Permanently Delete Files From Hard Disk Drive

Gone
You've probably read stories of someone getting an old computer and finding megabytes of sensitive or personal data stored on the hard disk drive. Simply deleting a file does not remove the data from the disk.

When you delete a file, the Operating System does not remove the data itself, it only deletes a reference to the data for that file. It erases details about the location of the data stored on disk. An table entry is deleted. The data itself is not touched. It continues to sit there on disk. Over time and with usage, some data is overwritten, as the Operating Systems uses more disk space. But this in itself is no guarantee that sensitive or personal data on disk, cannot be recovered.

There are stacks of free utilities to recover or undelete files. Google undelete utility and see how many free utils exist for download.

Even running a format will not delete the data residing on disk. A normal format (a high-level format) only lays out the disk with sectors and writes up a table for the new layout. Its still possible to recover old data after a format.

To permanently remove data from disk, you need to overwrite every binary digit (bit) of every sector on disk with zeros or random garbage.

There are a number of ways to achieve this:

Zero Fill Disk Drive

Zero filling a disk drive overwrites the existing data with a zero. All data on disk is represented by 1's and 0's. Overwriting every digit with a zero effectively fills the disk with... err zero. There will be nothing useful on disk.

To zero the first partition on an EIDE drive use the following command:

dd if=/dev/zero of=/dev/hda bs=1M

For a the second partition use:

dd if=/dev/zero of=/dev/hdb bs=1M

For the third partition use:

dd if=/dev/zero of=/dev/hdc bs=1M

As you can see you increment the letter (hda, hdb, hdc) for the next partition.

If its a SCSI disk or a SATA drive use:

dd if=/dev/zero of=/dev/sda bs=1M

For a the second partition use:

dd if=/dev/zero of=/dev/sdb bs=1M

Etc, etc, etc.

DBAN - Darik's Boot And Nuke

Download and burn a copy of DBAN - Darik's Boot And Nuke

This utility will permanently wipe any existing from your disk by overwriting it, so no data can be undeleted or recovered. DBAN overwrites the whole disk with zeros or randam garbage. DBAN also overwrites the partition table, making data recovery virtually impossible.

DBAN is fairly easy to use. After downloading, and burning to compact disk. Place CD in drive and reboot. (You may need to change the boot order in the BIOS). DBAN gets to work, re-arranging those bits. On older, slower hardware, it can take some time to wipe clean. Consider running overnight. DBAN runs unattended and is useful for wiping several disks.

DBAN is a Linux derived product.

Wipe Utility

A nice utility is Wipe. Its available in the main repository Debian or Ubuntu repositories for download.

aptitude install wipe

You have an easy to use utility to securely wipe and permanently erase data from your disk drives. From the man page:

wipe -rcf /home/bark/text/

Wipe every file under /home/bark/text/ including /home/bark/text/. Recursive wipe (-r) and don't ask for confirmation (-f). Files without correct permission will be chmod'd (-c).

wipe -kq /dev/sdb1

Wipes all data from the first partition on the second SCSI/SATA disk drive, using the quick option (-q). Before starting it will ask you to confirm.

On a fast multicore machine, an 18GB SCSI disk took 7 mins to wipe with four passes. A 72GB SCSI disk took 26 mins with four passes. For large size disks you probably want to run the Wipe utility overnight.

Done!