Have you ever needed to completely wipe out critical data from a hard drive? As we all know, mkfs doesn’t erase a lot. (You already knew this, right?) mkfs and its variants (e.g., mkfs.ext3 and mke2fs) only get rid of a few important data structures on the filesystem, but the data is still there! For a SCSI disk connected as /dev/sdb, a quick
dd if=/dev/sdb | strings
will let anyone recover text data from a supposedly erased hard drive. Binary data is more complicated to retrieve, but the same basic principle applies: the data was not completely erased. To make things harder for the bad guys, an old trick was to use the ‘dd’ command as a way to erase a drive.
Note: This command will erase your disk!
dd if=/dev/zero of=/dev/sdb
There’s one problem with this: newer, more advanced, techniques make it possible to retrieve data that were replaced with a bunch of 0s. To make it more difficult, if not impossible, for the bad guys to read data that was previously stored on a disk, Red Hat ships the “shred” utility as part of the coreutils RPM package. Launching “shred” on a disk or a partition will write repeatedly (25 times by default) to all locations on the disk.
Note: Be careful with this one too!
shred /dev/sdb
This is currently known to be a very safe way to delete data from a hard drive before, let’s say, you ship it back to the manufacturer for repair or before you sell it on eBay!
No comments:
Post a Comment