DBAN – Darik’s Boot and Nuke

No computer security arsenal is complete without Darik’s Boot and Nuke, or DBAN for short. This essential piece of software securely wipes hard drives in their entirety to prevent data recovery.

Suppose you have a hard drive you wish to sell, give away, or dispose of, but it contains personal files. What do you do? Format the drive? No, that will not work since formatted drive data can be recovered. Do you delete the files? No, deleted files can be recovered too. What about wiping the files with secure delete tools? No, no, even that is not good enough. Certainly, the wiped files will be unrecoverable, but what about the inaccessible areas of the hard drive? What about the swap space and other protected regions? Besides, wiping files and the swap space requires too much effort.

Isn’t there an easier way to securely wipe the entire drive including the protected areas? Yes, and DBAN performs marvelously.

Caution: DBAN destroys data from a hard drive, so backup any important files before use.

A Note About DBAN

DBAN does not destroy hard drives or make them unusable. DBAN only wipes data. Hard drives can be used again after wiping (as long as the hard drive is good). However, if an operating system is present on the hard drive, DBAN will securely wipe it, so the operating system will no longer boot. In this case, the operating system must be reinstalled.

Obtaining DBAN

DBAN is free. Download the DBAN ISO image from the DBAN web site, and burn it to a CD-R or DVD-R. The latest version as of the time of this writing is 2.2.6 beta. Do not let the beta name dissuade you. DBAN is fully functional.

Using DBAN

Once the CD-R is made, boot the computer with it. DBAN runs as its own environment and does not require any operating installed.

DBAN boots into a blue screen containing a list of detected hard drives and current wipe settings. Keep in mind to attach the drives to be wiped before booting the computer.

Select the drive you wish to wipe and press the space bar to mark it for wiping. Do not start the wipe process yet. You can select from a variety of wipe methods by pressing the M key on the keyboard.

The method determines what kinds of wipe patterns are written to the hard drive, and the more passes used for a given method, the longer the wipe will take. For most drives, I find that the PRNG Stream is more than sufficient to protect against consumer-grade recovery programs.

Returning to the main screen, press the R key on the keyboard to select the number of rounds for the given method.

This is the number of times the wipe operation will be performed. By default, PRNG Stream uses one round. For example, by setting this to 10, DBAN will perform 10 rounds of PRNG Stream. One round is usually plenty for PRNG Stream. If using more rounds, it helps to choose a different wiping method to alternate wipe patterns. Press the Enter key on the keyboard to return to the main screen.

When ready to wipe the drive, press the F10 key to start. The drive will wipe to completion, so be patient and wait, and wait, and wait…and…wait…wait…wait…

This seems slow. How long is this going to take?

This depends upon two factors:

  1. The size of the hard drive
  2. The chosen wipe method

The larger the drive and the more elaborate the method, then the longer the wipe process takes to complete. It could range from several hours to a few days.

“D-Did you just say days?!”

Absolutely. Wiping is time-consuming. For example, a 500GB drive using the PRNG Stream method with one round takes at least 16 hours to finish — assuming there are no power failures.

“What happens if there is a power failure?”

You start the wipe process again from the beginning. Use an uninterruptible power supply (UPS) to help guard against power failures.

However, once DBAN is finished wiping the drive, it will be practically impossible to recover any files.

What are the advantages of using DBAN? Why not just erase the personal files and leave the rest?

The first answer is that it is too tedious and time-consuming to wipe files one by one, and the other answer is that you might miss something. Some files may not be accessible to normal users, so you would be unable to wipe their contents.

Here are a few more advantages to whole disk DBAN wiping:

  • DBAN wipes the entire drive by overwriting everything. This includes the master boot record, directory area, swap space, and all partitions. Every available sector is overwritten with random bytes (or zero bytes, if chosen).
  • DBAN operates outside of any operating system. This means DBAN is not subject to any protections imposed by an operating system. Some operating systems protect certain files and areas of the hard drive, and this makes it impossible to overwrite them. Since DBAN boots into its own system, it can wipe these normally protected areas.
  • DBAN wipes at the drive level. It does not matter if the drive was part of a RAID array or a standalone backup drive. DBAN wipes drives.
  • All data is overwritten. Journaling filesystems contain much redundancy to protect files from being lost, so wiping files on a journaling filesystem, such as ext4 or NTFS, is not a 100% sure guarantee. DBAN does not care what kind of filesystem is used since it wipes data at the sector level. As long as the hard drive is in working condition, DBAN will destroy its data. All of it.
  • If a hard drive fails yet it is still within warranty, you can use DBAN to wipe what is possible from the hard drive before returning it to the manufacturer for a replacement. This may or may not work depending upon the condition of the drive, but it is worth a try.

How effective is DBAN? Can anyone recover files?

Curious myself, I conducted a basic test to see if a hard drive wiped with DBAN could be recovered.

First, I used Photorec to recover everything on a drive that contained many deleted and valid files.

Second, I let DBAN wipe the entire drive using the PRNG Stream method with one round — the bare minimum.

Once the wipe process finished (a procedure that took several hours), I ran Photorec on the drive again to recover the files. The result? Nothing! Photorec performed a complete scan and not a single file was detected or recovered.

Photorec is quite adept at locating well-hidden files, so if Photorec cannot recover the files from a drive, then I think it is safe to assume that other consumer-grade recovery programs cannot find them either. So, yes, I would say that DBAN’s minimal wiping method is more than sufficient to scrub a hard drive before disposing of it.

Wiping takes too long. Why not just drive a nail through the drive or disassemble it and crush the plates with a sledgehammer?

From what I understand, government agencies and advanced data recovery labs possess the technology to recover data from shattered hard drive platters. So, even though the area of the platter containing the nail and any cracked portions might be unrecoverable, the intact surface is still subject to analysis.

A better tactic would be to wipe the data and then drive a nail through it, but then again, if you physically destroy the hard drive, then it cannot be sold or reused.

The only way to be absolutely certain that hard drive data is destroyed and unrecoverable is to melt the entire drive in a furnace and mold a cute angel candle out of it before burying it in concrete a few kilometers under the earth. Then, surround the site by security guards.

Moral of the story: Security is something you can never get enough of. The best practice is to do your best to prevent casual users from recovering your data and be content with that. DBAN helps in this regard.

DBAN Is Not a Panacea

Always consider who and what you are protecting your data from to determine the level of security you need. Family vacation pictures are harmless, but they are still private and you would not want others to see them. In this case, DBAN will effectively destroy those pictures and make it practically impossible for anyone to recover them. Most people do not possess magnetic force microscopy  or other advanced recovery tools, so wiping your hard drive before disposing of it will thwart most busybodies who only have access to consumer-grade recovery tools. Yes, data wiping takes time, but look at it this way: wiping your data is better than not wiping it at all, and if your data is not wiped, then anybody can easily view your secrets.

On the other hand, if your goal is to thwart governments who have near-infinite resources, then DBAN is only one small piece of a much more elaborate security puzzle.

DBAN Not Detecting Drives

DBAN works if it detects the hard drives. From my usage, I have found a few motherboards where DBAN did not detect the hard drive controller, and thus, it never found the hard drives. The only solution was to use a different computer. Other than that, DBAN performs well.

Conclusion

Using the right tool for the right job produces better results. To wipe individual files within an operating system, the secure-delete tools and other file wiping utilities are a good choice, but if you need to wipe the entire drive in one shot and be certain that you destroy all protected and inaccessible areas as well, then DBAN is your new best friend. Best of all, it does not matter what filesystem was used since DBAN operates at the sector level apart from any operating system. DBAN is text-based and requires minimal hardware, so you could set up a dedicated drive-wiping monster from spare PC parts.

All DBAN needs is a blank CD-R and plenty of time.

About these ads

, ,

  1. Leave a comment

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 35 other followers

%d bloggers like this: