Storage DBAN, Disksposal and Diskpensation

What you do with your disks after you're done with them does matter. Find out how to properly prepare them for the next owner.

Listed at number ten in Ten Essential Linux Admin Tools a few weeks ago, you had what was perhaps your first glimpse of Darik’s Boot and Nuke (DBAN) disk wiping utility. Today, you have it in glorious 3D* action that’s sure to convince you to add DBAN to your utility belt as you head to the inner sanctum of your local data center.

DBAN is an essential admin tool because you need a method of wiping disks securely. It’s easy to recover data from a formatted disk or one that’s had fdisk run on it. DBAN has several options for ruining any existing data on your used disks: Quick Erase, RCMP TSSIT OPS-II**, DoD Short, DoD 5220.22-M, Gutmann Wipe and PRNG Stream.

The Basics

Download DBAN’s ISO image from the DBAN Download Page. At only 10MB, you can burn DBAN to a USB pendrive, mini CDROM or to a standard CD/DVD disk for a bootable disk wipe tool.

Using DBAN

Using DBAN is easy and requires that you know almost nothing about disks or computers to implement it in your environment. Training low-cost resources to assist in a multiple system disk wipe project would require ten minutes of instruction or a short written procedure.

The basic steps to using DBAN are boot, nuke, eject, power off. The best part of DBAN is that you can walk away from it, once it’s started, and allow it to work its magic on its own. And, if you have several systems that need their disks nuked, you can use multiple copies to perform your disk wipes simultaneously, since the license (GPL) allows it.

Burn the CD image (ISO) to a CD or DVD, boot your target system with the new disk and wait for the initial screen shown in Figure 1.

Figure 1: DBAN Boot Screen - Press ENTER for Interactive Mode
Figure 1: DBAN Boot Screen – Press ENTER for Interactive Mode

Press the ENTER key to start DBAN in interactive mode. After DBAN detects your hardware, you’ll see the screen shown in Figure 2.

DBAN presents you with the default conditions for a standard Department of Defense disk wipe. You also see, in Figure 2, a list of disks from which to choose. Shown is a 512 MB VirtualBox disk created for this demonstration.

Figure 2: DBAN Wipe Method and Disk Selection Screen
Figure 2: DBAN Wipe Method and Disk Selection Screen

The navigation menu is straightforward and simplistic. Press the key that corresponds to the action you want. PRNG gives you information describing your two choices of Pseudo Random Number Generator that DBAN uses: The Mersenne Twister and ISAAC. Method offers you a choice of wipe methods. Verification choices and number of Rounds or passes that you want each method to run on your disk. The Space bar selects your choices. The J and K keys navigate up and down any list of choices. The F10 executes your selection and begins the disk wipe process.

Accept the defaults as shown in Figure 3 by pressing the Space bar.

Figure 3: Prepare to Nuke the Disk
Figure 3: Prepare to Nuke the Disk

Press the F10 key to begin wiping the disk as shown in Figure 4.

Figure 4: Disk Wiping in Progress
Figure 4: Disk Wiping in Progress

When the wipe process completes, you may now eject the DBAN disk and power off the system (See Figure 5). Your disk is now clear of all data.

Figure 5: Post Disk Nuke Report
Figure 5: Post Disk Nuke Report

The autonuke option performs the default disk wipe with no user intervention.

Further Investigation

Sometimes great still isn’t good enough, so for you paranoid types, you can use multiple disk wipe methods coupled with multiple passes for each. That said, if you accidentally clobber a disk with the DoD 5220.22-M method using eight passes, the chances of recovering any data from the disk are essentially zero. The costs of retrieving any recoverable data from a disk wiped by DBAN would prove so prohibitive (or impossible) that you should triple check yourself before running it on any system, otherwise you might find yourself booted and nuked from your current place of employment.

DBAN is a free, GPL licensed product. You may use as many copies as you wish. Please refer to the GPL for restrictions on rebranding or other non-standard usage.

As an essential administration tool, DBAN, should hold a spot in the utility belts of all technical vigilantes. Disks escaping your business with data intact is a security risk and a potential financial risk. Using DBAN requires little to no technical skill and very little time to ensure that your data, including viruses and malware that you could pass on to the next owner, are eradicated.

* 2D enhanced with words.

** Royal Canadian Mounted Police Technical Security Standard for Information Technology (Seriously).

Comments are closed.