There are many disk wiping methods such as:
- U.S. Department of Defense (Short and 5220-22.M),
- Pseudo-Random Number Generation.
Plus, there are many filesystems in use, such as:
And, there are many disk types:
- internal hard disks (IDE, SCSI)
- external hard disks (USB, Firewire, eSATA)
- USB thumb drives.
With all this variety, we need to know which disk erasing method is applicable under what conditions.
Throughout the article we will go through the following secure erasing (or wiping in computer terminology) methods:
- Wiping one file, or set of files
- Wiping entire drive with shred command
- Wiping entire drive with dd command
- Wiping entire drive with Darik’s Boot and Nuke (DBAN)
Please note that the files/drives wiped are irrecoverable. Therefore, please make sure that you know what you doing and make sure that your important information is backed up before proceeding. Even with the most expensive equipment, with the help of professional services you will not be able to retrieve your data. Also, your computer’s power should not be interrupted during the process. If it is, there is a possibility the disk will be destroyed completely.
Wiping One File or Set of Files
Although wipe command is available, we will go with the srm (secure remove) command. This command is issued from the root terminal, with the syntax srm file. If you want to delete file.odt, then you simply issue the command as srm file.odt. If you want to execute the command for a set of files -say jpg files-, then you can use a wildcard: srm *.jpg.
You can download srm from your distribution’s package manager. If it is not available in the repositories, you can check the srm website.
Wiping Entire Drive with shred Command
The shred command cannot wipe data in journaled filesystems such as ext3, ext4, ReiserFS, XFS, JFS etc. It is better to use the command with the non-Linux (or better, non-*NIX type -Solaris, UNIX, BSD etc.) filesystems, such as FAT and NTFS.
Arromeo has written an extensive article about shred, I suggest you to read it if you believe shred will serve your purpose.
Wiping Entire Drive with dd Command
You cannot use the dd command to wipe a hard disk that is currently booted and running. Instead, you will need a bootable Linux distribution, such as Knoppix.
Boot your system to the Knoppix disk by choosing “Boot to CD ROM” during the boot process. Open up a root terminal and issue the following command:
dd if=/dev/zero of=/dev/sda bs=1M
Replace the /dev/sda with the proper mount point of your hard disk.
This will fill the hard disk (sda) with zeros (from /dev/zero), overwriting all the data with blocks of 1 MB in size.
With this method, it is theoretically possible to retrieve data with forensic investigation. If you want even more security, you can fill your hard disk with random numbers. This process takes longer than the zero method, but the data cannot be recovered by any method. Again, assuming that /dev/sda is the hard disk you want to wipe, the command is as follows:
dd if=/dev/urandom of=/dev/sda bs=1M
Wiping Entire Drive with Darik’s Boot and Nuke (DBAN)
Darik’s Boot and Nuke (DBAN) is a bootable Linux distribution which wipes your disk with U.S. Department of Defense or Gutmann methods. The developers do not certify the wiping process, so this method should not be used in corporate environments where certification is required. However for home users it is, in my opinion, the best and the safest method for wiping data from a disk.
Ryan Tetzlaff has an extensive article about DBAN, I definitely suggest you to take a look at it.
As with the increase in identity theft and issues regarding second-hand storage media, it has become a necessity to wipe a drive clean before selling it. By using the methods above, you can be sure that your data cannot be recovered easily, if at all.