Thursday, October 11, 2012

Securely Wiping Computer Hard Disks for Free

The situation often arises where an individual needs to throw away an old computer, but does not want the data on the disk of the old computer to be accessible if someone retrieves it via dumpster diving. There might still be data stored in the motherboard or some of the peripherals, but that is beyond the scope of this article. Ideally, the disk platters should be physically destroyed, but due to hardware or cost constraints, this might not always be possible.

A free way to wipe the data on the disk involves using a bootable Linux disk to write random data to the disk multiple times. Here is the general procedure:
  1. Boot the machine off a Live Linux disk such as Knoppix, BackTrack or Gentoo installation disk
  2. Identify the dev node in /dev corresponding to the disk that is to be wiped.
  3. Use dd to read pseudo-random data from the kernel and write it to the disk.
1) Booting off a Live Linux Disk
Live Linux disks are CDs/DVDs that a compatible computer can be booted from rather than booting from the Operating System installed on a hard disk. Live Linux disks are useful when the user wants to use the computer without leaving any trace behind, or modify the hard disks in the computer without booting the Operating System installed on them. BackTrack Linux is one such Live distribution of Linux and can be downloaded free at

2) Finding the Dev Node
One way to find the right dev node is to match the known capacity of the disk in bytes with that reported in /proc/partitions. There should be some indication of capacity on the sticker of the disk. If not, the model number found on the sticker of the disk can be searched online and the capacity can be found that way. In Linux, both the raw disks and the filesystems on those disks appear as dev nodes in /dev. Since the goal is to wipe the whole disk rather than just a partition, the disk's dev node rather than the partition's dev node must be used. The disk and the partitions listed in /proc/partitions can be differentiated by looking at the last character in the name. Usually, partitions end in a digit, while disks end in a letter. The dev node to use is the file in /dev with the same name as the desired line in /proc/partitions. For example, sda refers to the first disk, while sda1 refers to the first partition on the first disk. In the example below, the computer has only 1 hard disk, sda. The sda disk has 2 partitions, sda1 and sda2. In order to wipe the disk, the /dev/sda dev node will be used.

3)Writing pseudo-random data to the disk's dev node
The last and most time consuming step is actually writing the pseudo-random data to the disk. The dd command is one of the standard Linux utilities, and is used for copying data. In this case, data from the /dev/urandom virtual file will be copied to the /dev/sda virtual file. In case it isn't obvious by this point, everything in Linux is a file. The data copying will take a long time because disk I/O is relatively slow, but the operation can be tuned using the "bs=" option in dd. Once the operation is started, the hard disk activity light on the case of the computer will be on, reflecting the fact that there is a lot of disk writing occurring. Another way to check the status of the operation is to send a USR1 signal to the dd process(see the dd man page for details). A common practice relating to Gutmann's method is to write the whole disk multiple times, so the command below can be scripted in a loop. Expect this operating to take a long time, so don’t sit around waiting for it.

No comments:

Post a Comment