share
Server FaultHow should I securely wipe data from a hard drive?
[+18] [19] Jon Galloway
[2009-04-30 14:57:02]
[ security ]
[ https://serverfault.com/questions/959/how-should-i-securely-wipe-data-from-a-hard-drive ]

How do you recommend destroying sensitive information on a hard drive? I've used DBAN [1] in the past, is that good enough?

(2) Have a look at this similar question. serverfault.com/questions/5024/wipedrive-utility - stukelly
[+23] [2009-04-30 15:07:52] TorgoGuy [ACCEPTED]

DBAN is just fine. Here's the dirty little secret--any program that overwrites every byte of the drive will have wiped everything permanently. You don't need to do multiple passes with different write patterns, etc.

Don't believe me? See the standing challenge to prove that a drive overwritten with 0s once can be recovered. Nobody seems willing to take up the challenge. http://16systems.com/zero.php


(13) Or the $500 grand prize is a rounding error compared to the many thousands of dollars required to analyze and recover a drive. - Grant
(2) While true, if I were a 3LO, I wouldn't go around winning contests like that. - Tom Ritter
That's a fair point, but there is notoriety to be gained by answering this challenge. That aside, let's widen the scope. Point me to any source that shows overwritten data that has been recovered. - TorgoGuy
(1) Also, vendors of secure erase programs have financial incentive to try and point out where something like a simple, low level format isn't good enough. - TorgoGuy
Uhhh, the technology to do this has been demonstrated publicly. $500 is not a prize worth mentioning in this realm. More to the point, I doubt anyone has ever heard of this prize. - Wedge
I recently read a quote which said something like this: If you can recover one bit with a probability of 90% you get 43% for one byte, 0,02% for 10 byte, etc. - Martin
(2) Wedge--If it has been demonstrated, please provide a link. I'm happy to delete my answer if shown that I'm wrong, so please show me the evidence. - TorgoGuy
Martin--sure if you can recover a bit with 90% probability then the math works out to getting a complete particular byte with 43% probability (.9^8). However, why would you assume you can recover a bit with 90% probability? - TorgoGuy
(5) This link reports on an attempt to recover data using an electron microscope after a single pass - no data was recovered. sansforensics.wordpress.com/2009/01/15/… - Hamish Downer
(1) Grant (and others) are right. It's financially unprofitable to win that challenge. More importantly, it can only tip people off that you have the capability. - Matthew Flaschen
Matthew--I responded to Grant in the comments and I think the response to him and other still stands. To your new point: As a data recovery company, it is in your interest to advertise you can recover data that others cannot. Maybe clandestine government operations wouldn't want to advertise such a capability, but to assume they have it without evidence is just speculation. It's no better than my (pretend) speculation that the government can suck all of your secrets from your brain wirelessly every time you walk by a federal building using their secret brain sucking ray. - TorgoGuy
(1) As I mentioned before, I'm not interested in leading people astray with false information, so if I'm shown to be incorrect by some good evidence, I'm very willing to change or delete my answer as appropriate. I like being educated about where my knowledge is lacking. - TorgoGuy
(1) A challenge posted on some really obscure web site may as well not exist. - John Gardeniers
@HamishDowner, Sans forensics is down, is the information elsewhere (digital-forensics.sans.org/blog/2009/01/15/…)? - Leandro
1
[+11] [2009-04-30 16:35:22] Hamish Downer

Anything that does a single overwrite of a hard drive is fine, including DBAN [1].

Some people say you have to do multiple overwrites with random data and specific patterns. This may have been true in the days of floppy disk drives (remember them?) where the area of magnetic media per byte was big enough to not get completely overwritten, but modern hard drives are much too densely packed with data for this to happen. But don't take my word for it - read this article about trying to recover overwritten data using an electron microscope [2].

Other options include the wipe utility, or a simple

# dd if=/dev/zero of=/dev/sda

These methods all work fine for overwriting entire hard drives or partitions. However be aware that overwriting single files can lead to some data being left elsewhere on the hard drive, particularly with journaling file systems [3] such as ext3 and NTFS. They write bits of data to disk outside the file, so small amounts of data can escape the current file being overwritten. Also, if the partition has been defragmented since the file was first written then the original file may still exist on the hard drive.

[1] http://www.dban.org/
[2] http://blogs.sans.org/computer-forensics/2009/01/15/overwriting-hard-drive-data/
[3] http://en.wikipedia.org/wiki/Journaling_file_system

2
[+7] [2009-04-30 15:03:31] Chris Ballance

I have used PGP 8.0's wipe tool with success.

Don't ever physically destroy the hardware before wiping the data with software, forensics can retrieve parts of a destroyed hard drive.


3
[+3] [2009-04-30 15:00:40] geocoin

physically destroy the platters - it's the only way to be sure ;-)


(3) Not necessarily. "Serious forensic efforts can throw a lot of resources toward piecing your drive together" lifehacker.com/5153684/properly-erase-your-physical-media - Cristián Romo
not if you distribute the pieces globally ;-) other than that - WOW... - geocoin
(2) Nuke it from orbit (with thermite). - Wedge
(2) Just don't thermite the drive if you are on the second floor of a building. Otherwise the people below you might be either unhappy or dead. It's way safer to just open the drive, sneeze on the platters, then toss it into a street corner garbage receptacle. - Grant
(2) Just label the platters "Contaminated with Swine Flu" and toss them in the regular trash. - Chris Ballance
Or label, "4096 Free Hours! AOL 9.0" - gbarry
4
[+2] [2009-04-30 14:59:47] Grant

It depends on how sensitive your data is. If you arn't the CIA or NSA, then DBAN [1] is fine.

[1] http://www.dban.org/

Even if you are the CIA, DBAN is fine - see link in my answer - Hamish Downer
5
[+2] [2009-04-30 15:06:07] JPrescottSanders

I use a hammer or sledge.


6
[+2] [2009-04-30 15:52:42] cpuguru

Yes, DBAN even at it's lowest setting is way more than enough.

http://www.dban.org/


7
[+2] [2011-02-25 04:06:25] DAW

I always use DBAN and then use a beltsander to the platters. Paranoid sure but i know that not even the NSA/MIT/CALTECH and all the computer geeks in Russia/China combined could recover the data! If your paraniod and want to ensure your data is never EVER EVER recovered even if aliens get ahold of it then DBAN/Beltsander it :o)


8
[+1] [2009-05-07 02:28:53] TimB

You should use the procedure set down in your organization's security policy.

When it comes to security, technical advice (such as you receive here) is only half the question. You also have to be able to justify your actions to an auditor. And auditors aren't so concerned with the results of your actions, but that you followed the appropriate procedures as set down in the appropriate policy. The auditor's job it make sure that some cowboy (or cowgirl) doesn't just go around doing whatever they think is right, without oversight or justification.

Of course, your organization's security policy comes from somewhere; when you're wondering what is an appropriate method to securely wipe sensitive data to put into your security policy, you'll find a number of suggestions in the other responses to this question. :-)


9
[+1] [2009-05-12 04:16:30] Richard West

DBAN works great. However, one of the challenges that I run into in how to securely erase a hard drive that has failed, but is part of a RAID set.

I normally have to return the hard drive back to Dell, and they would not take kindly to receiving a drive with a hole drilled in it. Furthermore, it's hard to run DBAN on just a single drive within a RAID set prior to removing the drive from service. Assuming that the drive is still functional.

How do others handle this situation?


Pay the few extra bucks to Dell to allow you to keep failed hard drives. Then the disposal is up to you, and you can drill them to your heart's content. - Christopher Cashell
10
[0] [2009-04-30 18:39:27] Don Dickinson

i take a drill with a 3/8" bit and drill 4 holes through the drive ... making sure to hit the platters. steve gibson of http://www.grc.com gave the advice of drilling holes in the drive on one of his podcasts a while back.

-don


(3) ... after overwriting with zeros, otherwise there's huge areas of data still left on there ... if you're that paranoid. - Jim T
11
[0] [2009-04-30 18:55:50] K. Brian Kelley

Use something like DBAN. Then physically destroy the drive by smashing it into little pieces with a sledgehammer. The US Marine Corps back in the late 80s/early 90s came up with this solution while my father was still in. You may throw in a more modern technique of degaussing your HD before the physical destruction step.


12
[0] [2009-05-06 23:19:01] CanyonR

I have seen a talk from a professor who teaches forensics where one assignment is for his students to recover data from drives that have been "destroyed" by smashing, drilling, or magnetic erasing. He said the only sure way to destroy data is to use a belt grinder to turn the platters into metal shavings.


13
[0] [2009-05-12 03:33:25] Goyuix

I can't believe no one has recommended sdelete.exe from sysinternals. Is it really not that good at clearing out certain bits of the drives or something?


sdelete appears to be effective at securely removing files, etc, but not securely wiping an entire hard disk. - Mike
(1) If your format the drive, then use the -z option (cleanse free space) - it should wipe the free space, which is basically the entire drive. Granted, this is limited to the newly created partition so there might be a tiny bit of data at the beginning and end of the drive that gets missed - but chances are that data wasn't present/meaningful in those areas either. - Goyuix
14
[0] [2009-05-12 07:00:50] stukelly

Have a look at this similar question [1], where I posted the following answer.

Here is a list of options for Windows, Mac and Unix.

[1] https://serverfault.com/questions/5024/wipedrive-utility
[2] http://www.howtowipeyourdrive.com/HowToWipeYourHardDrive.aspx
[3] http://www.howtowipeyourdrive.com/macintosh.aspx
[4] http://www.howtowipeyourdrive.com/unix.aspx

15
[0] [2009-05-12 07:41:41] nedm

Heidi.ie's Eraser [1] is the best windows tool I've used for this with respect to a hard drive that's still in use. You can wipe an individual file, an entire drive, the empty space on a drive, or securely move a file or directory. It provides a variety of overwrite/paranoia levels and integrates seamlessly into the windows right-click context menu.

[1] http://www.heidi.ie/

16
[0] [2009-05-12 12:41:19] Mike

For a good free solution, use the 'shred' command from Knoppix [1] . It allows you to run the command from a computer that you are discarding without needing to remove the drive first.

Boot the knoppix CD.

sudo shred -n 2 -z -v /dev/hda1

Where n is the number of randomized overwrite passes.

I also have a USB to IDE/SATA adapter that lets me hang the drive as external off the PC for cases where I want to erase a drive removed from service. Disconnect the internal PC drive for safety.

[1] http://www.knoppix.net/

17
[0] [2009-06-06 00:47:03] carlito

Secure against whom? The US government requires -destruction- of the data. You can choose between sandblasting the platters or heating them past the Curie point in a kiln. (Most people heat past melting to demonstrate due diligence).

Otherwise, overwriting with /dev/zero will stop any attacker who does not have tremendous resources. The "DOD erase" of multiple iterations overwriting with differing data is silly.


18
[0] [2010-06-30 13:37:31] ConcernedOfTunbridgeWells

Some work has been done on using scanning electron microscopes to detect residual magnetic flux on hard drives. The origin of the 'seven passes with random data' notion is that this would make the flux lost in the noise from the overwritten random patterns.

In theory the SEM methods work but they are very slow - if you're really keen to destroy the data on a disk wipe it with any disk erase utility first and then physically destroy the drive. If you're feeling really keen take the drive apart, remove the platters and run them over a bulk eraser.


19