What is the best program to secure erase all data on my HDD drive with overwriting - selling HDD drive (GParted or fdisk?)

Asked by Piotr on 2021-04-18

Dear Community,

I have 2 TB Seagate disk and I want to sell it. I must have sure that all data will be wiping and someone can't restore it. I have sensitive data (photos, passwords, ID documents etc). I must have 100% sure. I have now installed GParted, GNOME Disk and fdisk. Some of above programs have function to erase data and this will be okay? My data will be safe and can't be restore? Or I must download something different like shred or other program?

Someone can help me? I will be apreciate this.

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Solved by:
Manfred Hampl
Solved:
Last query:
Last reply:
Manfred Hampl (m-hampl) said : #1

If you are afraid that someone might misuse the remainders of information that was stored on your hard disk, then you should not sell the disk but destroy it.

For erasing the contents of whole partitions I suggest using the program wipe (to be installed, package name is wipe).
See its man pages http://manpages.ubuntu.com/manpages/bionic/en/man1/wipe.1.html

you can use dban or dd to write data to the disk and protect it

Piotr (peterq94) said : #3

Okay, I will not sell the disk but I want to send it to warranty (RMA) but someone also can use my data so it is why I asked you about it.

dd command is okay and you have sure that this will destroy all data? This overwiting with zeros or this overwriting with algorithms? What should look dd command for do it (I very rare use dd command).

Can you help?

Yes. Once you overwrite the data then it's pretty much gone. I recommend using /dev/random as the input.

Piotr (peterq94) said : #5

On Ubuntu help I can find "Formatting a disk is not a completely secure way of wiping all of its data. A formatted disk will not appear to have files on it, but it is possible that special recovery software could retrieve the files. If you need to securely delete the files, you will need to use a command-line utility, such as shred."

Shred is good program? Is it installed by default?

I asked service near my location and technician suggested me to use "wipe my disk" program on linux but I don't know what is this program. I can't find it. This is the same program like mentioned Mr Manfred? --> http://manpages.ubuntu.com/manpages/bionic/en/man1/wipe.1.html

Piotr (peterq94) said : #6

Second question. On Ubuntu we have by default installed program to restore data from disk? I can check by this software if my data is deleted properly.

Manfred Hampl (m-hampl) said : #7

In the Linux world you usually have several ways to achieve a certain target, and this is also the case here.

For "secure" deletion of files there are several tools available.

dd is a standard "general purpose" tool to copy from a source to a destination. It can be used to copy random contents to a disk.
The programs shred and wipe are tools to overwrite a file with nonsense contents. As far as I know both allow using it on a device file (e.g. /dev/sda or /dev/sda1) to remove not only files, but to erase all information on the disk including information about partitions and file systems.

As far as I know shred is already available in a standard Ubuntu installation, and wipe has to be installed (sudo apt install wipe).

Remark: There are even more tools available that can be used for such purpose. Some graphical disk tools also include actions to overwrite the contents of partitions.

I do not know any reasonable way to check that the data have really been deleted properly. For doing that you would have to use special data recovery tools and check what you can restore. The better the tools and the more expensive, the more likely you can reconstruct something.

You can use ddrescure or photorec to recover files. Loads of options available. None are default installed

Piotr (peterq94) said : #9

Thank guys for help. In next week I must erase my data from HDD because I must this device for warranty. Now I have some important files. Every day I think a lot of this how to securely erase all data. I thinked that shred is the best because this program is installed by default on each Ubuntu installation but on wikipedia I can read: "All limitations imposed by the file system can be overcome by shredding every device on which the data resides instead of specific files. However, since wear leveled devices do not guarantee a fixed relationship between logical blocks addressable through the interface and the physical locations in which the data is stored, shredding may not provide adequate security. If available, the SATA secure erase command, issued through hdparm or a similar utility, may be helpful in this situation. Even for magnetic devices, SATA secure erase will be faster and more reliable than shredding. Physical destruction may be necessary to securely erase devices such as memory cards and unusable hard disks. "

I found on wikipedia that hdparm is better. I also found some instruction for SSD on Kingston website but I have HDD drive.

I can use the same command to erase data in HDD drive? This is link --> https://www.kingston.com/poland/en/support/technical/products/sedc450

Like I said I have some important sensitive files like personal photos, documents. I think now that before erase data I can encrypt these sensitive files but I don't know what free program is good to do this. I found VeraCrypt for Windows (I heard that Linux version is also available) but I don't know if it safe program? This is reliable? The best option for me is encrypt files with default program from Ubuntu which is installed by default of course if it exists. Second option is download program from Ubuntu repository but this program must be safe and effective. I don't know if this program exists on Ubuntu repository.

If you can answer me and help me I will be very appreciate this. If you answer with some new kind of information this means that you was fallen from sky for me.

Thanks guys for your time and help!

Have a nice Sunday!

Piotr (peterq94) said : #10

ddrescue was also mentioned on other forum. This is safe program and this can also erase data? What is the best program to erase data on Ubuntu? Simple dd command is good? It also wipe partitions and filesystems and all metadata of the files?

There is no single best application to do anything in any operating system. If there was then the others would die out as nobody would use the others. All you will see online are people's opinions. It's like asking "what is the best chocolate bar?". It's nonsense

Piotr (peterq94) said : #12

Okay, my english is not the best so maybe you don't understand me. My question was: if you used some program to erase data and do you checked if this overwrite files in real? I am begginer and a lot of program to rescue data maybe can be complicated and I must return my HDD device in this week so this must be fast clean (erase) in this week. I want to get simply and effective solution to do this the best how I can.

I'd use a hammer. Best data protection around. Using dd to write random gibberish to the drive will wipe the drive for you

Piotr (peterq94) said : #14

dd or ddrescue? Or both are similar?

dd will do the job

Piotr (peterq94) said : #16

You recommended /dev/random instead /dev/zero for dd command? Dev random is better? My CPU will be do random data so it will be harder to recover my original files?

Yes exactly

Best Manfred Hampl (m-hampl) said : #18

dd or ddrescue?

dd is a program to write data to a device (either real data, e.g. when creating a bootable USB stick, or just zeros, or random digits).
ddrescue is a program that attempts to reconstruct data from a device, e.g. when you delete a file by error or if there are defects on a disk.
They do more or less the opposite of each other.

Piotr (peterq94) said : #19

Thanks Manfred Hampl, that solved my question.

Piotr (peterq94) said : #20

I also asked on polish forum about overwriting data on HDD disk and I got answer that I can only once write data to the device with zeros but probably I will do 2 run.