Securely Wipe Disk with DD on Linux

Securely Wipe Disk with DD on Linux

Formatting a storage device doesn’t prevent the data retrieval with data recovery software. To securely wipe any existing data of the device it needs to be overwritten with new data. This can be achieved very easily with dd on Linux by writing zeros or random values to the device. To avoid wiping the wrong storage device it may be a good idea to first format the disk drive with parted or another command line or GUI utility. Doing this would make it apparent that the wrong device was chosen. Data could still be recovered relativity easily from the formatted storage device compared to a wiped drive.

 

List existing partitions, mount points and disk capacity.

sudo lsblk

Assuming only a single unmounted partition it should be unlikely that a partition is misidentified.

 

Wipe Storage Device with DD

Write to the storage device at block level.

sudo dd if=/dev/zero of=/dev/sd? bs=1M

The input is specified with the if operand and can be a storage device or a special file. To write zeros to the device /dev/zero is used. This is sufficient for anything but the most sensitive data. Random data can be written instead with /dev/random or /dev/urandom as input though it is significantly slower.

The output is specified with the of operand and is the device that will be written to. It is possible to carry out the wipe on a partition or the storage device but it is better to wipe the entire device when possible. When wiping the entire storage device the partition number at the end should be omitted.

To improve performance bs value should be changed from the default. This determines the number of bytes that will be written at a time. This value can be expressed in other units for clarity. For example 1M is generally a good value for most storage devices.

 

Show Data Wipe Progress with DD

Check the progress of teh write (from another terminal window).

sudo kill -USR1 `pidof dd`

This command will make the executing command print the progress in original terminal window.

 

Wipe storage device and print progress periodically.

sudo dd if=/dev/zero of=/dev/sd? bs=1M status=progress

 

Resume Data Wipe Operation with DD

Start disk wipe skipping a specified amount of data units.

sudo dd if=/dev/zero of=/dev/sd? bs=1M status=progress seek=154573733888

By default the amount of data to skip on the output device is specified in blocks with the seek operand. A block is the unit specified with the bs operand.

To resume the device wipe knowing the amount of data written, the value needs to be converted to bytes then divided by block size also in bytes. The byte value can also be substituted with other multiple units as long as the units are not mixed when calculating.

Byte value is difficult to read and to get a better idea of the data to skip simply divide by 1000 to get kilobyte (kB), Megabyte (MB), Gigabyte (GB) and so on or by 1024 to get kibibyte (K), Mebibyte (M), Gibibyte (G) and so on. This results in a simple formula of bytes / blocks for example 1TB / 1M or 1000000000000 / (1024*1024).