Thursday, May 28, 2015

security - Disk wiping other than DBAN



Sometimes using DBAN takes several days to wipe a disk. What alternatives do you have experience with that work within a few hours and offer the simplicity of DBAN? I am mainly interested in free solutions but am happy to hear what works for you.


Answer



Edit: Based on your more recent comments, it sounds like you're probably running into hardware variations that cause DBAN to run slower (on older hardware) or faster (on newer hardware). Any other program that performs a thorough disk wipe will probably be similarly slow when wiping a hard drive that's either very large or connected via a slower interface. Of course, wiping a small drive over a slower interface (e.g., 80 GB IDE) may still be faster than wiping a much larger drive on a faster interface (e.g., 1 TB SATA).




It depends on how paranoid you are. Generally, the extremely long-running disk wiping utilities do an extremely thorough job wiping the drives clean so there's virtually zero chance even the most advanced data recovery techniques would be able to use any residual magnetism to reconstruct the old data.



If you are giving away the drives and they contained any sensitive information whatsoever, you're better off safe than sorry--go with a more thorough wipe over the course of days. If there really isn't anything sensitive on the drives, or if you're just taking them out of service for reuse later, you're probably safe using a faster, less thorough wipe.



Personally, I usually boot off a Linux live CD and use one of the following:



dd bs=1M if=/dev/zero of=/dev/sd#


or




dd bs=1M if=/dev/urandom of=/dev/sd#


or



badblocks -wvs /dev/sd#


where /dev/sd# is the drive I'm wiping.




I didn't think it was sufficient to just write zeroes to the drive until a friend showed me The Great Zero Challenge. While there's no guarantee that writing zeroes to the drive is actually sufficient, it must be difficult enough that data recovery firms did not want to risk the negative PR associated with being unable to recover any data from the drive after it was zeroed.



If you write random data to the drive, the argument is that the random data should make recovery more difficult (similar to salting a password hash).



The badblocks -wvs command will run four wipes on the drive, writing the patterns 0xaa, 0x55, 0xff, and 0x00 across the entire disk, respectively. It also (somewhat unnecessarily) performs a read test after each full write, but if you end up finding bad blocks, you might as well just trash or recycle the drives and drill holes through the platters for maximum security.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...