TODO – split this into three documents: file, partition, drive

Projects >
Computers > Digital forensics / Computer security >

The secure erasure of data.

I’ve also heard this called “data sanitization”.

NOTE – This information IS BAD. Other methods must be used to actually securely erase hard drives, but this project was killed before I could investigate them.

NOTE – Sterilizing SSDs are a totally different topic than sterilizing hard drives. I wouldn’t trust an SSD to be securely erasable at all. For an SSD, use fire. Yes, this means that you cannot give, sell or return an SSD if it had sensitive data on it.

See also:

• Data recovery, the opposite.

---

• Why is writing zeros (or random data) over a hard drive multiple times better than just doing it once?

• How to wipe free disk space in Linux?

---

• IMPORTANT: Overwriting a file isn’t always trustworthy.
• Used clusters are still insecure

• Note that due to the nature of computers, random is actually “random”, a pseudo-random concept. It’s probably good enough for data sterilization though.

DO NOT MAKE MISTAKES

Linux can be very unforgiving (thanks GNU!) so you absolutely must pay attention. Don’t blindly copy-and-paste either. Be careful, and be mindful.

• filename.ext is the name of your file.
• /dev/sdx1 is an example partition. Change x to the appropriate drive, and 1 to the appropriate partition number.

• /dev/sdx is an example drive.

Creating a sparse file ∞

A sparse file is just some reserved space that isn’t actually allocated yet.

If you want to create actual files which take up actual space /immediately/ then check out the functionality of dd, below. It can be used to generate a file of an arbitrary size, filled with whatever characters you need (zeros, random, or your choice).

(Not tested) Outputting a file full of 1:

\yes  "*empty"  |  \dd  of=/dev/sdx  bs=16k

(Not tested) Fancy:

\yes  $( \echo  -e  "\xxx\yyy" )  |  \dd  of=/dev/sdx

touch ∞

touch is part of GNU coreutils and will be available on most Linux distributions.

Touch can only be used to create zero-size filename.

\touch  filename.ext

dd ∞

dd is part of GNU coreutils and will be available on most Linux distributions.

dd has no verbosity. It gives no output as it’s working.

Note that dd will happily overwrite files without prompting you. Thanks GNU. =/

\dd  if=/dev/zero  of=filename.ext  bs=1  count=0  seek=1k
\dd  if=/dev/zero  of=filename.ext  bs=1  count=0  seek=1M
\dd  if=/dev/zero  of=filename.ext  bs=1  count=0  seek=1G

Sterilizing a file ∞

• IMPORTANT: Overwriting a file isn’t always trustworthy.
• wipe on Debian. I’ve never used it.

• Jetico’s BCWipe

  • Closed-source, commercial.

dd ∞

cut, dd and du are part of GNU coreutils and will be available on most Linux distributions.

dd has no verbosity. It gives no output as it’s working.

filename=YOUR_FILENAME
size=$( \du  --bytes  $filename  |  \cut  -f1 )

The quick way is one pass of zeros:

\dd  if=/dev/zero     of=$filename  bs=$size  count=1  conv=notrunc

A slower but more secure way is one pass of “random”:

\dd  if=/dev/urandom  of=$filename  bs=$size  count=1  conv=notrunc

Using /dev/random would be even better, but that’s horrifyingly slow.

shred ∞

FIXME: I don’t know how use shred to overwrite with ones.

shred is part of GNU coreutils and will be available on most Linux distributions.

The quick way would be one pass of zeros:

\shred  --iterations=0  --zero  --verbose  /path/to/file

A slower but more secure way is one pass of “random”:

\shred  --iterations=1  --verbose  /path/to/file

A much slower and much more secure way is two passes of “random” data and one pass of zeroes:

\shred  --iterations=2  --zero  --verbose  /path/to/file

Sterilizing a partition ∞

Don’t sterilize a partition which you’re actively using. umount it.

• FIXME: \shred --iterations=0 --zero --verbose /dev/sdx seems to run out of disk space.
• mkswap or mkfs may be able to do something useful to a partition.. I don’t know.

• Various methods for creating an encrypted partition may also be a solution.

cat ∞

• Cat seems to take an extreme amount of time, so it’s not recommended. Therefore I did no testing with using cat to wipe an entire drive. That would be insanity.

• Curiously, wiping two partitions of exactly the same size did not result in sameness. \df --block-size=1 reported different values.

cat is part of GNU coreutils and will be available on most Linux distributions.

cat has no verbosity. It gives no output as it’s working. When it’s done you’ll get a message like:

cat: write error: No space left on device

The quick way is one pass of zeros:

\cat  /dev/zero > /dev/sdx1

A slower but more secure way is one pass of “random”:

\cat  /dev/urandom > /dev/sdx1

/dev/random is more secure but a lot slower.

Some replacements for /dev/urandom are found elsewhere in this document.

I’ve done no testing to overwrite with ones.

dd ∞

dd

dd has no verbosity. It gives no output as it’s working. FIXME – it does

When it’s done you’ll get a message like:

dd: writing to  `/dev/sdx': No space left on device

The quick way is one pass of zeros:

\dd  if=/dev/zero  of=/dev/sdx

Since there is no /dev/one, a pass of ones is done differently. This is a little slower then just zeros.

(method one) echo is also part of GNU coreutils:

while :; do \echo  -n  -e  '\377'; done  |  \dd  of=/dev/sdx1

(method two) tr is also part of GNU coreutils:

\dd  if=/dev/zero  |  \tr  '\000'  '\377' > /dev/sdx1

A slower but more secure way is one pass of “urandom”:

\dd  if=/dev/urandom  of=/dev/sdx

/dev/random is better but much slower.

You can write with whatever character you want. Take a look at the examples for overwriting with ones and change \377 to some other octal code.

(Not tested) Reportedly faster:

export STRING=""
for i in `seq 0 1 511`; do export STRING="$STRING$( \echo -n -e '\0377' )"; done
while :; do \echo  -n  -e  "$STRING"; done  |  \dd  bs=512  of=/dev/device
unset $STRING

echo is run once every 512bytes rather than every byte.

Sterilizing free space ∞

IMPORTANT Don’t sterilize a partition which you’re actively using. umount it and then re-mount it. This has been tested on ext3 partitions mounted with

\mount  -t ext2  /dev/sdx1  /mnt/mountpoint

The instructions for Sterilizing a partition (making a file and then wiping it) will work fine. Instead of wiping a partition like /dev/sdx1, mount the partition ( \mount /dev/sdx1 /mnt/mountpoint ) and create/wipe a new file on that partition, like /mnt/mountpoint/junkfile.

Sterilizing a drive ∞

• Jetico’s BCWipe Total WipeOut

  • Closed-source, commercial.

• Drive Shred (drive-shred.pl)

Sterilizing a drive is just like sterilizing a file or partition. So instead of /path/to/file or /dev/sdx1 you would use /dev/sdx.

Sterilizing boot disks ∞

You cannot sterilize the entire drive if you’re actively using it. So you have to boot off a disk/cd/device to free up that drive and then wipe it.

• Darik’s Boot And Nuke (DBAN)
• BCWipe Total WipeOut

• One of many Linux distributions either have a bootable full LiveCD or a minimal rescue cd. Since CDs are long-obsolete, most cd-ISOs can be written to and booted from a USB stick.

  • Boot from one of them and then use the drive wiping instructions below.

US Department of Defense (DoD) standard ∞

Their recommendation after 2007 ∞

As of the June 2007 edition of the DSS C&SM, overwriting is no longer acceptable for sanitization of magnetic media; only degaussing or physical destruction is acceptable.

Their old recommendation ∞

The old recommendation was: Overwrite all addressable locations with a character, its complement, then a random character and verify.

https://web.archive.org/*/www.usaid.gov/policy/ads/500/d522022m.pdf US Department of Defense 5220.22-M. As of 2011-03-25, Page 57 has the relevant information.

That document does not specify the method. It’s standards are set by the Defense Security Service (DSS) in a Clearing and Sanitization Matrix (C&SM).

drive=/dev/sdx

# 1. Overwrite with zeros:
\shred  --iterations=0  --zero  --verbose  $drive

# 2. Overwrite with ones:
# FIXME - I'd rather use shred for the verbosity, but I don't know how!
# FIXME - There is another dd created by the US government which has verbosity.  Find it.
\dd  if=/dev/zero  |  \tr  '\000'  '\377' > $drive

# 3. Overwrite with "random":
\shred  --iterations=1  --verbose  $drive

# 4. Verify
FIXME:  I'm not entirely sure how to "verify"!

Articles ∞

• Secure Deletion of Data from Magnetic and Solid-State Memory

  • Peter Gutmann, Department of Computer Science / University of Auckland.
  • First published in the Sixth USENIX Security Symposium Proceedings, San Jose, California, July 22-25, 1996.
  • He came up with the “erase 35 times” thing which has stuck around for so long.

Working notes ∞

Ultimage boot cd

1) Get

http://www.ultimatebootcd.com/download.html

magnet:?xt=urn:btih:YY36PW53XB52XBVTXVVYWQJMTHQEARDE

2) Prepare the ISO

mkdir foo
cd foo
7z x ../ubcd532.iso
chmod a+x \
  ubcd/tools/linux/*/*.sh \
  ubcd/tools/linux/ubcd2usb/syslinux

3) Prepare the USB stick

instructions are found in ubcd/tools/linux/ubcd2usb/readme.txt

• delete its partition

• create a new partition

Issues like fdisk hanging are a sign of a bad USB stick.

I used rsync to copy the files to the usb stick. midnight commander (mc) complained.

Although unmounting ought to take care of things, I’d recommend sync to do it manually.

Their syslinux instructions have a typo. Try something like:

\chmod  +x  syslinux
./syslinux  --stupid  --directory ../../../../boot/syslinux  /dev/sdX1

umounting is optional.

poweroff

IMPORTANT – Unplug any hard drives which have valuable data you do not want to wipe.

all my attempts have failed miserably, including trying under windows

\sudo  \hdparm  --user-master u  --security-set-pass xxxxx  /dev/sdX
\sudo  \hdparm  --user-master u  --security-erase    xxxxx  /dev/sdX

—

\sudo  \hdparm                   --security-set-pass       xxxxx  /dev/sdX
\sudo  \hdparm  --user-master u  --security-set-pass       xxxxx  /dev/sdX
\sudo  \hdparm  --user-master u  --security-erase-enhanced xxxxx  /dev/sdX

\dd if=/dev/urandom of=/dev/sdX bs=10 count=1 conv=notrunc,noerror,sync

Windows ∞

• https://www.itsupportguides.com/knowledge-base/windows-10/three-ways-to-wipe-a-usb-drive-from-windows/

Wiping ∞

• Format the drive/partition
• A quick format will do.
• Open a command prompt

• cipher /w:C:\

  • Where C: is the drive/partition you wish to clean.

• Overwrites with 0, then 255, then random numbers

  • This is probably inspired by the    US Department of Defense (DoD) standard

Wiping free space ∞

• 2022-03-06 – Tested and works on Windows 10 Home.
• 2022-01-17 – Tested and works on Windows 10 Home.

• 2021-01-28 – Tested and works on Windows 10 Home.

As above, but without the initial format.

• Open a command prompt

• cipher /w:C:\

  • Where C: is the drive/partition you wish to clean.

• Overwrites with 0, then 255, then random numbers

  • This is probably inspired by the    US Department of Defense (DoD) standard