Scrubbing, Shreding, Nuking Old Data

by Chris Josephes

Related link:

I'm working with a cabinet full of leased servers that need to be returned to their original owners in a few days. I don't want to risk having data exposed to whoever might use the equipment next, so I'm scrubbing the hard drives.

Scrubbing is a process of writing data to a hard drive repeatedly in order to erase the original files. Other methods like deleting files, or removing partition tables is no guarantee that somebody wouldn't be able to recover old data, especially if they have physical access to the hard drive. In fact, it's pretty easy to reconstruct deleted files if they haven't been overwritten.

The only real way to be 100% effective is to physically destroy the drive using a blow torch, freon, sledgehammer, or similar methods. Using a scrubbing program works for most situations, and it leaves the hardware intact for later reuse.

The primary tool I'm using is called Darik's Boot and Nuke, which boots from a cd-rom or floppy, and totally overwrites the hard drive with pre-programmed patterns of data. A disk can be zimple overwritten with zeros, or it can was use an industry standard scrubbing method like the Gutman Wipe, DoD 5220-22.M, or RCMP TSSIT OPS-II.

Gutman, 5220-22.M, and TSSIT are all different standards on how to overwrite data. Each one specifies a number of passes to write over a drive, and what data to write (all zeros, all ones, or random bits). The more passes you make, the longer it will take for the drive to be scrubbed. DBAN also allows you to repeat the entire process multiple times, if you want to try and be more effective.

Once you configure your parameters, just let the program run, and go home for the day. It'll be at least 3 hours for a scrub to complete, depending on the size of your media. For more extreme cases, it will take over one day.

The one downside is the program isn't configured for headless operation. I need to answer a couple of prompts before it will start the wiping process. It would be nice if I could just boot from the CD, and have it immediately start scrubbing, but that would be a dangerous CD to leave around. According to the documentation, I can probably change the default behavior if I open the disk image and edit the syslinux.cfg file.

Another downside is it took me quite a while to actually find this tool. My first Google search term was "disk scrubbing", which sounds kind of obvious, but the term appears nowhere on the DBAN homepage.

While searching for tools like DBAN, I found two other open source programs that are also useful for destroying both individual files or hard drives.

Shred is a program in the GNU File Utilities bundle. Scrub is a program similar to Shred, developed by Laurence Livermore National Laboratory.

Both Shred and Scrub are useful if you need to destroy a specific disk, disk partition, or individual file from a running system. They can be run from the command line of the running host, and there are different options available on the method used to overwrite the data.


2005-08-04 18:11:12
I like the advice, here:

Boot from an OpenBSD/FreeBSD/Linux CD, then at the
prompt, do this:

dd if=/dev/zero of=/dev/wd0c

It takes hours, but it really does write a 0 to every sector, apparently.

2005-10-05 10:46:56
The purpose of wiping the disk is not just to go a level beyond 'clicking delete'

When you write to a sector on the disk, it isn't neatly contained. There is bleed off, and it is that residual bleed off that is recovered by professional recovery tools. They send the disk head off by less than the width of the track, and read the leftovers. The theory behind wiping, is that you will generate enough excess data that it will eventually overwrite or obscure what was left. Writing just zeros doesn't do that, at all.