Last Updated on April 14, 2017 by Dave Farquhar
Sometimes in the course of work, it’s necessary to securely wipe a disk. A drive containing confidential information may require replacement. Assuming you caught the problem before the drive died for good, you can wipe it before sending it back to the manufacturer.
Programs to securely wipe a drive cost money. Sometimes big money. Fortunately, it’s easy to do it with Linux.
But you don’t have a Linux box and the big boss won’t let you have one, you say? You don’t need one. All it takes is a single-floppy distribution.
I use the asmutils demo disk, for two reasons. One, it’s small, so it downloads really fast. Two, it boots up really fast. Three, the utilities are dumb and minimalist, so they don’t get bogged down in the details, which is important when you’re dealing with failing hardware. Four, many single-floppy distros don’t provide everything you need, and the asmutils demo provides most of what you need and the means to make what it doesn’t provide.
OK, that was four reasons. I’m sure you’re terribly upset.
(Side note: The asmutils demo disk is 619K in size. Most of that is the Linux kernel. The rest of it is 114 standard Unix utilities, written in 32-bit x86 assembly language. A great many of them are under 1K in size. The shell is a mere 4.5K and it’s surprisingly usable, with history and command completion.)
Making the asmutils disk can be a challenge. Fortunately there’s a Windows disk utility that’ll directly read and write those raw images.
OK, so you’ve got your 619K Linux distro, and you’ve got it written to disk. Boot a system with the to-be-wiped drive in it, then type the following commands:
mknod /dev/zero c 1 5
mknod /dev/random c 1 8
mknod /dev/urandom c 1 9
Now you can overwrite the drive.
dd if=/dev/random of=/dev/hda
This command will overwrite the primary master hard drive with garbage data.
dd if=/dev/urandom of=/dev/hda
This command will overwrite the primary master hard drive with slightly less random garbage data. It’ll also be faster. It’s more than sufficient for our purposes–close approximations of true randomness are needed for encryption, but they’re not necessary for data destruction.
dd if=/dev/zero of=/dev/hda
This command will overwrite the primary master hard drive with zeros. Primary slave is /dev/hdb, secondary master and slave are /dev/hdc and /dev/hdd, respectively.
For a secure wipe, overwrite the drive seven times. This command line will do the trick.
dd if=/dev/urandom of=/dev/hda ; dd if=/dev/zero of=/dev/hda ; dd if=/dev/urandom of=/dev/hda ; dd if=/dev/zero of=/dev/hda ; dd if=/dev/urandom of=/dev/hda ; dd if=/dev/zero of=/dev/hda ; dd if=/dev/urandom of=/dev/hda
Yeah, it’s obnoxious to type, but then you can leave it and if it takes all weekend to overwrite seven times it doesn’t matter.
David Farquhar is a computer security professional, entrepreneur, and author. He started his career as a part-time computer technician in 1994, worked his way up to system administrator by 1997, and has specialized in vulnerability management since 2013. He invests in real estate on the side and his hobbies include O gauge trains, baseball cards, and retro computers and video games. A University of Missouri graduate, he holds CISSP and Security+ certifications. He lives in St. Louis with his family.
Hi, for a DOS utility (about 56K in size), check out
Active @ KillDisk at http://www.killdisk.com
Dev T
Interesting DOS programs at http://www.opus.co.tt/dave
Trinidad and Tobago Computer Society at http://www.ttcsweb.org
I should have known Dev would have something… He always does.
That he does