The DoD5220.22-M (U.S. Department of Defense) method of erasing data from a hard disk.


This is a method to erase data from a hard disk.

The DoD5220.22-M (U.S. Department of Defense) method

This is a method to write 0, 1, and random numbers to the entire HDD. A total of three writes are performed.

This is the initial version of DoD5220.22-M, and a different guideline has been created now.

History

In , the first version was issued. This version specified a procedure to overwrite data on a hard disk drive (HDD) with zero and one patterns three times. This became known as the DoD 5220.22-M sanitization method.

In , the Department of Defense designated the DoD 5220.22-M ECE sanitization method as an extension of DoD 5220.22-M. This method required seven overwrite passes.

In , the latest version of DoD 5220.22-M was issued. In this version, the overwrite pattern was no longer specified as a data erasure method for HDDs. Instead, other sanitization methods such as erasure, degaussing, and physical destruction were recommended.

In , DoD 5220.22-M was revised. In this version, the sanitization method guidelines were updated to accommodate new technologies such as flash-based storage and mobile devices.

In , the Department of Defense stopped referring to DoD 5220.22-M and instead complied with the media sanitization guidelines of the National Institute of Standards and Technology (NIST SP 800-88).

Commands

In Linux, you can use the dd command to delete data.

Write 0

  • dd is a command to copy data¹.
  • if=/dev/zero specifies /dev/zero as the input file. /dev/zero is a special file that outputs zeros indefinitely.
  • of=/dev/sdb specifies /dev/sdb as the output file. /dev/sdb is a device file for hard disks, USB memory, etc.¹.
  • bs=4096 specifies 4096 bytes as the block size. The block size is the unit of data to read and write at a time.

This command copies zeros from /dev/zero to /dev/sdb in 4096-byte increments, overwriting and erasing the data on /dev/sdb.

Confirm

Check the beginning of the disk

Displays the first 512 bytes of the device such as a hard disk or USB memory in hexadecimal.

  • dd is a command to copy data.
  • if=/dev/sdb specifies /dev/sdb as the input file.
  • bs=512 specifies 512 bytes as the block size.
  • count=1 specifies 1 as the number of blocks to read. This reads only the first 512 bytes.
  • hexdump -C is a command to display the data received by the pipe in hexadecimal and ASCII code. -C is an option to display the hexadecimal and ASCII code in columns.

From this result, you can see that the beginning of the hard disk is filled with zeros.

If you specify of=output.bin or something like that as a parameter of the dd command, you can write the first 512 bytes to the output.bin file.

Check the end of the disk

Displays the last 512 bytes of the device such as a hard disk or USB memory in hexadecimal. This command passes the value obtained by subtracting 1 from the total number of sectors of the hard disk to skip and reads only the last one block.

  • As mentioned earlier, dd is a command to copy data.
  • if=/dev/sdb specifies /dev/sdb as the input file.
  • bs=512 specifies 512 bytes as the block size.
  • skip=(((blockdev --getsz /dev/sdb) - 1)) specifies the number of blocks to skip
    • blockdev --getsz /dev/sdb is a command to get the total number of sectors of the hard disk.
    • $(()) is a notation for arithmetic operations.

Write 1

  • tr is a command that converts characters.
  • '0', '377' convert the input characters from \0 (0 in octal) to \377 (255 in octal). This converts 0 bits to 1 bits.
    • ((3 x 8) + 7) x 8 + 7 = 255
  • < /dev/zero specifies /dev/zero as the standard input source.
  • > /dev/sdb specifies /dev/sdb as the standard output destination.

This command reads 0 from /dev/zero, converts it to 1 in tr, and converts it to 1 in /dev/sdb By continuing to write , the data in /dev/sdb will be overwritten and erased.

Confirm

I checked it just like when I wrote 0.

Check the beginning of the disc
Check the end of the disk

Write random numbers

Reads random data from the device /dev/urandom and writes it to /dev/sdb.

Using /dev/urandom takes longer than using /dev/zero. This is simply because generating random numbers takes time. /dev/urandom generates random numbers from environmental noise (device related conditions such as mouse, keyboard, etc.).

Confirm

I checked it just like when I wrote 0.

Check the beginning of the disc
Check the end of the disk

A Life Summary of an Gypsy