Wednesday, February 13, 2008

Permanently Remove Data on UNIX Hard Drives

It is fairly common for companies to dispose of their obsolete hard drives. However, most of them want to ensure all data is shredded from the hard drives. Finding a Windows-based wipe program was fairly easy, but finding a UNIX-based program took a little more searching. BCWipe is a program that will wipe a UNIX-based hard drive clean. The BCWipe website claims their multi-platform UNIX version is intended to give you a confidence that your deleted files cannot be recovered by an intruder. BCWipe repeatedly overwrites special patterns to the files to be destroyed.

Note: Most likely you will have to compile the source code for your particular platform architecture.

BCWipe for UNIX offers the following wiping schemes per their site.

1. US DoD 5220.22-M standard (7 passes with verification)
2. User-defined number of passes
3. Peter Gutmann's 35 pass scheme

BCWipe for UNIX is designed as a multi-platform solution. Here is their supported list of various UNIX flavors.

Linux 2.0-2.6
FreeBSD 3.0-4.6
OpenBSD 2.8
Solaris 8-10
Digital UNIX 4
SGI Irix 6.5 (wiping block devices was not tested)
IBM AIX 5
HP-UX 10, 11

Here is the download link for 30 day evaluation.
BCWipe Download

5 comments:

ax0n said...

As an infosec guy who used to do a lot of incident response and forensics stuff, I'm wondering how this tool gets around filesystems that don't overwrite blocks in place due to journaling or other filesystems that write reduntant data. Examples include hardware RAID, XFS, JFS2 (AIX), EXT3 and the myriad of other journaling or fail-resistant filesystems out there.

Things like RAID and JFS were a serious boon for me when trying to recover data, even when people had gone out of their way with free utilities like shred (which supposedly do the same thing).

Thanks for the link. The tinkerer in me wants to put this to the test. :)

ax0n said...

Actually, never mind that last comment. Silly me and my RSS reader skimming. It only does whole drives. In that case, it should do quite nicely.

Erek Dyskant said...

It seems like there are just too many ways to get data back, as mentioned by the previous comment.

For anything serious I'd go with a bulk eraser.

Chaddock said...

Another (free) alternative is Dban (Darik's Boot and Nuke). It is a bootable ISO that is OS independent.

Boot the computer via the CD, select the method of wipe desired: DoD 5520.22-M (7 passes or a short alternative), RCMP TSSIT OPS-II, Gutmann, PRNG), and all disks in the computer will be automatically wiped.

www.dban.org

Stephane said...

For anything serious I'd physically destroy the disk ...

for lower levels of confidentiality, I usually just go for a dd if=/dev/zero of=/dev/dsk/cXtXdXsX (after booting from a CD) otherwise if you have SUN machine (as you're fond of OpenSolaris ;-) ), the OBP has a test tool for harddisks which does a pattern write, which should quite enough too (all of this is free, of course)