Hard drive sanitisation - A homebrew approach
I often get asked the questions "Why should I securely erase my disk", "What is the best way to securely erase a disk?" and "What to use to ensure that a disk has been sanitised?". In this article I discus these options, but first a little reminder why at some stage everyone needs to securely erase data.
Part 1 — Overview
Why should I securely erase my disk?
At some stage, everyone needs to securely erase data at some point—even on a home laptop, Desktop or even on a Mac. After all, securely erasing your data ensures your personal and private information does not end up being found and abused by someone else.
So, when should you erase data from your machine? A few common scenarios that warrant a secure wipe of your drive include:
- Your laptop, desktop or server is sold or donated
- A hard drive is replaced as part of an upgrade
- The system is not yours and needs to be handed over (a loaner or belongs to your company)
- The hard drive is being trashed
What if I have nothing to hide?
I've had plenty of people who say, "It's ok, I have nothing to hide," But how much would you bet that almost everyone who says these things also have a front door on their home, locked when they're sleeping, and curtains covering their windows for privacy, as well as passwords protecting their email accounts to keep others out? Odds are everyone does these things.
Nothing to hide, huh?
Whether it's your friendly neighbourhood law enforcement agency, a burglar or dumpster diver who rummages through your rubbish bin for old hard drives with the intention of extracting data, we can rest assured (or not so much) that there are people out there who are after your data. Targeted or by accident, if a nefarious individual gets their hands on your data, you can very well end up in trouble.
Why would hackers target the data on your personal computer?
In all of the above mentioned scenarios that warrant a secure wipe of your drive, your data is leaving your possession, so making sure it is properly deleted is paramount. Whether your system is used to store school work, projects at work, personal files or just used for browsing the web, information from that system is valuable to someone other than you. Some of the things that can happen if data recovered from your old system or hard drive can be devastating, including:
- Identity theft
- Employment-related fraud
- Loan/Credit card fraud
- Phone or utilities fraud
- Tax fraud
- Get hacked
Your browser history, auto-saved names and passwords in your browser, email contents, sensitive documents, like tax returns, are all very valuable to someone who knows how to use it against you. Also think of photos, videos, chats and again email contents that may include sensitive and personal content that can be used to blackmail you or destroy your reputation.
Of course, you can keep every hard drive and flash drive you've ever owned to reduce the chances of the above happening, but after a while this method starts taking up a lot of space. So the next best thing is to securely erase them.
Part 2 — Using system utilities
Here I cover the options available for various operating systems.
Both of these methods have been tested on an Ultra-10 running Solaris 8 and an Ultra-20 running Solaris 10 with good results.
- Using the
ddcommand This is my preferred method on an Solaris system:
# dd if=/dev/urandom of=/dev/rdsk/c#t#d#s2 bs=10kThis will ensure that random (not completely random, but good enough) data is written to the devices RAW geometry. Thus removing all traces of previous data on the disk1
- Using the
formatcommand Although we could use the
purgesub-command from within the Solaris
# format ... format> analyze ANALYZE MENU: read - read only test (doesn't harm SunOS) refresh - read then write (doesn't harm data) test - pattern testing (doesn't harm data) write - write then read (corrupts data) compare - write, read, compare (corrupts data) purge - write, read, write (corrupts data) verify - write entire disk, then verify (corrupts data) print - display data buffer setup - set analysis parameters config - show analysis parameters quit analyze> purge ... analyze> quit format> quit
purgewrites three distinct patterns over the disk (0xaa, 0x55 and 0xaa again). If the verification passes, a hex-bit pattern (0x40) is then written over the disk.
NOTE: The above procedure complies with DoD wipe disk standard 5220-22-M
For HP-UX based systems, it is recommended to use the raw device for improved speed and the input from
/dev/urandom does not exist at the time of writing).
- Firstly, verify that
/dev/zerospecial file exists:
# ll /dev/null crw-rw-rw- 1 bin sys 3 0x000004 Oct 10 20:26 /dev/zeroIf the device is not available, use the
mknodto create it.
# mknod /dev/zero c 3 0x000004 # chown root:sys /dev/zero
- Use the
ddto fill the target device:
- HP-UX 1.11 / 11.23
# dd if=/dev/zero of=/dev/rdsk/c#t#d#
- HP-UX 11.31
# dd if=/dev/zero of=/dev/rdisk/disk#
- HP-UX 1.11 / 11.23
Macintosh Hard Drives
- Pre OSX
- Boot the system from the Mac OS CD.
- Run the Drive Setup Utility under the Utilities folder on your Mac OS CD.
- Start by selecting the hard drive you wish to low-level format.
- Under the Function menu, select Initialization Options.
- Select Low Level Format (a check mark will appear) and click OK.
- Click Initialize at the bottom of the main screen.
- Again click Initialize.
- OSX based systems
- Boot the system from the OSX Installation CD or DVD.
- From the Utilities menu at the top, choose Disc Utility.
- Then select the hard-disk you wish to sanitize.
- Under the Erase Tab, there is a Security Options section.
- For most sanitation purposes the Zero-Out Option is satisfactory.
- For sensitive information, I recommend using the 7-Pass Erase Option to ensure the data is rendered completely unrecoverable.
- Click OK then click Erase.
Linux based systems
shredShred was originally designed to delete file securely. Firstly, overwriting it to hide its contents. However, the same command can be used to erase hard disk. For example, if your hard drive named as
/dev/sda, then type the following command:
# shred -n 5 -vz /dev/sda shred: /dev/sda2: pass 1/6 (249249)... shred: /dev/sda2: pass 2/6 (db6db6)... shred: /dev/sda2: pass 3/6 (random)... shred: /dev/sda2: pass 4/6 (aaaaaa)... shred: /dev/sda2: pass 5/6 (6db6db)... shred: /dev/sda2: pass 6/6 (000000)...
-n 5— overwrite 5 times (default 25 times)
-v— show progress
-z— add a final overwrite with zeros to hide shredding
- Using the
scrubcommand This utility overrides hard disks with repeating pattens intended to make recovering data more difficult. For example, to scrub a raw device /dev/sdf1 with the default NNSA pattern, use:
# scrub -p dod /dev/sdf1 scrub: using DoD 5220.22-M patterns scrub: please verify that device size below is correct! scrub: scrubbing /dev/sdf1 1995650048 bytes (~1GB) scrub: random |................................................| scrub: random |................................................| scrub: 0x00 |................................................| scrub: verify |................................................|Other scrub patterns are available with the
-poption, review the
- Using the
ddcommand Like the Solaris example above, we can use the
ddcommand to securely wipe a disk. For example, to erase 1TB drive on
/dev/sdc, use the following:
# dd if=/dev/urandom of=/dev/sdc bs=4M 256+0 records in 256+0 records out 1073741824 bytes (1.1 GB) copied, 20.3907 s, 52.7 MB/s
Part 3 — The physical approach
What if the drive is not accessible?
For drives that are not accessible, there is only one option to ensure the data is unrecoverable: Smash it to bits.
Physical destruction can be used in the following instances:
- When computers or hard drives are inoperable.
- When data tapes such as DDS (Digital Data Storage), DLT (Digital Linear Tape), DAT (Digital Audio Tape), or DC (Data Cartridge) cannot be overwritten through reformatting or initialization.
A short destruction process
- Remove the hard drive, tape, or cartridge from the computer or storage unit.
- Get on all your safety equipment, Hard-Hat, Safety Glasses, and Gloves. Place the device flat or on its side and strike it with a heavy hammer until it is crushed.
NOTE: Pay particular attention to damaging the platters inside the hard drives where data is magnetically recorded. This type of damage will normally discourage the average person from attempting to recover any data.
1 As the drives controller maintains the bad sector tracking, any data written into bad sectors previously may still be there though the quality of this data would be questionable otherwise the sector would never have been marked bad in the first place.