Hack 49 Wipe a Hard Drive

Securely wipe a hard drive of file traces before you get rid of it.

A paper shredder is a common tool in offices, particularly in offices that handle financial data. The shredder ensures that while it might still be possible to piece together a sensitive document, it takes a lot more time and effort than if the piece of paper were just crumpled up. Companies shred financial information; yet when many companies upgrade their computers, they don't bother to erase all of the sensitive data that every computer contains. Even if a company formats and reinstalls an operating system on a drive, that alone does not necessarily erase the files that were on the drive before, and with a little effort and some recovery software, an attacker could potentially recover sensitive data from the drive.

Knoppix contains a handy tool called shred that strives for the same goal as a paper shredder: to make file recovery difficult and not worth the effort. While a dedicated attacker might be able to recover a file you have shredded, it takes a lot of money and sophisticated equipment.

If you are truly paranoid about your data, or the data on your drive is valuable enough to be worth the effort of an attacker to recover after a full shred, then the only way you can ensure that your data cannot be recovered is to take out the hard drive, hit it multiple times with a sledgehammer, and then burn it. Seriously.

Compare a hard-drive sector to a two-lane highway, with the data symbolizing the dotted, yellow stripe down the middle. When new data is written, the drive head paints a new, bright, dotted stripe somewhere on the road, but not necessarily covering the old stripe. Since hard drives work using magnetism, if you have sensitive equipment, you can pick up the faint magnetic fields from previous disk writes, even if new data is written over the top.

The only way to be sure that this faint magnetic field cannot be detected is to write over the entire drive many different times with random data. The idea is that the more times you write data to the drive, the more likely it is that the drive head actually writes over the top of a previous track. In effect, it is like painting many different stripes down the highway in which you hope to paint over the previous stripe at least once. The data being written is random, so it makes it much more difficult to piece together files than if the drive were written only with all ones or zeros.

To securely wipe your hard drive, boot into Knoppix and find the partition on your desktop that you want to shred. Then open a terminal and shred the drive:

knoppix@ttyp0[knoppix]$ sudo shred -n 2 -z -v /dev/hda1

Replace /dev/hda1 with the partition you intend to shred or with /dev/hda if you also want to erase the partition table, and boot sector. The -n option tells shred how many times to write over the drive with random data. The default is to write over the drive 25 times. If time is not an issue or you are paranoid, feel free to stick with the default. The -z option tells shred to finish the wipe by overwriting the drive with zeros. This makes the partition look completely empty to a casual observer instead of filled with random ones and zeros. Finally, the -v option shows you shred's progress, which is one of the main advantages to use shred to wipe drives instead of dd.

The time it takes shred to complete varies greatly, depending on the number of times you choose to overwrite the drive, and the size and the speed of the drive. The nice thing about using Knoppix for drive-wiping is that you have a lot of applications you can use to pass the time (check [Hack #15] for a good selection).