Good suggestion. I've used this program before and it's on my list of keepers.

However, regarding prepping your computer for recycling/sale, there is another likely scenario - your HDD dies and needs to be RMA-ed. This leaves you with a dead drive you'll be sending to the manufacturer/seller from which you cannot wipe your personal files from (as its already dead).

If this has happened to you, you'll know that this can leave you with an uneasy feeling; sending all your data to some distant, faceless place.

This is further cause for learning about and implementing some kind of encryption, at least for your "sensitive" files. Personally, I have had great success with TrueCrypt, for which there are many postings right here on lifehacker.

USBman

It's important to realize that DBAN performs a software-only wipe, which has some limitations. According to the Darik's Boot and Nuke FAQ, contents of remapped sectors and the Host Protected Area (HPA) are NOT deleted.

Modern hard drives support erasure internally, at the firmware level.

RobDLG

I use DBAN for decommissioning machines at work. It's not the only step I take, but I figure if I lose the machine after the initial wipe is done, it should still be pretty well safe from prying eyes.

I hate to tell you this but even using DBAN it is still possible for the NSA to get at the data that was there if it was there for a long time (unfortunate side effect of magnetic storage). If it is considered a possible threat to national security, they can probably recover it (I've worked in data recovery/protection for several years, so this is not guess work - they were able to recover data from HDD's that were on the shuttle Discovery, and it burned for a LONG time, and fell from freakin space!).

The process is REALLY time consuming and expensive though (single needle reads anyone?) so if it's not a threat to national security, you only have to be worried about being charged with destroying evidence.

If you're looking to protect yourself from data theft though this is a great tool.

jglessner

@USBman:

I agree. For those that do not use encryption, a good strong electromangnet will do the trick quite nicely. I recently had a HDD on one of our DC's fail (warrantied, but I still had to send it back), and realized after the fact that it wasn't encrypted (non critical data, but still). I asked the guys out in the shop for a strong magnet, and boy did they give me a doozie. I left the HDD on the magnet for one hour on each side, good luck getting data off of THAT.

@cartman005:

DBAN (at least in versions 1.0.4 and prior, I have not downloaded the newer releases yet) has to create boot media, and even then you have to tell it to do something at boot to initiate a wipe.

jglessner

Thanks for this!

bosspants

I am afraid to have this program on my computer or hard drive in case of accidental erase or use by other users of the computer as stupid as that may sound.

cartman005

"Oh, hello officer. Excuse me for a minute while I put some music on." slyly slip in the DBAN CD "How can I help you? You caught the guy who vandalized my car last month? Oh Sh..!"

Duane

I used this program a while ago to wipe my brother's spyware and malware riddled hard drive on his old computer so I could use it as my Ubuntu experiment computer. The entire wipe took over three days. I don't know if that's out of the ordinary or not, but in my experience, if you start this up, be prepared to wait a while before you can do anything again.

washanddry

I've tried to use DBAN in the past to wipe an old XP machine, but I had no success with it. I tried the wipe several times using various settings, and still it never worked.

I ended up using Ultimate Boot CD - [www.ultimatebootcd.com] - which includes a number of book-and-nuke style utilities (including DBAN), among other things. I believe in the end I used Active Kill Disk Free Edition - [www.killdisk.com] - (included on the Ultimate Boot CD), and it worked fine. Took probably an hour and a half to do the entire wipe (probably 40 gigabytes of content).

@osugodfan: I could be wrong about this, but since DBAN runs from it's own boot disc, I don't think there is any solid way to prevent it. Just make sure students don't boot/reboot the computers.

HobBramble

While this might be good for the emergency termination and execution........when that time comes when the big brothers are coming up my stairs and/or knocking my doors, I don't think I'll even dare to think about searching for DBAN in my start menu...i'll prolly just jump off the cliff and find away to beat 'em by foot... :P via shortcut back roads ofcourse...

the_gank

Um.. Can anyone tell me a good way to PREVENT this from working on a computer? I'm an admin at our school, and I can see one of our students wreaking havoc on our new boxes with this. Handy and dangerous, it is.

osugodfan

I use an electro magnet on drives when I am through ... does the job well. :)

shoregeek

@osugodfan: Most modern computers can have their BIOS set to not allow booting from anything other than the internal hard drive. You would then protect the BIOS with a password, as hard of one as you can manage.

I assume you do not allow students to have Administrator or root access?

Second, have a way to re-image the hard drive. We use Symantec Ghost at the small college I work at. If you have to re-build the system from individual installers, what I do is to throw all those installers onto a file server, and I have a flash drive with scripts to access the server and invoke an installer. If the installer needs a serial number or key, the script opens a text file with that before running the installer.

nightbirdsf

I used this once. But it took forever. Days. Big problem was I only had one PC. So I was stuck for days without a PC.

I'd look into Heide Eraser [www.heidi.ie] which runs from within Windows if you don't have a spare machine to run DBAN on. But, I am not sure if DBAN can erase more of the disk than Heide Eraser. Anybody know? Something to consider.

mrknowitall

If the feds are knocking on your door, you've got to do it this way:
(skip to 3 minutes in)

+ Watch video

calpchen

@calpchen LOLZ!!! Very nice, but the feds might get a little suspicious if you press a button and all the sudden your living room is on fire......though, very thorough, I must say.

Hmmm, hook that baby up to a serial controller, have Thunderbird running, and have it activate a custom script what a text message with a code word is sent in. Now the ideas are flowing..... :-)

(and if anyone were to actually try this, and did manage to blow themselves up, I take no responsibility. Plus, if you happen to know where to get a batch of thermite, chances are the Feds are gonna be askin` about that too)

eaglestrike7339

@mrknowitall: Slow PCs will take a while... but I've wiped P3s with 80GB drives in under two hours, even old laptops in less than 5.

Then there was this quad xeon with eight 73GB 15K SAS drives... less than an hour... Zoooooom! :)

binaryspiral

@osugodfan: If the user has access to an available cd-rom drive or usb port AND can make the PC boot from one of these devices - you can't prevent it.

To prevent it, ensure the BIOS is set to boot only from the internal HDD and disable all other booting. Then lock the BIOS with a strong password.

binaryspiral

So, there are a few issues that have come up in the comments.

This takes a long time
DBAN has an algorithm option, I believe it's the PRNG option, that will not destroy the disk sequentially. Instead it starts moving randomly across the drive and destroying data. This is less efficient if you want a fast wipe, but it means that the wipe is more effective quickly. So if you run a PRNG wipe and it's interrupted at 15% you may actually succeed in sufficiently destroying the data. That said, if you just don't dabble in illegal matters, speed isn't really as big of a deal.

I can't wipe my drive, because it's broken and I need to RMA it
USBman is completely correct in this area. The proactive way to fix this is to use encryption as he indicated. If you didn't do that and you have critical data on the drive, consider just ponying up the money for a new hard drive. I'm a cheapskate but I know that identity theft is expensive. If you go that route, break the old hard drive open, grind the surfaces down and then dispose of it as usual. You can try to wipe it with a magnet, but it's no guarantee.

And finally, I want to make two points that no one else has brought up.

It's unlikely DBAN will detect and destroy your RAIDed drives successfully
If you're enough of a geek to run RAID then you should already know this. But if you're a semi-geek and you're considering RAID then also consider how you will handle destroying the data if you need to in a hurry. When you boot to DBAN it may not have drivers for your particular RAID and so it will be unable to destroy it. Instead you will need to install the disks to a standard controller and wipe them in that fashion.

I need to destroy a bunch of drives or I need certification that I destroyed them
Consider using EDBAN(Enterprise DBAN). It isn't free, but it can wipe multiple drives at once and provide you with certification that the drives have been nuked.

And just so you know, I'm not associated with DBAN, just a long time user and admirer of it.

daniel.j.doughty

@osugodfan:

They would have to boot from removable media to be able to use this, so if you disabling all other forms from booting the computer in the BIOS and then password protect the BIOS you should be fine :)

Bobly

does someone want to post a copy to gary glitter? i'm sure he'd love it

gorilly

Yup, I first read about DBAN at :[www.onlineobservations.net]

Very useful indeed. I am trying to get my IT department to try it out.

whoisvaibhav

Interesting. I just use a Linux live-cd (Knoppix is my fav) and use the super-powerful 'dd' command from the terminal prompt: dd if=/dev/zero of=/dev/hda

Wipes out the hard drive assigned to hda with zeros. Isn't super fast but it works like a champ.

J

JeffinVA

I have to erase a hdd before i send it back for replacement. I just encrypted the whole drive using trucrypt (6.0). Hopefully secure erase plus truecrypt will do its job when and if HDD gets recycled from the manufacturer.

-- Raj

rjamya

@osugodfan: Disable Boot to CD in BIOS, then set a BIOS password.

Ken

@daniel.j.doughty:

Good point about RAID, though if you are using 100% hardware based RAID (any SCSI RAID is), I believe all SAS RAID is, and most SATA RAID is "semi-hardware" based (the RAID information is stored in the controller, the partition tables in the OS) you should be fine. I've only ever seen one 100% hardware PATA based RAID controller, and it was OLD, and HUGE (think external controller huge). I would say that 99.999% of all PATA based RAID is software based, and these are the ones you will definitely have issues with.

Also nice find with the EDBAN. I was not aware that there was a commercial offering. I will most definitely have to investigate.

@eaglestrike7339:

Thermite is VERY easy to make (it's just a dry mixture of two VERY common metal products). However the thing about thermite is that it makes it's own oxygen, and (depending on the quality and ratio of the ingredients) will burn until there is very little of the original material left.

My dad showed me how to make it when I was a kid (something he picked up in Vietnam, and when I say kid I was like 16 at the time), and I must say, DO NOT PLAY WITH THIS STUFF. It is extremely easy to get into a situation where the resulting fire gets out of control, and due to it's nature, you'll be LUCKY if a fire department could put it out (even if there was a hose crew waiting).

jglessner

And, for those of us on a Mac, don't forget the "Secure empty trash" option available from the Finder menu (Not DOD, but not bad). And the DOD+ quality formatting option available on the install disk and in Disk Utility.

Ben Zvan

@JeffinVA: I'm not an expert at recovery, but I do know that your method is more recoverable than DBAN. DBAN is writing multiple passes to the hard drives and it is using a random series of 1's and 0's. Apparently if you just do one pass and you set them all to just 0's the old magnetic positions leave a strong old signature that can be recovered.

To give you an idea of how recoverable a just 0's wipe is, the DOD would run 7 passes of random 1's and 0's as a standard to destroy Secret documents. That said, I don't work around that stuff much since 2001, so who knows what the current standards are.

Also, please don't think I'm looking down on your method because it's linux. I'm a unix admin and have been for a long time. dd has it's uses, but I'm not sure that this is one of them.

daniel.j.doughty

@osugodfan: Take Ken's suggestion, and also disable floppy and USB boot. Good measures to take with any publicly-accessible computer.

HeartBurnKid, creepy morbid freak

@osugodfan: I agree with the BIOS passsword that @HeartBurnKid, creepy morbid freak: @Ken: @Bobly: @binaryspiral: suggested. BUT, you must also lock the CASE closed. My local school has been junking a lot of semi new computers, as I guess they can't re-sell them due to possibly being purchased through grant money. I got 7 nice P4 systems, and at least 10 HD's with XP on them. Some of the computers had BIOS passwords on them. It is very simple to remove the jumper on the motherboard, reboot, and the BIOS password is erased. The hooligans can then set their own password and do other things. The only way around this is to lock the case, and I think there may also be a thing with the chassis intrusion switch, but I don't know much about that. I'm sure some others here may know about it, but not me. Even a simple padlock will keep most people at bay, or at least make it so it is difficult to open the case and remove the jumper w/o being noticed.

Git Em SteveDave is a poor substitute for LindsayJoy

Ideal for when the MPAA comes a-knockin' for your torrent serverz.

Captain Bringdown

By the time the FEDs come knocking at your door they already have you, it's over, your screwed. Best to just let them have it and find yourself a good lawyer, try this and they'll nail you with destruction of evidence on top of whatever they have you for already. Mind you I think the software will be fun... but then again I'm very mean :p

DrewHlios

I've bootNnuked a few times in the past with great success. Usually before a fresh OS install on a retired machine or when somebody is nice enough to give me an old IDE HDD they don't need. I always used a bootable floppy, which is not usually part of my boot sequence from BIOS so no accidents.

RE: School admin - Dito on password protecting the BIOS settings.

Alpha_Llama

I am a bit worried about the part "every hard disk it *can* find". From the FAQ, there are some hardware which it can not detect. So be sure it can detect the drives you want to delete.

yohanes

I use DBAN all the time*, it's a great little program.

* All the time = 3 times

OX4

If you're REALLY worried about the feds finding data, just create some thermite pods that you put on top of the case, light them and walk away. It'll burn all the way through the computer in concentrated doses.

Either that or I'm sure there's a way to create a usb look alike drive full of thermite, connect it to an extension cable set it ontop of the box and walk/run.

Either that or use a road flare, light it and push it through the hard drive.

*i don't advocate doing anything criminal worthy that would require this drastic of a measure however*

liquidglass

Oh, right, @GetEmSteveDave: a chassis intrusion switch just lets you know the chassis has been opened by setting a bit in the BIOS, it doesn't provide any kind of intrusion countermeasure. Both intrusion switches and locks are included on most decent ($90usd+) cases and many OEM business cases.

Nphyx

much easier than making and rigging thermite is simply making an electromagnet. take an iron plate, wrap it with copper wire, run the wire through a switch on the outside of your case, and then to the dc+12v and ground leads on a standard MOLEX plug and plug that right into the power supply. Set the plate on top of or in between your hard drives. If you need to destroy data in a hurry, flip the fucker on. By the time the fuzz or whoever gets you in cuffs and your equipment turned off those HDDs (and likely any nearby CRT monitors) will be long gone.

You can get more creative with this and turn the thing into a real degausser with a simple analog circuit to switch polarity rapidly, and if you like, a linear actuator (electric motor would be larger more of a pain in the ass) and a simple mechanism to rotate the thing 90 degrees between passes which will produce optimal results. Maybe a slightly more failsafe switching mechanism.

It would take some experimentation to make the thing safe and optimal; I've never actually done this because I don't do stupid things that would require that kind of urgent data destruction. Also because having something like that set up to show off would end up with me flicking the switch on accident.

It's a hell of a lot less stupid than thermite, or even the old "strike anywhere match in a floppy disk with an incendiary" trick, though.

Nphyx

Running the forensic lab for Seagate, my experience is this: Take a hammer to the drive or use our FDE drive. Trust me all other options fail and your data will be recovered if someone has the time and money...

clanmacarms

D-Ban is great. I used it over 20 times in the last two weeks to satisfy the requirement for "due diligence by deleting all files prior to surplusing equipment." And yes...if the Feds ever knock on my door, I have a DBan boot USB key set to autonuke next to my case :D

the_panda