• No products in the cart.

Military Grade Data Wiping In FreeBSD With BCWipe

What Is Data Wiping
What Is BCWipe
How To Install BCWipe
How To Install BCWipe With Multithreaded Mode Enabled
BCWipe Advanced Features
BCWipe In Action

What Is Data Wiping

Data wiping is a process of overwriting data on magnetic hard disk, SSD or USB flash by using zeros and ones on whole disk or specific zone. As a result, no one can recover sensitive data and disk is still usable.

1. Software-based wiping

This type of wiping is carried out by a software that is installed on the drive.
2. Hardware-based wiping

This type of wiping needs some external device.
Don’t confuse data wiping with file deletion.File deletion only removes direct pointers to the data and makes the data recovery possible with common software tools. Unlike degaussing and physical destruction, which render the storage media unusable, data wiping removes all information but still leaves the disk operable. Data erasure may not work completely on flash based media such as Solid State Drives and USB Flash Drives. This is because such devices can store remnant data which is inaccessible to the wiping technique. Moreover, the data can be retrieved from the individual flash memory chips in the device.

Wiping software uses many techniques to ensure data is not recoverable like:
1. German BCI/VSITR 7-pass wiping
2. U.S. DoD 5220.22M 7-pass extended character rotation wiping with last pass verification
3. U.S. DoE 3-pass wiping
4. 35-pass Peter Gutmann’s wiping
5. 7-pass Bruce Schneier’s wiping
6. 1-pass wiping by zeroes

What Is BCWipe

BCWipe securely erases data from magnetic and solid-state memory. BCWipe repeatedly overwrites special patterns to the files or frees space to be destroyed. In normal mode, 35 passes are used (of which 8 are random).The p used were recommended in an article by Peter Gutmann entitled “Secure Deletion of Data from Magnetic and Solid-State Memory”. In quick mode, U.S. DoD(Department of Defence) 5220.22-M standard is used with 7 pass wiping. In custom mode, U.S. DoD 5220.22-M standard is used with user defined number of passes.

How To Install BCWipe

BCWipe is available on FreeBSD ports tree, and you can easily install it.

# make -C /usr/ports/security/bcwipe install clean

Or, you can install BCWipe with PKG mechanism:

# pkg install bcwipe

How To Install BCWipe With Multi-threaded Mode Enabled

BCWipe has no compile option through FreeBSD port mechanism. Instead, you can rebuild BCWipe with multi-threading mode option :

# cd /usr/ports/security/bcwipe/
 # make fetch extract
 # cd work/bcwipe-1.9-9/
 # ./configure –enable-pthreads
 # make install clean

BCWipe Advanced Features

Bcwipe has useful features that make wiping process more suitable.

· -n

Wait delay seconds between wiping passes. Modern enterprise level storage systems (NAS, disk arrays etc.) employ powerful caches. To avoid undesirable caching effects, BCWipe allows users to insert adjustable delay between wiping passes. Please note that when wiping with delay between passes, the disk space is freed after the last pass.

· -B Disables direct IO mode when wiping block devices
· -t Wipes and verifies block devices in multi-thread mode. BCWipe runs worker threads. Useful for wiping multiple disk volumes.
· -S (wipe file slack)

Wipes files’ slack. File slack is the disk space from one end of a file to the end of the last cluster used by that file. Cluster refers to the minimal portion of disk space used by the file system.

· -s Uses ISAAC random number generator by Bob Jenkins

Default is SHA-1 (Secure Hash Algorithm). ISAAC is random faster than SHA-1.

· -F (wipe free space) Wipes free space on specified filesystem.
· -b (block device) Wipes contents of block devices

BCWipe In Action

In this section, we describe a real scenario with BCWipe.
Issue the following command to get more information about BCWipe:

# bcwipe

Tip: in real-world scenario, people want to wipe out free space on whole mounted disks ( / ). However, the bcwipe command must be issued with caution.
To wipe free space:

# bcwipe -F /mnt/

This command will wipe out free space on /mnt/ path or whole mounted disks on this path.

# bcwipe -Fv -mt /mnt/

This command wipes out free space on /mnt/ directory with 1-pass in verbose mode.
-mt refer to 1-pass.

To wipe a specific file:

# bcwipe -v -mz wipe.me

This command wipes wipe.me file with 1-pass wiping by zeroes in verbose mode.

# bcwipe -Fv -mg -t 5 /mnt/

This command wipes free space on /mnt/ directory with 35-pass Peter Gutmann’s scheme by 5 threads in verbose mode.
To wipe a specific folder:

# bcwipe -rv /tmp/

This command wipes /tmp/ directory recursively with Peter Gutmann’s scheme in verbose mode.
To wipe block device:

# bcwipe -v -mz -t2 -b /dev/da0

This command wipes /dev/da0 (USB flash) with 2 threads by 1-pass zeroes in verbose mode.
The point is, USB flash is not mounted and all of the data will be destroyed.


BCWipe along with FreeBSD give you military-grade functionalites, ensuring your sensitive data will not fall into the wrong hands.

Useful Links


About The Author
Abdorrahman Homaei has been working as a software developer since 2000. He has used FreeBSD for more than ten years. He became involved with the meetBSD dot ir and performed serious training on FreeBSD. He is starting his own company(corebox) in Feb 2017.
Full CV: http://in4bsd.com
His company: http://corebox.ir

February 15, 2018

0 responses on "Military Grade Data Wiping In FreeBSD With BCWipe"

Leave a Message

Your email address will not be published. Required fields are marked *

© HAKIN9 MEDIA SP. Z O.O. SP. K. 2013