RSS Feed
Aug
Tech Tip: How to securely erase a drive
For those that want to know the best way to erase a drive, there are several options. However, I am going to discuss a couple.
WARNING: These steps will erase ALL data on the drive(s) selected. Make sure you really want to do this!
The first thing you can do is download Darik’s Boot And Nuke. Here is what the webpage says about the program:
Darik’s Boot and Nuke (“DBAN”) is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.
From this download, you can then create a bootable CD. Stick it in your CD drive and reboot to this CD. Once the program loads, you can select the drive and options you want. This will do the trick for most people.
However, if you have Linux or need to erase data from a RAID device, you can use a Linux utility called shred. It should be in all the major distributions of Linux. You can also download Knoppix, which is a version of Linux that can be run just by booting to the CD. From here you can find the shred command.
You need to know what the device name is in linux. For this example, we are going to assume the drive is /dev/hdb. (Finding the appropriate drive is beyond the scope of this post. You should be able to find information on this process using your favorite search engine).
Once you know the device, make sure it is not mounted. If it is mounted and you try to run shred, you will get an input/output error). Then type the following command (options are discussed below).
shred -vfz -n 25 /dev/hdb
Options
- -v Verbose. Show progress
- -f Force. Change permissions to allow writing if necessary.
- -z Zero. Add a final overwrite with zeros to hide shredding
- -n Iterations. Overwrite the data this many times (default=25).
There are other options you can see by doing a man shred at the prompt (or HERE).
This shred will take some time depending on how big your drive is and you many passes you selected. However, using the -v option will at least show you the progress.
Whatever method you use, it is crucial for the safety of the data that once resided on the drive, that the drive be wiped before disposing of it, returning it, or giving it away.
Fact or Fiction?
Although this does provide accurate guidance on how to use these utilities some limitations must be understood. Let’s address the easy stuff first…..
If you use an externally controlled overwrite process to clear data from hard drive devices in the SCSI family, the overwrite process will have the ability to access all data storage regions of the media surface, as the software will have be capable of instructing the controller to access all data blocks.
According to the UCSD Center for Magnetic Recording Research a single pass process is often sufficient to provide adequate protection from reconstruction. Edge track phenomenon was at one point a concern. However, in high capacity storage hardware where the concern for the capacity per Sq. cm. is a priority for manufacturers, there is in fact no track edge where recoverable information can exist. As I recollect the gap between tracks on current production hardware is no greater than 10 Microns, and contains nothing more than magnetic noise.
In the case of ATA family drives, the interface controller and the drive control electronics are embedded on each drive and share a privileged relationship. Meaning that there are limitations to the external controls that can be issued to the drive. This limitation includes the ability to externally issue commands to access or address any bad blocks, or protected regions, such as the Host Protected Region (HPA), or storage areas beyond the Device Control Overlay (DCO) range.
Accordingly, due these limitations, overwrite software from any vendor CAN NOT address all data storage areas of ATA spec devices. A more reliable process that can purge all regions of an ATA device would be to use the technology already embedded in the drive electronics called Secure Erase.
Developed by the UCSD as a standards based purge technology. Secure Erase has been a component of the ATA spec since 2001, and is present in all ATA Spec compliant hard drives since this date (and in some as far back as 1999). Despite many software vendors deliberately attempting to obfuscate the presence of this technology by using the term ‘Secure Erase’ as a description of their overwrite product, Secure Erase is a more reliable process on ATA spec devices than any software based overwrite product.
There are a number of resources available on Secure Erase. I would start with the National Institute for Standards and Technology to get an idea of what is considered as acceptable decommissioning practice. The NIST has published Special Report 800-88 that covers the acceptable means to decommission all types of data storage.
Alternately, I would be glad to offer further information or guidance on the topic.
I can be reached at ryk@converge-net.com
August 29th, 2008 at 2:49 pm