DIY

DIY: Destroy data on drives via a Linux live distro

Jack Wallen answers some TechRepublic members' questions about how to destroy data on a drive without destroying the drive.

There are times when you need to destroy data on a drive but not destroy the drive itself. I've been asked a couple of times about the best way to do this, and the answer to this question is pretty simple.

You want to make use of a Linux live distribution like Puppy Linux. Booting that live distribution will allow you to use the included tools on the drive without having to bother with mounting/unmounting the drive. Once you have booted into Puppy Linux on that machine, you want to make use of the shred command; this command will permanently and completely delete the data from the drive. Here's how you do it:

  1. Find out the drive letter (such as /dev/hda) to be shredded.
  2. Open a terminal window in Puppy Linux.
  3. Issue the command shred -vfz -n 100 /dev/hda. The command will:
    • use the n option and do 100 passes.
    • use the z option to overwite data with zeros.
    • use the f option as a force (when admin permissions are necessary).
    • use the v option for verbose mode.
  4. Once this is complete, you can then use a tool like gparted to format that drive to further ensure the data is removed.

After these tasks are complete, you will have a drive that will be an amazing challenge to extract data from -- if it is even possible at all.

Ask Jack: If you have a DIY question, email it to me, and I'll do my best to answer it. (Read guidelines about submitting DIY questions.)

About

Jack Wallen is an award-winning writer for TechRepublic and Linux.com. He’s an avid promoter of open source and the voice of The Android Expert. For more news about Jack Wallen, visit his website getjackd.net.

13 comments
lshanahan
lshanahan

Believe me, there are government researches who *routinely* recover data from drives that have been wiped, smashed, shredded, etc. HAL9000 makes an excellent point. That said, I remember seeing an article (think it was on ExtremeTech) about these guys who basically built a backyard smelter to destroy their drives. For most purposes (business or personal) however, I find DBAN more than sufficient.

rbees
rbees

From http://www.linuxquestions.org/questions/linux-newbie-8/learn-the-dd-command-362506/ /quote If you're concerned about spies taking the platters out of your hard drive, and scanning them using superconducting quantum-interference detectors, you can always add a "for" loop for US Government DoD approved secure hard disk erasure. Copy and paste the following two lines into a text editor. Code: #!/bin/bash for n in `seq 7`; do dd if=/dev/urandom of=/dev/sda bs=8b conv=notrunc; done Save the file as anti_scqid. Code: chmod +x anti_swqid Don't run the program until you want to wipe the drive. /end quote I have yet to see any data be recoverable after just one pass. Of coarse I would by no means call my self a data recovery expert. The process is not fast at all and can be quite time consuming but.... The drive also has to be repartitioned and formated because there is nothing left to find.

RF7000
RF7000

http://linux.die.net/man/1/shred In the case of ext3 file systems, the above disclaimer applies (and shred is thus of limited effectiveness) only in data=journal mode, which journals file data in addition to just metadata. In both the data=ordered (default) and data=writeback modes, shred works as usual. Ext3 journaling modes can be changed by adding the data=something option to the mount options for a particular file system in the /etc/fstab file, as documented in the mount man page (man mount).

HAL 9000
HAL 9000

[i]After these tasks are complete, you will have a drive that will be an amazing challenge to extract data from if it is even possible at all.[/i] This process will only work to destroy data at the drive level. If you want to enough it's possible to remove the Platters and recover everything that has been written to the drives. I've seen this done after Shred has been used on the drives in an attempt to Stop Federal Authorities from deriving Evidence of the use of a computer by someone who really liked young kids. The above method is good enough for Nonsecure Computers but you really need to destroy the drive if the system came from a secure location. I remember one Government Agency here who sold off quite a few decommissioned systems all of which didn't come from a Secure Location and there was no need to do any Data Destruction on them till they realized that they had the equivalent of State Governess E Mail Addresses on them Of course this was after they had been sold so there was nothing that could be done to stop the new owners using whatever data they recovered. The Government Agency here now destroys all HDD no matter where they came from as it's the only way to be sure that nothing sensitive is escaping no matter where the systems came from. ;) Col

Neon Samurai
Neon Samurai

I've had to decomission servers remotely once or twice. 1. delete all non-system user/company data with srm 2. wipe free space to be sure (with applicable tool) 3. wipe swap and memory (with applicable tool) 4. srm the drive to kill the rest of the system Mind you, my preference remains the DBan boot disk when not limited to remote access.

seanferd
seanferd

Aren't we a bunch of buzz killers.

wizard57m-cnet
wizard57m-cnet

You just blew Jack's entire Linux live CD routine out of the water!

CharlieSpencer
CharlieSpencer

I was wondering how this compared to Dban ('Darik's Boot and Nuke', for those who don't know). I don't have reason to do remote destruction.

HAL 9000
HAL 9000

But then I've had to go around and clean up the Mess of a couple of Government Departments over the years. I'll never forget having one Government Barrister wanting to treat me as a Hostile Witness one day and then 3 days latter I was his Expert Witness in another case. Both cases related to the 1 ex-government computer that had been sold and data recovered from it. ;) Probably not the position you want to be in if you have any brains I would say. :D Col

dave808_uk
dave808_uk

I use this two or three times a week, As i work in computer reuse/recycle area.The program fits on a floppy and can erase most modern PATA/SATA drives in a fraction of the time of say killdisk etc. I did an experiment a few years ago where i had two 40Gb drives one was erased using killdisk and the other was erased by using hdderase, I then used easus pro recovery on both drives and got some data off the killdisk drive but nothing off the hdderase. hdderase development was funded by the NSA. As far as the DoD standard with modern high density disks that have to be shredded so that each piece has the maximum of 256KB of data per piece is kind of redundant in this day and age as we are talking about a piece a tenth of a millimeter square as opposed to a piece several square millimeters. DoD is an old standard which should be renewed or dropped entirely from secure data erasure.