Ubuntu: Securely Erase Hard Drive with “shred”

On Windows, I used the free program Eraser to wipe hard drives when I was finished with them. I looked for a while for something similar for Ubuntu Linux but couldn’t find any programs like Eraser.  Turns out, however, that this functionality is built into the operating system, though it is command-line only.  Here’s an example of the command with an explanation following:

# shred -vfz -n 100 /dev/hda

Here’s what this does.  The # sign is the command prompt.  “shred” is the command that tells the operating system that you want to not only erase all the files on the drive but also to over-write those files with random bits.  The “f” in the “-vfz” command forces the write by changing the permissions on the drive wherever necessary.  The “z” in the “-vfz” command writes zeros to the drive.  The “-n” command is followed by a number (“100” in the example above).  This tells the operating system how many times to write random data to the drive.  The more times you write over the data you had on the drive, the lower the odds that someone will be able to recover your files.  Writing over your data 100 times is likely overkill; 3 to 5 times is how many times I typically wrote over data using Eraser (which does the same thing).  Finally, the “/dev/hda” portion of the command tells the computer which drive to wipe.

If you are wiping your primary drive, you’ll need to boot into Ubuntu (or some other brand of Linux) using a live disc then open a terminal and type the above command.  Otherwise, the primary hard drive will be from where the operating system is running,which means you won’t be able to issue the command.  There is, apparently, a disc image you can download that makes wiping the primary drive quite easy: Darik’s Boot and Nuke or DBAN.  It’s basically like booting using the live disc, but the sole purpose of DBAN is to wipe the drive.

If you’re wiping an external drive, you just need to know the letter of the drive, and can then swap that out in the command (e.g., “/dev/hdc” or “/dev/hds”).  You can figure this out by looking in the “dev” folder or by using gparted.  Just make sure you get the right drive; you don’t want to try wiping your primary drive or any other important information.

For those reading this who don’t know why you would want to securely delete your files, here’s the rationale: just deleting files on a hard drive doesn’t mean someone can’t recover them.  I’ve recovered deleted files for students from their hard drives and from thumb drives numerous times; it just requires a little technical know-how.  This is much more difficult using EXT4, the Linux file system, but quite easy using NTFS, the default file system of Windows (or FAT32). But there are things you can do to pretty securely erase files from a hard drive.  What this program does is erase the files on the drive and overwrite that data with random data.  You would do this if you: (1) had files on your drive you deleted that you don’t want anyone else to be able to recover; or (2) you were giving away or selling your hard drive to someone else (e.g., on Ebay) and didn’t want them to have access to any of your files.  I did this to the hard drive of a laptop I recently sold on Ebay to ensure that they couldn’t recover my data.

Oh, and one more thing, the above instructions come from here.  I reposted them here with additional instructions so I’ll have it for future reference.