How should I securely wipe data from a hard drive?

How do you recommend destroying sensitive information on a hard drive? I've used DBAN in the past, is that good enough?

Solution 1:

DBAN is just fine. Here's the dirty little secret--any program that overwrites every byte of the drive will have wiped everything permanently. You don't need to do multiple passes with different write patterns, etc.

Don't believe me? See the standing challenge to prove that a drive overwritten with 0s once can be recovered. Nobody seems willing to take up the challenge. http://16systems.com/zero.php

Solution 2:

Anything that does a single overwrite of a hard drive is fine, including DBAN.

Some people say you have to do multiple overwrites with random data and specific patterns. This may have been true in the days of floppy disk drives (remember them?) where the area of magnetic media per byte was big enough to not get completely overwritten, but modern hard drives are much too densely packed with data for this to happen. But don't take my word for it - read this article about trying to recover overwritten data using an electron microscope.

Other options include the wipe utility, or a simple

# dd if=/dev/zero of=/dev/sda

These methods all work fine for overwriting entire hard drives or partitions. However be aware that overwriting single files can lead to some data being left elsewhere on the hard drive, particularly with journaling file systems such as ext3 and NTFS. They write bits of data to disk outside the file, so small amounts of data can escape the current file being overwritten. Also, if the partition has been defragmented since the file was first written then the original file may still exist on the hard drive.

Solution 3:

I have used PGP 8.0's wipe tool with success.

Don't ever physically destroy the hardware before wiping the data with software, forensics can retrieve parts of a destroyed hard drive.