Monthly Archives: August 2012

How to wipe a hard drive with Linux

An opened hard driveI have an old hard drive I want to throw away but I don’t want any remaining photos, financial documents or other personal data getting in the wrong hands. In other words, I want to completely and securely wipe the drive. With Linux there are several options and after a bit of research, here’s what I consider the best way.

Firstly, programs such as fdisk, cfdisk or GParted are not sufficient to fully erase data—they just edit a drive’s partition table. What we want is something more thorough. The standard way to do this is to overwrite data on a drive with randomly-generated data. There are several command-line programs to do this (see below for a comparison) but I’ve chosen shred. Its default is three passes (overwriting all data three times) which I’m comfortable with, but you can specify more if you like, e.g. -p 10 for 10 passes.

WARNING! You don’t need me to tell you that accidentally erasing the wrong data could cause you big problems. Please be careful and check, then double-check each command and especially drive name before pressing Enter.

Step 1.
Plug in the hard drive and find its name (sdb, sdc, etc.). Use

dmesg

and look for something like sdb: sdb1

Step 2.
Unmount each partition of the drive (sdb1, sdb2, etc.), e.g.

sudo umount /dev/sdb1

Step 3.
Type the following command for writing random data to the drive three times (default). DON’T PRESS ENTER.

sudo shred -f -v /dev/[your drive name]

Step 4.
Double-check that the drive you’ve specified is the correct one to wipe. OK, now you can press Enter.

Programs for deleting data

badblocks

Purpose: “Search a device for bad blocks”

sudo badblocks -w -t random -p 1 -s /dev/sdb

Summary: A single (-p 1) overwrite (-w) with random data (-t random), showing progress (-s).
Time for 6GB: 16 mins 20 secs

dd

Purpose: “Convert and copy a file”
Notes: You can’t see your progress or specify multiple passes.
Got stuck with faulty drive.

sudo dd if=/dev/urandom of=/dev/sdb

Summary: A single overwrite with random data.
Time for 6GB: 1 hr 5 mins

shred

Purpose: “Overwrite a file to hide its contents, and optionally delete it”

sudo shred -f -v -n 1 /dev/sdb

Summary: Force (-f) a single (-n 1) overwrite with random data, showing progress (-v).
Time for 6GB: 10 mins 6 secs

wipe

Purpose: “Securely erase files from magnetic media”
Notes: Not in default Ubuntu (sudo apt-get install wipe). After running this, I had a few errors running the other commands on the same drive.

sudo wipe -kD -i -q -Q 1 /dev/sdb

Summary: A single (-q -Q 1) overwrite with random data, showing progress (-i), keeping the device’s inode intact (-kD).
Time for 6GB: 9 mins 37 secs

Further information

Smashing a hard disk with a hammerWiping the drive as explained above is good enough for most purposes but forensic experts have amazing skills and tools at their disposal. It may theoretically still be possible to access some of your deleted data. The most secure way to prevent people accessing any data left on your drive is physically drilling, crushing and breaking up the drive, then disposing of the parts in various locations. And encrypting the drive in the first place with TrueCrypt, for example, is also a good idea.

Related links