GNU/Linux Desktop Survival Guide
by Graham Williams
Wipe your Computer
20190908 Before we dispose of, sell or hand on our computer, it is important to back up the contents of the hard disk, if required, and to then wipe the hard disk.
When we use operating system commands to remove files from our hard disk the actual 1's and 0's are not removed from the disk, as such. Instead the directory information about the name and location of the file is lost and the area where the file was stored is made available for overwriting by other data. This means that the original data can be recovered even though the file has been deleted (but possibly not yet overwritten).
This is great if you have accidentally deleted data and need to recover it. There exist forensic tools to do this. A technique called Magnetic Force Microscopy (MFM) allows, at a cost, the recovery of even the last two or three layers of data as written to disk! But today's hard disks are also clever in dealing with bad blocks and may unwittingly store some of your data permanently in places that no one generally has access to!
Thus we need to take special care when we really need to wipe the contents of our disks to completely remove any trace of possibly confidential data from the disk. The wipe package in Debian GNU/Linux provides a tool to do this.
For a copmuter that needs to be wiped we might boot from a USB containing a Ubuntu image and so run Ubuntu from the USB. This ensures the disks of the computer are available for wiping. In this scenario the universe repostiory will be required in order to install wipe, with hte following line in /etc/apt/sources.list:
deb http://archive.ubuntu.com/ubuntu/ focal universe
Update the repository information and then install the wipe command:
$ sudo apt update $ sudo apt install wipe
Run the fdisk command to list the available disks and partitions.
$ sudo fdisk -l
Identify the Linux filesystem partition(s), for example, /dev/sda1:
$ sudo wipe /dev/sda6 Okay to WIPE 1 special file ? (Yes/No) yes Wiping /dev/sda6, pass 0 (0 ) [ 39110 / 5883392] ETA 4d 11h
The default wipe takes a long time. For a quick wipe use
to write random data just 4 times over each file. Here we also utilise
-k to not unlink files and so keeps any device special
$ sudo wipe -kq /dev/sda1 Okay to WIPE 1 special file ? (Yes/No) yes Wiping /dev/sda6, pass 0 in quick mode [ 39110 / 5883392] ETA 12h26m
To perform a more comprehensive (and not quick) wipe we might do the
following, noting the use of
-D to follow symbolic links
(i.e., to dereference symbolic links:
$ wipe -kD /dev/sda1
The wipe command and other similar commands do not guarantee data can not be recovered. There is various technology and backdoors that are likely to be able to recover data. To ensure privacy it is best to work with encrypted files and file systems.