Secure wiping your harddisk

This is a little FAQ about securely wiping your harddisk.

Why is deleting the files not enough ( e.g. rm -rf *)

Because this removes only the meta-data to find the data, but the data itself is still there. It could be recovered scanning the disk. Imagine it like a book where you ripe out the table of contents. You can’t find a chapter by looking up the page number, but you can flick through the whole book and stop when you find what you are looking for.

Is filling the disk with zeros enough, or do I have to use random numbers, how often do I have to rewrite my harddisk?

Magnetic Discs

The amount of bullshit, half-truth and personal opinions out there is amazing. When you try to get to scientific research results are thin. I found a paper and they did some pretty intense tests and the results are surprising (surprising in contrast to all the opinions out there).

Overwriting Hard Drive Data: The Great Wiping Controversy | Craig Wright, Dave Kleiman, and Shyaam Sundhar R.S.

The short answer is: one write with zeros completely and securely erases your harddrive in a manner, that even with special tools e.g. a electron microscope recovery is not possible.

SSDs and Hybrid-Disks (SSD-Cache + Magnetic)

Zero-filling does not work for SSDs. You have to use the Secure Erase feature every SSD has. Have a look here:
http://wiki.ubuntuusers.de/SSD/Secure-Erase

What tools should I use?

Magnetic Discs

The maintenance tools of all harddisk vendors have a option to zerofill the harddisk. Under linux you can use the tool dd to zerofill a disk.

 dd if=/dev/zero of=/dev/sdX bs=4096

to query the dd status you can send the SIGUSR1 Signal to the process. e.g. this sends the signal to all running dd-process:

#> kill -SIGUSR1 $(pidof dd)
320+0 records in
320+0 records out
335544320 bytes (336 MB) copied, 18.5097 s, 18.1 MB/s

SSDs and Hybrid-Disks (SSD-Cache + Magnetic)

Zero-filling does not work for SSDs. You have to use the Secure Erase feature every SSD has. Have a look here:
http://wiki.ubuntuusers.de/SSD/Secure-Erase

I only want to overwrite one partition, but my system freezes and I can’t work anymore during the wipe.

This limits the write speed a bit, but you can work during the wipe (only makes sense of course if you are not wiping the whole disk).

echo 15000000 > dirty_bytes

For all the backgrounds to the dirty-pages-flush have a look here:
http://serverfault.com/questions/126413/limit-linux-background-flush-dirty-pages

pixelstats trackingpixel

Leave a comment

Your comment

Time limit is exhausted. Please reload the CAPTCHA.