Difference between revisions of "Securely wipe disk"

From ArchWiki
Jump to: navigation, search
m (Overwriting: sp. 'conformation' to 'confirmation'.)
Line 18: Line 18:
 
   
 
   
 
=== Overwriting ===
 
=== Overwriting ===
{{warning| There is no conformation regarding the sanity of this command so TRIPLE CHECK that you have selected the correct drive partition or drive!}}
+
{{warning| There is no confirmation regarding the sanity of this command so TRIPLE CHECK that you have selected the correct drive partition or drive!}}
  
 
Now that the target is selected, issue the following to overwrite the entire partition/drive with zeros:
 
Now that the target is selected, issue the following to overwrite the entire partition/drive with zeros:

Revision as of 10:38, 17 June 2011

There are a variety of software titles out there that one can use to securely wipe a disk partition (or an entire disk). Utils such as shred for example. One can also use dd to accomplish the same task. An enhanced version of dd is available from [extra] called dcfldd which accepts most of dd's parameters and includes status output.

# pacman -S dcfldd

Wiping HDDs

Selecting a Target Drive/Partition

One can use fdisk to locate all read/write devices on the target system. Theoretically, this will include USB drives (thumb and HDD) provided that the user can access the devices from the O/S. To list them, enter the following:

# fdisk -l

Inspect the output looking for lines that start with devices such as /dev/sda or /dev/hda (ide drives). On my system, my USB thumb drive comes up as /dev/sdc as shown:

Disk /dev/sdc: 4063 MB, 4063232000 bytes
125 heads, 62 sectors/track, 1024 cylinders
Units = cylinders of 7750 * 512 = 3968000 bytes
Disk identifier: 0x00000000

In my case, I want to totally fill my thumb drive with zeros so I will be targeting the /dev/sdc as shown above. If interested is a specific HDD partition, make note of the correct location from the fdisk -l output. For example, /dev/sda1 or /dev/sdb5 etc.

Overwriting

Warning: There is no confirmation regarding the sanity of this command so TRIPLE CHECK that you have selected the correct drive partition or drive!

Now that the target is selected, issue the following to overwrite the entire partition/drive with zeros:

# dcfldd if=/dev/zero of=/dev/sdc bs=1M

with random data:

# dcfldd if=/dev/urandom of=/dev/sdc bs=1M
Tip: Make sure to specify a blocksize (bs). I have always used 1M but others have reported that using a bs of 4M is effective as well. If you do not, the default is a very small number and it will take MUCH longer to overwrite the device.

Progress Checking (only needed if using dd rather than that you

Note: This is only needed if using dd; dcfldd outputs progress by default.

By default, there is no output of dd until the task has finished. One can force some output simply by opening up a 2nd root terminal and issuing the following command:

# kill -USR1 <PID_OF_dd_COMMAND>

For example:

# kill -USR1 $(pidof dd)

This causes the terminal in which dd is running to output the progress at the time you ran the command. Example:

605+0 records in
605+0 records out
634388480 bytes (634 MB) copied, 8.17097 s, 77.6 MB/s

Run Times

Instructions

The community is encouraged to populate the table in this section.

Get the model with hdparm:

# hdparm -i /dev/sda | grep Model

The standard dd command will print out other data when it finishes:

# dd if=/dev/zero of=/dev/sdc bs=4M
476933+0 records in
476932+0 records out
2000398934016 bytes (2.0 TB) copied, 21266.3 s, 94.1 MB/s

Data

Manufacture/Model HDD Speed Interface Capacity Time Throughput
Western Digital/WD20EARS 5,900 RPM SATA2 2 TB 5.91 Hrs 94.1 MB/s
HITACHI HTS725016A9A364 7,200 RPM SATA2 160 GB 43 Minutes 63 MB/s
Example 2 Example 2 Example 2 Example 2 Example 2 Example 2

Repeat as Needed?

Have a look at this article which questions the amount of times one actually needs to overwrite a file system.

External Resources

Learn the DD command