Recently I have been faced with the need to wipe a bunch of hard disks removed from some old (indeed, in one or two cases, very old) PCs before disposal. Normally I would have used DBAN to do this because it gives me a nice warm feeling that I have taken all reasonable steps and no-one (short of a very specialist forensic recovery laboratory) is likely to be able to read the disks thereafter. The latest version of DBAN (post version 2.0) even (supposedly) supports USB disks. I say supposedly because I couldn’t get it to work on my setup.
I have a USB to SATA/IDE disk converter which is very useful for quickly mounting disks which would otherwise need to be installed internally. The fact that DBAN can now handle such disks made it a no brainer choice when I was faced with the task of wiping half a dozen assorted disks of varying vintage. Howver, every disk I tried resulted in a DBAN failure followed by an advertising page for the commercial disk erasure product called blancco. Worse, it appears that Darik’s own web page now advertises blancco as a preferred product. Wierd.
Given the DBAN failure I had to fall back on dd. At least that works. And a wipe once with dd (dd if=/dev/zero of=/dev/sdb), followed by a repartition and reformat with gparted then another dd, this time with random data (dd if=/dev/urandom of=/dev/sdb) is probably enough to stop the the 1992 Parish Council minutes appearing anywhere they shouldn’t.
But oh boy, dd is slow when using /dev/urandom – so I cheated and stuck to /dev/zero.
5 comments
Skip to comment form
We use a version of dban a few behind the current one, I believe. Installed the CD version to USB using PenDriveLinux (irony of a Windows app, but it works). I seem to remember evaluating newer versions and they didn’t work on every machine.
It has been used with internal PATA/SATA and PCI-X cards for SCSI, SAS, SATA etc.
Only thing you must remember is to remove the USB drive after dban has uncompressed into memory.. or it detects the /dev/sdX device and lets you wipe it. Convenient feature.
Also it is worth remembering that dban does not clear data from any of the “special” sections on modern hard disks like the Host Protected Area (HPA) and wont know if a Device Configuration Overlay (DCO) has been used to resize the disk.
Author
David
Probably v1.0.7 since that was stable for some time. Certainly it is the version I used to use (and may use again now that 2.0.x seems broken). But my puzzlement stemmed more from Darik’s apparent strong support of a commercial alternative to his own free product than from concern at DBAN’s actual failures. It struck me as /really/ wierd that he would include a blatant product placement smack after the point at which his own product barfed and fell over. A bit like including an ad for MS Office in abiword, or gnumeric.
I just hope he got paid a lot of money.
Mick
Author
And neither will dd of course, because it has to access the disk through the underlying OS. But I don’t think a Seagate ST35 actually /has/ any hidden areas. And frankly, since all I’m concerned about is the Parish Council minutes, I don’t really care much if it does. I’ve wiped the disks to a standard to match the level of risk.
In that context I’ve been wondering about what would happen if you could instruct the disk to flag most of its surface as “bad sectors”. As this is handled in firmware you end up making it impossible to zap data off the disk, leaving it to be recovered by means of forensics..
A bit overkill for recovering Parish Council notes, of course, but it strikes me as an interesting theoretical exercise :).