Personal and Small Business Technology

Wiping a Disk Drive Prior to Recycling

A neighbor recently asked me what to do with some old hard drives before sending them to recycling. The article that follows gives the procedure that will wipe a disk drive in a secure way prior to sending a machine out for repair, donating it or recycling it. You should read the documentation for each method to determine whether or not it meets your information security needs: no one really knows what will the NSA can do and other state-funded intelligence agencies can do, but these methods should be sufficient for most people.

If you have a lot of disks to wipe and they are SATA drives, you can get a USB attachable disk drive duplicator so that you don't have to open up a machine each time you need to change drives. You should allow 2-3 hours per 100G of space on the drive for a 3-pass method, depending greatly on the speed of the machine that you are using; on a machine less than five years old, this will be I/O bound by the speed of the drive and USB connection, but on older machines, it will be CPU bound and will take days on a really old machine. If you are in a hurry to donate a laptop or netbook, it may be fastest to remove the drive from machine, use a fast desktop to wipe it, and then put it back in the laptop.

The first three sections of this article are aimed at donating drives that have been removed from a machine or USB drives. If you are donating a whole machine, you can create a bootable Ubuntu Linux disk, and wipe the machine from that disk as described Standalone Ubuntu Bootable DVD.

Before wiping a drive, make SURE that you have backups of the drives on your computer that you intend to keep and that you are wiping the drive that you intend to wipe, as you can easily wipe the wrong disk if you are not careful. The article is divided into the following sections:

Windows

I have not used any of the Windows programs; I have a Linux machine and it is much easier to do there. On Windows machines, perhaps the preferred way to wipe a disk is to use one of two utilities provided by Microsoft:

  • SDelete available from Microsoft Technet
  • Diagnostics and Recovery Toolset. Unfortunately, the toolset isn't really available to individuals or small businesses, as it requires a volume licensing agreeement.

OS X

On OS X, there are two free alternatives. One is part of the disk utility in recent versions of OS X and the other is available in the MacPorts utilities.

Disk Utility

To erase a disk using the Disk Utility, select the drive and select the "Erase" tab as shown in Figure 1, and then select "Security Options" which will bring up the dialog in Figure 2. The default option is not to wipe the drive. As you move to the write, the options increase from 1 to 3, and finally to a 7 pass wipe of the drive. The screen captures are taken on OS X Yosemite (10.10.1) and will look different on earlier versions of the utility. Earlier versions of Disk Utility did 1, 7 and 35 passes.

Figure 1. OS X Disk Utility Erase panel.
OS X Disk Utility Erase panel
Figure 2. OS X Disk Utility Erase panel security options.
OS X Disk Utility Erase panel security options

MacPorts bcwipe Tool

If you have MacPorts installed, bcwipe will give you a command line utility for securely wiping a disk, and will give you a 35-pass option if your version of OS X does not have a 35 pass option. Perhaps the biggest advantage of bcwipe is that it can be run as a batch script--perhaps in a cron job--to erase unused space on a regular basis.

To find the disk device name to pass to bcwipe, use


df -h

to get the filesystem name, which will look like /dev/disk1s2 which resided on the /dev/disk1 device name that would be given to bcwipe to wipe the entire drive.

Linux

On Linux, it is useful to know the commands to unmount a USB drive and detach the USB drive as two steps:

sudo apt-get install udisks
sudo udisks --unmount /dev/sdb1
sudo udisks --detach /dev/sdb

Substitute your drive letter for the “b” in sdb1 and sdb. Before wiping a drive, you will need to unmount it, but not detach it.

There are at least two alternatives on Linux. Two that I have used are listed below.

wipe

Wipe is one of the earliest tools available on Linux and has perhaps the most useful write-up on how disk drives work and on the security aspects of donating and recycling disk drives. It does not have some of the more recent standards-based wipe protocols. To install and use it, issue the following commands:


sudo apt-get update
sudo apt-get install wipe
wipe -q /dev/sdx

scrub

Scrub was written at Lawrence Livermore National Laboratory and implements the scrub policies for many government organizations. If you need to meet a particular standard, this is probably the easiest way to comply with a particular standard.


sudo apt-get update
sudo apt-get install scrub

For a basic wipe of the disk that will meet the policy for many government agencies, use the nnsa

scrub -p nnsa /dev/sdx

If you want something more secure, the following will do a 35-pass wipe, but recognize that it may take a couple of days:

scrub -p outmann /dev/sdx

Standalone Ubuntu Bootable DVD

If you are donating a machine, and do not want to remove the drives to wipe them, you can create a bootable CD and run the process from there. Be forewarned that by the time you are ready to donate a machine it is old and slow--running a wipe on an old machine may take a couple of days. Use the following steps:

  1. Download an ISO image of Ubuntu from Ubuntu Download site. Choose the 32-bit version, since it will run on everything.
  2. Burn the ISO to a bootable disk using the disk burner of your choice. Instructions for burning a DVD are available for both Windows and for OS X.
  3. Boot the machine to be wiped from the DVD. If the machine does not boot from the DVD, you will need to change the boot order in your BIOS. This will require pressing a particular set of keys while the machine is powering on to bring up the BIOS settings utility. Search on your manufacturer and model number to find out what keys to use.
  4. When you have booted from the CD, choose the option to run Ubuntu from the CD rather than install it. Make sure that the machine is connected to the Internet.
  5. Once you have booted to a desktop, open a terminal window and issue the following commands:

    sudo apt-get update
    sudo apt-get install scrub

     followed by

    scrub -p nnsa /dev/sda

  6. If the machine has multiple drives, you can start multiple terminal sessions and run the disk wipes in parallel. To get the disk names, use the command

    lsblk
     and select the three letter device names at the top of the hierachy.

This will take a few hours

Details
Category: Personal and Small Business Technology
Hits: 32862