4 Linux tools to erase your data

Erase data from your hard disk drive with these open source tools.
59 readers like this.
tools in the cloud with security

Opensource.com

One of the best ways to keep your data secure is by only writing data to an encrypted hard drive. On a standard drive, it's possible to view data just by mounting the drive as if it were a thumb drive, and it's even possible to display and recover even deleted data with tools like Scalpel and Testdisk. But on an encrypted drive, data is unreadable without a decryption key (usually a passphrase you enter when mounting the drive.)

Encryption can be established when you install your OS, and some operating systems even make it possible to activate encryption any time after installation.

What do you do when you're selling a computer or replacing a drive that never got encrypted in the first place, though?

The next best thing to encrypting your data from the start is by erasing the data when you're finished with the drive.

Responsible caretaker

I'm frequently called on to help clients upgrade an old computer. Invariably, they're more than willing to help me recycle them so that they can be used by someone else. I'm happy to refurbish these older computers and refit them with a newer solid-state drive, dramatically improving performance.

However, it's not a good idea to just throw an old drive in the trash. It needs to be erased and then disposed of properly. Rather than leave the drives in the original computer, I remove them, place them in a drive enclosure, and connect them to my Linux computer. Several Linux utilities can easily accomplish this. One of them is the Gnu Shred tool.

GNU Shred

$ sudo shred -vfz /dev/sdX

Shred has many options:

  • n - the number of overwrites. The default is three.
  • u - overwrite and delete.
  • s - the number of bytes to shred.
  • v - show extended information.
  • f - force the change of permissions to allow writing if necessary.
  • z - add a final overwrite with zeros to hide shredding.

Use shred --help for more information

ShredOS

ShredOS is a live Linux distribution with the sole purpose of erasing the entire contents of a drive. It was developed after a similar distribution, called DBAN, was discontinued. It uses the nwipe application, which is a fork of DBAN's dwipe. You can make a bootable USB drive by downloading the 32 bit or 64 bit image and writing it to a drive with the dd command on Linux and macOS:

$ sudo dd if=shredos.img of=/dev/sdX bs=4M status=progress

Alternately, you can use the Etcher tool on Linux, macOS, and Windows.

The dd command

A common method for erasing drives is with the Linux dd command. Nearly every Linux installation comes with the dd utility installed. Make sure that the drive is not mounted.

$ sudo umount /dev/sdXY -l

If you want to write zeros over your entire target disk, issue the following command. It will probably be an overnight job.

$ sudo dd if=/dev/urandom of=/dev/sdX bs=10M

Warning: Be sure that you know where you are on your system and target the correct drive so that you don't accidentally erase your own data.

Nvme-cli

If your computer contains one of the newer NVMe drives, you can install the nvme-cli utilities and use the sanitize option to erase your drive.

The command nvme sanitize help command provides you with a list of sanitize options, which include the following:

  • --no-dealloc, -d - No deallocate after sanitize.
  • --oipbp, -i - Overwrite invert pattern between passes.
  • --owpass=, -n - Overwrite pass count.
  • --ause, -u - Allow unrestricted sanitize exit.
  • --sanact=, -a - Sanitize action.
  • --ovrpat=, -p - Overwrite pattern.

Here is the command I use:

$ sudo nvme sanitize /dev/nvme0nX

The same warnings apply here as with the format process: back up important data first because this command erases it!

Information management

The information you keep on your computer is important. It belongs to you and to know one else. When you're selling off a computer or disposing of a hard drive, make sure you've cleared it of your data with one of these great tools.

What to read next
User profile image.
Educator, entrepreneur, open source advocate, life long learner, Python teacher. M.A. in Educational Psychology, M.S. Ed. in Educational Leadership, Linux system administrator.

1 Comment

Thanks for this info. I'd also add the "blkdiscard" command for emmc and SD-card drives that support it. (USB-connected ones don't.) It resets the drive's block map to factory state, so may well improve writing speed of the drive.

Creative Commons LicenseThis work is licensed under a Creative Commons Attribution-Share Alike 4.0 International License.