Securely wipe disk

From ArchWiki
Revision as of 02:04, 3 July 2012 by Filam (talk | contribs) (Various style edits)
Jump to: navigation, search


There are a variety of applications that securely wipe a disk like shred and dd. dcfldd is an enhanced version of dd with features useful for forensics and security. It accepts most of dd's parameters and includes status output. Install dcfldd from the official repositories.

Wipe disks

Select a target

One can use fdisk to locate all read/write devices on the target system. Theoretically, this will include USB drives (thumb and HDD) provided that the user can access the devices from the O/S. To list them, enter the following:

# fdisk -l

Inspect the output looking for lines that start with devices such as /dev/sda or /dev/hda (ide drives). In this example, the USB thumb drive comes up as /dev/sdc as shown:

Disk /dev/sdc: 4063 MB, 4063232000 bytes
125 heads, 62 sectors/track, 1024 cylinders
Units = cylinders of 7750 * 512 = 3968000 bytes
Disk identifier: 0x00000000

The goal is to totally fill the thumb drive with zeros, so we will be targeting /dev/sdc as shown above. If interested is a specific HDD partition, make note of the correct location from the fdisk -l output. For example, /dev/sda1 or /dev/sdb5 etc.

Note: Fdisk will not work on GPT formatted devices. Use gdisk for these.

Overwrite the disk

Warning: There is no confirmation regarding the sanity of this command so TRIPLE CHECK that the correct drive partition or drive has been targeted!

When ready, issue the following to overwrite the entire partition/drive with zeros. Again, make _certain_ that the of=... line points to the target drive and not to a system disk!

# dcfldd if=/dev/zero of=/dev/sdX bs=4M

with random data:

# dcfldd if=/dev/urandom of=/dev/sdX bs=4M
Tip: Make sure to specify a blocksize (bs=xx). The speed of the overall process will be affected if omitting this switch.

The process is finished when dcfldd reports, "No space left on device." For example:

18944 blocks (75776Mb) written.dcfldd:: No space left on device

Repeating this process may not significantly decrease the ability to reconstruct the data (see: Secure deletion: a single overwrite will do it).

Example run times

The community is encouraged to populate the table in this section.

Get the model with hdparm:

# hdparm -i /dev/sdX | grep Model

Time the run clearing the disk:

# time dcfldd if=/dev/zero of=/dev/sdX bs=4M
18944 blocks (75776Mb) written.dcfldd:: No space left of device
real     16m17.033s
user     0m0.377s
sys      0m51.160s

Calculate MB/s by dividing the output of the dcfldd command by the time in seconds. For example: 75776Mb / (16.4 min * 60) = 77.0 MB/s.

Data

Manufacture/Model HDD Speed Interface Capacity Time Throughput
Hitachi HTS725016A9A364 7,200 RPM SATA2 160 GB 43 minutes 63 MB/s
Intel SSDSA2M080G2GC SSD SATA2 80 GB 16 minutes 77 MB/s
Samsung HD322HJ 7200 RPM SATA2 320GB 1.15 hours 74MB/s
Seagate ST31000333AS 7,200 RPM SATA2 1 TB 2.92 hours 90 MB/s
Seagate ST31500341AS 7,200 RPM SATA2 1.5 TB 4.13 hours 96 MB/s
Western Digital/WD20EARS 5,900 RPM SATA2 2 TB 5.91 hours 94 MB/s

Check progress with dd

Note: This is only needed if using dd. dcfldd outputs progress by default.

By default, there is no output of dd until the task has finished. One can force some output simply by opening up a 2nd root terminal and issuing the following command:

# kill -USR1 <PID_OF_dd_COMMAND>

For example:

# kill -USR1 $(pidof dd)

This causes the terminal in which dd is running to output the progress at the time the command was run. Example:

605+0 records in
605+0 records out
634388480 bytes (634 MB) copied, 8.17097 s, 77.6 MB/s

See also

Learn the DD command