I use Parted Magic for all maintenance (but it costs, but it's worth it in my opinion, it's Linux, Live, works on just about everything and is an essential tool. I buy a new copy at the start of every year).
Secure erase provided by Parted Magic is used for returning SSDs to factory. But HDD formatting just uses the "dd" command (as far as I'm aware). Which is available with just about every live distro. You can try secure erase on HDDs, I have in the past, it has bricked a few drives though. The drive needs to support the functionality in the first place, and if it doesn't it can lock up. If it locks up you then need to start messing around with hdparm on the command line to try and unlock the drive, if it'll even mount and boot in the first place.
So when wiping mechanical drives, if I don't have Parted Magic to hand, I would just boot Ubuntu or something else live and then use "dd" with "zero" (it'll write zeros randomly over the entire disk) or "urandom" (it'll write random data much more aggressively over the entire disk [a lot more secure]).
There's also the "shred" command which will write random data 3 or 4 times over it's target disk. But I'm not sure if this comes as standard with most distros. I just checked Fedora and it does. But I never used it on Debian or *Buntu derivatives so don't know for sure.
- Boot into any old Linux live environment
- Open terminal
- sudo dd if=/dev/urandom of=/dev/sdx bs=4M
or
- sudo dd if=/dev/zero of=/dev/sdx bs=4M
or
- sudo shred -zvu /dev/sdx
The first dd command tells it to use urandom to write over the target disk (x), the second dd comand tells it to use zero to write over the target disk (x) and the shred command says "shred the target disk contents with arguments zvu. Z means overwrite the disk with zeros after shredding, to hide the fact the disk has been shredded. V means verbose or, show the progress of the shred in real time. U renames the file, then it's shredded. It's to hide what the name of the file was originally. Just another layer of obfuscation.
WARNING! Make sure you're not just copy and pasting those commands into terminal. Make sure you KNOW FOR SURE which /dev/sdX your target disk is. Otherwise you could nuke very important data. Also, you want to nuke the entire disk. So make sure you target /dev/sda or /dev/sdb or /dev/sdc and not /dev/sda1 or /dev/sdb1 or /dev/sdc1. The sdx is the disk as a whole. The sdx1 or sdx2 or sdx3 will be partitions and if you target those, you are only targeting those partitions, so data will get left behind.
Patience. The dd command will look like it has hanged (no output, just sitting there). But it's just the fact that there's no verbose output for the dd command without a lot of command line
******y. So just leave it to do it's job. How long you have to leave it depends on the size of the disk, the command you erased with (zero or random) and other hardware factors. Could take minutes. Could take hours. But it'll do it eventually. Just make sure the system, be it desktop or laptop, is not set to go into power saving or sleep modes during the process.
