As a security analyst, its you job to make sure that no data has been accidentally or purposefully been leaked from your development or operational systems and server. We don’t know any piece of information could be as critical as that they could jeopardize the entire operation of the company, if those information end up in the wrong hands. The easiest way to protect the data from used hard-disk is to destroy it making permanent damage. As an ethical open source enthusiast and security analyst, why don’t we bring the best solution into practice. Instead of destroying assets, could we save it and use it for other purposes. What i mean here is recycling data. Is it easy? In this article you will find how to clean wipe and erase hard-disk to sanitize and recycle.
Yes, if you know how to do it.
So the question is .. How to Erase/wipe Hard disk to completely sanitize and recycle used hard disk. Continue reading to find some tips and tricks. This is not the only solution, but is has got proven track record for all the open source enthusiasts. Just before continuing, be warned, please make sure you know what you are doing and you can cause permanent damage or loose of data. Use these information at your risk.
Structure of hard disk.
Data is saved on a Hard disk using File-system:
1. File system table (Place on HDD where the information about all files are kept)
2. Physical location (Place where the file is actually stored in the HDD)
What Happens When Data Is Deleted in hard disk?
When a file is deleted, typically only the information stored in the file system’s table is removed. Since it would take too long to delete the actual file, the physical location of the data remains untouched. When the operating system wants to store new files, it consults the File system table for available space and then overwrite those physical location for new files.
That’s why file recovery softwares are able to recover files by just scanning the physical location.
What Happens When A hard disk Is Formatted?
When a HDD is formatted, only the file system table is erased and rewritten. None of the actual data previously stored on the physical location of hard drive is deleted or overwritten and can subsequently be recovered.
What Happens When Data Is Overwritten in hard disk ?
When Data is over written, File system as Well as Physical location is filled with data which will change previously stored information in file system table as well as physical location. So a when a file recovery software scan the physical location, only the last stored data will be only able to see.
How to Erase/wipe Hard disk to completely sanitize and recycle hard disk.
There are many application available in the market which might cost a few bucks. But when you are an open source enthusiast technology should be free for everyone.
Method 1 . DBAN / NWIPE
Darik’s Boot and Nuke, also known as DBAN, was an open source project hosted on SourceForge. The program is designed to securely erase a hard disk until its data is permanently removed and no longer recoverable, which is achieved by overwriting the data with pseudorandom numbers generated by Mersenne twister or ISAAC algorithms.
Mersenne twister – is a most widely used general-purpose pseudorandom number generator.
ISAAC – is a cryptographically secure pseudorandom number generator.
In September 2012, Blancco (https://www.blancco.com) of Finland announced its acquisition of DBAN.
Since then BDAN was rebranded and produced commercially by Blancco under the name “Blancco Drive Eraser – Hard Drive Erasure Software” for Enterprise use.
The Original Verison of BBAN is also available for single users. Even though the both free version is sufficient enough to overwrite and erase all the data, enterprise edition is coming with many addiitonal features like certification of Compliant with state, federal and international data privacy regulations and guidelines, including ISO 27001 and ISO 27040. It is also claimed to be used by Major companies like samsung, ebay, US govt & military.
This software has 22 different standards for erasing data from hard disk. PLus the enterprise edition is having patented methods to erase data from eNVM and SSDs.
One derivate of original DBAN open version, is still activily available in opensource under the name NWIPE. Which is free and used by many open source users.
How to use DBAN:
Connect all the hardisk to one test computer.
This software is coming as a bootable image and need to be burned into a bootable USB / CD or DVD.
Restart and Boot Into the DBAN Disc or USB Device
Choose an Option from the DBAN Main Menu
Immediately Start Using DBAN With a Quick Command
DBAN can use one of several different methods to erase files. The pattern used to erase the files, as well as how many times to repeat that pattern, are the differences you’ll find in each of these methods.
In bold are the commands DBAN supports, followed by the data sanitization method they use:
- dod – DoD 5220.22-M
- dodshort – Same as dod except only 3 passes are run instead of 7
- ops2 – RCMP TSSIT OPS-II
- gutmann – Gutmann
- prng – Random Data
- quick – Write Zero
- You can also use the autonuke command, which is the exact same thing as dodshort
Method 2 : rewrite data using Linux / Unix Commands
Using dd command in Unix / Linux Command (reference)-
Using command ‘dd’ to write over your entire drive with 0s:
dd if=/dev/zero of=/dev/hda
This would effectively write over the entire drive with ascii code 0x00 characters. At this point the chances for recovering any data would be almost hopeless to most data recovering techniques.
Due to the way hard drives are made it is theoretically possible to determine what was written beneath the most current write operation. If you write the entire drive with zeros, it will be quite easy to see what data was written before. It will be the one that is not a zero!
To further complicate the recovering process we will write over the entire drive with random data
dd if=/dev/urandom of=/dev/hda
This will write over drive ‘hda’ with random data. Now the recovering process is hopeless.
Method 3: Shred (updated)
Shred is an command-line tool coming with most of the linux distros. which overwrites data in a file or a whole device with random bits, making it nearly impossible to recover.
The “shred” is very effective and is primarily used to shred a single file or a group of files. But it can also used for wiping an entire hard drive clean.
First step is to identify the drive which you need to wipe. This might be something like /dev/sdb or /dev/hdb (but not like /dev/sdb1, that’s a partition). You can use sudo fdisk -l to list all connected storage devices, and find your external hard drive there. Make sure no mistake as this is a no recoverable procedure.
Unmount all the mounted partitions on that device.
execute the command
sudo shred -v /dev/sdX
Replace the sdX in the above command with the name of your hard-disk. This will overwrite all the blocks on the device with random data three times, -v is for verbose
there are other few option available with this command
options include:
- -f changes permissions to allow writing if needed
- -n (iterations=N) overwrites N times instead of the default, which is three times
- -s (size=N) specifies the number of bytes to shred
- -u truncates and removes files after overwriting
- -v shows verbose information about the progress
- -x does not round file sizes up to the next full block
- -z adds a final overwrite with zeros to hide shredding
- -u removes the file after overwriting
Even though Shred and DD are effective command line tools, they may not directly work with some file systems in certain configurations.
- File systems, such as those supplied with AIX and Solaris – JFS, ReiserFS, XFS, and Ext3
- RAID-based file systems
- File systems that make snapshots, Network Appliance’s NFS server
- File systems that cache in temporary locations, such as NFS version 3 clients
- Compressed file systems
In this case you will have to unmount and change the file system to any basic one like FAT32, exFAT etc
FAT32 will support Voulme size upto 8 TB, which is simple and faster.
exFAT will suport volumes upto 128 PB, which will be more than enough to support modern day single drives.
Mohamed Shafi
Assistant Engineer,
DEWA I&C (P2 – Generation division)
