FYI: Wiping a hard drive really clean

Mon Jun 6 07:37:25 PDT 2005

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Matthew Carpenter wrote:

> Mike Reinehr wrote:
>
>
>> I just threw out /dev/random on a whim. I imagine that there
>> might be a particular pattern, like is used in testing RAM, that
>> might guarantee a successfull wipe in fewer passes.
>
> As a forensic analyst, please use /dev/zero :)
>
> If you use the drive again and it's new incantation is compromised
> or use for bad things (like kiddie porn) the job is made easier
> when unused space is all zeros. (let your 1's be 1's and your 0's
> be 0's :)

I promised an update.
I ended up stopping the job using /dev/random because after a week it
had only written to 1/3 the drive.  Compare numbers below (the wipe
using /dev/zero completed successfully).  Look at number of seconds
and number of bytes specifically.

- ------------------------------------------------
root at sherlock:/home/cmnc507 # time dd if=/dev/random of=/dev/sdb
bs=1048240
0+387573 records in
0+387573 records out
30019584 bytes transferred in 705308.439847 seconds (43 bytes/sec)

real    11755m8.441s
user    0m0.019s
sys     0m0.921s

root at sherlock:/home/cmnc507 # time dd if=/dev/zero of=/dev/sdb bs=1048240
dd: writing `/dev/sdb': No space left on device
954207+0 records in
954206+0 records out
1000237400064 bytes transferred in 61791.766641 seconds (16187228
bytes/sec)

real    1029m51.768s
user    0m2.464s
sys     13m26.339s

- --
Matthew Carpenter
matt at eisgr.com                          http://www.eisgr.com/

Enterprise Information Systems
* Network Server Appliances
* Security Consulting, Incident Handling & Forensics
* Network Consulting, Integration & Support
* Web Integration and E-Business
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.5 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCpEWKso9lqh4MragRAjUsAJwKEQbVvsnj0kXil9dgLpsZDfoJgwCgtNNc
qwYx3iZ5/ZWiDYtdhU5x/C8=
=PY7a
-----END PGP SIGNATURE-----