Saturday, 2 March 2013

Securely Wiping Computer Hard Drives Before Discarding

Expert Author Neil Sikka
In the Linux operating system(which is free), the super user(root) has raw access to disks and partitions on the disks in the machine. The general idea is to write random data generated by the Linux operating system, to the hard disk.
The situation often arises where an individual needs to throw away an old computer, but does not want the data on the disk of the old computer to be accessible if someone retrieves it via dumpster diving. There might still be data stored in the motherboard or some of the peripherals, but that is beyond the scope of this article. Ideally, the disk platters should be physically destroyed, but due to hardware or cost constraints, this might not always be possible.
A free way to wipe the data on the disk involves using a bootable Linux disk to write random data to the disk multiple times. Here is the general procedure:
  1. Boot the machine off a Live Linux disk such as Knoppix, BackTrack or Gentoo installation disk
  2. Identify the dev node in /dev corresponding to the disk that is to be wiped.
  3. Use dd to read pseudo-random data from the kernel and write it to the disk.
1) Booting off a Live Linux Disk
Live Linux disks are CDs/DVDs that a compatible computer can be booted from rather than booting from the Operating System installed on a hard disk. Live Linux disks are useful when the user wants to use the computer without leaving any trace behind, or modify the hard disks in the computer without booting the Operating System installed on them. BackTrack Linux is one such Live distribution of Linux and can be downloaded free at http://www.backtrack-linux.org/.
2) Finding the Dev Node
One way to find the right dev node is to match the known capacity of the disk in bytes with that reported in /proc/partitions. There should be some indication of capacity on the sticker of the disk. If not, the model number found on the sticker of the disk can be searched online and the capacity can be found that way. In Linux, both the raw disks and the filesystems on those disks appear as dev nodes in /dev. Since the goal is to wipe the whole disk rather than just a partition, the disk's dev node rather than the partition's dev node must be used. The disk and the partitions listed in /proc/partitions can be differentiated by looking at the last character in the name. Usually, partitions end in a digit, while disks end in a letter. The dev node to use is the file in /dev with the same name as the desired line in /proc/partitions. For example, sda refers to the first disk, while sda1 refers to the first partition on the first disk. In the example below, the computer has only 1 hard disk, sda. The sda disk has 2 partitions, sda1 and sda2. In order to wipe the disk, the /dev/sda dev node will be used.
I go through the exact steps that one would type into the Linux command line here:
http://www.neilscomputerblog.blogspot.com/2012/10/securely-wiping-computer-hard-disks-for.html
Check out my blog:
http://www.neilscomputerblog.blogspot.com/
Article Source: http://EzineArticles.com/?expert=Neil_Sikka

No comments:

Post a Comment