Data deletion operations such as deleting files and folders, formatting partitions, or partitioning disks generally do not delete the actual data; instead, they delete the pointer to the real data. For example, deleting a partition only removes the partition's entry in the partition table while the actual partition remains intact. It is a cause for concern if you want to clear the data, such as when disposing a disk with sensitive files or when you're selling your hard drive.

One way to securely erase all the files and data in the disk is by writing empty or random data to every bit of the disk so that all the existing data is overwritten. It can be done in Linux using dd by using zero or random characters as input.

Steps to completely erase disk and partition in Linux:

  1. Launch terminal.
  2. List disks and partitions available in the system.

    $ lsblk NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT loop0    7:0    0  55.4M  1 loop /snap/core18/19 loop1    7:1    0  55.4M  1 loop /snap/core18/19 loop2    7:2    0    51M  1 loop /snap/snap-stor loop3    7:3    0   219M  1 loop /snap/gnome-3-3 loop4    7:4    0 217.9M  1 loop /snap/gnome-3-3 loop5    7:5    0  31.1M  1 loop /snap/snapd/104 loop6    7:6    0  62.1M  1 loop /snap/gtk-commo loop7    7:7    0  64.8M  1 loop /snap/gtk-commo loop8    7:8    0    51M  1 loop /snap/snap-stor loop9    7:9    0  31.1M  1 loop /snap/snapd/107 sda      8:0    0    20G  0 disk  ├─sda1   8:1    0     1M  0 part  ├─sda2   8:2    0   513M  0 part /boot/efi └─sda3   8:3    0  19.5G  0 part / sdb      8:16   0    20G  0 disk  └─sdb1   8:17   0    20G  0 part  sr0     11:0    1  1024M  0 rom 

  3. Make sure the disk or partition (within the disk) you want to delete securely is not mounted.

    $ sudo umount /dev/sdb1 [sudo] password for user:  umount: /dev/sdb1: not mounted.

    Launch live cd such as from Ubuntu installer if the disk can't be unmounted such as the root filesystem.

  4. Zero the disk or partition using dd.

    $ sudo dd if=/dev/zero of=/dev/sdb status=progress 21471859200 bytes (21 GB, 20 GiB) copied, 269 s, 79.8 MB/s  dd: writing to '/dev/sdb': No space left on device 41943041+0 records in 41943040+0 records out 21474836480 bytes (21 GB, 20 GiB) copied, 269.451 s, 79.7 MB/s

    This will take a while as dd will need to write every single bit of data within the disk. Time taken depends on the disk size and disk speed.

    Replace /dev/zero with /dev/random or /dev/urandom to fill the disk with random character instead.

    It is recomended to use /dev/random or /dev/urandom and to repeat this step multiple times (multi-pass) for SSD devices as some built-in function in SSD's controller might still leave some data intact with the common disk-zeroing method.

  5. Re-read partition table if you've deleted an entire disk instead of just a partition.

    $ partprobe

  6. List disks and partitions again to see.

    $ lsblk NAME   MAJ:MIN RM   SIZE RO TYPE MOUNTPOINT loop0    7:0    0  55.4M  1 loop /snap/core18/19 loop1    7:1    0  55.4M  1 loop /snap/core18/19 loop2    7:2    0    51M  1 loop /snap/snap-stor loop3    7:3    0   219M  1 loop /snap/gnome-3-3 loop4    7:4    0 217.9M  1 loop /snap/gnome-3-3 loop5    7:5    0  31.1M  1 loop /snap/snapd/104 loop6    7:6    0  62.1M  1 loop /snap/gtk-commo loop7    7:7    0  64.8M  1 loop /snap/gtk-commo loop8    7:8    0    51M  1 loop /snap/snap-stor loop9    7:9    0  31.1M  1 loop /snap/snapd/107 sda      8:0    0    20G  0 disk  ├─sda1   8:1    0     1M  0 part  ├─sda2   8:2    0   513M  0 part /boot/efi └─sda3   8:3    0  19.5G  0 part / sdb      8:16   0    20G  0 disk  sr0     11:0    1  1024M  0 rom

  7. Check the content of the disk from an administrative account.

    # timeout 1 head /dev/sdb

    A timeout needs to be set to the command since the disk is now empty, or else the command will need to scan the whole disk before it quits.