hello friends! new(ish)!
Data Destruction: Difference between revisions
>M68k m (cleaned up the linux commands) |
>Se7en1 (→Individual File Wiping: Add wipe and srm) |
||
Line 19: | Line 19: | ||
** -n to specify the number of passes | ** -n to specify the number of passes | ||
** -z to add a final wipe of all 0s | ** -z to add a final wipe of all 0s | ||
Other commands include "wipe" (which is the name of two unrelated projects that do the same thing), and "srm". | |||
== SSD Drives == | == SSD Drives == |
Latest revision as of 05:37, 20 February 2022
Data destruction is the "art" and various methods to securely erase files on a Hard Drive. For data destruction, wiping the entire drive is preferable since most operating systems will leak details of your files (e.g. temporary copies of your document, mentions of it in most recently used lists, log files, registry entries, command history, etc.).
Full Drive Wiping
DBAN (Darik's Boot and Nuke) is the goto tool for drive wiping. Burn the iso to a cd or write it to a usb thumbdrive, boot from it and then it's just a matter of selecting which drives to wipe and how thoroughly you want them wiped. Using the [code]dodshort[/code] option is fine, and is recommended by DBAN themselves.
One pass is fine. Three if you're paranoid. The Gutmann 35 pass wiping is overkill. Gutmann himself has said that it's unneccesary on modern drives and even when he invented it in the 90s, many of the wipes were for different types of storage medium and the full 35 was overkill for any one device.
If you're using linux, you can use dd
:
# dd if=/dev/urandom of=/dev/sdX status=progress
or shred
:
# shred -vn 3 /dev/sdX
replacing sdX
with your disk name. If you're unsure what you disk is, use lsblk
to check. Make sure to quadruple check your disk name, as you will not be prompted after the command is executed.
Individual File Wiping
For individual files, the linux command "shred" can be used:
- $ shred -vun 3 file
- -v for verbose
- -u to remove the file after shredding it
- -n to specify the number of passes
- -z to add a final wipe of all 0s
Other commands include "wipe" (which is the name of two unrelated projects that do the same thing), and "srm".
SSD Drives
SSD drives (and flash memory cards/thumb drives) are trickier to securely erase since they perform wear leveling to preserve the life of their flash memory. This means your operating system can never be certain where data is stored on the drive. To mitigate against this:
- Encrypt from day one, so that your raw data will never be stored on the drive.
- Fill the drive to capacity with innocuous data, to overwrite as much as you can (SSDs have reserved areas which you can't get to).
- Don't rely on the TRIM/sanitize functions of the SSD to securely erase anything. These are programmed differently by each manufacturer and are not reliable.
Physical Destruction
Once you've logically sanitized your drive, you may still want to physically destroy it for paranoia's sake.
An easy way to do this is to buy yourself a set of TORX screwdrivers ($5 - $10) and open the drive casing where you can get at the platters. Be careful when handling the platters, as they may break surprisingly easily and send shrapnel flying and cut your hands. Don't try to snap them in half without thick protective gloves and something to contain the shrapnel (you might want to wear protective gloves and goggles even if you don't intend to snap them).
More expensive/industrial solutions are detailed in a fun little 31c3 talk titled Hard Drive Punch - Destroying data as a performative act .
Android
Factory resets aren't good enough to sanitize a device.
External Links
- Forensics Wiki
- A scene from the film "Core", 2003.