Wednesday, January 11, 2012

Wiping Free Space Utilities

At some point in the near future, I am going to want to upgrade the hard disk on my notebook.  I will want to sell the old disk drive.  To make absolutely sure that someone can't recover sensitive information (like credit cards, Social Security numbers, etc.) from the drive, you can't just delete all the files.  There is even some question as to whether reformatting the drive is sufficient.  There are a number of utilities out there that will overwrite the free disk space and Windows swap file: http://technet.microsoft.com/en-us/sysinternals/bb897443.aspx and http://eraser.heidi.ie/, as well as these instructions for Ubuntu Linux: http://superuser.com/questions/19326/how-to-wipe-free-disk-space-in-linux.

Does anyone have any experience using these tools, and any recommendations which to use?  I don't much care about secure deletion of existing files--mostly I am concerned about being able to overwrite free disk space and swap files.

10 comments:

Aaron said...

I found Eraser - http://sourceforge.net/projects/eraser/ to be very good.

It will overwrite the entire hard drive. If you set it for 7 passes, expect it to take all night plus some for it to write-over your hard drive multiple times.

Between using it to wipe the drive with the maximum number of passes and and then doing a complete reformat and reinstall of Windows Vista I was not very concerned when I returned the computer to HP after they were unable to fix a recurring problem with it during the warranty period.

Dave in St. Louis said...

I have used Eraser for a long time now. It is quite versatile as to the level of security and will overwrite free disk space and swap files nicely.

Sigivald said...

One pass will work fine; the idea that multiples are needed is very-widespread urban legend (with some minor historical basis in fact).

The old Gutmann paper detailed 35 various pass patterns for erasing drives, based on the specific coding used - no drive needed all of them, even then; modern drives, however, are easily erased with a single pass of random data (per Gutmann himself in the appendix).

(And contra his hypothesis of using a magnetic field microscope to "read" the data previously held, it's not remotely sure that anyone can do it even in theory, and in any case it's irrelevant to your needs.

Me, I never even bother trying to sell old drives; the transaction cost very nearly exceeds the value of them, and they're more useful in a case a portable drive anyway...)

Clayton said...

Sigivald: Thanks for the additional information. I was not particularly worried about the FBI or NSA recovering my data.

Nathan Mates said...

What's the manufacturer of the HD? If you poke around the manufacturer's website, some of them hand out a bootable .iso you can burn to CD. Then boot that, and it has an option to write zeroes to the entire HD. I've used Western Digital's utilities to do just that.

If you're on the cheap, boot a *nix boot/install .iso. (I generally use FreeBSD 8.1's liveFS disc) Fire up a command prompt, and do

dd if=/dev/zero of=/dev/hda obs=4096

That reads from /dev/zero -- which is as it sounds -- and writes it to /dev/hda , which is the first drive on Linux. It's /dev/ad1 on FreeBSD here. Do some ls'ing in /dev to determine the correct path. The obs=4096 means it writes 4K at a time. May take overnight to write out zeroes over the entire HD.

Anthony said...

Nathan's method should work, though you might get better results using if=/dev/random and running it twice. Check to see if the drive is sellable for enough to make it worth not using for target practice.

Anthony said...

Nathan's method should work, though you might get better results using if=/dev/random and running it twice. Check to see if the drive is sellable for enough to make it worth not using for target practice.

Mauser said...

Personally, I'm looking for a good Defrag. Not like what the Windows Defrage or Defraggler do. Well, on the Mac that was called Defragging, I've since learned on the PC it's called "Optimizing" where files are not only made contiguous, but the free space as well.

hga said...

I regularly use Nathon's method to reduce the compressed size of image backups, although I set the block size of both to 1M or 4M(egabytes) so that trips to and from the kernel have no chance of being the rate limiting step.

I.e.:

dd if=/dev/zero of=whatever bs=4M

And dd is so basic you can be sure it's not been gimmicked.

(If you want to get really good at inexpensive backups, get W. Curtis Preston's fantastic Backup & Recovery, which despite the subtitle tells you when you should consider commercial solutions.

But if you know UNIX(TM)/Linux, you can setup a good Windows backup system that will save your bacon when something like this happens, as long as you include using some form of rsync to a offsite repository like rsync.net. My Windows system was right next to my balcony door and I would have e.g. lost a lot of my email if not for taking such steps (of course, it wasn't accidental my backup system was designed to handle a tornado given where I live).)

BTW, my favorite live cd for this sort of thing is SystemRescueCD because I've reluctantly abandoned BSD, which I started using in 1981 (sic; bare-metaled a PDP-11/44 to BSD 2.x then)).

Marc Cote said...

We use Darik's Boot and Nuke. Open source. Single or multiple passes. If you want 100% assurance, use the old HDD as a rifle/pistol target.