Help protect your small business: sanitize hard drives before getting rid of old PCs, and securely delete files on your Windows and Linux computers with good, open source software.
Did you know that when you delete a file on your computer it isn't really deleted? Your computer marks the space the file uses on the hard disk as available, but the file is still there. The good news is that you can easily recover the deleted file — if you catch it before your PC overwrites it with another file.
The bad news is that when you sell old computers or send them to be recycled, your files are easily-recoverable. Passwords, sensitive documents, emails are easy pickings: all it takes is a snoopy person with readily-available recovery tools. Before you let old computers out the door, you should wipe all hard disks securely.
But what if you don’t want to wipe an entire hard drive? More good news: you can also securely delete individual files.
In this article we'll look at open source software options for securely wiping hard disks, and secure file deletion.
Delete Files and Hard Drives with Open Source Software
Darik's Boot and Nuke
Darik's Boot and Nuke (DBAN) is our first choice for securely wiping hard disks. DBAN is a self-contained system that you download and copy to a CD, then boot the CD on the system you want to securely erase. DBAN doesn't care what operating system you use: it works on all of them, Linux, Mac, Unix, Windows, you name it.
Figure 1: DBAN detecting a laptop hard drive and a USB flash drive.
DBAN completely wipes the contents of SATA, IDE, SCSI, and SAS hard disks, and some USB and Firewire-attached storage media as well. In other words, pretty much any kind of hard drive or USB drive attached directly to your computer.
You can boot up DBAN and explore without hurting anything: Press F2 to learn about DBAN, F3 to learn some optional boot commands, and F4 to read about what to do with disks in RAID arrays. (A RAID array combines multiple hard disks so they act as a single unit.) DBAN is not capable of operating on a functional RAID array; you have to dismantle your RAID configuration and operate on each disk individually.
Back at the main DBAN screen, press the Enter/Return key to launch DBAN in interactive mode. This won't delete anything; you're still just looking around at this point. If DBAN detects more than one drive, use the arrow keys to navigate to the one you want to erase, and then press the space bar to select it. The word "wipe" appears on the one you choose.
At the bottom of the screen you'll see your erase options: PRNG, Method, Verify, and Rounds. You can safely look at these without accidentally erasing anything, because you have to press F10 to start secure deletion. Let's take a look at these options.
Open Source Software: Secure Delete Options
PRNG is pseudo-random number generator. This is an algorithm that generates sequences of numbers with no discernible pattern, but as it is very difficult to generate a truly random sequence, the fine brainiacs who invented it call it "pseudo-random." PRNG algorithms are used in cryptography, because (theoretically) patterns could be detected and used to decrypt your secret stuff.
DBAN supports two PRNG algorithms: Mersenne Twister and ISAAC (indirection, shift, accumulate, add, and count). I shall leave it as your homework to learn the finer details of these, if you are so inclined; both are strong, and ISAAC is the fastest.
Method offers some meaningful erase options. The Quick Erase method overwrites your hard disk with a single pass of zeroes. This is not all that secure, and a moderately-skilled person could recover your data. Quick Erase is a good choice when you want to prepare a disk for re-use, and want to ensure that it is completely blanked before you install new software on it.
The remaining methods are all very strong:
- RCMP (Royal Canadian Mounted Police) TSSIT OPS-II
- DoD (U.S. Department of Defense) Short
- DoD 5220.22-M
- Gutmann Wipe
- PRNG Stream
The first three are rated as medium, Gutmann Wipe is very strong, and PRNG Stream is the strongest. In real life any of them will render your data unrecoverable. You might as well stick with PRNG Stream; why not use the strongest available? It doesn't cost you anything extra.
The Verify option checks to make sure your hard disk is really empty. "Verify Last Pass" only checks on the last run, while "Verify All Passes" checks after every run. This ensures that hardware caches are flushed, but it takes a lot longer. DBAN takes a long time no matter what, so go ahead and choose the most secure options, make it go, and then leave it alone until the next morning.
Rounds determines how many times your chosen wipe method runs. All methods except Quick Erase run multiple times, so you might as well leave this set at one.
When you have selected all of your options, press F10. DBAN shows progress, throughput, errors, runtime, and time remaining.
And that's pretty much all there is to it. DBAN is fast and easy to get it going, and then you just go away and do something else while it works. When it's finished, you'll get an ad for Blancco, which offers good commercial secure delete products for mobile devices, PCs and servers. DBAN is free of cost and open source.
Erase Files Securely
What if you want to securely delete files on your computer without wiping your whole drive? No problem: there are good, free tools for that, too. Windows users can use Eraser. It's open source, free of cost, and it's easy to use. You can install it on your Windows PC or server, or you can get the portable version to run from a USB stick.
Linux users have good command-line tools like srm, or secure remove. This comes in the secure-delete software package. It's not as convenient as a nice graphical deletion tool, but it gets the job done.
You can securely delete a single file like this: $ srm sensitive-file.txt
You can delete an entire folder of documents this way: $ srm -r sensitive-folder.txt
It takes longer than an ordinary delete command, but when it's gone it is completely gone.
What about Mac OS X users? You already have the excellent Secure Empty Trash built-in, which securely deletes the contents of your Trash folder.
Carla Schroder is the author of The Book of Audacity, Linux Cookbook, Linux Networking Cookbook,and hundreds of Linux how-to articles. She's the former managing editor of Linux Planet and Linux Today.
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today! |