I resell my Thinkpad and I want to make sure its old content in the harddrive is not readable. The Thinkpad has now Debian -installed but I sell it as-is so no OS needed. How can I can rewrite the harddrive so many times that it becomes unreadable with any recovery -program?
2
- Not really on topic here. I usually just use DBAN.jw013– jw0132012-11-28 22:08:22 +00:00Commented Nov 28, 2012 at 22:08
- 2See also How can I reliably erase all information on a hard drive? and Why is writing zeros (or random data) over a hard drive multiple times better than just doing it once?Gilles 'SO- stop being evil'– Gilles 'SO- stop being evil'2012-11-28 23:48:56 +00:00Commented Nov 28, 2012 at 23:48
Add a comment |
3 Answers
Boot the laptop from a USB key and then dd if=/dev/zero to your laptops hard drive.
It will write 0s (data containing blocks) to the drive, overwriting all of the data on the drive. This makes it impossible to recover data from the drive because it over-writes the previous data. When you format the drive, you don't actually write over the existing data, only the TOC (table of contents).
Difference between this method and OSX's many-times overwriting?
The difference is that OSX uses HFS+ as its filesystem, Debian uses any number of others (EXT2, EXT3, EXT4, JFFS, etc). The best, most reliable method is to shred the drive. Other than that, simply writing 0s to it is often "good enough". If you're REALLY that concerned with the data, keep the drive and replace it before you sell the laptop.
Could you clarify "boot the laptop from a USB key"? Do I need to have some distro in the USB?
You can get a recovery image and install it on a USB key (or CD) .. When you boot from that, you are not using the systems hard drive. This allows you to mount it as a regular device or format it (you can't do this on a drive you are actively booting from).
- It will write 0s (data containing blocks) to the drive, overwriting all of the data on the drive. This makes it impossible to recover data from the drive because it over-writes the previous data. When you format the drive, you don't actually write over the existing data, only the TOC (table of contents)Mark Cohen– Mark Cohen2012-11-28 22:12:08 +00:00Commented Nov 28, 2012 at 22:12
- The difference is that OSX uses HFS+ as its filesystem, Debian uses any number of others (EXT2, EXT3, EXT4, JFFS, etc).. The best, most reliable method is to shred the drive. Other than that, simply writing 0s to it is often "good enough".. If you're REALLY that concerned with the data, keep the drive and replace it before you sell the laptop.Mark Cohen– Mark Cohen2012-11-28 22:16:59 +00:00Commented Nov 28, 2012 at 22:16
- 1You can get a recovery image and install it on a USB key (or CD) .. When you boot from that, you are not using the systems hard drive. This allows you to mount it as a regular device or format it.. (you can't do this on a drive you are actively booting from)Mark Cohen– Mark Cohen2012-11-28 22:19:28 +00:00Commented Nov 28, 2012 at 22:19
Boot a live CD/USB distribution, and write random data all over the harddrives in question several times (I have seen claims that even after 10 rewrites the original information is still recoverable, but drives that carried TOP SECRET data are disposed of in a rather different manner).
Do not use /dev/urandom or even /dev/random directly as random data source for this purpose, or you'll run out of coffee waiting for the first pass to complete.
To get lots of "random data" quickly:
set up encryption device - either via
cryptsetup(which uses kernel Device Mapper) orlosetup(uses older cryptoloop, but is sufficient for this particular case, you just might need tomodprobe cryptoloopas the module usually isn't loaded by default, and without itlosetupfails with slightly cryptic - although not encrypted - message) - see man pages for details. Since you won't need to access the garbage, feel free to use data from/dev/urandom(or/dev/random) as password - this also effectively removes the need to enter a random password on each pass.dd if=/dev/zero of=<encrypted device> bs=16M
If the machine is recent enough, use algorithm which has good hardware support (AES, Blowfish, Twofish, Camelia should all give you 20-50MB/s on a reasonable processor from 2007).
Setting up and removing the encrypted partition with cryptsetup:
$ dd if=/dev/urandom bs=1c count=32 \ | cryptsetup create \ -c twofish-cbc-essiv:sha256 -s 256 -h plain garbage /dev/sda # the resulting device is /dev/mapper/garbage $ cryptsetup remove garbage Setting up and removing the encrypted partition with losetup:
$ dd if=/dev/urandom bs=1c count=32 | losetup -p 0 -e twofish /dev/loop3 /dev/sda # the resulting device is /dev/loop3 $ losetup -d /dev/loop3 
- Can you give one-liner about what should I do in the booted thing? Not
$ cat /dev/urandom > /but something else?hhh– hhh2012-11-28 23:06:28 +00:00Commented Nov 28, 2012 at 23:06 - I cannot understand
"<encypted device>"-point, could you clarify that? Is it /dev/sda -something?hhh– hhh2012-11-29 01:59:43 +00:00Commented Nov 29, 2012 at 1:59 - @hhh that was meant as a placeholder for whatever the device will be in your case. I'll update the answer.peterph– peterph2012-11-29 11:54:29 +00:00Commented Nov 29, 2012 at 11:54
Your question is about Anti-computer -forensics, Wikipedia article here. There are different kinds of ways to hide your data data or better to make it unreadable. The proactive methods contain steganography (in the best case, only the steganographist able to interrept it), encryption and obfuscation. Now you are probably interested about active methods such as disk-wiping utilities, file-wiping utilities and disk degaussing / destruction techniques.
"Disk cleaning utilities are also criticized because they leave signatures that the file system was wiped, which in some cases is unacceptable. Some of the widely used disk cleaning utilities include DBAN, srm, BCWipe Total WipeOut, KillDisk, PC Inspector and CyberScrubs cyberCide. Another option which is approved by the NIST and the NSA is CMRR Secure Erase, which uses the Secure Erase command built into the ATA specification." (Wikipedia)
There are also other methods such as trail-obfuscation and physical attacks but they are out of scope here.
DBAN
jw013 suggested DBAN here. According to Wikipedia, this method is
"achieved by overwriting the data with pseudorandom numbers". DBAN uses a dwipe -program as a part of it. I don't know how unreadable it makes the content.Some instructions here to make the DBAN USB -stick in Ubuntu.
- According to DBAN's site : No guarantee that data is removed Limited hardware support (e.g. no RAID dismantling) No customer supportMark Cohen– Mark Cohen2012-11-28 22:17:49 +00:00Commented Nov 28, 2012 at 22:17
- Steal away! :) Information is free.Mark Cohen– Mark Cohen2012-11-28 22:21:13 +00:00Commented Nov 28, 2012 at 22:21