Secure Erase

[Bestia]

Hi

I'm Interested in techniques to Sanitize Hard drives and looking at Secure Erase and Enhanced Secure Erase methods using ATA commands built into modern drives. With drives getting larger these techniques seem very efficient to sanitize entire hardisks

have found the following utilities which work well

HDDerase.exe from CMRR - Secure Erase

and

MHDD.exe from HDDGURU: MHDD

although have had issues with getting it to work with USB connected drives.

Was wondering if anyone knew of any alternative utilities, possibly running under linux ?

[Gitsnik]

Code:

dd if=/dev/urandom bs=1k of=/dev/(device)

Works pretty well for me. There is no point doing more than one pass these days, but I still do 15 for company financial drives, just in case.

[lupin]

Theres DBAN (its a boot disk) plus shred and wipe (shred is for individual files but you may be able to use it on a device file).

Personally I use dd. If you using /dev/zero as an input source is quicker than /dev/random or /dev/urandom if you are happy to overwrite using zeros instead of random data. In addition, if you determine the drive size first using fdisk -l, use /dev/zero as your input source, limit the amount read from the input using the count option, AND tee the output into both your drives device and md5sum, you can verify your overwrites.

Example steps for wiping hard drive /dev/sda and verifying the overwrite:

1. Find your drives total size by running "fdisk -l /dev/sda"
2. Divide the total size of the disk by 512 "perl -e 'print <size>/512'"
3. Run dd using the command below
4. Verify the overwrite was succesful using "md5sum /dev/sda" and comparing the result to the output from the dd command

Code:

dd if=/dev/zero bs=512 count=<size/512> | tee /dev/sda | md5sum

If the md5 values dont match, your drive is bad or some other overwrite failure occurred.

If you want to see the progress of your wipe, you can also use a tool like pipebench, like so:

Code:

dd if=/dev/zero bs=512 count=<size/512> | pipebench| tee /dev/sda | md5sum

[thorin]

We use DBAN often at work.

Under Windows I usually keep anything important in a TrueCrypt file container and delete it directly (shift+delete) bypassing the recycle bin. A few times a month I run sdelete to wipe the freespace on my drive in case I've saved something to the wrong area or had any leakage.

[Barry]

I just use a lot of heat.

http://web.mac.com/barrywoods/Site/DOD_drive_wipe.html

[Bestia]

Thanks for your responses

Always good to see what others do/use and has given me some alternatives to try - particularly like lots of fire

Was specifically looking for "ATA Secure Erase" techniques as this has the advantages of being able to overwrite bad blocks as well as being a lot quicker than traditional methods. With Further searches have found the following Guide (Take note of the disclaimers at the start of the guide )

ATA Secure Erase - ata Wiki

haven't tried it as yet but will update once i have

another perspective on ATA Secure Erase can be found
Securely erase hard drives « ultraparanoid

[h1jack~~d(^_^)b]

Hello,

I test it with a 1GB partition:

root@bt:/media# mount /dev/hda1 /media/hda01/
root@bt:/media#

Code:

dd if=/dev/urandom of=/media/hda01/foo.img bs=4M

dd: writing `/media/hda01/foo.img': No space left on device
245+0 records in
244+0 records out
1025818624 bytes (1.0 GB) copied, 274.237 s, 3.7 MB/s
root@bt:/media#

Code:

shred -uvz -n 7 /media/hda01/foo.img

shred: /media/hda01/foo.img: pass 1/8 (random)...
shred: /media/hda01/foo.img: pass 1/8 (random)...17MiB/979MiB 1%
shred: /media/hda01/foo.img: pass 1/8 (random)...34MiB/979MiB 3%
shred: /media/hda01/foo.img: pass 1/8 (random)...50MiB/979MiB 5%
shred: /media/hda01/foo.img: pass 1/8 (random)...67MiB/979MiB 6%
shred: /media/hda01/foo.img: pass 1/8 (random)...84MiB/979MiB 8%
shred: /media/hda01/foo.img: pass 1/8 (random)...100MiB/979MiB 10%
shred: /media/hda01/foo.img: pass 1/8 (random)...116MiB/979MiB 11%
--------------------------------------------

complete shred procedure:
1. create a non journaling filesystem and unplug the device (ext2)
2. plug in the device

root:~# : shred -uvz -n 7 /dev/sdX