“Canadian hospital loses hard drive containing 3,600 patient photos”, “Hard drives sold with government data, Sensitive data including child abuse records on drives readied for secondhand market.”. Two news reports only day’s apart that send shivers down my spine. And no, they are not from last year, but last week. I could dig through years of compiled data from google news, and I’m sure plenty of you have heard horror stories in both the IT circle, news reports, and maybe even your own experiences buying used hard drives online. If your going to sell a drive, wipe the drive before you sell the drive. It’s a simple as that. Even if I give out a thumb drive to a buddy that I no longer need, I wipe it. Why? am I really that paranoid? Well, maybe..maybe not. But I do store information on my drives that I really don’t want other people to be snooping on. I could just delete the file, and they could just try and use some undelete utilities out there to attempt to recover recently deleted files. Or I could wipe the drive with some linux utilities in a matter of minutes and ease my paranoia.
This blog post came about recently when an employee was kind enough to ask me to wipe their hard drive before they re-loaded the operating system and gave the machine to a friend of theirs. Granted, this was a non-technical employee, but smart enough to know that maybe handing over his personal home PC with all his files on it, was probably not the brightest idea in the world.
While wiping the drive with a hardware solution seemed to have failed, I decided to go with what was more familiar with me…you guessed it, the Linux Solution. Granted I’m not going to get into the dull ‘drool all over your keyboard with vacant stares’ speech about how a drive works, superblocks, 1’s, 0’s, and all other ways of ruining the fun out of this post. I’m simply going to outline 2 ways that I have use to securely (and highly recommend) wipe any drive that I part ways with. Keep in mind though, not only do I recommend doing this before you sell, or give away a drive, but even before you chuck it into the trash bin. Nothing screams ‘ooh free hardware, wonder if I can sell it’ to someone throwing away your trash than bright shiny metal objects in a computer department’s junk bin. Granted, if for whatever reason I cannot erase the drive, I tend to have a set of tools laying around for the purpose of removing the hard drive platter and making good use of those magnets (fridge magnets anyone?).
So, enough paranoid disk rambling, let’s get on with the meat and potato’s!
Darik’s Boot and Nuke
I’ll admit, I had been using Gnu’s Shred utility for so long that I had been blind to other utilities that were out there, even utilities *gasp* that just might be even more user friendly (read: menu’s) than shred. This is where Darik’s Boot and Nuke (DBAN) comes into play. DBAN has been in stable release state for about 4 years now, and from recent sourceforge stats, has been recently updated as well.
Download the latest version of DBAN, burn it to a CD and lets get started shall we? But wait! There’s More! *Necessary Disclaimer* This goes without saying, Darik’s Boot and Nuke is going to..yes, you guessed it, boot and nuke your drive. If you have more than 1 drive in the machine, and accidentally click the wrong button, or don’t do an interactive wipe, you just wiped everything. What I tend to do is have an old machine laying around with IDE/SATA ports (more on this at the end of this blog post), plug a drive in, fire up a live CD and wipe the drive. This way I know that I’m not going to lose data from a production machine by accidentally wiping data from the wrong drive. So, now that we have gotten through the nitty gritty disclaimer, lets have some fun.
Once Darik’s Boot and Nuke boots up, you will be presented with a lovely blue screen and some options. You can Press F2 to learn more about DBAN, F3 for some quick commands, F4 for a disclaimer, ENTER to start DBAN in interactive mode and type ‘autonuke’ to just nuke everything automatically. Personally (and especially if this is your first time using DBAN) I would chose to select the interactive mode first. Now depending upon your RAM, speed of your CD drive, alignment of the sun and moon, this might take a minute or two to load up.
And there we have it, the beauty that is Darik’s Boot and Nuke. So, let’s get started. The first thing to do is select the drive that you want to wipe. If you have multiple drives, use the directional arrow to move your cursor up and down, and Space to select the drive. When selected ‘wipe’ will displayed.
Once you have selected the drive, let’s select a Method to wipe the drive. Type ‘M’ to bring up a list of methods. Currently DBAN has a list of 6 wipe methods, each of them comes with various security levels, passes, algorithms, etc. It’s really up to you and/or the company you work for how many passes meet your requirements. I tend to do 6 passes regardless of which method I do, is that too much? Maybe, but I like a nice even number and 6 sounded good at the time. Now that I have discovered this product, I have started to use the ‘DoD 5220.22-M’. Here’s a little history for you though. They call it the DoD 5220.22-M, And that is actually (or was) a standard for wiping hard drives until 2007. But after 2007 the DoD realized that data might still be recoverable even after x many wipes, and the standard is no longer authorised for secure deletion of DoD drives, only Degaussing is authorised last I heard. BUT if you want to be truly paranoid about your files, you can use the Gutmann Wipe which is 35 passes and so far has stood up to scientists/techs/etc attempting to recreate the data with microscopes and all sorts of lab equipment after 35 passes.
* Note: If you are interested in the Gutmann Wipe, Peter Gutmann wrote a very good technical article on it titled “Secure Deletion of Data from Magnetic and Solid-State Memory” located here: http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
So, for this little experiment, I’ll be going with the DoD 5220.22-M standard. Navigate to the Dod 5220.22-M and hit ENTER. This should take you back to your main screen, at the top left-hand corner of your screen you should see the Method change to ‘DoD 5220.22-M. You can also change the Pseudo Random Number Generator by selecting P, Verify with V, and How many rounds you want to go with R. I tend to leave these as default.
Once you are satisfied with your Drive selection, method, random generator, verification and rounds, hit the F10 key to get started. Now depending upon the size of your Disk drive, the number of Passes, your method and just about every other factor out there, this could take as short as a few minutes, or as long as several hours. The one good thing about DBAN though is that it will constantly update you with statistics in the upper right-hand portion of your screen.
Once DBAN has completed, it will bring you back to a main screen and ask you to shut down your machine.
Ah, my personal favorite. Gnu Shred. Shred’s been around for a while now and I’ve used it for just about as long as it’s been around. Shred can be found with the Gnu coreutil’s packages and is ‘usually’ installed with gnu utilities. If you are doing this on your own machine, check your various package managers for either ‘shred’ or ‘coreutils’ package. More information on Gnu Shred can be found here:
While I’m at it I might as well introduce another one of my favorite sysadmin tools that I always keep within arm’s reach of my desk, SystemRescueCd. This CD has just about anything you can imagine loaded on it, including shred of course. I won’t go into too many details, as there are plenty of blog posts out there on SystemRescueCD (and at some point I’ll cover re-mastering the SystemRescueCD to add packages). But I have used this little gem to pull data off of drives that windows drives deemed ‘unrecoverable’ or even unable to see the drive at all. It’s as easy as booting the CD, mounting the partition, and moving data before the drive fails. But alas! This isn’t a post on the beautiful things that SystemRescueCd can do. If your interested though, you can find out about it from: http://www.sysresccd.org/Main_Page
So, let’s say you have either booted up your system with SystemRescueCd, another liveCD with Shred, or even your own system and have the drive you want to wipe attached to your machine. The first thing, and I will stress this again (as pointed out earlier). Make sure you have the right drive! Oi, I only say this, because I’ve wiped the wrong drive before, yes..late night runs and not paying attention can cause unrecoverable damage.
First things first, always read the man pages.
Oh, now that was easy. Shred doesn’t have many switches to it, and usually I tend to only stick to a handful of switches when I shred a disk which I will cover here shortly.
Now have you have become intimately familiar with shred, it’s time to make sure you have the right disk in your sights.
This will list your current partitions. From here you should see the disk that you want to wipe, if your still unsure, run fdisk /dev/nameofdisk and type p to print the partitions to double check just in case. Measure twice cut once.
Once you are 100% sure that you have the right disk, let’s move on to shredding
Shred doesn’t really have that many switches to it, but that’s the simplicity of it. I’ll briefly show you what works for me when I shred, but feel free to tailor it to your own personal use.
shred -fvz -n 6 /dev/sda
Yup, that simple. What’s it do? Well I’ll break it down for you.
-f = Change permissions to allow writing if necessary
-v = Verberose. Without the -v it’s difficult to see if shred is actually doing anything or not, with the -v set, you can see at what % shred is at and how much is remaining
-z = add a final overwrite with zero’s to hide shredding. Does that do much? Well who’s to say, if adding a bunch of zero’s hides the fact that I shredded a disk, then more power to me. It’s just a switch I’ve been used to using for awhile..but for the truly paranoid, then that’s the switch for you.
-n 6 = Overwrite 6 times instead of the default (3).
/dev/sda = The path to my disk (see above).
And there you have it, command line shred. As I stated earlier, I’ve been using shred for years without any problems. But now that I have come across DBAN; I’ve started to use it more frequently than shred.
I’m not going to waste a lot of space here talking about hardware options. But I will give you some quick pointers. Newegg.com, amazon.com, and just about anywhere else you frequent to get computer parts, sells sata/ide to USB adaptors. They run pretty cheap too (usually around $20-$30 the last time I bought one). If you plan on either erasing more than one disk in a 6 month period, or you see rescuing a failing drive in your future than I HIGHLY recommend that you make such a cheap investment in one of these devices. By using one of these sata/ide-to-USB adaptors, you can plug your drive in, hook it into a USB port and wipe the disk. When your done, disconnect the drive, connect another drive, and continue with wiping disks. What I tend to do is wipe a disk, then run a quick smartdisk check to see the health of the disk (more on this on a future blog post). If the disk is failing or has too many failing sectors it gets tossed. If however it’s still a good drive, I’ll put it on the shelf for future use.
SSD – Flash Drives
Okay okay, I’ve had some requests from people that were previewing this post prior to publishing. What about Flash Drives and Solid State Drives, can the above techniques be used to wipe these devices? The short answer is no. The long answer can be found in two really good documents outlined below. What CAN you do to wipe them? Well, from what I’ve read not a whole lot really. I tend to keep non-sensitive (read: things without my SSN, banking info, military records, etc) information un-encrypted on my thumbdrives. If however I do have sensitive information kept on my portable drives (such as backups of sensitive information). I will use Truecrypt (yes, I promise..another blogpost on encrypting drives) to encrypt the entire drive prior to putting anything sensitive on it. I don’t loan out these drives, nor do I casually toss these drives out when I upgrade them. When it’s time to upgrade the drives and there’s encrypted partitions, I tend to go the caveman route and give them a few good (okay many good) whacks with a hammer in the garage. Once they are barely recognizable from other rubbish I toss them into the kid’s dirty diaper trash bag and out with the trash they go. If someone is willing to dig through soiled diapers, piece together various pulverized pieces of electronics, then attempt to re-create the data on the drive and find some way of getting my encryption key; then yes, they win. But by gosh I’ll make their life difficult for however long it takes to piece all that together.
Reliably Erasing Data From Flash-Based Solid State Drives
SAFE: Fast, Verifiable Sanitization for SSDs
Well we are at the conclusion of yet another blog post. And there you have it. How to securely wipe your hard drive prior to selling, giving away, throwing away or even storing your old drives or later use. Out of the two solutions that I’ve demonstrated DBAN has slowly started to grow on me. However, if I don’t have a DBAN liveCD laying around, I know Gnu binutil’s is installed on the machine 9/10 and shred isn’t far behind.