Page 2 of 3 FirstFirst 123 LastLast
Results 11 to 20 of 28

Thread: Linux tools to wipe out a hard drive

  1. #11
    Just burned his ISO sl33p's Avatar
    Join Date
    Jan 2010
    Posts
    19

    Thumbs up

    Thanks guys for these bunch of tools. I have now lots of options.
    No, I don't wanna destroy the disk, it's gonna be used again...

    Special thanks to Lincoln who came out with this method (following the provided link):

    Example steps for wiping hard drive /dev/sda and verifying the overwrite:

    1. Find your drives total size by running "fdisk -l /dev/sda"
    2. Divide the total size of the disk by 512 "perl -e 'print <size>/512'"
    3. Run dd using the command below
    4. Verify the overwrite was succesful using "md5sum /dev/sda" and comparing the result to the output from the dd command

    If the md5 values dont match, your drive is bad or some other overwrite failure occurred.

    If you want to see the progress of your wipe, you can also use a tool like pipebench, like so:

    Code:
    dd if=/dev/zero bs=512 count=<size/512> | pipebench| tee /dev/sda | md5sum
    Just to close the case, later on, to verify the cleaning operation, I asked a friend who is kinda expert in Forensics and he advised that there are a number of "Hex Editors" out there which have direct access to HDD contents. This type of tool could be used to sample disk address locations to determine the presence of data. I could also scroll through the entire contents of the drives to see if they contain data (or 0's) after the "wiping operation" has completed.

    Would you advice any specific Hex Editor?

    Thanks again!
    sl33p

  2. #12
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by sleep View Post
    Special thanks to Lincoln who came out with this method (following the provided link):
    Its my method actually (its the method I use at work to wipe drives and I posted it to that thread)

    Quote Originally Posted by sleep View Post
    Just to close the case, later on, to verify the cleaning operation, I asked a friend who is kinda expert in Forensics and he advised that there are a number of "Hex Editors" out there which have direct access to HDD contents. This type of tool could be used to sample disk address locations to determine the presence of data. I could also scroll through the entire contents of the drives to see if they contain data (or 0's) after the "wiping operation" has completed.

    Would you advice any specific Hex Editor?
    xxd can be used to display binary data in a friendly fashion from the command line. Combine it with dd to view hard drive contents

    e.g. view the contents of the first sector of hard drive device /dev/sda
    Code:
    dd if=/dev/sda count=1 bs=512 | xxd
    hexedit and khexedit can also be used to display binary data in this fashion. Combine either one with dd which can dump the contents of your desired part of the hard drive to a file, and you can then view the contents of that file, which will show you what is in that location in disk

    Dump second sector of /dev/sda to file secondsect, which can then be viewed with hexedit or khexedit to show the contents of that disk sector
    Code:
    dd if=/dev/sda count=1 skip=1 bs=512 >secondsect
    The dd commands need to be run as root so preface with sudo if you are using a non root user.

    Theres a number of other forensic tools in the sleuthkit if you find that the hexeditors don't give you what you expected.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  3. #13
    Member
    Join Date
    Jan 2010
    Location
    The new forums
    Posts
    462

    Default

    Quote Originally Posted by lupin View Post
    Its my method actually (its the method I use at work to wipe drives and I posted it to that thread)
    Hehe I didn't read this post. It's your method, I just simply linked to the thread for the OP. Now please don't beat me up!

  4. #14
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by Lincoln View Post
    Hehe I didn't read this post. It's your method, I just simply linked to the thread for the OP. Now please don't beat me up!
    I'm tracking you down as we speak and I'm holding a giant can of whup-ass just waiting to be opened
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  5. #15
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by lupin View Post
    I'm tracking you down as we speak and I'm holding a giant can of whup-ass just waiting to be opened
    Here ya go to resupply, I just opened a 32oz can yesterday on a contractor.

    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  6. #16
    Super Moderator lupin's Avatar
    Join Date
    Jan 2010
    Posts
    2,943

    Default

    Quote Originally Posted by streaker69 View Post
    Here ya go to resupply, I just opened a 32oz can yesterday on a contractor.

    Yes, I like the Extra Strength variety. More Whoop for your buck.
    Capitalisation is important. It's the difference between "Helping your brother Jack off a horse" and "Helping your brother jack off a horse".

    The Forum Rules, Forum FAQ and the BackTrack Wiki... learn them, love them, live them.

  7. #17
    Junior Member IAMZOMBIE's Avatar
    Join Date
    Jan 2010
    Posts
    81

    Default

    dban works well. Put the cd in, do 'autonuke' or specify how many time to wipe, and it goes. Very simple, free.
    Darik's Boot And Nuke | Hard Drive Disk Wipe and Data Clearing

    Quote Originally Posted by lupin View Post
    Actully, recent research shows that for modern drives a one pass overwrite is more than sufficient.
    For software based data recovery, 1 pass does the trick.
    For hardware based data recovery, you would want more. But short of a $100,000 budget, no one is doing hardware recovery on your drives.
    I still DoD wipe my stuff because I revel in paranoia.

  8. #18
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default

    Quote Originally Posted by IAMZOMBIE View Post
    For software based data recovery, 1 pass does the trick.
    For hardware based data recovery, you would want more. But short of a $100,000 budget, no one is doing hardware recovery on your drives.
    I still DoD wipe my stuff because I revel in paranoia.
    No actually, it's not necessary. 1 pass is enough. OLD drives could be pulled off if you only did one overwrite. Current forensics training (coming in via ASIO and the .au defence department, as well as from some international forensics techs) says that the new disks are packed too tightly to be able to get away with an electron microscope.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  9. #19
    Senior Member streaker69's Avatar
    Join Date
    Jan 2010
    Location
    Virginville, BlueBall, Bird In Hand, Intercourse, Paradise, PA
    Posts
    3,535

    Default

    Quote Originally Posted by IAMZOMBIE View Post
    For software based data recovery, 1 pass does the trick.
    For hardware based data recovery, you would want more. But short of a $100,000 budget, no one is doing hardware recovery on your drives.
    I still DoD wipe my stuff because I revel in paranoia.
    Drives that need to be returned for whatever reason, I DoD wipe them. Drives that are taken out of service I physically destroy them. The platters make nice mobiles though to hang in your office.
    A third party security audit is the IT equivalent of a colonoscopy. It's long, intrusive, very uncomfortable, and when it's done, you'll have seen things you really didn't want to see, and you'll never forget that you've had one.

  10. #20
    My life is this forum Barry's Avatar
    Join Date
    Jan 2010
    Posts
    3,817

    Default

    Quote Originally Posted by streaker69 View Post
    Drives that need to be returned for whatever reason, I DoD wipe them. Drives that are taken out of service I physically destroy them. The platters make nice mobiles though to hang in your office.
    Did you ever take photos of the one you built??

Page 2 of 3 FirstFirst 123 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •