Linux tools to wipe out a hard drive

[sl33p]

Thanks guys for these bunch of tools. I have now lots of options.
No, I don't wanna destroy the disk, it's gonna be used again...

Special thanks to Lincoln who came out with this method (following the provided link):

Example steps for wiping hard drive /dev/sda and verifying the overwrite:

1. Find your drives total size by running "fdisk -l /dev/sda"
2. Divide the total size of the disk by 512 "perl -e 'print <size>/512'"
3. Run dd using the command below
4. Verify the overwrite was succesful using "md5sum /dev/sda" and comparing the result to the output from the dd command

If the md5 values dont match, your drive is bad or some other overwrite failure occurred.

If you want to see the progress of your wipe, you can also use a tool like pipebench, like so:

Code:

dd if=/dev/zero bs=512 count=<size/512> | pipebench| tee /dev/sda | md5sum

Just to close the case, later on, to verify the cleaning operation, I asked a friend who is kinda expert in Forensics and he advised that there are a number of "Hex Editors" out there which have direct access to HDD contents. This type of tool could be used to sample disk address locations to determine the presence of data. I could also scroll through the entire contents of the drives to see if they contain data (or 0's) after the "wiping operation" has completed.

Would you advice any specific Hex Editor?

Thanks again!
sl33p

[lupin]

Special thanks to Lincoln who came out with this method (following the provided link):

Its my method actually (its the method I use at work to wipe drives and I posted it to that thread)

Just to close the case, later on, to verify the cleaning operation, I asked a friend who is kinda expert in Forensics and he advised that there are a number of "Hex Editors" out there which have direct access to HDD contents. This type of tool could be used to sample disk address locations to determine the presence of data. I could also scroll through the entire contents of the drives to see if they contain data (or 0's) after the "wiping operation" has completed.

Would you advice any specific Hex Editor?

xxd can be used to display binary data in a friendly fashion from the command line. Combine it with dd to view hard drive contents

e.g. view the contents of the first sector of hard drive device /dev/sda

Code:

dd if=/dev/sda count=1 bs=512 | xxd

hexedit and khexedit can also be used to display binary data in this fashion. Combine either one with dd which can dump the contents of your desired part of the hard drive to a file, and you can then view the contents of that file, which will show you what is in that location in disk

Dump second sector of /dev/sda to file secondsect, which can then be viewed with hexedit or khexedit to show the contents of that disk sector

Code:

dd if=/dev/sda count=1 skip=1 bs=512 >secondsect

The dd commands need to be run as root so preface with sudo if you are using a non root user.

Theres a number of other forensic tools in the sleuthkit if you find that the hexeditors don't give you what you expected.

[Lincoln]

Its my method actually (its the method I use at work to wipe drives and I posted it to that thread)

Hehe I didn't read this post. It's your method, I just simply linked to the thread for the OP. Now please don't beat me up!

[lupin]

Hehe I didn't read this post. It's your method, I just simply linked to the thread for the OP. Now please don't beat me up!

I'm tracking you down as we speak and I'm holding a giant can of whup-ass just waiting to be opened

[streaker69]

I'm tracking you down as we speak and I'm holding a giant can of whup-ass just waiting to be opened

Here ya go to resupply, I just opened a 32oz can yesterday on a contractor.

[lupin]

Here ya go to resupply, I just opened a 32oz can yesterday on a contractor.

Yes, I like the Extra Strength variety. More Whoop for your buck.

[IAMZOMBIE]

dban works well. Put the cd in, do 'autonuke' or specify how many time to wipe, and it goes. Very simple, free.
Darik's Boot And Nuke | Hard Drive Disk Wipe and Data Clearing

Actully, recent research shows that for modern drives a one pass overwrite is more than sufficient.

For software based data recovery, 1 pass does the trick.
For hardware based data recovery, you would want more. But short of a $100,000 budget, no one is doing hardware recovery on your drives.
I still DoD wipe my stuff because I revel in paranoia.

[Gitsnik]

For software based data recovery, 1 pass does the trick.
For hardware based data recovery, you would want more. But short of a $100,000 budget, no one is doing hardware recovery on your drives.
I still DoD wipe my stuff because I revel in paranoia.

No actually, it's not necessary. 1 pass is enough. OLD drives could be pulled off if you only did one overwrite. Current forensics training (coming in via ASIO and the .au defence department, as well as from some international forensics techs) says that the new disks are packed too tightly to be able to get away with an electron microscope.

[streaker69]

For software based data recovery, 1 pass does the trick.
For hardware based data recovery, you would want more. But short of a $100,000 budget, no one is doing hardware recovery on your drives.
I still DoD wipe my stuff because I revel in paranoia.

Drives that need to be returned for whatever reason, I DoD wipe them. Drives that are taken out of service I physically destroy them. The platters make nice mobiles though to hang in your office.

[Barry]

Drives that need to be returned for whatever reason, I DoD wipe them. Drives that are taken out of service I physically destroy them. The platters make nice mobiles though to hang in your office.

Did you ever take photos of the one you built??