Securely wipe disk

From ArchWiki
Revision as of 14:17, 3 July 2012 by Filam (Talk | contribs) (Filam moved page Securely Wipe HDD to Securely wipe disk: HDD too specific, correct capitalization)

Jump to: navigation, search

There are a variety of applications that securely wipe a disk like shred and dd. dcfldd is an enhanced version of dd with features useful for forensics and security. It accepts most of dd's parameters and includes status output. Install dcfldd from the official repositories.

Wipe disks

Select a target

Use fdisk to locate all read/write devices. This will include USB drives if the user can access the devices. List the partition tables:

# fdisk -l

Check the output for lines that start with devices such as /dev/sda or /dev/hda. For example:

Disk /dev/sdc: 4063 MB, 4063232000 bytes
125 heads, 62 sectors/track, 1024 cylinders
Units = cylinders of 7750 * 512 = 3968000 bytes
Disk identifier: 0x00000000

In the preceding example the USB thumb drive is listed as /dev/sdc.

Note: Fdisk will not work on GPT formatted devices. Use gdisk instead.

Overwrite the disk

Warning: There is no confirmation regarding the sanity of this command so TRIPLE CHECK that the correct drive partition or drive has been targeted!

Zero-fill the disk by writing a zero byte to every addressable location on the disk using the /dev/zero stream. Make certain that the of=... line points to the target drive and not to a system disk! Make sure to specify a blocksize (i.e. bs=xx). The speed of the overall process will be affected if omitting this switch.

# dcfldd if=/dev/zero of=/dev/sdX bs=4M

or the /dev/random stream:

# dcfldd if=/dev/urandom of=/dev/sdX bs=4M

The process is finished when dcfldd reports, No space left on device. For example:

18944 blocks (75776Mb) written.dcfldd:: No space left on device

Repeating this process may not significantly decrease the ability to reconstruct the data (see: Secure deletion: a single overwrite will do it).

Example run times

The community is encouraged to populate the table in this section.

Get the model with hdparm:

# hdparm -i /dev/sdX | grep Model

Check progress of dcfldd

Time the run clearing the disk:

# time dcfldd if=/dev/zero of=/dev/sdX bs=4M
18944 blocks (75776Mb) written.dcfldd:: No space left of device
real     16m17.033s
user     0m0.377s
sys      0m51.160s

Calculate MB/s by dividing the output of the dcfldd command by the time in seconds. For example: 75776Mb / (16.4 min * 60) = 77.0 MB/s.

Check progress of dd

Note: This is only needed if using dd. dcfldd outputs progress by default.

By default, there is no output of dd until the task has finished. One can force some output simply by opening up a 2nd root terminal and issuing the following command:

# kill -USR1 <PID_OF_dd_COMMAND>

For example:

# kill -USR1 $(pidof dd)

This causes the terminal in which dd is running to output the progress at the time the command was run. For example:

605+0 records in
605+0 records out
634388480 bytes (634 MB) copied, 8.17097 s, 77.6 MB/s


Manufacture Model HDD Speed (RPM) Interface Capacity (GB) Time (Hrs) Throughput (MB/s)
Hitachi HTS725016A9A364 7200 SATA2 160 0.72 63
Intel SSDSA2M080G2GC SSD SATA2 80 0.27 77
Samsung HD322HJ 7200 SATA2 320 1.15 74
Seagate ST31000333AS 7200 SATA2 1000 2.92 90
Seagate ST31500341AS 7200 SATA2 1500 4.13 96
Western Digital WD20EARS 5900 SATA2 2000 5.91 94

See also