Erasing a Linux laptop
This nixCraft post explain how to erase hard disk
The secure removal of data is not as easy as you may think. When you delete a file using the default commands of the operating system (for example “rm” in Linux/BSD/MacOS/UNIX or “del” in DOS or emptying the recycle bin in WINDOWS) the operating system does NOT delete the file, the contents of the file remains on your hard disk. The only way to make recovering of your sensitive data nearly impossible is to overwrite (“wipe” or “shred”) the data with several defined patterns. For erasing hard disk permanently, you can use the standard dd command. However, I recommend using shred command or wipe command or scrub command.
Warning: Check that the correct drive or partition has been targeted. Wrong drive or partition target going to result into data loss . Under no circumstances we can be help responsible for total or partial data loss, so please be careful with disk names. YOU HAVE BEEN WARNED!
Erase disk permanently using a live Linux cd
First, download a knoppix Live Linux CD or SystemRescueCd live CD.
Next, burn a live cd and boot your laptop or desktop from live CD. You can now wipe any disk including Windows, Linux, Mac OS X or Unix-like system.
1. How do I use the shred command?
Shred originally designed to delete file securely. It deletes a file securely, first overwriting it to hide its contents. However, the same command can be used to erase hard disk. For example, if your hard drive named as /dev/sda, then type the following command:
# shred -n 5 -vz /dev/sda
Where,
-n 5: Overwrite 5 times instead of the default (25 times). -v : Show progress. -z : Add a final overwrite with zeros to hide shredding.
The command is same for IDE hard disk hda (PC/Windows first hard disk connected to IDE) :
# shred -n 5 -vz /dev/hda
Note: Comment from @Gilles
Replace shred -n 5 by shred -n 1 or by cat /dev/zero. Multiple passes are not useful unless your hard disk uses 1980s technology.
In this example use shred and /dev/urandom as the source of random data:
# shred -v --random-source=/dev/urandom -n1 /dev/DISK/TO/DELETE # shred -v --random-source=/dev/urandom -n1 /dev/sda
2. How to use the wipe command
You can use wipe command to delete any file including disks:
# wipe -D /path/to/file.doc
3. How to use the scrub command
You can use disk scrubbing program such as scrub. It overwrites hard disks, files, and other devices with repeating patterns intended to make recovering data from these devices more difficult. Although physical destruction is unarguably the most reliable method of destroying sensitive data, it is inconvenient and costly. For certain classes of data, organizations may be willing to do the next best thing which is scribble on all the bytes until retrieval would require heroic efforts in a lab. The scrub implements several different algorithms. The syntax is:
# scrub -p nnsa|dod|bsi|old|fastold|gutmann|random|random2 fileNameHere
To erase /dev/sda, enter:
# scrub -p dod /dev/sda
4. Use dd command to securely wipe disk
You can wipe a disk is done by writing new data over every single bit. The dd command can be used as follows:
# dd if=/dev/urandom of=/dev/DISK/TO/WIPE bs=4096
Wipe a /dev/sda disk, enter:
# dd if=/dev/urandom of=/dev/sda bs=4096
5. How do I securely wipe drive/partition using a randomly-seeded AES cipher from OpenSSL?
You can use openssl and pv command to securely erase the disk too. First, get the total /dev/sda disk size in bytes:
# blockdev --getsize64 /dev/sda 399717171200
Next, type the following command to wipe a /dev/sda disk:
# openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt </dev/zero | pv -bartpes
399717171200 | dd bs=64K of=/dev/sda
6. How to use badblocks command to securely wipe disk
The syntax is:
# badblocks -c BLOCK_SIZE_HERE -wsvf /dev/DISK/TO/WIPE # badblocks -wsvf /dev/DISK/TO/WIPE # badblocks -wsvf /dev/sda
Boot your laptop from USB/CD and use DBAN: https://dban.org/
Regards.
I'm going to suggest considering an alternative to wiping the drive.
Wiping the drive is dangerous in that you can lose data permanently. Additionally, depending on how worried you are about someone taking the data, it can be difficult to ensure that some drives are truly non-recoverable (e.g. SSDs that have internal mechanisms that spread writes around).
A simple and 100% effective solution is to just replace the drive with a new one. Keep the drive for yourself, and then you don't even have to worry about it (barring someone breaking into your home or the computer to which it's attached getting compromised). Whether this is worth your money is something only you can determine, but it's a lot less hassle. As a bonus, now you have an extra drive for yourself. Make your decision by weighing the costs vs. the risk of attacks you wish to protect against.