Darik’s Boot and Nuke
A situation may arise when you want to completely wipe the data from a hard drive. You may be selling or giving someone your old drive, or perhaps you just want to dispose of one in the trash. Other times your Windows installation could be crawling with malware and you want to completely erase it. Maybe you suspect your drive will soon be forcibly confiscated. In these cases you should obviously be concerned about other individuals accessing your files, even the files that you have “deleted”. For times likes these, Ben Rothke makes the case for secure data destruction in his article ‘Why Information Must Be Destroyed’.
When you want to achieve total data destruction on a drive, a tool like Darik’s Boot and Nuke (DBAN) can save the day. Even though physical destruction is the safest bet, utilities like DBAN are the next best choice. According to Wikipedia, DBAN “is designed to securely erase a hard disk until data is permanently removed and no longer recoverable, which is achieved by overwriting the data with pseudorandom numbers generated by Mersenne twister or ISAAC”.
Version 2.2.7 was released in September 2012. DBAN software is available from SourceForge.
DBAN is distributed as an .iso that must be burned to a disc such as a CD or DVD (or you could launch it from a USB flash drive). Afterward you boot to the DBAN disc by pressing the appropriate key (usually one of the ‘F-’ keys on the top of the keyboard) and selecting the drive you want to zap.
Screenshots of DBAN in action are available on the project’s main Sourceforge page, so I will not reproduce any here. However, explanations of the various “nukes” or wipe methods that DBAN offers are provided below.
- Quick Erase – “zeroizes” the hard drive (the disk gets filled with zeroes).
- RCMP TSSIT OPS-11 – makes eight disk passes with a random byte changed with each overwrite sequence. Be aware that RCMP TSSIT OPS-II is no longer the Canadian government’s data sanitization standard, having been replaced by CSEC ITSG-06. Official Canadian specifications for CSEC ITSG-06 and their data erase standards are available here.
- DoD Short – makes three of the seven passes specified by DoD 5220-22.M, aka NISP Operating Manual (NISPOM).
- DoD 5220.22-M – makes all seven disk passes specified by DoD 5220-22.M using random characters and data streams.
- Gutmann Wipe – makes twenty-seven passes in random order using specific data along with eight passes using random data.
- PRNG Stream – overwrites the disk with a Pseudo Random Number Generator (PRNG) stream.
NIST also has published its own set of data erasure standards called SP 800-88 (432 KB PDF). Also see SP 800-88-Rev.1 (DRAFT Guidelines for Media Sanitization). The Australian Government Department of Defense published their data sanitization and destruction standards in the ‘Media Security’ section of their Information Security Manual.
A National Institute of Justice (NIJ) report published in Jan 2010 discusses the results of DBAN testing performed by NIST. The report concludes that: “In all the test cases run against Darik’s Boot and Nuke (DBAN) Version 1.0.7, all visible sectors were successfully overwritten. For the test cases that used drives containing an HPA or DCO, the tool behaved as designed by the vendor and did not overwrite hidden sectors.”
If you found the content of this article helpful and want to expand your knowledge further, please consider buying a relevant book or two using the links below. Thanks!