Tuesday, March 20, 2012

Wiping a hard drive

Ever needed to completely wipe out critical data off a hard drive? As we all know, mkfs doesn't erase a lot (you already knew this, right?). mkfs and its variants (such as mkfs.ext3 and mke2fs) only get rid of a few important data structures on the filesystem. But the data is still there! For a SCSI disk connected as /dev/sdb, a quick:
dd if=/dev/sdb | strings
will let anyone recover text data from a supposedly erased hard drive. Binary data is more complicated to retrieve, but the same basic principle applies: the data was not completely erased.
To make things harder for the bad guys, an old trick was to use the 'dd' command as a way to erase a drive (note that this command WILL erase your disk!):
dd if=/dev/zero of=/dev/sdb
There's one problem with this: newer, more advanced, techniques make it possible to retrieve data that was replaced with a bunch of 0's. To make it more difficult, if not impossible, for the bad guys to read data that was previously stored on a disk, Red Hat ships the 'shred' utility as part of the coreutils RPM package. Launching 'shred' on a disk or a partition will write repeatedly (25 times by default) to all locations on the disk (be careful with this one too!):
shred /dev/sdb
This is currently known to be a very safe way to delete data from a hard drive before, let's say, you ship it back to the manufacturer for repair or before you sell it on eBay!

Refer :
http://www.redhat.com/magazine/026dec06/features/tips_tricks/