Another entry on DBAN (boot disk to securely wipe a hard drive)
This kind of get’s glommed into hardware, software and security categories all…. I’ve mentioned DBAN a couple times already (Darik’s Boot and Nuke). I had a chance to sit down this afternoon to nuke a few disks I’ve collected over the last little while and thought I’d pass along some points on the DBAN for securely wiping the contents of hard drives. First, no matter what you do to a drive, there may be a data recovery center that can get something from it. I’m talking clean rooms, 1000’s of dollars and some good forensic recovery techniques. Why?
One way I’ve understood it explained is this…. imagine your hard drive is a record. The data is in the grooves right? OK, we’ll since there aren’t really grooves it’s a solid magnetic surface this next part will make a bit more sense. Over the life of the drive there are slight variations in the track that the read/write head follows over the surface of the drive. Not big changes, tiny changes. For that reason you might have a swath of data written once, and when it’s overwritten, maybe there’s a “shadow” at one edge. This is one principle of hard drave forensic data recovery. (From what I understand.)
OK – but for most of us we’re not concerned about high priced data recovery labs trying to pull stuff back off of the hard drive. So for MOST purposes DBAN is a good solution. (No one said it’s a fast solution on the highest security wipe, just a good solution. Fast != good). Anyway, DBAN should recognize AND proceed to wipe ANY RECOGNIZED internal hard drive. (XT, IDE, PATA, SATA, SCSI)
One point to note (which was a source of a bit of frustration for me today) is that USB drives, firewire drives are NOT currently supported. As of this writing DBAN is at version 1.0.6… judging by the roadmap, USB support may come along around version 1.1.0 (Anyone want to sponsor a feature? It’s crossed my mind…) So, what this means if you’ve got a notebook drive that needs wiping it needs to be working in a notebook. (Or something like this cable’s to go adapter that allows a laptop hard drive to run on a standard ide interface.
So, anyway…. put the boot media in (DBAN is available as either a boot floppy or boot cd image) and boot it up. The biggest warning I can say is to treat the disk like a loaded weapon. Only boot with it if you mean to do the data on any and all attached disks severe unrecoverable harm. Don’t have this around as a gag to boot in someone’s system, don’t have it around (or leave in your drive) if you’re forgetful. When you make the disk, take it out of your cd/floppy dirve and label it in big RED letters. Put it on a high shelf where no one will accidentally think it’s an emergency rescue disc… etc. When preparing to wipe some hard drives, make sure you KNOW that you NEVER want to recover the data on those discs. Make sure the ONLY drives attached to the system are prepared to be toasted, then boot and wipe to your hearts content.
There’s something strangely satisfying about nuking a drive with DBAN. I don’t know, maybe the thought of restoring a drive to a clean slate. After the nuke, there will be no partitions, no files, no Operating System and so you will need to repartition the drive and install all software from scratch.
Anyway, DBAN is really one of my favorite utilities. Wipe those old drives before they leave your hands – if their destined for the trash heap or good will.