About nixCraft

Topics

Linux / UNIX Software that make retrieving the data more difficult with Department of Defense ( DoD 5520.22-M ) compliant disk / file wiping

Posted by Vivek Gite [Last updated: June 15, 2008]

If you ever worked for Government or Defense organization, you may come across a request for Department of Defense (DoD) compliant disk wipe program to remove files / disk securely. There are many programs exists for doing the same job. One of my favorite program is scrub, which writes patterns on special files (i.e. raw disk devices) or regular files to make retrieving the data more difficult. Scrub implements user-selectable pattern algorithms that are compliant with DoD 5520.22-M or NNSA NAP-14.x. The dod scrub sequence is compliant with the DoD 5220.22-M procedure for sanitizing removeable and non-removeable rigid disks which requires overwriting all address able locations with a character, its complement, then a random character, and verify.

Download scrub

You can download scrub here. The package is available in both source and binary releases for
=> Redhat Enterprise Linux (RHEL 4 / 5)
=> Debian / Ubuntu Linux
=> HP-UX UNIX
=> Mac OS etc

How do I use scrub?

Scrub operates in one of three modes:

  1. The special file corresponding to an entire disk is scrubbed and all data on it is destroyed. This mode is selected if file is a character or block special file. This is the most effective method.
  2. A regular file is scrubbed and only the data in the file (and optionally its name in the directory entry) is destroyed. The file size is rounded up to fill out the last file system block. This mode is selected if file is a regular file.
  3. file is created, expanded until the file system is full, then scrubbed as in 2). This mode is selected with the -X option.

Examples

Scrub mysensitive.file.txt file, enter:
$ scrub mysensitive.file.txt
Output:

scrub: using NNSA NAP-14.x patterns
scrub: padding mysensitive.file.txt with 3998 bytes to fill last fs block
scrub: scrubbing mysensitive.file.txt 4096 bytes (~4KB)
scrub: random  |................................................|
scrub: random  |................................................|
scrub: 0x0     |................................................|
scrub: verify  |................................................|

To use patterns compliant with DoD 5220.22-M, enter:
$ scrub -p dod mysensitive.file.txt
Output:

scrub: using DoD 5220.22-M patterns
scrub: padding mysensitive.file.txt with 3998 bytes to fill last fs block
scrub: scrubbing mysensitive.file.txt 4096 bytes (~4KB)
scrub: 0x0     |................................................|
scrub: 0xff    |................................................|
scrub: random  |................................................|
scrub: 0x0     |................................................|
scrub: verify  |................................................|

Erase /dev/sda1 - the special file corresponding to an entire disk is scrubbed and all data on it is destroyed, enter:
# scrub /dev/sda1

Related recommended program

Please note that following programs are not compliant with DoD 5220.22-M or certified, but sufficient for home users.
=> wipe, shred and srm utilities.

See also:

E-mail this to a Friend    Printable Version

You may also be interested in other helpful articles:

Leave a Reply

We encourage your comments, and suggestions. But please stay on topic, be polite, and avoid spam. Thank you very much for stopping by our site!

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Tags: , , , , , , , , , , , , , , , , , , , , , ,

Copyright © 2004-2008 nixCraft. All rights reserved - TOS/Disclaimer - Privacy policy - Powered by Open source software.