Any better way to wipe data from a HDD?

  • Thread starter Thread starter Danny Jenkins
  • Start date Start date
D

Danny Jenkins

I was advised that in addition to fdisking and formating a hard disk
drive I should do the following, then fdisk and format again. Are the
following instructions a sure-fire way of erasing data?
Many thanks.

-----
Enter the following lines at the debug prompt (-) followed by the
enter key.
Note: this completely erases the MBR and your whole drive.

F 200 L200 0
a 100
mov ax,301 [note from here on you may see a number like fff:1234
[type all commands next to this number
[do _not_ press enter when this number appears.
mov bx,200
mov cx,1
mov dx,0080 [note: use 0081 for second fixed disk
int 13
int 3
(enter a blank line here)
G=100
q
 
Danny Jenkins said:
I was advised that in addition to fdisking and formating a hard
disk drive I should do the following, then fdisk and format again.
Are the following instructions a sure-fire way of erasing data?

Depends what you mean by sure fire. If you dont have anything
illegal on the drive, there isnt any point in going to this much
trouble if you just want to ensure that anyone you sell/give
the drive to wont be able to get anything useful off it.

Its rather simpler to just use something like
http://dban.sourceforge.net/

The only real risk with something like that is that there is a microscopic
risk that its actually a scam/trap deliberately setup by 'the authoritys'
to catch those who store stuff like child porn or drug money laundering
details on their hard drives etc.
-----
Enter the following lines at the debug prompt (-) followed by the
enter key.
Note: this completely erases the MBR and your whole drive.

F 200 L200 0
a 100
mov ax,301 [note from here on you may see a number like fff:1234
[type all commands next to this number
[do _not_ press enter when this number appears.
mov bx,200
mov cx,1
mov dx,0080 [note: use 0081 for second fixed disk
int 13
int 3
(enter a blank line here)
G=100
q
 
I was advised that in addition to fdisking and formating a hard disk
drive I should do the following, then fdisk and format again. Are the
following instructions a sure-fire way of erasing data?

Physics being as it is, no, not sure fire, but yes, probably enough
for what you want. It's amazing what's recoverable off a hard drive
if you're really interested in what was there before.

When the government disposes of hard drives, there's quite a series of
things they do to the drive. If the info is really sensitive, the
drive is physically destroyed and chopped into tiny bits.

Here's an interesting read:
http://www.pcmag.com/search_results...ard+drive+magnetic+signature&site=PC+Magazine
 
Previously Danny Jenkins said:
I was advised that in addition to fdisking and formating a hard disk
drive I should do the following, then fdisk and format again. Are the
following instructions a sure-fire way of erasing data?

This is rather unreliable. First, it depends on the BIOS seeing the
whole drive. That is not necessarily the case. Int 13 classic sees
only the first 504MB. Since modern OSes do their own disk access the
BIOS only needs to see the beginning of the drive where the boot code
is usually located.

On a closer look into the code below, it does not overwrite the drive
at all! It rather overwrites sector 1 on disk one single
time. You can recover from this. It requires finding the partition
boundaries but is feasible. (If sector 1 is the partition
table, I am not quite sure, since it has been a long time
since I did BIOS calls. If it is the MBR, a rescue floppy/CD
is all it takes fro recovery.)

Fdisk and format will also not erase any data. They will just
remove the administrative information.

Whoever told you to use this for disk erasure does not know
anything about the subject or lied to you.

In addition there is no sure-fire way for disk erasure.
Commercial data recovery companies claim they cannot recover
a single overwrite, and given todays drives that may or may
not be true. There is valid speculation that with enough effort
iy may be possible to recover from one or even a few overwrites.
However that would be expensive and tedious.

My advice: Use one overwrite with zeroes to protect against
most attackers. If you have really important data on the disk
overwrite several times with random data. If it is even
more important destroy the disk physically afterwards. Just
burning a disk is often not enough. Recovery from that is
something data recovery companies can often do. You need to
shred or melt it to be safe.

Best tool for overwrite: Linux.
I use knoppix (-> google) and dd_rescue for this type of task

Boot, go into root shell and do

dd_rescue -w /dev/zero /dev/hda

Overwrites with zeroes and gives you a nice progress indicator
and tells you how much data has actually been overwritten.
Repeat as needed and with /dev/urandom in the first argument for
random data.

Regards,
Arno

F 200 L200 0
a 100
mov ax,301 [note from here on you may see a number like fff:1234
[type all commands next to this number
[do _not_ press enter when this number appears.
mov bx,200
mov cx,1
mov dx,0080 [note: use 0081 for second fixed disk
int 13
int 3
(enter a blank line here)
G=100
q
 
Back
Top