noah.org: dd – Destroyer of Disks

noah.org: dd – Destroyer of Disks

Contents
1 Why use dd instead of cp?
2 Burn Linux ISO images to a USB flash drive using Apple Mac OS X
3 Securely erase a drive
3.1 Tinfoil hat paranoia
3.1.1 caveat on Flash memory storage
3.2 One step disk wipe tool
4 Erase MBR
4.1 disk signature of boot disk
4.2 ms-sys
4.3 See also
5 Erase GPT (GUID Partition Table)
5.1 Error: Unable to install GRUB
5.2 Easter Egg
6 Fill a file with bytes
7 Copy a drive to an image file
7.1 restore from an image
8 Image a CD or DVD
8.1 Image a drive with compression
8.2 Image a drive over a network with `dd` and `ssh` or `nc` (netcat)
9 Show progress status statistics of `dd`

In many cases you can use cp where dd is used. What dd adds is filtering. It lets you set block sizes of data, you can specify how bad blocks are handled, you can limit how much data is copied. dd isn’t much more than a fancy cp command.

It takes about 15 minutes to destroy a 1GB file using GNU `shred` (default options). It takes 30 seconds to destroy the file using `dd if=/dev/zero of=somefile bs=1024 count=1M`. This is on a laptop with a 1.6 GHz dual core CPU, 2 GB RAM machine, and a Seagate Momentus ST9160823AS drive with ext3 filesystem — in other words, nothing fancy.
Some people will tell you that simply overwriting data isn’t truly secure because they heard that it’s possible to read data that has been overwritten (See data remanence). Some believe that you must overwrite a bit multiple times to ensure that there is no way to recover the bit that had been stored there. There are official guidelines based on this belief. My belief is that this is a myth. The origin of this idea came from Dr. Peter Gutmann who speculated that overwritten data might be recovered through the use of Scanning Transmission Electron Microscopy. This is an interesting idea, but the key fact to point out is that this is an unsubstantiated theory — no one has ever demonstrated recovering even a single bit of data using this technique or any other technique. No commercial forensics or data recovery firms offer any services that can recover data once it has been overwritten. Obviously the NSA is going to advertise this capability if they had it, but I believe neither they nor any advanced species of space aliens that may be visiting us have this ability. The point is that you can’t hire anybody for any amount of money to recover overwritten data for you. Forget the NSA. If your data is so sensitive that you can’t accept the risk that the NSA or space aliens might be able to unerase data from your drive then you don’t need my advice. You might need advice from someone in a different profession… The bottom line is that most tools that claim to “securely” erase a drive use such extreme measures that it can take hours to erase a drive. Yet there is not a single example of anyone recovering data after it has simply been overwritten once with zeros.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s