wiping, fixing, or refreshing drives free, fast, and in PARALLEL!

 

Overview

if you are contemplating wiping a drive that (very probably) has a system recovery image on it (your OS installer) because of a virus/trojan/etc, you should buy recovery discs either using a safe machine or call the computer vendor to get recovery discs, will cost $20-$50/set.

when I have to do along job with hard disks or other large-data devices, I want several things:

  • get the jobs done in PARALLEL to save me time, especially if I have to wipe a whole machine that has multiple drives - this can cut the time down to a fraction.
  • refresh hard disks every 3 months.
  • shutdown -h now (shutdown 0) or restart (shutdown -r 0) the machine when things are done. system doesn't have to be on wasting 120-172W sitting idle for hours till you get back to it.

skill level:

  • novice: active@ killdisk (this is for wiping disks. only skill to burn a cdrom is required.
  • linux command-line: system rescue cd
  • easy: wipedrive home, parted magic

steps

bootable wipe utilities (only need to do 1-pass zero to reinstall OS) iso image burned to cdr:

for systemrescue cd, you should know that you can do [alt]-[F1..F12] to pick different terminals to do your work. you should also know that if you choose the GUI, this works just as well, but the terminals are windows and the shutdown command is the same. if you have only 1 hard disk, hit [Enter] for the US keyboard type. then,

rescan USB bus for newly plugged in devices:
sudo udevadm trigger


hdparm -g -I /dev/sd[a-z] | less
    (that's a vertical bar.
     take that device path listed and put on of= below
     and for if= for refreshes)


REFRESH old 512-byte sector drives (NOT SSD):
dd if=/dev/sda of=/dev/sda ibs=512 obs=512&

REFRESH today's 4k sector drives (NOT SSD):
dd if=/dev/sda of=/dev/sda ibs=4096 obs=4096&


WIPE old 512-byte sector drives:
dd if=/dev/zero of=/dev/sda ibs=512 obs=512&
or even better,
shred -n 1 -z -force /dev/sda&

WIPE today's 4k sector drives:
dd if=/dev/zero of=/dev/sda ibs=4096 obs=4096&
or even better,
shred -n 1 -z -force /dev/sda&

you can monitor your jobs using the jobs command
jobs
if any are listed, it's not done.
you can wait for them to get doneusing the wait command
wait
and separate commands using ;

if you just want to shutdown the machine when this is all done,
shutdown -h now
or
wait;shutdown -h now

secure NIST random wipe:
nwipe -m prng -r 8
to nuke all drives,
nwipe -autonuke -m prng -p twister -r 15
to nuke 1 drive:
nwipe -m prng -p twister -r 15 /dev/sda&

after finished with starting dd/shred jobs,
wait ; shutdown -r 0 (that's zero for zero warning time)
remove disc while it's rebooting.

you can parallel-wipe drives since SATA and IDE drives are on separate channels.
do the dd command like you normally would, except append a & (add a & to the end)
it will give you the background job number.
continue to execute  more dd commands or nwipe commands.

before you do these below, do ls /dev/sd[a-z] to make sure
it's the drive list you want.
nuke all drives and shutdown machine after you are done:
for d in `ls /dev/sd[a-z]`;do shred -force --random-source=/dev/urandom -n 15 $d&jobs;wait;shutdown -h now

zero all drives and shutdown machine after its done
(AVOID SSD's, instead put in drive list manually):
for d in `ls /dev/sd[a-z]`;do dd if=$d of=$d ibs=4096 obs=4096&done;jobs;wait;shutdown -h now

kill all jobs of dd:
sudo kill $(ps -Cdd|cut -f 1 -d' '|paste -s -d' ')

there seems to be a bug in foreach in BASH. it does not like anything I put into it using backquotes. if it gets past the drive list, it fails on the opening curly brace for the command.

if you have an ssd, you should not refresh it.

if you have more than one drive, you will have to determine which device it is. activ@ killdisk would be better for identifying disparate devices. otherwise, use ls /dev/sd[a-z] to find out which devices you have. ls /dev/sd[a-z](?!\d) should list only the usable drives. it's a regular expression which *nix shells recognize but not windows. you can also use *nix nwipe connand (do man nwipe and man shred and man dd and man for to get help).

time dd if=/dev/sda of=/dev/sda ibs=512 obs=512
for 512-byte sectors or for 4k sectors which is more common today:
time dd if=/dev/sda of=/dev/sda ibs=4096 obs=4096
then
shutdown -h now
to shutdown or
shutdown -r 0
to restart

don't need to mount/umount any drives and you can do it them parallel too to save time if you have multiple drives on a box:

readonly version which is almost as effective, but for drives that are old, safer:

time dd if=/dev/sda of=/dev/null ibs=4096 obs=4096

note the output is shorted to the null device - output goes absolutely nowhere. :-)

just learned that 512e/AF/Advanced Format drives like they sell today will not work in older versions of windows. 512-byte sectors is going away. just a matter of time. you can probably buy refurbs if something is critical though, but the prices can be double that of new drives.

ls /dev/[a-z]
or
hdparm -g -I /dev/[a-z] | less (that's a vertical bar we call "pipe")

to get info on a set of drives in linux. hdparm gves an info dump about the drive. less is like more but well, less is more. :-) it's an output pager so it doesn't run off the screen.

refresh /dev/sda, /dev/sdb, and /dev/sdc in parallel for 4k-sectored disk:
for x in a b c; do time dd if=/dev/sd$x of=/dev/sd$x ibs=4096 obs=4096 & done ; wait;poweroff

to zero wipe a drive:

time dd if=/dev/zero of=/dev/sdc ibs=4096 obs=4096 &

you can also secure-wipe multiple drives in parallel using slow but high quality /dev/urandom

for x in (a b c); do time dd if=/dev/urandom of=/dev/sd$x ibs=4096 obs=4096 & done ; wait;poweroff

alternatives for wiping are shred and nwipe (which has a GUI but probably isn't in parallel, usually disk utilities are serial/sequential).

& puts the preceding command as a background job. it's like the start command in windows cmd shell.

time command just tells you how long the following command ran after it's done.

wait command waits for all the background jobs to be done. you can do other stuff while the job is active if you don't use another terminal screen (alt-F1..F6).

jobs command tells you info about the currently running jobs. you will know when one finishes.

the refresh should of course be avoided with SSD's due the limited number of Program/erase cycles per block.

even though 512e drives can work OK without the ibs=4096 obs=4096 (which defaults to 512), 512e/AF drives are slower doing this sort of write with 512 than they are at 4096.

badblocks - refresh and list bad blocks

for x in a b c d; do time badblocks -n -b 4096 -c 2000 -p 2 -o /badblocks-$x.txt /dev/sd$x&;done;wait;

poweroff directly after this would lose the badblocks list files we wrote because the cdrom is a ramdisk and when system is shutdown, cd filesystem contents are gone. alternatively, if you can find your usb drive, you can mount it and copy the flies to it and unmount it.

about linux devices, directories, partitions

Hard drives, serial ports, usb, networking are all devices in *nix and are under /dev directory. to see the devices there dig around using the ls /dev command to see what's there.

in linux, all this is under directories. in windows you have drive letters and UNC paths like \\.\C:\boot.ini for files and dirs but in linux there are directories and files for everything and drives are under /mnt so things like /mnt/c/boot.ini /mnt/windows/boot.ini

you normally have to make those directories under /mnt using mkdir /mnt/c

you need to manually mount the drives and umount them when you are done.

partition/device numbers are at the end of the device number, like /dev/sda1 is the first partition, /dev/sda2 is the 2nd, etc. to see all the partitions for /dev/sda, do ls /dev/sda[0-9]+ if it accepts the +

backups

to make dvd-sized 7-zip archive-split-chunks into archive volumes for backup, backing up the current directory tree and your device to backup is /dev/sda and you are backing up to /dev/sdb to make DVDs and assuming both are NTFS,

mkdir /mnt/c /mnt/d
mount -t ntfs-3g /dev/sda1 /mnt/c
mount -t ntfs-3g /dev/sdb1 /mnt/d
7z a -v4300m backup.7z
ls backup.7z.*
find . -name "backup.7z.001" print > /var/tmp/pathlist.txt

make an iso image out of the 7-zip archive to burn
mkisofs -graft-points -joliet -rational-rock -iso-level 3 -allow-leading-dots -volid prj-001 -path-list /var/tmp/pathlist.txt -output /var/tmp/image.iso

list the drives (including optical) in the format cdrecord likes.
cdrecord --scanbus

look for your optical drive in the list and note the 3 digits separated by commas.

cdrecord gracetime=5 dev=5,0,0 driveropts=burnfree -v -force -dao /var/tmp/image.iso
this burns the disc.

find . -name "backup.7z.002" print > /var/tmp/pathlist.txt
mkisofs -graft-points -joliet -rational-rock -iso-level 3 -allow-leading-dots -volid prj-002 -path-list /var/tmp/pathlist.txt -output /var/tmp/image.iso
cdrecord gracetime=5 dev=5,0,0 driveropts=burnfree -v -force -dao /var/tmp/image.iso
this burns the disc.

this will make a .001, .002, .003, etc

your DVD burning program must have ISO-level 3 capability if it doesn't say anything then it's probably fine, which allows it to burn files over 2GiB in size. this might only apply to cdrtfe (cdrecord). I think everything else safely uses UDF format. cdrecord which was made for *nix platform does not have working UDF yet and therefore blu-ray isn't fully supported.

find a file or file content

find /mnt/c -name "somefile.txt" -print or to find content: find /mnt/c -name "*.txt" -exec grep -i -s "content" {} \; -print

this uses regulaer expressions which are documented partially at regular-expressions.info

disk wiping software
I tried DBAN, it is buggy and doesn't work. a simple 1-pass zero-wipe is all you need.
White Canyon Software's WipeDrive Home $29.95
Ultimate Boot CD (donation-supported), look under hard disk
Hiren's Boot CD and info (donation-supported), look under hard disk
you can do secure or zero wipes multiple ways, refreshes, etc. AND AS PARALLEL JOBS to save time.
reference articles
, available from $
, available from $
, available from $
, available from $
, available from $
, available from $
, available from $
, available from $