Erase data from your hard disk drive with these open source tools.
One of the best ways to keep your data secure is by only writing data to an encrypted hard drive. On a standard drive, it’s possible to view data just by mounting the drive as if it were a thumb drive, and it’s even possible to display and recover even deleted data with tools like Scalpel and Testdisk. But on an encrypted drive, data is unreadable without a decryption key (usually a passphrase you enter when mounting the drive.)
From our partners:
Encryption can be established when you install your OS, and some operating systems even make it possible to activate encryption any time after installation.
What do you do when you’re selling a computer or replacing a drive that never got encrypted in the first place, though?
The next best thing to encrypting your data from the start is by erasing the data when you’re finished with the drive.
Responsible caretaker
I’m frequently called on to help clients upgrade an old computer. Invariably, they’re more than willing to help me recycle them so that they can be used by someone else. I’m happy to refurbish these older computers and refit them with a newer solid-state drive, dramatically improving performance.
However, it’s not a good idea to just throw an old drive in the trash. It needs to be erased and then disposed of properly. Rather than leave the drives in the original computer, I remove them, place them in a drive enclosure, and connect them to my Linux computer. Several Linux utilities can easily accomplish this. One of them is the Gnu Shred tool.
GNU Shred
<span class="co4">$ </span><span class="kw2">sudo</span> <span class="kw2">shred</span> <span class="re5">-vfz</span> <span class="sy0">/</span>dev<span class="sy0">/</span>sdX
Shred has many options:
- n – the number of overwrites. The default is three.
- u – overwrite and delete.
- s – the number of bytes to shred.
- v – show extended information.
- f – force the change of permissions to allow writing if necessary.
- z – add a final overwrite with zeros to hide shredding.
Use shred --help
for more information
ShredOS
ShredOS is a live Linux distribution with the sole purpose of erasing the entire contents of a drive. It was developed after a similar distribution, called DBAN, was discontinued. It uses the nwipe
application, which is a fork of DBAN’s dwipe
. You can make a bootable USB drive by downloading the 32 bit or 64 bit image and writing it to a drive with the dd
command on Linux and macOS:
<span class="co4">$ </span><span class="kw2">sudo</span> <span class="kw2">dd</span> <span class="re2">if</span>=shredos.img <span class="re2">of</span>=<span class="sy0">/</span>dev<span class="sy0">/</span>sdX <span class="re2">bs</span>=4M <span class="re2">status</span>=progress
Alternately, you can use the Etcher tool on Linux, macOS, and Windows.
The dd command
A common method for erasing drives is with the Linux dd
command. Nearly every Linux installation comes with the dd
utility installed. Make sure that the drive is not mounted.
<span class="co4">$ </span><span class="kw2">sudo</span> <span class="kw2">umount</span> <span class="sy0">/</span>dev<span class="sy0">/</span>sdXY <span class="re5">-l</span>
If you want to write zeros over your entire target disk, issue the following command. It will probably be an overnight job.
<span class="co4">$ </span><span class="kw2">sudo</span> <span class="kw2">dd</span> <span class="re2">if</span>=<span class="sy0">/</span>dev<span class="sy0">/</span>urandom <span class="re2">of</span>=<span class="sy0">/</span>dev<span class="sy0">/</span>sdX <span class="re2">bs</span>=10M
Warning: Be sure that you know where you are on your system and target the correct drive so that you don’t accidentally erase your own data.
Nvme-cli
If your computer contains one of the newer NVMe drives, you can install the nvme-cli utilities and use the sanitize
option to erase your drive.
The command nvme sanitize help
command provides you with a list of sanitize options, which include the following:
- –no-dealloc, -d – No deallocate after sanitize.
- –oipbp, -i – Overwrite invert pattern between passes.
- –owpass=, -n – Overwrite pass count.
- –ause, -u – Allow unrestricted sanitize exit.
- –sanact=, -a – Sanitize action.
- –ovrpat=, -p – Overwrite pattern.
Here is the command I use:
<span class="co4">$ </span><span class="kw2">sudo</span> nvme sanitize <span class="sy0">/</span>dev<span class="sy0">/</span>nvme0nX
The same warnings apply here as with the format process: back up important data first because this command erases it!
Information management
The information you keep on your computer is important. It belongs to you and to know one else. When you’re selling off a computer or disposing of a hard drive, make sure you’ve cleared it of your data with one of these great tools.
This article was republished from opensource.com
For enquiries, product placements, sponsorships, and collaborations, connect with us at [email protected]. We'd love to hear from you!
Our humans need coffee too! Your support is highly appreciated, thank you!