≡ Menu

How do I permanently erase hard disk?

I am going to sell my laptop soon. Before discarding my system, I want to make sure that no one should be able to use my personal data using any method (format do not work). Is there any open source software out there that can help me permanently erase my hard disk?

The secure removal of data is not as easy as you may think. When you delete a file using the default commands of the operating system (for example “rm” in Linux/BSD/MacOS/UNIX or “del” in DOS or emptying the recycle bin in WINDOWS) the operating system does NOT delete the file, the contents of the file remains on your hard disk. The only way to make recovering of your sensitive data nearly impossible is to overwrite (“wipe” or “shred”) the data with several defined patterns. For erasing hard disk permanently, you can use the standard dd command. However, I recommend using shred command or wipe command or scrub command.

Warning: Check that the correct drive or partition has been targeted. Wrong drive or partition target going to result into data loss . Under no circumstances we can be help responsible for total or partial data loss, so please be careful with disk names. YOU HAVE BEEN WARNED!

Erase disk permanently using a live Linux cd

First, download a knoppix Live Linux CD or SystemRescueCd live CD.

Next, burn a live cd and boot your laptop or desktop from live CD. You can now wipe any disk including Windows, Linux, Mac OS X or Unix-like system.

How do I use the shred command?

Shred originally designed to delete file securely. It deletes a file securely, first overwriting it to hide its contents. However, the same command can be used to erase hard disk. For example, if your hard drive named as /dev/sda, then type the following command:
# shred -n 5 -vz /dev/sda
Sample outputs:

Fig.01: Use shred to securely delete simple files including hard disks

Fig.01: Use shred to securely delete simple files including hard disks


Where,

  • -n 5: Overwrite 5 times instead of the default (25 times).
  • -v : Show progress.
  • -z : Add a final overwrite with zeros to hide shredding.

The command is same for IDE hard disk hda (PC/Windows first hard disk connected to IDE) :
# shred -n 5 -vz /dev/hda
In this example use shred and /dev/urandom as the source of random data:
# shred -v --random-source=/dev/urandom -n1 /dev/DISK/TO/DELETE
# shred -v --random-source=/dev/urandom -n1 /dev/sda

How to use the wipe command

You can use wipe command to delete any file including disks:
# wipe -D /path/to/file.doc

How to use the scrub command

You can use disk scrubbing program such as scrub. It overwrites hard disks, files, and other devices with repeating patterns intended to make recovering data from these devices more difficult. Although physical destruction is unarguably the most reliable method of destroying sensitive data, it is inconvenient and costly. For certain classes of data, organizations may be willing to do the next best thing which is scribble on all the bytes until retrieval would require heroic efforts in a lab. The scrub implements several different algorithms. The syntax is:
# scrub -p nnsa|dod|bsi|old|fastold|gutmann|random|random2 fileNameHere
To erase /dev/sda, enter:
# scrub -p dod /dev/sda
Sample outputs:

Gif.03: Use dod alogos of scub to wipe disk securely on Linux / Unix

Gif.03: Use dod alogos of scub to wipe disk securely on Linux / Unix

Use dd command to securely wipe disk

You can wipe a disk is done by writing new data over every single bit. The dd command can be used as follows:
# dd if=/dev/urandom of=/dev/DISK/TO/WIPE bs=4096
Wipe a /dev/sda disk, enter:
# dd if=/dev/urandom of=/dev/sda bs=4096
Sample outputs:

Gif 01: Wipe a disk using gnu/dd command

Gif 01: Wipe a disk using gnu/dd command

How do I securely wipe drive/partition using a randomly-seeded AES cipher from OpenSSL?

You can use openssl and pv command to securely erase the disk too. First, get the total /dev/sda disk size in bytes:
# blockdev --getsize64 /dev/sda
399717171200

Next, type the following command to wipe a /dev/sda disk:
# openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt </dev/zero | pv -bartpes 399717171200 | dd bs=64K of=/dev/sda
Sample outputs:

Fig.02: Use dd command with  randomized the drive/partition using a randomly-seeded OpenSSL AES cipher and pv command

Fig.02: Use dd command with randomized the drive/partition using a randomly-seeded OpenSSL AES cipher and pv command

How to use badblocks command to securely wipe disk

The syntax is:
# badblocks -c BLOCK_SIZE_HERE -wsvf /dev/DISK/TO/WIPE
# badblocks -wsvf /dev/DISK/TO/WIPE
# badblocks -wsvf /dev/sda

Sample outputs:

Gif 02: Wipe a disk using badblocks

Gif 02: Wipe a disk using badblocks

Other options

Darik’s Boot and Nuke (“DBAN”) is a self-contained boot floppy (CD ISO also available) that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction. Download dban. Also don’t forget to read dban frequently asked questions. Please note that DBAN works well with MAC, PC (windows os) and Linux/BSD based system. Once you used the shred command or DBAN live cd on your disk, you can sell your laptop.

Share this tutorial on:
{ 10 comments… add one }
  • dban December 3, 2011, 10:18 pm

    DBAN now works best with flash drive – just don’t forget to set your computer to boot to USB first.

  • Becky Wright April 29, 2013, 10:35 am

    Thanks for sharing this article! It gives me an idea on how to delete my personal data and information. Noted this one!

  • Neo Jensson December 18, 2013, 2:51 pm

    One free over writing tool is ErAce. It can be downloaded from erace.it or sourceforge

  • RH User January 12, 2014, 9:42 pm

    Thanks for the tutorial. It solved my issues.

  • Caracal August 7, 2014, 5:49 pm

    According to “man shred” the default is 3 rather than 25

  • Danielle Costantino August 21, 2016, 12:30 am

    Using full disk encryption like AES-256 (or stronger encryption) when writing your data to a storage pool, then deleting your key is a sure fire way to ‘erase’ a drive. If that isn’t an option, and you are interested in securely erasing an SSD, you will have to force the drive to overwrite all over provisioned pages, and with some drives implementing dedup, pattern elimination and other data services, writing non random data to your drive may not actually write it out to your media. As said above, garbage collection, wear leveling, scrubbing, and journaling makes it very difficult to truly ‘erase’ your data, you will need to write over every page (the entire lba range) at least 3 times with random data before you can be sure that your data is gone.

  • Mark Lord August 21, 2016, 1:02 am

    Let the drive’s firmware do it for you:

    hdparm --security-set-pass NULL /dev/sdX
    hdparm --security-erase NULL /dev/sdX

  • stampeder August 21, 2016, 8:58 am

    The shred command has some weaknesses explained in its man page having to do with certain journalled file systems not committing the actual changes to disk either immediately or ever. Use one of the other options for permanently erasing a disk, with dd being the one you’ll find on any Linux/Unix’s standard install.

  • Erik August 21, 2016, 11:25 pm

    There is a problem when using the overwrite methods with SSD:s. SSD:s have internal logic to reduce wear out. More or less you never know where something is written to the disk and “overwriting” will generally not overwrite! Thus you need to use tools designed for SSD:s if you want to erase the data. For more information see for example: http://www.makeuseof.com/tag/securely-erase-ssd-without-destroying/

  • David August 22, 2016, 1:46 pm

    The idea of needing multiple passes to erase hard disk data is a myth, based on a single highly hypothetical thought-experiment, and kept alive by companies selling expensive “secure erase” hardware and software to paranoid organisations. A single overwrite of zero (dd if=/dev/zero of=/dev/sdX bs=1M) will render the hard disk totally unrecoverable.

    Secure erase ATA commands will also do this perfectly well.

    For flash disks, the process is a bit more complicated. Secure erase is probably the best solution. Overwriting with zeros may leave the original data in some of the flash sectors, especially if the drive has transparent compression. But even if the data is in the flash chips, it takes very specialised hardware and software to read it out, and a great deal of time and effort. And all the physical to logical mapping data will be lost, leaving the would-be data thief with an enormous jigsaw puzzle with most of the bits missing.

    So if you suspect that the NSA are after you, destroy the disk physically. If not, a secure erase ATA command or a single dd of zeros is all you need.

Security: Are you a robot or human?

Leave a Comment

You can use these HTML tags and attributes: <strong> <em> <pre> <code> <a href="" title="">


   Tagged with: ,