/dev/urandom of=/dev/disk2s5
do the trick?(/dev/disk2s5 is the partition I want to wipe). Will it write random data inside the partition or will it overwrite the entire partition with random data
Is it a problem if bs and conv=notrunc are NOT specified?
It's actually an HFS+ partition(OS X journaled) but I don't htink that makes a big difference
thanks
Last edited by penguinsRgreat; 01-12-2006 at 02:07 PM.
|
|
|
01-13-2006, 11:15 AM
|
#14
|
LQ Guru
Registered: Jan 2006
Location: Ireland
Distribution: Slackware, Slarm64 & Android
Posts: 17,704
|
Have you tried "man shred" ? Part of coreutils, and made for what you are doing.
|
|
|
01-13-2006, 12:36 PM
|
#15
|
LQ Guru
Registered: Jul 2003
Location: Los Angeles
Distribution: Ubuntu
Posts: 9,870
|
yup... penguinsRgreat, your shred could look kinda like this:
Code:
shred -n 3 -z -v /dev/disk2s5
"-n 3" makes it overwrite the partition with random data three times... "-z" makes it zero the drive after it's done...
http://www.die.net/doc/linux/man/man1/shred.1.html
the filesystem is not relevant, it will be blown-away regardless...
keep in mind that if you were talking about overwriting files only, then you really need to consider which filesystem the file resides on, cuz it won't work properly on journalized filesystems, etc...
Last edited by win32sux; 01-13-2006 at 12:37 PM.
|
|
|
All times are GMT -5. The time now is 09:57 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|