{MIRYOKU} AI and Tech Blog

Securely delete data with DBAN

Sep 01,2020 at 03:56 pm By Sabrina

I was asked to prepare a laptop for sale for a friend. That included "erasing" the data on the hard drive. I looked for a tool to delete the data safely, without destroying the hard drive physically. 

That's when I came across the live system DBAN ("Darik’s Boot and Nuke"), which was also recommended by many other sites, including the german Federal Office for Security in Information Technology, for such a use very quickly. So I downloaded the ISO file and created a bootable USB stick with the Rufus software.

Why DBAN?

Such a system or program like DBAN should always be used when data has to be securely deleted. If a file is deleted via the operating system, it is usually not really deleted, but only marked accordingly to free the memory area again. As long as this memory area is not overwritten by other data, it can be restored or read out. The overwriting of such data is done by a program like DBAN, so that in the end only certain or random characters are left on the hard disk. It is controversial how often a hard disk has to be overwritten until all data can no longer be recovered by hardware or software solutions. Therefore there are different methods, which are more or less thorough. An additional security can of course be the physical destruction of the storage medium.

The use of DBAN

The PC had a 1 TB hard disk, which I wanted to "delete" completely. I could now plug in the USB stick and boot from it without any problems. The start screen of DBAN appears on which various information but also the mode for use can be selected.

I decided to use the interactive mode to get an insight into this system, but also to be able to adjust the settings easily. The interface of the interactive mode is very clear and simple so you can find your way around very quickly. In the upper left corner you can find the current options, while the statistic is located in the upper right corner, which is only supplied with values when DBAN is started. In the lower part of the interface there is a list of all connected storage media whose contents can be securely deleted by DBAN.

Here you have to be a bit careful if you want to erase all hard disks of a laptop or computer and you booted via USB stick, because the USB stick or other connected storage media also appear here. With the spacebar you can mark the corresponding storage media for a deletion process. If you have made all settings and want to perform the deletion, it can be started directly with the "F10" key. I used the method "DoD Short" (Department of Defense) in the settings, which was already selected as default, with one repetition (the process is only performed once). After about 8 hours the process was finished.

Which methods does DBAN offer?

Each method has its own settings for the number of passes and data used for writing. You can also see the methods as defaults, which are set by the number of repetitions. Below is a list of all methods available in DBAN and a short summary of their properties:

Quick Erase: 

This method should only be used if the hard disk is to be used for a new installation of an operating system or within the house/company. There is only one pass where the hard disk is overwritten with the character "0" and is therefore classified in the low security level. Also the setting of the repetitions has no influence on this method. If the data should not be able to be produced, the method should not be used, but one of the following alternatives should be used.

RCMP TSSIT OPS-II:

This is a method certified by the Royal Canadian Mounted Police to securely erase data from a hard drive. It is very efficient and prevents data recovery through hardware or software recovery processes. Eight passes are performed with this method. During the first seven passes, the characters "0" and "1" are written to the hard disk alternately per pass. In the last pass, a random character is written to the storage media and the pass is verified. This method is classified in the medium security level.

DoD Short:

The method "DoD Short" uses parts of the following method "DoD 5220.22-M". Instead of the 7 passes, this method uses only 3 passes. The passes 1, 2 and 7 of method "DoD 5220.22-M" are used. Thus, a "0" is written in the first pass, a "1" in the second pass and a random character in the last pass. In the last run, the writing process is also verified. This method is classified in the medium security level and is also used by DBAN as standard and is certainly a good choice to efficiently remove data from a storage medium. If there are still doubts, the original method "DoD 5220.22-M" can be used, which should be more thorough due to the number of passes.

DoD 5220.22-M:

This method is an approved procedure by the DoD (Department of Defense) to securely delete data. The method uses seven passes, with the last pass writing a random character to disk and verifying the write operation. This method is classified in the medium security level.

Gutmann Wipe:

This method is certainly one of the best methods to be on the safe side, as it uses 35 passes to overwrite the data on a storage medium. This method was originally developed for hard disks encoded with MFM/RLL. For modern hard drives this method is outdated and even inefficient, because many passes of this method are without effect. So for hard disks built in 2001 or later, one of the alternatives should rather be used. This method is classified in the high security level, also due to its high number of passes.

PRNG Stream:

The PRNG Stream is a method to use random numbers from the Pseudo-Random Number Generator to overwrite the hard disk. You can choose between different random number generators. In DBAN, the "Mersenne Twister" or "ISAAC" are available here, which can be specified during the configuration of the deletion process. This method uses only one round, but can be influenced by the number of repetitions. Thus, 4 repetitions cover the medium security level and 8 repetitions cover the high security level.

What does verification mean?

In order to recognize whether the deletion process was successful, there is the possibility of verification. By default, DBAN checks after the last pass whether the storage medium could actually be completely overwritten. The verification can be adjusted via the options so that it is deactivated ("Verification Off"), or optionally performed after each pass ("Verify All Passes") or after the last pass ("Verify Last Pass").

My conclusion

In the past, I wasn't sure how to delete data safely from a hard drive. But now, through research for this article, I found a new useful tool to do so. I am now prepared for the future and I hope I was able to give some useful information about this topic to some people. By using DBAN a hard disk can be overwritten very easy and also for beginners very understandable. The process itself takes time depending on the size of the harddisk, but such a process has to be initiated only once and can be done very easily during the daily work.

 
15989757831.JPG
15989757832.jpg
back
Leave a reply
Your email address will not be published. Required fields are marked *