Wiping a Hard Drive

Probably anyone reading this book is a bit paranoid when it comes to computers, most likely because you have an idea how computers really work. For instance, you know that sending an unencrypted email is pretty much like sending a postcard through the mail — anyone can read it along the way — and you also know that deleting a file doesn't really delete it.

In fact, in a well-publicized report published in 2003, tech writer Simson Garfinkel looked at 150 hard drives purchased at sales. Many of those hard drives were supposedly erased, yet Garfinkel and his team were able to recover data — including credit card numbers, bank account numbers and balances, sensitive corporate memos, email messages, and pornography — from 64 percent of them.

If you're getting rid of a computer, or just a drive, it's a good idea to really remove the data on that drive. If you don't care about the drive any longer, take a ball-peen hammer and beat it until you've destroyed the drive (be sure to wear safety goggles!), or take a drill with a strong bit and run through that sucker a number of times until your drive resembles Swiss cheese. No one — not even Jack Bauer at CTU — could recover any data off that drive.

If, however, you want to pass the drive along to someone else to use, but you don't want anyone to be able to recover any of the data on it, you have two options available on Knoppix: employing dd and using wipe. No matter which technique you use, do not mount the partitions you want to wipe. Leave them unmounted. If you're not sure which partitions are on your machine, or what Knoppix thinks they are, go to the K menu and select System → QTParted to display your drives and their partitions.

When QTParted opens, select a drive in the Device panel at the upper left. Most likely, you'll be interested in /dev/hda, your first hard drive. QTParted takes a few seconds to analyze the drive, and then you see something like what is shown in Figure 6-12 (remember, though, that your drives and partitions may vary).

Figure 6-12: QTParted shows you a graphical representation of your drives and partitions.

Make note of your drives and their partitions. In this example, there are two drives on the machine: a hard drive at /dev/hda and a CD-ROM (the one currently holding the Knoppix disk!) at /dev/hdc. The hard drive at /dev/hda has three partitions and some free space, and you need to take care of all three of those.

Employing dd

The first method involves running a script that uses the built-in dd command that comes with Knoppix (and every other Linux distro in the world, for that matter). dd duplicates disks, among other wonderful things, enabling you to make perfect copies of a hard drive, for instance. However, that's not what you're going to do now; instead, you're going to do something much sneakier. Take a look at this code:

 for (( i = 0;i<11;i++ )); do   dd if=/dev/random of=/dev/hda && dd if=/dev/zero of=/dev/hda done 

The dd command takes two parameters — if, for input file, and of, for output file — and then takes the input and writes it to the output. In this code example, dd uses the contents of /dev/random (random data generated by the system) and /dev/zero (a string of neverending ASCII zeros generated by the system) to overwrite your hard drive located at hda 11 times!

Why 11 times? The U.S. Department of Defense 5200.28 standard states that a file must be overwritten at least seven times to be considered securely wiped, but I always take my file wipe command beyond seven to 11, which means that drives are just a bit more wiped than drives wiped only 10 times. (I got the 11 from the movie This Is Spinal Tap.)

To use the dd command, boot Knoppix but don't mount the disk you want to wipe. Open Konsole and enter the following:

 for (( i = 0;i<11;i++ )) ; do dd if=/dev/urandom of=/dev/hda  
 
 f: You will not be asked for confirmation (if that makes you nervous, don't use the option).
  
 
 
 i: Print information about the command's progress on the command line. If you don't need to see this, don't use the option.
 
 
 
 k: Don't get rid of the file (in this case, a device).
 
  
 
 
 
Caution 
 
 
If you use Wipe to nuke an entire hard disk instead of just a partition (if you wipe /dev/hda instead of /dev/hda1, in other words), you will erase the Master Boot Record on the drive, which means that all of your partitioning data will be gone and you will not be able to boot using the drive any longer. This may not be a bad thing if you're planning to reinstall an OS from scratch on that drive, or if the drive is not used to boot your machine, but you should at least know about it. Besides, you can recover the MBR — maybe — if you read the "Restoring a Missing MBR" section in Chapter 4.
 
  
 
 
 wipe is a pretty powerful command; by default, it overwrites files with random data 34 times. If that number is too high for you and you want to use 11 instead, for example, change it with -Q 11 as an option to the wipe command (make sure you use a capital Q). If you're really impatient and you don't mind a superficial job, you can use -q as an option, which just wipes the drive four times (not recommended, but it's your data).
  
You can also wipe directories, if you'd like, instead of entire drives, by first mounting the partition containing the directory and then using this command:
  
 $ wipe -fickr /mnt/hda2/secretstuff/ 
  
 The c option uses the chmod command to set write permissions so that everything can be written over, while the r recourses through the directory structure, wiping everything in its path. The command taken together with its options writes over the contents of the secretstuff directory 34 times, but leaves the directory itself alone. If you want the directory to go bye-bye as well, omit the k option.
  
Now don't you feel safer? Go ahead and donate those old computers to charity with a clean conscience, assured that no one will ever find your collection of … whatever it is that you have on your hard drive.
  
 
 
Note 
 
For more on wipe, try man wipe or check out the project's Website at http://wipe.sourceforge.net.