Recently a relative of mine asked if I could get rid of a couple of old desktop computers and a laptop. The relative had removed all their important files from the computers but asked if I could securely erase the machines before sending them to the recycling centre.
In the past I would have recommended to family and friends that they should just download and use Darik’s Boot & Nuke (DBAN). However, at the time of writing this article, if you visit the website for the product you are allowed to download the tool, but you’re also given the advice that DBAN doesn’t support SSD drives, and the site now attempts to put you off using DBAN and instead up-sell to an enterprise solution.
For everyday home use – enterprise solutions aren’t necessary and usually out of a home user’s normal price range. If however you’re running an SME or need certified secure erasure then it may be worth exploring DBAN’s Enterprise option. For general day-to-day home computing I would now recommend just erasing the drive yourself using a Linux Live CD and the ‘dd’ command.
Guide to manually securely erasing a hard drive
In order to erase a hard drive (be that a standard HDD, or a modern SSD), you will first need a Linux Live Disk or USB. This requires some technical knowledge of burning disk images, however you can simplify the task using the Windows-based Linux Live application (or LiLi). LiLi is a utility created for Windows that makes it easier to create Live Linux USB’s or CD/DVD’s from a pre-defined list of Live-disk-capable Linux distributions using a fairly simple Desktop UI tool.
This guide doesn’t cover creating a Live Disk, so if you don’t know how to make one – download LiLi from the link above, install it and run it – plug in a blank USB drive of 4GB or more (or put a blank CD/DVD in your disk drive), pick a Linux distribution to download (I’d recommend the first Ubtuntu option for beginners), and click the lightning bolt to finish.
We’re going to be using the Linux ‘dd’ command to securely erase your disks, and this command is present on major distributions of Linux.
Before you begin – general safety advice
How are you planning to erase the target drive? Are you using an old machine with the drive attached internally, or are you plugging an old drive into a host PC? If you are new to Linux and doing the latter where the drive is plugged into a host machine, take extreme care when making a note of which drive you want to erase. You really don’t want to finish the process to discover you’ve erased the wrong disk drive and all your own data is gone!
Boot your Linux Live disk
Once you have a Live Linux Disk or USB, make sure the Live disk is in the PC or USB is plugged in, attach any external drives that need to be erased and then start or restart the PC. Make sure to pay attention to the computer start up process as you may have to interrupt the normal startup to boot from your Live disk. All computers vary but you may need to press a function key (often F12), or enter the system BIOS in order to select the boot device.
Once you have selected your USB device or the CD/DVD drive to boot from, The Linux Live Disk should begin loading – you should then see a different startup process to your normal Windows loading screens.
Ignore any install prompts at the Desktop
Most Live disks are designed to demo or make it easy to install the Linux distribution you have chosen. Once the Linux desktop has loaded make sure to ignore any prompts to begin installation and if the Live Disk offers it, click any “Try me” option to just run as a Live disk.
Look for Disk Management
Once you’re in your Live CD’s UI, you should have a working Linux desktop with access to most of the standard Linux features. Navigate around the Launch menu and look for a Disk management utility (most Linux distros will have something equivalent to Windows Start menu – this will usually be bottom-left or top-left of the Desktop depending on the distro you chose).
Once you have located the Disk Manager and started it, it should list all the physical hard drives attached to the PC. You should see a small drive (probably about 4GB) which will be your Live disk. You should also see a hard drive or drives that contains your main computer hard disks. Look for one that matches the size of the disk you want to erase and make a note of the system path/drive name. The hard disk will most likely have a name like “/dev/sda1” or “/dev/sdb1”.
If you can’t distinguish between drives easily, all Linux distributions have a file explorer. Open the Explorer and identify the drive by the content. Be sure once you are done identifying the drive to “unmount” the drive afterwards. You can usually do this by right-clicking the drive in the explorer drive list and choosing to unmount. Make sure any open windows accessing the drive are closed first otherwise you may be told it cannot be unmounted.
All Linux distributions should have a command line interface called Terminal. If you can’t find it, see if there is one called XTerminal or XTerm. Open the Terminal application so that you can see a command prompt that looks something similar to:
Depending on distribution, you may not see anything before the # symbol – please be aware that you may also be using the distribution where the command prompt character is something other than # (some distributions can also commonly use a $ sign).
Running the dd command to erase the drive
If you aren’t familiar with the ‘dd’ tool, it is primarily used to copy disks – you can use the tool to completely copy one drive to another to perform backups or clone disks. But you can also use it to erase a drive by specifying the source of the copy as /dev/zero or /dev/urandom – two system paths which generate data.
So here’s the basic erase drive command:
~# sudo dd if=/dev/zero of=/dev/sda1
Please note that “/dev/sda1” needs to reflect the drive you wish to erase!
This command will reset all the bytes to zero in the disk partition /dev/sda1. The time taken to complete the command will vary on the type of drive and the size. For a standard magnetic disk HDD, the zero-writing can take about 5 mins per Gigabyte. So crack the calculator out to get an idea of how long it will take. The ‘dd’ command will keep writing to the target drive until it has filled up the drive. Please also note that in this instance, “/dev/sda1” is Partition 1 on a drive, so the command will only erase Partition 1. To do the entire physical drive (regardless of how many partitions are on the drive), use the drive name without the number – eg: /dev/sda to erase everything on the physical disk. Again – please make sure you are erasing the right target drive. If you have plugged in your disk to erase as the second disk drive in a machine it may show as “/dev/sdb”.
Running erases once is not enough
Despite the above command resetting all bytes to zero, deep forensic analysis of the drive could still potentially recover erased data, as it can be possible on magnetic media to assess the previous state of a data bit based on the polarity strength of the stored magnetic value on the disk. So, in order to ensure you completely erase all the data on the drive and make it near-impossible for recover, you need to factor in multiple erasure cycles. A minimum of two erase cycles should be what to aim for to obscure personal data, but do bare in mind that the current recommended processes for industry grade deletion is a minimum of at least seven erasures!
Better secure deletion with /dev/urandom
Instead of using /dev/zero, run the following command:
~# sudo dd if=/dev/urandom of=/dev/sda
This will assign random bytes during the write process, and like the /dev/zero command it will continue writing until it has written to every by byte on the drive.
Safety in numbers
If you use the /dev/urandom path and run your dd command seven times or more then your data should be sufficiently erased with little-to-no risk of recovery by a nefarious third party. Just remember that to do multiple erases it can take more than 24 hours on a large disk drive!