Darik's Boot And Nuke

The laptop computer is not connected to the docking station or to the external floppy drive.

Start DBAN at the boot prompt with this command:

boot: nofloppy

Alternatively:

• Disable the floppy drive with the BIOS setup program.
• Attach a floppy drive.

Use "verbose" at the boot prompt.

No.

If you rebrand DBAN without our permission, then we will send an unadulterated copy of DBAN to your customers and submit a GPL fulfillment demand to your legal department.

An auditor will eventually notice if you sell a misrepresented unauthorized product into a large company.

Read the GPL FAQ, which provides more information about how DBAN is licensed. We pursue GPL violators.

You may distribute unlimited copies.

Yes.

Yes.

Yes.

If you are publishing a magazine, then please send us a copy. We'll give you a nice link in return.

You must reinstall drivers for this hardware after reinstalling the operating system. These drivers were factory installed, but they may not be on the Microsoft Windows installation or rescue media. All major computer manufacturers provide drivers for Microsoft Windows on their web sites.

You must reinstall drivers for this hardware after reinstalling the operating system. These drivers were factory installed, but they may not be on the Microsoft Windows installation or rescue media. All major computer manufacturers provide drivers for Microsoft Windows on their web sites.

You must reinstall drivers for this hardware after reinstalling the operating system. These drivers were factory installed, but they may not be on the Microsoft Windows installation or rescue media. All major computer manufacturers provide drivers for Microsoft Windows on their web sites.

You must reinstall an operating system because DBAN removes it.

Many computers will complain about the "Operating System Not Found", but some computers will just POST into a black screen.

DBAN erases the partition table, which causes all drive letters to disappear.

The Microsoft Windows installer will automatically create a partition and filesystem during installation. Using FDISK after running DBAN is usually unnecessary.

The Microsoft Windows installation media that you are using only has ATA-5 support, which has a 128 gigabyte limit.

The operating system installer must have ATA-6 support to use all of a disk that is larger than 128 gigabytes. The solution is to reinstall with Windows 2000 SP4 media or Windows XP SP1 media.

Alternatively, you can install to a 128 gig partition, apply the service pack that provides 48-bit LBA, and then enlarge the filesystem afterwards.

Microsoft documents the issue in KB305098 for Windows 2000 and KB303013 for Windows XP.

Seagate gives the issue full treatment in their Windows 137GB Capacity Barrier document.

(HIPAA, NIST, Sorbanes-Oxley, PIPEDA?)

We will not issue a statement of conformity for DBAN because it would be construed as a warranty or promise.

If you need a statement of conformance, then you should consider an EBAN support contract.

If, however, you find a deviation or can suggest some way to improve the conformity of DBAN, then the software will be enhanced appropriately. Contact support or open a bug ticket.

No.

If you need a statement of certification, a warranty, or indemnity, then you must buy an EBAN support contract.

No.

There are several situations in which a DBAN failure could go unnoticed:

• DBAN may fail to detect a hard disk in a computer with many hard disks. You must check whether DBAN actually detected all hard disks in a computer.
• Your hardware caches writes or otherwise does not implement a functional write barrier. This is likely to happen with battery-backed large-memory RAID controllers or defective hard disks.
• Somebody with a lot of time, money, and brains needs to recover your data.
• The software that you downloaded could be bugged or trojaned. (Did you check the PGP signature?)

If you are seriously concerned about any of these situations, then consider drilling open your hard disk, grinding down the platters, and melting all of the parts in a furnace.

DBAN is still "good enough" for "most people".

If you need to externalize risk or outsource blame in a corporate environment, then you need an EBAN support contract.

Yes.

Yes.

Yes.

Yes.

Yes.

Yes.

Yes.

Yes.

There is no difference.

The mkisofs utility is used to generate the ISO file directly from the contents of the EXE file. The IMA file is booted from the cdrom with floppy disk emulation.

No.

Most of the passes in the Gutmann wipe are designed to flip the bits in MFM/RLL encoded disks, which is an encoding that modern hard disks do not use.

In a followup to his paper, Gutmann said that it is unnecessary to run those passes because you cannot be reasonably certain about how a modern hard disk stores data on the platter. If the encoding is unknown, then writing random patterns is your best strategy.

In particular, Gutmann says that "in the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data... For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do".

Read these papers by Peter Gutmann:

• Secure Deletion of Data from Magnetic and Solid-State Memory
• Data Remanence in Semiconductor Devices

100.

DBAN has been run on a computer with 100 SCSI hard disks. There are no artificial limits in DBAN, but PCI bus bandwidth is usually the limiting factor in practical application.

Most desktop computers will have a performance sweet-spot of four disks.

If you are building an appliance to wipe loose disks, then the most important component is a motherboard with multiple PCI buses. CPU speed and memory size are unimportant.

Yes.

Note, however, that most IDE-RAID devices are not really hardware implementations. DBAN accesses these devices as regular IDE controllers.

Yes.

DBAN will still work properly if your BIOS does not detect all of the hard disks in your computer, or if your BIOS has disk size limitations. The BIOS need only be capable of starting DBAN from the boot media.

DBAN has drivers for most RAID implementations, but DBAN does not automatically disassemble RAID volumes. (If you want this feature, then use EBAN instead.)

The operator must manually disassemble RAID volumes and put each component into "JBOD" or "SINGLE" mode for the disks to be recognized by DBAN. For Adaptec AIC-7902 and IBM ServeRAID host controllers, the operator can do this by running the SCSI BIOS Setup Program and disabling the "HostRaid" toggle.

This procedure varies between RAID implementations.

No.

Most vendors that are using the HPA have a toggle for it in the BIOS setup program. Future releases of DBAN may override or dishonor the HPA.

Why not now and why not by default?

Some vendors are using the HPA instead of providing rescue media.

Wiping the HPA would surprise and strand people that expect the HPA to have rescue materials, and it often results in OEM technical support marking and abandoning people that do it. The HPA is a low risk because it is not accessible during normal operations.

DBAN defaults are chosen to best protect people with a minimal understanding of this kind of problem. This point is still open for discussion in the help forum and in the appropriate bug ticket.

Use the ATA-6 wipe method if you want to wipe remapped sectors. Most methods do not wipe remapped sectors.

You can't.

Open a bug report for the incompatible target computer and provide manufacturer and model information for the hardware.

Drivers for Microsoft Windows are incompatible with DBAN.

The usual reasons for DBAN being slow are:

1. Bad hardware. DBAN will degrade to PIO mode after a DMA fault and try to finish the wipe. The estimated runtime will get very large very quickly in this case.
2. Old drivers. Try the latest posted beta or pre-release if the target computer was manufactured in the last six months.
3. DBAN is alway 20% slower than a similar product. You are comparing DBAN against a similar product that cheats on the DoD implementation by "randomly" choosing the null byte on the final character pass.
   

Yes.

With default options, a typical runtime on a typical disk is three or four hours, but performance varies greatly between drive and controller combinations.

DBAN fully uses all I/O capacity on most computers. There is no way to reduce wipe time and still fully wipe the media. Similar products may appear to run faster than DBAN because they silently fail at BIOS addressing limits, or because they just do a firmware lock.

You can purchase a database of performance statistics from us to plan your consulting job.

Click ignore.

You are running a virus scanner, most likely Norton AV, that traps floppy disk access.

Yes.

The best way to start DBAN from DOS is with the LOADLIN program. (The link points to our mirror.)

Copy the kernel.bzi and initrd.gz files from the DBAN floppy disk to a DOS filesystem and run this command:

loadlin kernel.bzi initrd=initrd.gz root=/dev/ram0 init=/rc nuke="dwipe"

You can put this command in the AUTOEXEC.BAT file. Do not change the forward-slash characters to back-slash characters. Note that DBAN cannot return to DOS.

LOADLIN alternatives are Syslinux and GRUB.

We recommend CDBurnerXP for burning the DBAN boot media. Read the CDBurnerXP ISO burning tutorial for step-by-step instructions.

Almost every burning program will burn the DBAN boot media correctly with default burning options. Just double-click the ISO file.

We will ask that you try CDBurnerXP if you have any problems with CD-R or DVD-R boot media. You can get help from us for CDBurnerXP, but we don't usually provide support for other products.

CD-ROM drives manufactured before 1999 cannot reliably read burned media.

DBAN has been burned incorrectly if you see just one file on the drive when you open the CD-R or DVD-R in My Computer or Windows Explorer.

DBAN may not boot if you modify the ISO file or filesystem layout in any way, like by injecting files. Any change to the syslinux.cfg file requires ISO remastering.

The ZIP file contains the ISO file or the installer EXE file. You must unzip this file and run the EXE file, or burn the ISO file to blank CD-R or DVD-R media.

You cannot install DBAN by copying or unpacking the ZIP file to a blank floppy disk or other media.

Download the dban-1.0.7_i386.exe file to your desktop and double-click it. This program will install DBAN to a floppy disk or USB flash device; it will not wipe the computer on which it is run.

You cannot install DBAN by copying or unpacking the EXE file to a blank floppy disk or other media.