Skip to comments.Darik's Boot and Nuke: A great tool for obliterating your data
Posted on 09/29/2005 8:08:22 AM PDT by ShadowAce
Do you know what happened to your data when you disposed of your last PC? With identity theft on the rise, it's important to make sure your information is removed before you get rid of that old hard drive. Thanks to the work of developer Darik Horn, there's an excellent tool to wipe data off of a hard disk: Darik's Boot and Nuke (DBAN).
When DBAN is finished with your hard drives, the master boot record, partition table, and every sector of the drive will have been overwritten in accordance with one of five well-regarded industry guidelines. DBAN is powerful stuff and has been used by US federal agencies, such as the Department of Energy's National Nuclear Security Administration (NNSA), to prepare machines for disposal.
In addition to removing personal data, DBAN can also be used to return drives to a pristine state for reuse. DBAN uses Linux to boot up, and can wipe IDE, SATA, XT, and SCSI hard drives. DBAN does not work at all on USB drives, FireWire drives, or hardware RAID devices.
I tried DBAN v.1.0.5 when one of my computers became hopelessly perplexed after multiple installations of various Linux and Windows operating systems. After installing Linspire, SUSE 9.1, and several other distributions, I could not install Linux on my fairly new Celeron D machine with a 40GB hard drive. To make matters worse, I also could not reinstall Windows XP. The XP installer was apparently confused by the presence of a Linux file system. Finally, I resorted to the "nuke" option. I downloaded the DBAN ISO image on another computer, burned it to a CD, and fed it to my malfunctioning PC.
The disk-wiping process is relatively simple. First, I had to go into the BIOS and change the startup options to ensure that it would boot to the CD-ROM drive first. After booting with the DBAN CD, I was presented with a simple text menu with the available options. The menu offers five options -- learn more about DBAN, get a list of quick commands, see troubleshooting tips, start DBAN in interactive mode, or start DBAN in automatic ("autonuke") mode.
My only difficulty was in navigating to an option to read about DBAN and then navigating back to the main menu. DBAN doesn't give you a chance to go back to the main menu once you've chosen one of the menu options. The only choice is to proceed to the next operation, or reboot the machine to start at the main menu.
The DBAN main menu - click to enlarge
Once I was done reading, DBAN gave me the choice of six drive wiping routines. The fastest choice, Quick Erase, simply fills the hard drive with zeroes in one pass. Since technicians with the right equipment could conceivably still recover data from this type of wipe, DBAN rates it as a low-security option.
The second choice, RCMP TSSIT OPS-II, uses the techniques recommended by the Royal Canadian Mounted Police Technical Security Standards for Information Technology in Appendix Ops-II: Media Sanitation. It is rated as a medium-security technique because DBAN makes eight drive-wiping passes with a random byte in the overwrite sequence changed each time. Apparently, the Mounties prefer this to letting horses stomp on hard drives.
The third choice, DoD Short, is based on the American Department of Defense Standard 5220-22.M. It is also rated as a medium-security option because it makes three of the seven passes recommended under the standard.
The fourth option, DoD 5220-22.M, is a stronger medium-security option because it makes the recommended seven passes across each hard drive.
For the fifth option DBAN offers the Gutmann Wipe as a high-security option. It makes 35 passes across the hard drive as outlined in security expert Peter Gutmann's 1996 paper "The Secure Deletion of Data from Magnetic and Solid-State Memory." However, due to changes in the different data encoding schemes now used by modern hard drives, Gutmann no longer recommends 35 passes. A few random passes should suffice.
Finally, DBAN offers the PRNG Stream option. This method overwrites the drive with a stream from the Pseudo Random Number Generator (PRNG). With the PRNG Stream, DBAN users can choose a medium-security option of four passes or a high-security option of eight passes.
For my test, I chose the DoD Short method. DBAN made three passes on my hard drive in an hour and nine minutes.
DBAN is not for the impulsive. If you don't have a government lab, an electron microscope, a dedicated team of computer forensics specialists, and a huge amount of time and money, you will not recover your data after DBAN has wiped your hard drive. Obviously, before you get started, you should backup important data. If you plan to use the computer again, you should have an operating system at hand, and find any driver and application installation disks that you'll need. You'll also want to make sure that your system can boot to something other than your hard drive.
DBAN is also not for the impatient. It can take a long time to write over every sector of your hard drive multiple times. Some users report that DBAN took up to 24 hours to erase their data using the most rigorous methods. While DBAN is constantly improving, if the Linux community does not have a good driver for a particular hard drive, you can expect slow performance. However, if your machine runs Linux well, you probably won't have problems with DBAN.
Overall, I found DBAN to be a great "nuke" option. However, there are a few other open source tools for wiping hard drives. A disk wiping utility called Autoclave performs the same function as DBAN. However, as of last March, it is no longer supported by its developer; he now recommends DBAN instead as a superior tool for wiping disks.
For Windows users, Heidi Computers Ltd. offers a free open source tool called Eraser. It has a utility for creating a DBAN boot CD for drive wiping, but also runs as a desktop application that offers the ability to securely wipe only specified folders and files. Heidi Computers also hosts a DBAN support forum.
For Linux, a secure file wiping utility called Wipe is also available. Additionally, there are also a variety of Linux command-line incantations that can be used to fill a hard drive with zeroes or nulls.
For my needs, DBAN did the trick. Once DBAN was finished with my hard drive, I had a nice clean landing pad for the Linux distribution of my choice.
I didn't realize FR could be used for advertising.
This is what I use for old drives I wish to dispose of. it's very user friendly.
Considering I have no connection to the product (I haven't even DL'ed it yet), but have seen requests on how to securely remove data from a HDD before selling the computer, I didn't realize that this was advertising.
I think you're lnk is broken. I don't get the image.
Except for broken drives, i.e. hardware failure.
bcwipe does a nice job of sterilizing drives.
I think I've had the issue where Windows won't downgrade versions. ie. I had NTFS on the drive and needed to put Win98 on it. The Win installer refused to do so, and so I had to really wipe the drive to remove NTFS.
This was a while ago, so YMMV.
I can imagine the Windows tools lacking flexibility. But an fdisk and format (mkfs) should be enough to render NTFS presence "gone" - even though the data is still there.
..and that's what this tool does. If you are going to sell your computer on e-bay, since you bought a new one, would you want any personal data to still be on the machine? This would be a great way of just eliminating that possibility.
This isn't really about just installing a new OS--I think it's more about protecting information on your obsolete machines.
Understood. I was just questioning the "I couldn't install an O/S on top of pre-existing data."
There are a handful of tools that do a good job of data wiping. I've used bcwipe with success.
What do you consider advertising? This is a free utility.
Many people don't realize how easy it is to recover "deleted" data from hard disks. Even after "formatting" you can recover a lot of data if you know what you are doing.
Of course, even the DOD spec mentioned in the article isn't recommended for computer disks that have had "top secret" data on them. The standard is to run a wiper like this, then destroy the drive platters with acid, as a really determined adversary with an electron microsope handy can recover data that was overwritten if it has existed on the hard disk for a long time.
Personally, my preference is the old "disassemble the drive, soak it in HCL for a month and drop it in the Mariana Trench" method. It has worked well for me in the past.
Oh, and btw: there is a small hook here for a religious war as the product boots Linux. ;-)
Self centered Ping.
OK, OK. I don't think it said that it was free.
I use Eraser for files I want to disappear forever.
It sure is, partisan peddles his books here.