Linux - How to Wipe Hard Drive
Knowing how to wipe a hard drive is an important skill for all Linux users to be familiar with. Deleting a file is not enough. When you delete a file, the data is still there. Deleting just removes the pointer to that data. If you want to make sure that sensitive data is completely and securely removed it needs to be properly overwritten.
To wipe a hard drive on Linux, there exists a slew of different tools that you can use. These are some of the options you have:
- Use the dd command
- Use the shred tool
- Use the badblocks tool
- DBAN
Note:
- Any of these commands will probably take a while to complete ( could be a long time ).
- Assume the drive that you want to overwrite is /dev/sda.
- Be aware of mirrors and backups.
WARNING - Don’t overwrite the wrong disk. Make sure you know what you are doing.
dd Command
Overwrite the drive with zeros like this:
if=/dev/zero of=/dev/sda bs=1M
Overwrite with random data to make it harder to recover:
dd if=/dev/urandom of=/dev/sda
Use a loop like this to overwrite multiple times:
for n in `seq 7`; do dd if=/dev/urandom of=/dev/sda bs=8b conv=notrunc; done
Shred tool
Shred a drive like this:
shred -v /dev/sda
More shred syntax examples:
shred file1.txt
shred -n 100 file1.txt
shred -u file1.txt
shred -z file1.txt
Options for shred:
| -f | force, change perms to allow writing if needed |
| -n | interations ( default is 3 ) |
| –random-source=FILE | use this as a random source |
| -s | shred this many bytes |
| -u | deallocate and remove file after overwriting, might not make sense with devices like /dev/sda |
| –remove | same as -u but specify how ( unlink, wipe, wipesync ) |
| -v | verbose, show progress |
| -x | exact, do not round file sizes up |
| -z | add a final overwrite with zeros to hide shredding |
| -u / –remove might not make sense with a device ( ex: /dev/sda ) |
Backblocks Tool
Another tool you could use is the badblocks tool. Here is what the syntax would look:
badblocks -wsv /dev/sda
DBAN
DBAN is a terrific tool for wiping disks. It stands for Darik’s Boot and Nuke. It consists of a disk that you can download and boot from. Once you’ve booted from the DBAN disk you can then wipe any hard drive on a system including the main OS disk.
You can download DBAN HERE. The’ve apparently monetized the site by recommending another third party tool ( Blancco Drive Eraser ). This is a separate third party site. You probably don’t need it. You can still just download DBAN for free.