How does the DOD Wipe utility work?

Article:HOWTO4304  |  Created: 2006-07-18  |  Updated: 2006-07-19  |  Article URL http://www.symantec.com/docs/HOWTO4304
Article Type
How To


Question
Can you give me the specification of the product, including what the DOD standard quoted in the reference material is? (Although it states it is DOD compliant, it does not specifically quote a DOD standard which would describe how rigorous scan/verification actually is at a minimum.) What is the process?

Answer
The wipe.exe utility is a very basic utility that just goes through an entire drive and writes a pattern to the drive over and over again using the –dod switch (which is described below). The following is an example of how it can be called. Assume that you are currently PXE booted (or using a boot disk) into DOS automation. You could type in the following:

F:\TechSup\DOS\Wipe.exe –d2 –p8F

This will basically write the hex pattern of 8F over and over again on the second hard disk on the system. Usually this utility will be called from a “Run Script” task in a DS job. One thing to note is that very large drives can take a very long time to complete as the utility has to access every single sector of the disk.

The following is an example of using the –dod switch from a DOS automation environment:

F:\TechSup\DOS\Wipe.exe –d1 –p3B –dod

The above will actually run through every sector on the hard drive three times. First it will write to a sector the hex pattern 3D, then it will write D3, then it will write a random hex pattern, then the utility will go to the next sector and repeat the process (with a new random hex value for each sector). Using this capability is very slow. I did it for a test to see how much data recovery I could pull from the drive after running the –dod switch. I ran this on a computer with a 120-GB hard drive, and this took around eight hours to complete. This is definitely a job you'll want to run overnight.

Any utility that writes a pattern, its inverse, and then a random pattern over an entire drive is DOD 5220.22-M standard compliant for clearing and sanitizing information on writable media. This is not DOD top-secret compliant. For that standard the entire disk needs to be physically destroyed. Our tool, however, should be good enough for most organizations with sensitive data. If the you want to be especially careful with your wipe, it is quite easy to run the wipe.exe utility multiple times from a script with different patterns each time. This would take a very long time, however. (If you ran the wipe with the –dod switch three times, it could take longer than 24 hours to complete on a 120-GB drive.)


Legacy ID



24835


Article URL http://www.symantec.com/docs/HOWTO4304


Terms of use for this information are found in Legal Notices