How to use dd command to erase the data in disk

rainbow_bean · November 25, 2010, 5:09pm

how to use dd command to erase the data in disk, such as hdisk2?

Corona688 · November 25, 2010, 5:19pm

dd is pretty simple. Be sure to unmount anything on that disk before doing this:

dd if=/dev/zero of=/path/to/device bs=65536

the bs=65536 is optional, just makes it a bit more efficient by writing more at once.

dd will also work on partitions.

What to do with the disk after is less simple, since the filesystem and even the boot sector therein will be annihilated along with the files.

If you want a less drastic solution than dd-ing and reformatting, you could take a look at the shred command.

bakunin · November 26, 2010, 8:55am

Just to expand on what Corona688 has already said: i once read that some (military) paranoids don't stop here but erase disks several times (IIRC 7 times) with different hex values to make sure the overwritten bits can't be restored by some obscure means. If you want to do this prepare a stream with "0xFF"s quite like the "0x00"s from "/dev/zero" and use these two streams alternatingly to write the disk several times.

How often you do that is determined by your own level of paranoia. ;-))

I hope this helps.

bakunin

rbatte1 · November 26, 2010, 10:55am

That's not paranoid at all. We have a policy that all retired media, working or not has to be shredded. We store them up and on request a specialist company turn up with a van and shredder. The maximum permitted size of the pieces is half a centimetre square. Each item has it's serial number confirmed before destruction.

It you are going to reuse the disk elsewhere, just a simple delete will be fine if you trust yourself not to go fishing in future. Plug it in to the next server and format it ready for use. Adding it into a volume group, raid set or whatever will splat over the VTOC information anyway and then each filesystem you build will create new superblocks anyway.

If you want the info on the shredder company let me know.

Robin

Corona688 · November 26, 2010, 5:47pm

Shredding perfectly good disks is a waste of hardware and probably a warranty violation. I vaguely remember a warranty disagreement between Dell and the US military... They could hardly return the machines intact after they'd used them. They came to a rather Pyrrhic compromise: Dell got the drives back, but didn't get their platters!

It of course depends on your security standards but a simple dd if=/dev/zero of=/dev/disk will wreck the data badly enough that you'd need to hire cleanroom spacesuit people and their special machine to have any hope of retrieving it. With 7 overwrites, not even that.

The shred utility I mentioned earlier does that kind of destructive overwrite at the file level, on filesystems that support it, letting you securely delete a file without needing to reformat. Of course that's no guarantee there's nothing unwanted in unlinked sectors somewhere.

fpmurphy · November 26, 2010, 9:41pm

According to the 2006 NIST Guidelines for Media Sanitization, only one wipe of a disk using dd or dcfldd is necessary. See http://csrc.nist.gov/publications/nistpubs/800-88/NISTSP800-88_rev1.pdf.

frank_rizzo · November 27, 2010, 8:27pm

hopefully these are local disks(SCSI/SSA). if it is SAN - it is still good to wipe the disks but you cannot truly know where the data is behind the scenes. you can also use the diag erase disk procedure.

rbatte1 · November 29, 2010, 5:42am

I completely agree. Do we not have a contract with an engineering company that everything is guarenteed cleaned/destroyed by them anyway? I don't know.

Any new disk we recieve from the engineers may actually be someone else's, but we always run the formatting utilities through to prove we have a good disk anyway.

If we didn't and was able to find something, I wouldn't know how to go about "selling" it anyway. No point to me, just give me the hardware I neeed and I will just use it.

kah00na · November 29, 2010, 10:38am

The absolute most secure way to wipe data off a disk is to run a drill through it two or three times. The data will be 100% unrecoverable.

rbatte1 · December 9, 2010, 9:46am

Apparently, data can still be recovered from media fragments over 0.5 cm, hence why we shred to below this size.

I would expect that you have to quantify what risk the data is and then consider the media before deciding how safe you want to be. Most of our data is:-

Within a database (so some scrambling/compression there)
Multiple allocations of space shared withint he database (fragmentation)
External logical disks formed from virtual slices of 12 disks in a RAID5 set

.... yet, we still shred these disks if any are replaced because we handle personal and financial data. Paranoia? Possibly. Of course this could be fuelled by the manufacturers of the shredders, if one was to be cynical

Robin