Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
There's confidential information in a client's system that could lead to major problems if this should fall into the wrong hands.
I have to make sure the data contained in this hard drive is completely cleaned, and that NO ONE in the world could ever recover it, even forensically.
Would you know about:
A (ideally) light Linux tool used to wipe the data from a device (well, ok... could be Windows based as well);
One secure method to certify it was correctly wiped.
I can do the wipe using EnCase software from Guidance Software, but I find it very time consuming for this task.
here's a light way to do it.
dd if=/tmp/0 of=/dev/sda1 bs=1
dd if=/tmp/1 of=/dev/sda1 bs=1
dd if=/tmp/2 of=/dev/sda1 bs=1
/tmp/0 has 1 byte that is 0
/tmp/1 has 1 byte that is 1
/tmp/2 has 1 byte that is 2
by writing all of the drive with 3 bytes, you make forensics have to go back 4 versions to find data. If you need more than that, just magnetize the drive.
Or, if you believe the probably mythical idea that HDD secondary level residual magnetism is strong enough to allow significant data to be extracted after new values have been written, run this a few times.
Code:
dd if=/dev/urandom of=/dev/sda1
Either way a blocksize of 1 will take a very long time; the default 512 blocksize is not a bad choice.
EDIT: if it's the whole HDD you need to wipe rather than the first partition change /dev/sda1 to /dev/sda in the above suggestions. "sda" is, of course (!) just an example.
Last edited by catkin; 10-06-2009 at 11:44 AM.
Reason: Typo: random for zero
I have to make sure the data contained in this hard drive is completely cleaned, and that NO ONE in the world could ever recover it, even forensically.
The absolutely 100% sure method would be to take the disk apart and grind/shred up the platters.
DBAN is a commonly used tool for sanitizing hard drives and is approved by many government agencies for clearing sensitive data. If it's good enough for them, it's probably good enough for you. However, as others mentioned, the only way to guarantee that no one can retrieve data is to physically destroy the drives.
If you want maximum confidence that the data is unrecoverable even with electron microscopes (I don't think any lab exists that has successfully used this technology for this purpose with any degree of accuracy), use DBAN (like many above say).
There's confidential information in a client's system that could lead to major problems if this should fall into the wrong hands.
I have to make sure the data contained in this hard drive is completely cleaned, and that NO ONE in the world could ever recover it, even forensically.
I don't know about DBan, but one tool I love for this task is 'shred'
which can be used like this:
The cool thing about 'shred' is it is included in base Slax (www.slax.com) which means you can boot from CD-Rom or USB key and erase the drive very easily (and since you can boot in 'copy to RAM' using Slax, quite fast too).
The cool thing about 'shred' is it is included in base Slax (www.slax.com) which means you can boot from CD-Rom or USB key and erase the drive very easily (and since you can boot in 'copy to RAM' using Slax, quite fast too).
Hope this helps.
Regards,
Vhann
even the feds claim they cant recover shreded HDD's.
Oh wow apparently the same is true for BCWipe. Learn something new every day.
Last edited by linuxpokernut; 10-06-2009 at 03:00 PM.
A (ideally) light Linux tool used to wipe the data from a device
The choice for using Encase, DBAN or BCWipe and 'dd' is founded in the regulations you've got to adhere to (we used DBAN but I could have opted for Encase as well). Encase, Dban and BCWipe are all good if used with the right options. The difference with GNU/Linux vs mcrsft software, generally speaking, is that it exercises your HW more directly meaning better performance.
Quote:
Originally Posted by sl33p
One secure method to certify it was correctly wiped.
Those with practical experience will appreciate one step that's almost always forgotten: performing a post-ops check. You can wipe all you will but unless you've verified results you shouldn't (procedurally be able to) sign off on it.
A few hits (full swings) with him and the drive is no good.
Make sure you hit it hard enough so it damages the platters, and I do a few hits on each side.
I know someone mentioned sledgehammer, but that gets a little heavy after a while, especially if you are trying to damage the drive in multiple places and doing several drives at once. I find the crowbar is the perfect weight.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.