Hardware, Software, Technology

How-to: Wipe Data Securely


HD Head by AlexdiWhen you delete a file in Windows, Ubuntu, or any other operating system, what it actually does is delete the pointer(s) within the disk index indicating where on the hard disk the file is stored. The file, and therefore the data contained therein is still sitting there.

Which is how certain file recovery tools are able to un-delete things. At least, until they are overwritten with something else.

If you overwrite the data, then it is generally unrecoverable. Modern hard drives have higher densities and less redundancy, which makes recovery more difficult. Which is probably enough for most people discarding old hard drives.

However, the data paranoid, who don’t want their bank details and passwords to end up in one of those ‘technical colleges’ in Lagos, may need a little more assurance that their data is wiped securely.
In the past there was redundancy on old, low capacity disks that allowed recovery if you had the right equipment and software.

A whole industry has sprung up around exaggerated claims for data recovery, providing software to securely over-write disks. Don’t believe Spooks, 24, Mission Impossible or anything similar from Hollywood. There is no evidence that, on a modern disc, there is ANY way of getting anything back that’s been overwritten once.

So how to manage that one simple pass?

There are utilities around. In typical overkill fashion, Apple’s Disk Utility is capable of 1, 7 or 35 overwrites. 7-times overwrite is supposedly what the US Dept of Defence use and 35 appears to be for the tin-foil hat brigade.

On Linux (under the GNU license) the Shred utility is a standard data wipe tool. You can use it natively on a Linux machine, but booting from a Linux Live CD means you can wipe data from Windows machines as well.

The most important thing is to figure out the correct hard drive to wipe. If you wipe the wrong hard drive, that data will not be recoverable.

In the terminal window, type:

sudo fdisk -l

This will list the hard drives available. Identify the right hard drive to wipe – narrow it down by file system and size – file system is found in the System column of  the list, where Windows hard drives are usually formatted as NTFS (which shows up as HPFS/NTFS).

Make a note of the label found under the the Device column heading. If you have multiple partitions on this hard drive, then there will be more than one device in this list.

Next run:

sudo shred /dev/sda

(where sda is the disk identifier. Make sure you choose the right disk – sda, sdb, sdc, or the alternate identifiers hda, hdb, hdc – and don’t wipe the wrong one!)

If you want to be more specific, with some additional command switches:

shred -vfz -n 10 /dev/hda

-f forces the write by changing the permissions wherever necessary
-z overwrites the entire hard disk with zeros, but only after:
-n 10 is the number of passes overwriting with data from /dev/urandom (probably overkill, as I’m not aware of a single confirmed example of someone recovering data from an erased disk even after 1 pass)
and /dev/hda is the whole hard disk to wipe.

Shred will even protect from forensic magnetic analysis of the disk.

Shred Individual Files
You can also use it to wipe individual files or groups of files, by mounting the disk, navigating to the chosen files and folders and issuing the command:

sudo shred <filename>

specifying the file(s) to wipe. For example:

sudo shred /home/robin/creditcard.txt

Note that the creditcard.txt file still exists. Shredded, as a quick look at the contents of creditcard.txt will show that the file has been securely overwritten.

To securely delete the file, we can use some more command-line switches to delete the file from the hard drive entirely.

In the terminal, type:

shred –remove creditcard.txt

By default, shred overwrites the file 25 times; we can alter this with the iterations switch:

shred –remove –iterations=50 creditcard.txt

creditcard.txt is securely wiped on the physical disk, and no longer shows up in the directory listing.

However, shred will not wipe everything if you are using a journalling filesystem which has change logs and data redundancy. There is a disclaimer in the manpage for shred that highlights issues wiping data from certain types of file systems:

  • log-structured or journalled file systems, such as those supplied with
    AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)
  • file systems that write redundant data and carry on even if some writes
    fail, such as RAID-based file systems
  • file systems that make snapshots, such as Network Appliance’s NFS server
  • file systems that cache in temporary locations, such as NFS version 3 clients
    compressed file systems

To whit:
“shred relies on a very important assumption: that the file system overwrites data in place. This is the traditional way to do things, but many modern file system designs do not satisfy this assumption.”

If it’s possible to reconstruct the contents of a file from the journal, or from the redundant copies in a RAID array, then clearly you want to wipe the entire disk to be safe, and probably the entire array.

Wipe
As an alternative, there is another Linux utility actually called wipe. This is not included in Ubuntu by default, so we have to install it, but this can be done even using a Live CD.

The wipe developers recommend wiping each partition separately.

It’s another command-line utility requiring the following terminal command:

sudo wipe <device label>

For example:

sudo wipe /dev/sda1

This is the point of no return and the hard drive will be completely wiped. Don’t think you can interrupt the process as this will just leave an unholy mess of the disk.

DD
There is another Linux utility that many hardcore users swear by which is the multi-purpose DD (Disk Dump) command. The terminal command:

dd if=/dev/zero of=/dev/sda

Will overwrite the entire disk with zeroes quickly, quietly and efficiently. Again, exercise caution and don’t think you can cancel or interrupt it once it starts. RC

Image credit: HD Head by Alexdi at en.wikipedia

Related: How-to: Secure those USB Sticks

About Robin Catling

Writer; performer; project manager; sports coach; all-round eccentric.

Discussion

4 thoughts on “How-to: Wipe Data Securely

  1. this is the nice article with good topic to discuss.

    Posted by carlinha florsinha | January 22, 2013, 2:09 pm
  2. thanks for sharing with such material!

    Posted by Cidasca | January 23, 2013, 1:20 pm
  3. nice information, many thanks to the author.

    Posted by J P Cazuza | January 23, 2013, 1:29 pm
  4. Thanks to the author. I really appreciate your research on this topic.

    Posted by speedestchandu | January 27, 2013, 6:39 pm

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Twitter Updates

Follow us on Twitter @EverythingExpre

Find Us on Facebook

Enter your email address to follow this blog and receive notifications of new posts by email.

Categories

Library

BBC World News

BBC World News
Opens the BBC World News page.
%d bloggers like this: