How can I securely erase a hard drive?
Securely erasing a storage device
There's a command-line utility called shred, which overwrites data in a file or a whole device with random bits, making it nearly impossible to recover.
First of all, you need to identify the name of the device.
This might be something like /dev/sdb or /dev/hdb (but not like /dev/sdb1, that's a partition). You can use sudo fdisk -l to list all connected storage devices, and find your external hard drive there.
N.B. Make sure it is the correct device, picking the wrong device will wipe it.
Unmount all currently mounted partitions on that device, if any.
Then run the following, replacing /dev/sdX with the name of your device:
sudo shred -v /dev/sdX
This will overwrite all the blocks on the device with random data three times, the -v flag is for verbose and will print the current progress.
You can add the option -nN to only do this N times, to save time on large capacity devices. This might take a while, depending on the size of your external hard drive (I think it takes twenty minutes or so for my 4 GB flash drive).
You can also set all bits to zero after the last iteration by adding the option -z, I prefer to do this.
sudo shred -v -n1 -z /dev/sdX
After this, you would have to repartition the device. The easiest way is to install GParted and use it:
sudo apt-get install gparted
gksu gparted
Choose your device in the upper-right corner list. Then select Device -> Create partition table to create a partition table on the device.
Then add a single partition that uses all of the unallocated space on the device, choosing fat32 as the file system. Apply the changes by click the Apply button (the green checkmark) in the toolbar.
Tips
- Read the manpage for
shredonline or by typingman shredin the terminal. - Beware that some parts of your disk will not be erased - use the drive firmware "SECURE ERASE" command, such as via hdparm, to properly clean off a disk.
Just 'zero' it using the dd tool:
- Start the Disk Utility via
System > Administration > Disk Utility - Find your disk in the left panel, select it, and on the right find the device path (eg.
/dev/sdX) - Run the following command from a gnome-terminal (Applications > Accessories > Terminal):
sudo dd if=/dev/zero of=/dev/sdX bs=1M
Make sure you use the right device path and not just copy this line!
This will overwrite the whole disk with zeros and is considerably faster than generating gigabytes of random data. Like all the other tools this won't take care of blocks that were mapped out for whatever reason (write errors, reserved, etc.), but it's highly unlikely your buyer will have the tools and the knowledge to recover anything from those blocks.
PS: Before you Bruce Schneier fanboys downvote me: I want proof that it's possible to recover data from a non-ancient rotational hard drive that has been overwritten with zeros. Don't even think about commenting otherwise! :P
Have a look at this definitive question on Security Stack Exchange
How can I reliably erase all information on a hard drive
This discusses various secure deletion options, along with physical destruction and wiping so you can decide which option may be your best bet.
Remember though that the current recovery status for different storage is as follows:
- Very old hard drives: there were gaps between tracks so you could potentially pick up bleed into these gaps (if you had a scanning electron microscope handy). Overwriting multiple times was potentially useful.
- New hard drives: no technology currently exists that can read after even one overwrite.
- Solid state hard drives: wear levelling means you cannot overwrite securely. Instead you either encrypt the entire volume and dispose of the key to wipe, or you destroy the device.