Request for help for wiping out HDD

[maxraign]

Hello,
I was using WIN XP for my laptop. Now i like to wipe out as I don't have nothing much to do with NTFS. But when i tried to do that, A small portion of NTFS actually remains in the HDD without allowing anything to be written on that. I really wish to clean my HDD and install Puppy in VFAT. If anyone can help me that will be very much useful. Also I wish to know if there are ways by which one can remove this NTFS without spoiling the data in other partitions.
Thanks in advance.

[Bruce B]

http://dban.sourceforge.net/

[Flash]

How did you try to wipe your hard drive? How many partitions does it have? Are they all formatted NTFS?

[noip]

What I use, is the QTParted program from a Knoppix CD.

QT Parted is like a free clone of Partition Magic. It should do what you want.

Rgds

GS.

ftgs

[jmarsden]

Using what Puppy comes with to zero out the beginning of a hard drive (Please, only try this when you are sure you do not want ANY of the data on the hard disk!)):

Code: Select all

dd if=/dev/zero of=/dev/hda bs=1k count=1k

will zero the first 1MB of your HD. After that, you will need to use fdisk to create partitions, mkext2fs to create filesystems, mkswap to create a swap partition, etc. etc. But no NTFS will be user-visible, no space wasted by it anywhere. You can change the count= parameter to wipe more or less of the disk, it's up to you. Even just count=1 will actually wipe it enough (MBR and partition table) that you'll need fdisk and friends, but it won't really destroy any data in the partitions that used to exist. You can zero out the entire disk by omitting the count= parameter completely, if you wish.

If you only want to zero one partition, replace of=/dev/hda with of=/dev/hdaX where X is a number between 1 and 4 representing the partition to be wiped. Then reset its type with fdisk, create an ext3 or whatever filesystem on it, and off you go.

If you need more secure disk wiping (as in, you care that someone or some government might spend thousands of dollars trying to get your old wiped data back), then using Darik's Boot and Nuke floppy (DBAN) which someone mentioned already, is a good solution. But wiping that way takes hours and hours on large disks. I know from real life experience. I use DBAN sometimes, my copy is part of the amazing Ultimate Boot CD, from http://www.ultimatebootcd.com -- but in many cases, zeroing the first 1MB or 10MB or 100MB of the drive using dd is more than sufficient. It all depends on who the client is and what data is on the drive!

Jonathan

[Sage]

I gave a simple debug script recently that has the effect of wiping the entire HD. The best way I've found for ensuring the job is done correctly is to overwrite the disc with several entirely different OSes. Since the emergence of BSD, I'd suggest using DRDOS, BSD and Linux, for example, although cfdisk offers an huge range of alternatives. Since the FS is radically different in each case, it would take someone like the CIA to make something out of any remaining fragments.

[jmarsden]

I gave a simple debug script recently that has the effect of wiping the entire HD.

A dd command is easier to type, and avoids any OS except Puppy.

Since the FS is radically different in each case, it would take someone like the CIA to make something out of any remaining fragments.

Have you tested this? Have you read the academic papers on this subject? Please, use DBAN, not your own idea of what might be good enough, for any truly sensitive data. The standards (DOD 5220.22-M, RCMP TSSIT OPS-II, and so forth) for disk wiping exist for a reason. Recovering data from HDs is a whole specialist field all to itself... http://www.digitalissues.co.uk/html/os/misc/shred.html is a very gentle introduction, with links to several of the well known articles on this.

BTW, your debug script depends on the BIOS of your PC, and will probably not really wipe all of a drive over 137GB in size on many PCs... did you test this?

Jonathan

[babbs]

snip
Since the FS is radically different in each case, it would take someone like the CIA to make something out of any remaining fragments.

Just check out:
http://www.guidancesoftware.com/lawenfo ... _index.asp

Law enforcement labs around the world can do it without the assistance of the three letter agencies in DC assisting.

[Sage]

Yes, I use the debug script frequently. It runs from M$DOS, DRDOS and XDOS. I never use large HD s ; not relevent to anything I do, especially resurrecting older kit. Yes, I am aware of the theory and that commercial labs can also recover data. Since the cost is extremely high, the data has to be exceptionally valuable to make it worthwhile. That's why I cited three-letter agencies, where national security and crime solving tend not to have the same cost criteria!

[noip]

Whilst I've found the discussion on wiping / cleaning / zeroing the HDD interesting, and have been taking notes, I read the original request as one to manipulate the partitions on the disk (even though the term "wipe" was used). I thought the aim was just to eliminate a small ntfs partition.... ??

Just a thought ...

GS

ftgs

[Sage]

Folks who buy proprietary boxes rather than build their own, usually have their OS imaged on a small, hidden partition, sometimes with automated recovery implemented. This is the one that needs to be deleted.
Whatever else you read about convenience of not sending out OS CDs, the practice is another futile attempt by the Gates empire and its cohorts at piracy prevention and even more profit/leverage. Hopefully, they will come to appreciate that there are many folk smarter than they. When the HD dies, the OS is lost anyway!
Build your own, service and maintain your own. Never let M$ SW cross the threshold!

[Flash]

Whilst I've found the discussion on wiping / cleaning / zeroing the HDD interesting, and have been taking notes, I read the original request as one to manipulate the partitions on the disk (even though the term "wipe" was used). I thought the aim was just to eliminate a small ntfs partition.... ??

Just a thought ...

GS

ftgs

Yes, I think we're wasting our time here. The original post was very ambiguous and Max has yet to post again, so it's probably best if we just leave this until he comes back with some useful information.

[jmarsden]

Whilst I've found the discussion on wiping / cleaning / zeroing the HDD interesting, and have been taking notes, I read the original request as one to manipulate the partitions on the disk (even though the term "wipe" was used). I thought the aim was just to eliminate a small ntfs partition.... ??

Well, I responded in part:

If you only want to zero one partition, replace of=/dev/hda with of=/dev/hdaX where X is a number between 1 and 4 representing the partition to be wiped. Then reset its type with fdisk, create an ext3 or whatever filesystem on it, and off you go.

I think that seems to fit your interpretation of the original post fairly well? As someone else pointed out, the initial question was not especially clearly defined. Hopefuly we'll hear back from the person who asked it with more information.

Jonathan

[noip]

Sage,

Some topic drift, but ...

You just raised a point I've been wondering about .. hidden partitions. Can you image / copy them onto a DVD or make them visible easily? The little I've done looking at the one on my laptop hasn't borne fruit .... though I've only been looking at it with QTParted.

Thanks

GS

[rarsa]

I know that Max hasn't responded. But in case you were curious:

The best way to clean up an HDD is to use the HDD manufacturer's tools.

Every HDD manufacturer provide tools to completelly wipeout the HDD in a way that the only way would be to detect residual magnetic ghosting.

Go to your HDD manufacturer's website and download the floppy or CD image required to wipeout the HDD.

[jmarsden]

The best way to clean up an HDD is to use the HDD manufacturer's tools.

Every HDD manufacturer provide tools to completelly wipeout the HDD in a way that the only way would be to detect residual magnetic ghosting.

My understanding is that such tools generally use a single wipe approach, often to all zeroes. If so, how (in what way) are they any "better" than dd if=/dev/zero ? If they really do something different, what is it that they do -- it would be good to know, so we can improve DBAN and shred and related tools along similar lines. Comparing the single-wipe-to-zeroes approach with the DOD and RCMP standards already referenced, unless the tools you refer to are doing something truly extraordinary, I must disagree with your (or Max's?) definition of "best".

If anyone does want a collection of such manufacturer HD tools in a convenient single bootable CD form, http://www.ultimatebootcd.com is a good place to start. And DBAN is on it too, so you can take your pick

Jonathan

[Flash]

This topic seems worth pursuing to a definitive answer. I'm certainly no expert in hard drives, but according to this, the way modern hard drives work, you cannot directly control the position of the read/write head. Instead, there is a controller inside the hard drive which "maps" addresses, and interprets and executes the commands sent by the OS. Is it conceivable that this controller might do things in a proprietary way, making the manufacturer's tools the best for the job?

[jmarsden]

I'm certainly no expert in hard drives, but according to this, the way modern hard drives work, you cannot directly control the position of the read/write head. Instead, there is a controller inside the hard drive which "maps" addresses, and interprets and executes the commands sent by the OS. Is it conceivable that this controller might do things in a proprietary way, making the manufacturer's tools the best for the job?

Not really. If an OS writes your data to sectors on the drive using a defined interface, it can zero them, or write random stuff over them, in the same way, to scrub the drive. The drive can'ttell the difference between a request to write zzeros to sector X during a scrub operation, and a request to do so during normalOS operation. So where physically that data is on the platters makes no difference.

The only case where a proprietary interface might help that I can think of is where data has been put onto the drive using such a proprietary interface in the first place, such that normal write commands can't write over it. But in that case, the data is not "yours", neither you nor your OS put it there on the drive, and so any such data is not a privacy concern anyway.

Show me a modern drive that dd can't erase user data from, or provide a plausible scenario where it doesn't erase all user data from a drive, and I'll accept the statement that using a proprietary manufacturer-specific tool cleans it "better" than dd.

See http://come.to/eide for a page with links to many related papers and standards.

Jonathan

[rarsa]

My understanding is that such tools generally use a single wipe approach, often to all zeroes. If so, how (in what way) are they any "better" than dd if=/dev/zero ?

As far as I know your understanding is the same as mine.

The command you posted only writes zeroes to the first 1 MB. That would be enough to clean the partition table and MBR.

If you know your HDD precise geometry I guess that dd could be used to completelly wipe it out.

The tools I've used for seagate, maxtor, quantum and fujitsu have the option to just write zeroes to the begining and end or to the full surface plus they check for bad tracks.

They usually include other tools for example to reinitialize the HDD with a nice menu for people that would feel more comfortable than using dd.

If you find dd better good. My opinion is that the tools provided by the vendor are easier to use and are sure to work OK with your HDD.

[jmarsden]

Apologies in advance for lengthening an already long thread... I have attempted a four sentence summary at the end.

The command you posted only writes zeroes to the first 1 MB. That would be enough to clean the partition table and MBR. If you know your HDD precise geometry I guess that dd could be used to completelly wipe it out.

Apparently you missed what else I wrote? Later in the same post, I said:

You can zero out the entire disk by omitting the count= parameter completely, if you wish.

You don't need the disk geometry, it just writes zeroes until it can't do so any more -- i.e. the end of the disk is reached. It is arguable for that purpose one should use bs=512 so it writes one sector at a time rather than two, I suppose -- otherwise theoretically you might leave the final sector of a disk that has an odd total number of sectors unwiped.

If you find dd better good. My opinion is that the tools provided by the vendor are easier to use and are sure to work OK with your HDD.

I think you misunderstand. dd isn't better, it's just more general, and I can read and edit its source code should the need arise. So I trust it to perform as advertised far more than I trust binary executables from a vendor. (Also, I much prefer learning one tool than learning 4 or 5 for the same purpose). And having learned to use dd, that knowledge will be useful in many other circumstances than just low level hard drive wiping (creating floppy, zip, CD-R, USB key etc. image files, cuting files into smaller pieces for transport over say email links, ... plenty of tasks dd can do with ease, that the vendor tools can't). dd is available in Linux, *BSD, OS/X, most commercial Unix variants, and even Windows (via Cygwin), so again, having learned one tool, that knowledge remains applicable as one moves among a variety of OS environments and hardware platforms (do the vendor tools work on a Mac? On a Sun workstation? Will they wipe a bunch of SCSI disks connected via some proprietary RAID controller?).

I think "easier to use" depends very much on who the user is. Have you tried the Maxtor tool much, especially when you are in a hurry? It seems to ask me to press F8 to agree to a licence (or similar), delay a bit, display a screen about how to connect IDE cables or something, want another F-key pressed... this sort of "friendliness" is a pain, and wastes the users time. I can type a dd command into a shell a lot faster than I can go through all that stuff -- and that's after I have to check which brand of drive it is and select the appropriate tool... I don't call that being "easier to use" -- but I realize that is a very subjective assessment.

Lastly, and I think importantly, dd is part of Puppy Linux, and the vendor supplied tools are not, and this is a Puppy Linux forum. Why promote dependence on non-open-source tools that don't even run in Puppy, when there is a choice that is already present in Puppy itself? If we choose to base our software tool selection on familarity, perhaps a more-pretty interface, and warm fuzzy feeling because it comes from a vendor whose name we know (as you seem to be doing in this particular case)... why would we be using Puppy at all -- Windows meets those criteria far better than Puppy does for most PC users today

Unlike dd, I believe DBAN genuinely is "better" (than dd or vendor binary tools), in some ways, for wiping out hard disks containing sensitive data, because it does multiple passes in ways that (unless you instruct it to do otherwise!) follow established standards for thoroughly wiping magnetic media. It may not run in Puppy, but DBAN is fully open source, so one can validate that it does what it says, and if necessary modify it. For a while at work we had a "DBAN system" to which many (6? 8?) drives were connected at a time, so we were securely erasing a bunch of (EIDE) drives in parallel. And that is something else the vendor tools don't seem to let you do (at least the ones I have tried). We could have set up six or eight machines, and made 6 or 8 copies of the relevant vendor tool... but that wouldn't have been "easier".

Summary: dd and vendor tools probably do an equally OK job of writing zeroes to every sector of a hard disk. dd is more general, more open, is included in Puppy, and more in the spirit of Puppy. Vendor-supplied tools may be prettier and come from a vendor whose name you know. DBAN is slow, but "better" than any other solution for erasing sensitive information very thoroughly, and it can work on many drives in parallel.

Jonathan