# wipeing your hard drive clean?



## RuB3N (Aug 5, 2007)

im not reall sure what forum this would go in.. but

i want to wipe my hard drive clean completly clean.

i have ubuntu 7.04 and i was wondering if there is a way to do that?

do i go in the terminal and type something or got to a file to do that??





thanks for your time


----------



## lotuseclat79 (Sep 12, 2003)

Read this web page, then try Darik's Boot and Nuke (free) software.

Or, you can use the dd command to do it. The web page only gives an example of zeroing out a floppy disk with the dd command, but I'm thinking that if your drive is large you could increase the bs or block size to something like 32768 and adjust the count to how many times 32768 occurs in your drive size.

Or you can use the shred command (look at the man page for shred):
$ sudo shred -n 3 -z -v /dev/hda

which should write over the drive, /dev/hda, 3 times with random data, and then zero the entire drive. The -v parameter should show you progress which is an advantage over using the dd command. The avbove command will write over the partition table and boot sector.

Make sure that the drive is actually /dev/hda or change it to the acutal device name of your drive if it is not /dev/hda.

-- Tom


----------



## RuB3N (Aug 5, 2007)

i found i think an easy way...

a program of sourceforge.net

call *Gparted*

it allows you to delete partitions and create partitions and wipe hard drive clean


----------



## lotuseclat79 (Sep 12, 2003)

The shred command mentioned in post #2 would have wiped your hard drive and it comes installed with the release of Ubuntu, so no need to download.

-- Tom


----------



## seraphimpatriot (Nov 2, 2007)

Thank you lotuseclat79.

I tried a command from another site; #shred-vfz-n 100/dev/hda

On pclinuxos2007 the line merely repeated itself; my bad for trying it on that OS and not Ubuntu

So when tried on Ubuntu, it was 'command not found'

So then I thought I'd get creative and typed; sudo shred /dev/hda.
Well, the hard drive light turned on and was solid, much as it is now with your command, which I might add is working marvelously.

So my question; I wasn't aware of the -v command (which I am now assuming is a verbadim(sp?) command). What did I do to the computer when I typed 'sudo shred /dev/hda'? I hope it wasn't harmful. When I pushed 'q' the process stopped (a desired effect, but again like the forementioned command, it was a guess).

Thanks


----------



## saikee (Jun 11, 2004)

Not too sure what you really want and if Ubuntu is an installed version in the hard disk.

To wipe clean the hard disk is 10 second job with any Live CD. Just use "cfdisk /dev/sda" and in the screen highlight each partition and press delete. Finally press "write", confirm with a "yes" and quit cfdisk. 

The same can be done by "fdisk /dev/sda" but the commands are slightly different but equally effective.

The above is the removal of the partition table rendering whatever inside the hard disk no longer accessible, impossible to read or able to execute. This is adequate for 99% for hard disk users.

The additional cleaning you can do is to turn every binary bit to "0" but that is only needed if there is information that you must destroy but there are still forensic tools that can restore them.

If the Ubuntu is inside the hard disk it may protect itself from destruction and so you need to do it with a Live CD.


----------



## lotuseclat79 (Sep 12, 2003)

seraphimpatriot said:


> Thank you lotuseclat79.
> 
> I tried a command from another site; #shred-vfz-n 100/dev/hda
> 
> ...


Hi seraphimpatriot,

You seriously need to check your work before you issue a command:
#shred-vfz-n 100/dev/hda
did not work because after shred there is no space between the command and its parameter and between 100 and /, otherwise it would have worked.

You do not need to issue 100 iterations of overwriting to a drive to render its contents forever lost - that's nuts. Three (n=3) would be sufficient according to latest theory.

So issuing: # shred- vfz -n 100 /dev/hda
would have worked but taken forever, while a more practical issue would have been: # shred -vfz -n 3 /dev/hda
or 
# shred -f -n 3 -z /dev/hda

Stop guessing and look at the man page for shred: # man shred

Saikee is right about one thing - do this with a Live CD, and unmount the disk to be wiped first:
# umount /dev/hda

-- Tom


----------



## RobLinux (Nov 7, 2007)

saikee said:


> To wipe clean the hard disk is 10 second job with any Live CD. Just use "cfdisk /dev/sda" and in the screen highlight each partition and press delete. Finally press "write", confirm with a "yes" and quit cfdisk.
> 
> The same can be done by "fdisk /dev/sda" but the commands are slightly different but equally effective.


Or you can zero partion table with dd on the block device for whole disk.

But that still won't "wipe a disk clean", the partitions are re-creatable, and the data recoverable.

Better alternatives are to dd bs=64k if=/dev/zero of=/dev/sda or use if=/dev/urandom to overwrite with random data., or running the badblocks command (badblocks -w -p 9 -t random) to erase old data, which must be destroyed, overwriting it with random dross, and 
finally mkfs after creating a new partitioning scheme then use the disk.

dd & badblocks -w -p 9 -t random ought to be available on 'rescue disks' and small floppy based utilties like the old trbt.

shred is for deleting and overwriting individual files, on non-log structured filesystems, but ones which allocate blocks and permit re-writing of the blocks. There's no need for it if you're doing the whole disk.


----------



## lotuseclat79 (Sep 12, 2003)

Hi RobLinux,

Oh, contrare on shred Rob! Knoppix Hacks #49 advocates use of shred to wipe a hard drive. You can wipe an individual file with it yes, but it is just as useful from a Live CD to do an entire hard drive.

-- Tom


----------



## RobLinux (Nov 7, 2007)

So explain to me, what it does that :

badblocks -w -p 9 -t random)

or, something like :

while :
do
dd bs=64k if=/dev/zero of=/dev/<disk or partition device>
" " urandom "
done
On a block device, does not acheive.

I agree you can use it, but if you have a disk maintenance kit (like a floppy boot disk), you don't need to include shred, because for whole partitions primitive tools do the job.

So someone without it, doesn't need to 'install' it.

The main point is that you are right, that just wiping the partition table is insufficient to evade law enforcement agencies etc.


----------



## lotuseclat79 (Sep 12, 2003)

Hi RobLinux,

The badblocks command searches a device for bad blocks. In the badblocks command you gave: badblocks -w -p 9 -t random
the -w puts the command in write-mode test writing a pattern and reading it back on each block of the device. The -p 9 specifies up to 9 passes until no new bad blocks are found, i.e. if it succeeds before it uses up 9 passes it will then exit after a run where it finds no more bad blocks than before. The -t random specifies to the badblock program to use a random pattern during the write-read test.

The dd command as you have specified it zeroes out the block device, and I assume if if=/dev/random is used it will write a random pattern to the block device. Haven't tried it though.

Agreed. If the primitive tools are sufficient, and the person knows how to use them, then "shred" is not needed on a floppy boot disk.

To be specific, it is you whom brought up the topic of your last point - not me.

-- Tom


----------



## saikee (Jun 11, 2004)

I believe there have been reports that a user can zero fill a hard disk a dozen times and there are still tools to recover the data by forensic means already exist in some law enforcement agencies.

Thus if one really wants to destry the evidence one should open up the hard disk casing and smash up the platters to dust with a slege hammer. Carry half the residues and dump it in the East coast and the other half in the West coast.


----------



## RobLinux (Nov 7, 2007)

Which is the reason I suggested /dev/urandom.

There is a difference, and it is that shred(1) needs to fsync to get it's overwrite written to disk, whilst when you do a whole partition, buffer caches will be overwhelmed.

In reply to lotus...

-p num_passes
Repeat scanning the disk until there are no new blocks discovered in num_passes consecutive scans of the disk. Default is 0, meaning badblocks will exit after the first pass. 

Means it has to do 'num passes' without finding any badblocks before it will give up. So if it finds badblocks it does extra passes.

The real point is, that this type of aggressive re-writing, with random patterns (and preferably some zero fills) is needed to prevent forensic data recovery if someone is determined enough.

Twiddling partion tables is not enough. Once I lost one (thanks to I/O errors on an overheated controller), and was able to recover the disk partitionn and data with a utility called gpart I think. It didn't take long to do, much quicker than loading from tape.


----------



## lotuseclat79 (Sep 12, 2003)

Forensic data recovery is quite interesting and depending on the amount of time and resources can recover quite a lot of data, so I tend to agree with saikee's last comment.

There actually is a very good reason that shred may in fact not be the best approach to wiping a disk - and that is that it probably makes the assumption that the filesystem overwrites data in place, which is not the case with a lot of modern file systems that are journaled, log-structured, RAID, snap-shot, cached in temp locations and compressed - and shred cannot wipe out the bad blocks/sectors which may contain sensitive data. Under the above assumption, shred is not a good candidate for wiping files, but is may be ok for complete devices.

-- Tom


----------



## RobLinux (Nov 7, 2007)

lotuseclat79 said:


> Forensic data recovery is quite interesting and depending on the amount of time and resources can recover quite a lot of data, so I tend to agree with saikee's last comment.


Yes, if you are desperate to destroy data completely on a disk, then breaking it, and actually sanding the disk platters, is the 'best' solution.

Zero filling is inadequete, hence need to mix random writes, but I do like some zero fills, because that ensures every bit will have been switched, some pattern like 0xFF makes sense to.

That's why I like badblocks(8). I doubt if many ppl have to worry about the data in the badblocks, as they've failed to be readable, in most cases they're not going to get accessed, once you've reused the disk.


> There actually is a very good reason that shred may in fact not be the best approach to wiping a disk - and that is that it probably makes the assumption that the filesystem overwrites data in place, which is not the case with a lot of modern file systems that are journaled, log-structured, RAID, snap-shot, cached in temp locations and compressed - and shred cannot wipe out the bad blocks/sectors which may contain sensitive data. Under the above assumption, shred is not a good candidate for wiping files, but is may be ok for complete devices.


You don't need it to do devices!

Journal filessystems, do have the problem that your re-writes are not necessarily done on the same diskblock.

Why is RAID an issue? So long as any RAID1/5 is up at time file data is destroyed by aggressive re-writing, the blocks are going to get onto the device.

There may be a cache, but AFAIK as yet these controllers won't reassign written LBA's to make physical sectors contiguous, the drive map would become hideously large if they did, rather than simple re-sector mapping for bad ones.

Any snapshots made, have to be destroyed, just as you would need to destroy backup tapes.

Of course these caveats show all the assumptions, that you rely on in 'intelligent' systems, thay may get broken, so physical destruction is by far the safest approach.


----------

