TODO - split this into three documents: file, partition, drive
Projects >
Computers > Digital forensics / Computer security >
The secure erasure of data.
I've also heard this called "data sanitization".
NOTE - This information IS BAD. Other methods must be used to actually securely erase hard drives, but this project was killed before I could investigate them.
NOTE - Sterilizing SSDs are a totally different topic than sterilizing hard drives. I wouldn't trust an SSD to be securely erasable at all. For an SSD, use fire. Yes, this means that you cannot give, sell or return an SSD if it had sensitive data on it.
See also:
-
Data recovery, the opposite.
- IMPORTANT: Overwriting a file isn't always trustworthy.
- Used clusters are still insecure
-
Note that due to the nature of computers, random is actually "random", a pseudo-random concept. It's probably good enough for data sterilization though.
DO NOT MAKE MISTAKES
Linux can be very unforgiving (thanks GNU!) so you absolutely must pay attention. Don't blindly copy-and-paste either. Be careful, and be mindful.
filename.ext
is the name of your file./dev/sdx1
is an example partition. Changex
to the appropriate drive, and1
to the appropriate partition number.-
/dev/sdx
is an example drive.
Creating a sparse file ∞
A sparse file is just some reserved space that isn't actually allocated yet.
If you want to create actual files which take up actual space /immediately/ then check out the functionality of dd
, below. It can be used to generate a file of an arbitrary size, filled with whatever characters you need (zeros, random, or your choice).
(Not tested) Outputting a file full of 1
:
\yes "*empty" | \dd of=/dev/sdx bs=16k
(Not tested) Fancy:
\yes $( \echo -e "\xxx\yyy" ) | \dd of=/dev/sdx
touch ∞
touch
is part of GNU coreutils and will be available on most Linux distributions.
Touch can only be used to create zero-size filename.
\touch filename.ext
dd ∞
dd is part of GNU coreutils and will be available on most Linux distributions.
dd
has no verbosity. It gives no output as it's working.
Note that dd will happily overwrite files without prompting you. Thanks GNU. =/
\dd if=/dev/zero of=filename.ext bs=1 count=0 seek=1k \dd if=/dev/zero of=filename.ext bs=1 count=0 seek=1M \dd if=/dev/zero of=filename.ext bs=1 count=0 seek=1G
Sterilizing a file ∞
- IMPORTANT: Overwriting a file isn't always trustworthy.
wipe
on Debian. I've never used it.-
- Closed-source, commercial.
dd ∞
cut
, dd and du
are part of GNU coreutils and will be available on most Linux distributions.
dd
has no verbosity. It gives no output as it's working.
filename=YOUR_FILENAME size=$( \du --bytes $filename | \cut -f1 )
The quick way is one pass of zeros:
\dd if=/dev/zero of=$filename bs=$size count=1 conv=notrunc
A slower but more secure way is one pass of "random":
\dd if=/dev/urandom of=$filename bs=$size count=1 conv=notrunc
Using /dev/random
would be even better, but that's horrifyingly slow.
shred ∞
FIXME: I don't know how use shred to overwrite with ones.
shred
is part of GNU coreutils and will be available on most Linux distributions.
The quick way would be one pass of zeros:
\shred --iterations=0 --zero --verbose /path/to/file
A slower but more secure way is one pass of "random":
\shred --iterations=1 --verbose /path/to/file
A much slower and much more secure way is two passes of "random" data and one pass of zeroes:
\shred --iterations=2 --zero --verbose /path/to/file
Sterilizing a partition ∞
Don't sterilize a partition which you're actively using. umount
it.
- FIXME:
\shred --iterations=0 --zero --verbose /dev/sdx
seems to run out of disk space. mkswap
ormkfs
may be able to do something useful to a partition.. I don't know.-
Various methods for creating an encrypted partition may also be a solution.
cat ∞
- Cat seems to take an extreme amount of time, so it's not recommended. Therefore I did no testing with using cat to wipe an entire drive. That would be insanity.
-
Curiously, wiping two partitions of exactly the same size did not result in sameness.
\df --block-size=1
reported different values.
cat
is part of GNU coreutils and will be available on most Linux distributions.
cat
has no verbosity. It gives no output as it's working. When it's done you'll get a message like:
cat: write error: No space left on device
The quick way is one pass of zeros:
\cat /dev/zero > /dev/sdx1
A slower but more secure way is one pass of "random":
\cat /dev/urandom > /dev/sdx1
/dev/random
is more secure but a lot slower.
Some replacements for /dev/urandom
are found elsewhere in this document.
I've done no testing to overwrite with ones.
dd ∞
dd
has no verbosity. It gives no output as it's working. FIXME - it does
When it's done you'll get a message like:
dd: writing to `/dev/sdx': No space left on device
The quick way is one pass of zeros:
\dd if=/dev/zero of=/dev/sdx
Since there is no /dev/one
, a pass of ones is done differently. This is a little slower then just zeros.
(method one) echo
is also part of GNU coreutils:
while :; do \echo -n -e '\377'; done | \dd of=/dev/sdx1
(method two) tr
is also part of GNU coreutils:
\dd if=/dev/zero | \tr '\000' '\377' > /dev/sdx1
A slower but more secure way is one pass of "urandom":
\dd if=/dev/urandom of=/dev/sdx
/dev/random
is better but much slower.
You can write with whatever character you want. Take a look at the examples for overwriting with ones and change \377
to some other octal code.
(Not tested) Reportedly faster:
export STRING="" for i in `seq 0 1 511`; do export STRING="$STRING$( \echo -n -e '\0377' )"; done while :; do \echo -n -e "$STRING"; done | \dd bs=512 of=/dev/device unset $STRING
echo
is run once every 512bytes rather than every byte.
Sterilizing free space ∞
IMPORTANT Don't sterilize a partition which you're actively using. umount
it and then re-mount it. This has been tested on ext3 partitions mounted with
\mount -t ext2 /dev/sdx1 /mnt/mountpoint
The instructions for Sterilizing a partition (making a file and then wiping it) will work fine. Instead of wiping a partition like /dev/sdx1
, mount the partition ( \mount /dev/sdx1 /mnt/mountpoint
) and create/wipe a new file on that partition, like /mnt/mountpoint/junkfile
.
Sterilizing a drive ∞
-
- Closed-source, commercial.
-
Drive Shred (drive-shred.pl)
Sterilizing a drive is just like sterilizing a file or partition. So instead of /path/to/file
or /dev/sdx1
you would use /dev/sdx
.
Sterilizing boot disks ∞
You cannot sterilize the entire drive if you're actively using it. So you have to boot off a disk/cd/device to free up that drive and then wipe it.
- Darik's Boot And Nuke (DBAN)
- BCWipe Total WipeOut
-
One of many Linux distributions either have a bootable full LiveCD or a minimal rescue cd. Since CDs are long-obsolete, most cd-ISOs can be written to and booted from a USB stick.
- Boot from one of them and then use the drive wiping instructions below.
US Department of Defense (DoD) standard ∞
Their recommendation after 2007 ∞
As of the June 2007 edition of the DSS C&SM, overwriting is no longer acceptable for sanitization of magnetic media; only degaussing or physical destruction is acceptable.
Their old recommendation ∞
The old recommendation was: Overwrite all addressable locations with a character, its complement, then a random character and verify.
https://web.archive.org/*/www.usaid.gov/policy/ads/500/d522022m.pdf US Department of Defense 5220.22-M. As of 2011-03-25, Page 57 has the relevant information.
That document does not specify the method. It's standards are set by the Defense Security Service (DSS) in a Clearing and Sanitization Matrix (C&SM).
drive=/dev/sdx # 1. Overwrite with zeros: \shred --iterations=0 --zero --verbose $drive # 2. Overwrite with ones: # FIXME - I'd rather use shred for the verbosity, but I don't know how! # FIXME - There is another dd created by the US government which has verbosity. Find it. \dd if=/dev/zero | \tr '\000' '\377' > $drive # 3. Overwrite with "random": \shred --iterations=1 --verbose $drive # 4. Verify FIXME: I'm not entirely sure how to "verify"!
Articles ∞
-
Secure Deletion of Data from Magnetic and Solid-State Memory
- Peter Gutmann, Department of Computer Science / University of Auckland.
- First published in the Sixth USENIX Security Symposium Proceedings, San Jose, California, July 22-25, 1996.
- He came up with the "erase 35 times" thing which has stuck around for so long.
Working notes ∞
Ultimage boot cd
1) Get
http://www.ultimatebootcd.com/download.html
magnet:?xt=urn:btih:YY36PW53XB52XBVTXVVYWQJMTHQEARDE
2) Prepare the ISO
mkdir foo cd foo 7z x ../ubcd532.iso chmod a+x \ ubcd/tools/linux/*/*.sh \ ubcd/tools/linux/ubcd2usb/syslinux
3) Prepare the USB stick
instructions are found in ubcd/tools/linux/ubcd2usb/readme.txt
- delete its partition
-
create a new partition
Issues like fdisk hanging are a sign of a bad USB stick.
I used rsync to copy the files to the usb stick. midnight commander (mc
) complained.
Although unmounting ought to take care of things, I'd recommend sync
to do it manually.
Their syslinux instructions have a typo. Try something like:
\chmod +x syslinux ./syslinux --stupid --directory ../../../../boot/syslinux /dev/sdX1
umounting is optional.
poweroff
IMPORTANT - Unplug any hard drives which have valuable data you do not want to wipe.
all my attempts have failed miserably, including trying under windows
\sudo \hdparm --user-master u --security-set-pass xxxxx /dev/sdX \sudo \hdparm --user-master u --security-erase xxxxx /dev/sdX
--
\sudo \hdparm --security-set-pass xxxxx /dev/sdX \sudo \hdparm --user-master u --security-set-pass xxxxx /dev/sdX \sudo \hdparm --user-master u --security-erase-enhanced xxxxx /dev/sdX
\dd if=/dev/urandom of=/dev/sdX bs=10 count=1 conv=notrunc,noerror,sync
Windows ∞
Wiping ∞
- Format the drive/partition
- A quick format will do.
- Open a command prompt
-
cipher /w:C:\
- Where C: is the drive/partition you wish to clean.
-
Overwrites with 0, then 255, then random numbers
- This is probably inspired by the US Department of Defense (DoD) standard
Wiping free space ∞
- 2022-03-06 - Tested and works on Windows 10 Home.
- 2022-01-17 - Tested and works on Windows 10 Home.
-
2021-01-28 - Tested and works on Windows 10 Home.
As above, but without the initial format.
- Open a command prompt
-
cipher /w:C:\
- Where C: is the drive/partition you wish to clean.
-
Overwrites with 0, then 255, then random numbers
- This is probably inspired by the US Department of Defense (DoD) standard
Last updated 2022-03-06 at 19:18:37
[[Security]] > [[Computer security]] > [[Data]] > [[Data security]] > [[Data sterilization]] has been branched off of its parent today and updated with some new notes.
Added instructions for wiping free space on Windows 10.