Steps to Wipe the Hard Drive Completely
As we all know, mkfs doesn’t erase a lot.mkfs and its variants (e.g.,
mkfs.ext3 and mke2fs) only get rid of a few important data structures on
the filesystem, but the data is still there! For a SCSI disk connected
as /dev/sda, a quick
dd if=/dev/sdb | strings
will let anyone recover text data from a supposedly erased hard drive.
Binary data is more complicated to retrieve, but the same basic
principle applies: the data was not completely erased.
To make things harder for the bad guys, an old trick was to use the ‘dd’ command as a way to erase a drive.
To make things harder for the bad guys, an old trick was to use the ‘dd’ command as a way to erase a drive.
Note: This command will erase your disk!
dd if=/dev/zero of=/dev/sda
There’s one problem with this: newer, more advanced, techniques make it
possible to retrieve data that were replaced with a bunch of 0s. To
make it more difficult, if not impossible, for the bad guys to read data
that was previously stored on a disk, Red Hat ships the “shred” utility
as part of the coreutils RPM package. Launching “shred” on a disk or a
partition will write repeatedly (25 times by default) to all locations
on the disk.
Note: Be careful with this one too!
shred /dev/sda
Note: Be careful with this one too!
shred /dev/sda
This is currently known to be a very safe way to delete data from a
hard drive before, let’s say, you ship it back to the manufacturer for
repair.
No comments:
Post a Comment