Previous Entry Share Next Entry
Taking care of old hard drives
Binary
elite_fuzz
I while ago, as I was teaching an A+ class, the topic of how hard drives store information came up. I was successfully sidetracked (as I'm sure my student hoped I would be) into a brief discussion on the mechanics of hard drives. Of course, once we started talking about that I was forced (forced I tell you) to get up on my soap box about data security.

What does data security have to do with the mechanics of hard drives? As most professional IT people will tell you simply erasing the data off of a hard drive via formatting or deleting files doesn't actually remove the data from the hard drive. “What!? Your saying that deleting the contents of my trash bin doesn't mean the data is lost?”

Ok, actually it went more like “Ya, we already knew that.” But their lackluster response didn't stop me from forging ahead. I talked about tracks and sectors, what happens when you format a hard drive, where your data goes after you delete it, and what steps you can take to render your deleted data unrecoverable.

Before I talk about the steps to safeguard your deleted data first I have to show you how easy it is to recover your deleted data. This step usually ensures that your paying apt attention when I tell you how to deal with old hard drives.

For simplicity we will be looking at a Linux distribution. Linux comes with a built in tool that will help us find deleted files. For our lab format a partition with the reiser file system, mount the file system, create a test file, unmount the partition, and reformat the partition with reiser. Once that is complete we will use the strings command to recover the information on the newly formated hard drive.


mkfs.reiserfs /dev/hda2formats the second partition on device hda with a reiser file system
mount /dev/hda2 /tmpmounts the newly formated partition at /tmp
cd /tmpchange to the /tmp directory
vi confidential_infocreate a file named confidential_info. fill the file with whatever.
umount /tmpUnmount /dev/hda2 from the /tmp directory
mkfs.reiserfs /dev/hda2format the partition again, this should “erase” any data.
strings /dev/hda2 | grep -i conf*The strings command will search /dev/hda2 for strings of information. We feed this into the grep command to find any files with a name beginning with conf. The output of this command would give us the file name “confidential_info” but not any data within the file.
strings /dev/hda2 | grep -i conf* -A 3The output of this command would give us any filename that started with conf as well as the first 3 lines of information contained within that file! Bing, we got the motherload.


Simple eh? One lousy command that comes standard with any flavor of Linux. So what should we do when we want to erase hard drives? The first question we should ask is why we are erasing them. Are we going to throw the hard drive away after erasing or are we going to reuse the hard drive? While there are many options, both hardware and software, available to purchase that will accomplish this task I am going to focus on the free ones available with linux.

If you are going to discard the hard drive after erasing its data then the easiest way to erase the data is to simply destroy the hard drive. The platters in a conventional hard drive will corrode after being exposed to elements in the air. Also, the platters are very fragile. Take a hammer to the case to shatter the platters inside, then drill a few holes with a metal drill bit through the case. Even if someone were to come across your old hard drive the platters would be unusable.

If you are going to reuse the hard drivers after erasing them then we need to be a little more careful. The first tool we will use to securly erase our data is the dd command. The dd command is usually used for bit-by-bit copies or files, folders and hard drives. Think of it as the poor mans ghost and backup utility. However we can also use dd to write random one's and zero's across a file, folder or partition! This will make any data stored in a partition very hard to recover.

dd if=/dev/urandom of=/dev/hda2 -----> This is the command that will fill the hda2 partition with random junk.

The other utility built into linux is the shred command. Shred will do much the same as the dd command. It will overwrite your information with random junk making it hard to recover. However, with shred you have much more control in how you overwrite your sensitive data.

shred -v -n 3 /dev/hda2 -----> the -v is for verbose, displaying statistics as the shred command does its work. The -n switch specifies how many times you would like to shred the file or partition.

If your worried that just one pass by either of these isn't enough to erase your sensitive data then do some tests. Set up our practice partitions and files and shred it once. Then see if you can recover your data. If you can then start over and shred it twice. Continue until you are satisfied.

?

Log in