Difference between revisions of "Securely wipe disk"

From ArchWiki
Jump to: navigation, search
(Simplify introduction, adhere to Help:Style)
(Various style edits)
Line 4: Line 4:
 
There are a variety of applications that securely wipe a disk like {{Pkg|shred}} and {{Pkg|dd}}. [http://dcfldd.sourceforge.net/ dcfldd] is an enhanced version of [[Wikipedia:dd|dd]] with features useful for forensics and security. It accepts most of dd's parameters and includes status output. Install {{Pkg|dcfldd}} from the [[official repositories]].
 
There are a variety of applications that securely wipe a disk like {{Pkg|shred}} and {{Pkg|dd}}. [http://dcfldd.sourceforge.net/ dcfldd] is an enhanced version of [[Wikipedia:dd|dd]] with features useful for forensics and security. It accepts most of dd's parameters and includes status output. Install {{Pkg|dcfldd}} from the [[official repositories]].
  
== Wiping HDDs ==
+
== Wipe disks ==
=== Selecting a Target Drive/Partition ===
+
=== Select a target ===
 
One can use fdisk to locate all read/write devices on the target system.  Theoretically, this will include USB drives (thumb and HDD) provided that the user can access the devices from the O/S.  To list them, enter the following:
 
One can use fdisk to locate all read/write devices on the target system.  Theoretically, this will include USB drives (thumb and HDD) provided that the user can access the devices from the O/S.  To list them, enter the following:
 
  # fdisk -l
 
  # fdisk -l
Line 19: Line 19:
 
{{Note|Fdisk will not work on GPT formatted devices.  Use gdisk for these.}}
 
{{Note|Fdisk will not work on GPT formatted devices.  Use gdisk for these.}}
 
   
 
   
=== Overwriting ===
+
=== Overwrite the disk ===
 
{{warning| There is no confirmation regarding the sanity of this command so TRIPLE CHECK that the correct drive partition or drive has been targeted!}}
 
{{warning| There is no confirmation regarding the sanity of this command so TRIPLE CHECK that the correct drive partition or drive has been targeted!}}
  
Line 35: Line 35:
 
  18944 blocks (75776Mb) written.dcfldd:: No space left on device
 
  18944 blocks (75776Mb) written.dcfldd:: No space left on device
  
=== Example Run Times ===
+
Repeating this process may not significantly decrease the ability to reconstruct the data (see: [http://www.h-online.com/news/Secure-deletion-a-single-overwrite-will-do-it--/112432 Secure deletion: a single overwrite will do it]).
==== Instructions ====
+
 
 +
=== Example run times ===
 
The community is encouraged to populate the table in this section.
 
The community is encouraged to populate the table in this section.
  
Line 48: Line 49:
 
  user    0m0.377s
 
  user    0m0.377s
 
  sys      0m51.160s
 
  sys      0m51.160s
 +
 +
Calculate MB/s by dividing the output of the dcfldd command by the time in seconds. For example: 75776Mb / (16.4 min * 60) = 77.0 MB/s.
  
 
==== Data ====
 
==== Data ====
Line 94: Line 97:
 
| 5.91 hours
 
| 5.91 hours
 
| 94 MB/s
 
| 94 MB/s
|-
 
| Example 2
 
| Example 2
 
| Example 2
 
| Example 2
 
| Example 2
 
| Example 2
 
 
|-
 
|-
 
|}
 
|}
  
Calculate MB/s by dividing the output of the dcfldd command by the time in seconds. 
+
==== Check progress with dd ====
Example: 75776Mb / (16.4 min * 60) = 77.0 MB/s.
+
{{Note|This is only needed if using dd. dcfldd outputs progress by default.}}
 
 
=== Progress Checking (Deprecated) ===
 
{{Note|This is '''only''' needed if using dd; dcfldd outputs progress by default.}}
 
  
 
By default, there is no output of dd until the task has finished.  One can force some output simply by opening up a 2nd root terminal and issuing the following command:
 
By default, there is no output of dd until the task has finished.  One can force some output simply by opening up a 2nd root terminal and issuing the following command:
Line 121: Line 114:
 
  634388480 bytes (634 MB) copied, 8.17097 s, 77.6 MB/s
 
  634388480 bytes (634 MB) copied, 8.17097 s, 77.6 MB/s
  
== Repeat as Needed? ==
+
== See also ==
Have a look at [http://www.h-online.com/news/Secure-deletion-a-single-overwrite-will-do-it--/112432 this article] which questions the amount of times one actually needs to overwrite a file system.
 
 
 
== External Resources ==
 
 
[http://www.linuxquestions.org/questions/linux-newbie-8/learn-the-dd-command-362506/ Learn the DD command]
 
[http://www.linuxquestions.org/questions/linux-newbie-8/learn-the-dd-command-362506/ Learn the DD command]

Revision as of 02:04, 3 July 2012


There are a variety of applications that securely wipe a disk like shred and dd. dcfldd is an enhanced version of dd with features useful for forensics and security. It accepts most of dd's parameters and includes status output. Install dcfldd from the official repositories.

Wipe disks

Select a target

One can use fdisk to locate all read/write devices on the target system. Theoretically, this will include USB drives (thumb and HDD) provided that the user can access the devices from the O/S. To list them, enter the following:

# fdisk -l

Inspect the output looking for lines that start with devices such as /dev/sda or /dev/hda (ide drives). In this example, the USB thumb drive comes up as /dev/sdc as shown:

Disk /dev/sdc: 4063 MB, 4063232000 bytes
125 heads, 62 sectors/track, 1024 cylinders
Units = cylinders of 7750 * 512 = 3968000 bytes
Disk identifier: 0x00000000

The goal is to totally fill the thumb drive with zeros, so we will be targeting /dev/sdc as shown above. If interested is a specific HDD partition, make note of the correct location from the fdisk -l output. For example, /dev/sda1 or /dev/sdb5 etc.

Note: Fdisk will not work on GPT formatted devices. Use gdisk for these.

Overwrite the disk

Warning: There is no confirmation regarding the sanity of this command so TRIPLE CHECK that the correct drive partition or drive has been targeted!

When ready, issue the following to overwrite the entire partition/drive with zeros. Again, make _certain_ that the of=... line points to the target drive and not to a system disk!

# dcfldd if=/dev/zero of=/dev/sdX bs=4M

with random data:

# dcfldd if=/dev/urandom of=/dev/sdX bs=4M
Tip: Make sure to specify a blocksize (bs=xx). The speed of the overall process will be affected if omitting this switch.

The process is finished when dcfldd reports, "No space left on device." For example:

18944 blocks (75776Mb) written.dcfldd:: No space left on device

Repeating this process may not significantly decrease the ability to reconstruct the data (see: Secure deletion: a single overwrite will do it).

Example run times

The community is encouraged to populate the table in this section.

Get the model with hdparm:

# hdparm -i /dev/sdX | grep Model

Time the run clearing the disk:

# time dcfldd if=/dev/zero of=/dev/sdX bs=4M
18944 blocks (75776Mb) written.dcfldd:: No space left of device
real     16m17.033s
user     0m0.377s
sys      0m51.160s

Calculate MB/s by dividing the output of the dcfldd command by the time in seconds. For example: 75776Mb / (16.4 min * 60) = 77.0 MB/s.

Data

Manufacture/Model HDD Speed Interface Capacity Time Throughput
Hitachi HTS725016A9A364 7,200 RPM SATA2 160 GB 43 minutes 63 MB/s
Intel SSDSA2M080G2GC SSD SATA2 80 GB 16 minutes 77 MB/s
Samsung HD322HJ 7200 RPM SATA2 320GB 1.15 hours 74MB/s
Seagate ST31000333AS 7,200 RPM SATA2 1 TB 2.92 hours 90 MB/s
Seagate ST31500341AS 7,200 RPM SATA2 1.5 TB 4.13 hours 96 MB/s
Western Digital/WD20EARS 5,900 RPM SATA2 2 TB 5.91 hours 94 MB/s

Check progress with dd

Note: This is only needed if using dd. dcfldd outputs progress by default.

By default, there is no output of dd until the task has finished. One can force some output simply by opening up a 2nd root terminal and issuing the following command:

# kill -USR1 <PID_OF_dd_COMMAND>

For example:

# kill -USR1 $(pidof dd)

This causes the terminal in which dd is running to output the progress at the time the command was run. Example:

605+0 records in
605+0 records out
634388480 bytes (634 MB) copied, 8.17097 s, 77.6 MB/s

See also

Learn the DD command