Wiping your disk drive clean

12042

 

Everybody who owns a computer will someday need to dispose of a disk drive. Before you do, it is a good idea to cleanse the drive, so no one can read your sensitive information. Deleting files and reformatting is not sufficient; determined effort can still reveal data from a drive even after it appears to be gone. To do a more thorough job, I suggest using wipe.

 

 

You need to take special pains because files that are “deleted” are not really gone. Most operating systems, including Linux and its ext2 filesystem, just delete the pointer to a deleted file; the data still exists on the drive. It is not effectively removed until every bit of the space it was occupying on the drive has been overwritten. Even then there are ways, albeit difficult, to analyze the drive and extract data. The only way, short of melting the drive, to ensure the data is gone for good is to overwrite the drive several times with random data.

Several Linux utilities can cleanse files and drives, and all do the same thing. Wipe has more options than some of the other tools, including the ability to erase a block of data on a partition.

If the target drive is installed in a working system, the easiest way to clean it is to run wipe off of a Linux live CD. Knoppix, the granddaddy of Linux live distributions, comes with a ready-to-use version of wipe. To get started, download and burn the latest version of Knoppix, then put the CD in the CD drive of the target machine and boot. If all goes well, Knoppix should boot and present the KDE interface.

Launch Konsole, KDE’s terminal emulator, using the icon in the bottom toolbar. Find the partition names of the target hard drive by listing all of the disk devices in the /dev directory. For IDE drives, run ls /dev/hd*. For SCSI drives, use ls /dev/sd*. The command should list several items. The primary drive is typically /dev/hda or /dev/sda. There will be an item in the output for every partition on the device.

It should go without saying that running wipe will nuke everything on the target file system. Everything beyond this point is destructive, so make sure anything important is backed up.

Wipe’s developers suggest only wiping one partition at a time, so for every partition, including the swap partition, run the command sudo wipe /dev/partition. Use the sudo command so that there are no permission errors. The wipe process will take several hours to complete for a moderate-sized hard drive. If you want it to go faster you can tell it how many passes you want it to make by using the -Q option with a number less than the default of 4. However, the more passes wipe makes, the better the protection, at least in theory.

If the target drive is not in a working machine, you can place it in a USB enclosure and attach that to a Linux machine. Note that most window managers will automatically mount external USB storage devices when they are attached; unmount the drive before running wipe. If wipe is not already installed on the machine, install it using your distribution’s package manager. Next, launch a terminal session, find the device, and run wipe on each partition, using the command above.

Using wipe does not absolutely guarantee that data on the drive cannot be recovered, but it goes a long way in making it difficult.