ReclaimNUKM Wipe Methods Documentation
NUKM Definition: NUKM is defined by the acronym for 'Next Unit of Kill Module' as it pertains to data sanitization.
Overview
ReclaimNUKM provides three different data sanitization methods for securely wiping storage devices. Each method offers different levels of security, speed, and compliance with data destruction standards.
NEW in v1.5: Hardware error compensation with ddrescue support, USB NVMe enclosure handling, and multiple filesystem formatting options.
Supported Drive Types
Standard Drives
- SATA HDD/SSD (512B/4KB sectors)
- NVMe drives (512B/4KB sectors)
- Standard consumer and commercial drives
Enterprise Drives (v1.4+)
- SCSI/SAS drives with proprietary sectors
- NetApp, Toshiba, and other enterprise storage
- Drives with 520B/528B sector sizes
- Drives with protection types and data integrity features
USB NVMe Enclosures (v1.5+)
- USB NVMe enclosures (RTL9210, RTL9220, JMicron, ASMedia)
- External NVMe drive enclosures
- Drives requiring special initialization procedures
Wipe Methods
1. Quick Format
Purpose: Fast sanitization with partition creation and filesystem formatting.
What it does:
- Creates a new partition table (GPT for drives >2TB, MSDOS otherwise)
- Creates a single primary partition using the entire drive
- Formats the partition with the selected filesystem (exFAT, NTFS, EXT4, or none)
- Applies appropriate volume labels using centralized label generation
- Updates partition information and settles udev
Filesystem Options:
- exFAT Quick: Fast formatting with exFAT filesystem
- exFAT Full: Full formatting with exFAT filesystem (slower but more thorough)
- NTFS Quick: Fast formatting with NTFS filesystem
- NTFS Full: Full formatting with NTFS filesystem using
mkfs.ntfs -f
- EXT4 Quick: Fast formatting with EXT4 filesystem using
-F flag
- EXT4 Full: Full formatting with EXT4 filesystem using
-cc flag
- Format Options: None: Skip formatting (partitioning only)
Use cases:
- Preparing drives for immediate use with specific filesystems
- Creating bootable drives with Windows/Linux compatibility
- Quick preparation of drives for new deployment
- When both wiping and formatting are needed
2. DD Zero Fill
Purpose: Complete single-pass overwrite sanitization with hardware error compensation.
What it does:
- Uses either
dd or ddrescue to write zeros across the entire drive
- Overwrites every sector with binary zeros
- Provides complete data destruction through overwriting
- NEW: Hardware error compensation mode using ddrescue for error-resilient operations
Standard Mode (dd):
- Uses standard
dd command with progress tracking
- Fails on the first bad sector encountered
- Suitable for healthy drives
Hardware Error Compensation Mode (ddrescue):
- Uses
ddrescue with error mapping and recovery
- Continues operation despite bad sectors
- Creates mapfile for resumable operations
- Automatically handles hardware errors and bad sectors
Use cases:
- General-purpose data destruction
- Preparing drives for secure disposal
- Wiping drives with potential bad sectors
- When hardware errors should not stop the wipe process
3. Shred
Purpose: Multi-pass secure deletion following Department of Defense standards.
What it does:
- Performs 3 random data passes over the entire drive
- Uses cryptographically secure random data from
/dev/urandom
- Follows with a final zero-fill pass
- Uses GNU shred with verbose output and progress tracking
Use cases:
- High-security data destruction
- Compliance with government standards
- Maximum assurance of data irrecoverability
- Military or classified data handling
USB NVMe Enclosure Support
Automatic Detection:
- Identifies USB NVMe enclosures by vendor/model information
- Detects RTL9210, RTL9220, JMicron, ASMedia chipsets
- Shows warnings for drives requiring special handling
Initialization Procedures:
- Multiple wake-up attempts for problematic enclosures
- I/O operations to initialize zero-capacity drives
- SCSI start/stop unit commands
- USB device reset using
usbreset utility
- Power cycling via UDisks
Recovery Methods:
- Metadata clearing for drives showing zero size
- Partition table recreation with
fdisk
- GPT creation with
parted
- Additional I/O wake-up sequences
Comparison Table
| Method |
Security Level |
Speed |
Compliance Standards |
Data Recovery Risk |
| Quick Format |
Basic-Medium |
⚡ Fastest |
None |
Medium (filesystem recreation possible) |
| DD Zero Fill |
High |
🟡 Medium |
Basic overwrite standards |
Low (requires advanced forensics) |
| DD Zero Fill (HW Comp) |
High |
🟡 Medium-Slow |
Basic overwrite standards |
Very Low (handles bad sectors) |
| Shred |
Maximum |
🐌 Slowest |
DoD 5220.22-M (3-pass) |
Very Low (extremely difficult) |
Sanitization Standards Compliance
Quick Format
- No formal compliance: Provides basic data removal through partitioning and formatting
- Risk level: Medium - Data can be recovered with forensic tools, but filesystem is destroyed
- Benefits: Fast, creates usable drive with selected filesystem
DD Zero Fill (Standard)
- Basic overwrite compliance: Meets simple single-pass overwrite requirements
- Standards: Aligns with basic data destruction guidelines but not comprehensive standards
- Risk level: Low to medium - Single pass overwrite makes recovery difficult but not impossible
DD Zero Fill (Hardware Error Compensation)
- Enhanced overwrite compliance: Meets single-pass requirements with error handling
- Standards: Aligns with data destruction guidelines for drives with bad sectors
- Risk level: Very low - Error compensation ensures complete coverage despite hardware issues
Shred (3-pass + zero)
- DoD 5220.22-M compliance: Meets U.S. Department of Defense data sanitization standard
- NIST SP 800-88 Guidelines: Aligns with National Institute of Standards and Technology recommendations
- Risk level: Very low - Multiple random passes make data recovery extremely difficult and expensive
Performance Characteristics
Speed Rankings (Fastest to Slowest)
- Quick Format - Minutes (depends on drive size and filesystem, typically 5-30 minutes)
- DD Zero Fill (Standard) - Hours (full drive write time, e.g., 2-8 hours for 1TB drive)
- DD Zero Fill (HW Comp) - Hours-Slow (ddrescue overhead, e.g., 3-10 hours for 1TB drive)
- Shred - Days (3 full passes + zero pass, e.g., 6-24+ hours for 1TB drive)
Factors Affecting Speed
- Drive size and interface (SSD vs HDD)
- Drive write speed and health
- Filesystem selection for Quick Format
- Hardware errors (affects ddrescue performance)
- System performance and background load
Security Considerations
When to Use Each Method
Choose Quick Format when:
- Speed is critical and some security is acceptable
- Drive will be immediately reformatted and reused
- Specific filesystem formatting is required
- Creating drives for OS installation or immediate use
Choose DD Zero Fill (Standard) when:
- Balance of speed and security is needed
- Drive is known to be healthy
- Single overwrite is acceptable
- Preparing drives for donation or disposal
Choose DD Zero Fill (HW Error Comp) when:
- Drive may have bad sectors or hardware issues
- Maximum coverage is required despite errors
- Resumable operations are needed
- Working with aging or damaged drives
Choose Shred when:
- Maximum security is required
- Compliance with government standards is needed
- Data contains sensitive or classified information
- Legal or regulatory requirements demand high assurance
Data Recovery Feasibility
- Quick Format: Medium feasibility - forensic tools can recover data, but filesystem is destroyed
- DD Zero Fill: Low feasibility - requires expensive forensic equipment
- DD Zero Fill (HW Comp): Very low feasibility - ensures complete coverage
- Shred: Very low feasibility - economically impractical to recover
Technical Implementation
Command Execution
All methods are executed via bash scripts with:
- Comprehensive logging with timestamps
- Progress monitoring and status updates
- Error handling with retry mechanisms
- Sudo privilege escalation
- Terminal output streaming
Logging and Verification
- Each operation creates detailed log files
- Timestamps and duration tracking
- Master log aggregation
- Verification of successful completion
- Hardware health reporting (SMART data)
Filesystem-Specific Handling
- exFAT: Uses
mkfs.exfat with volume labels
- NTFS: Uses
mkfs.ntfs with -f (fast) or default (full) options
- EXT4: Uses
mkfs.ext4 with -F (fast) or -cc (full) options
- Volume Labels: Centralized generation ensuring consistency across filesystems
Best Practices
- Verify drive selection before starting any wipe operation
- Ensure no critical data remains on the system
- Monitor progress especially for long-running operations
- Keep logs for compliance and audit purposes
- Test on small drives first if unsure of the process
- Enable hardware error compensation for drives with potential issues
- Check USB NVMe enclosures for proper initialization
Troubleshooting
Common Issues
- Slow performance: Check drive health and connection, consider hardware error compensation
- Permission errors: Verify sudo configuration includes all required commands
- Device not found: Refresh device list or check connections, try USB port changes for NVMe enclosures
- Filesystem creation fails: Check that required tools are installed (
mkfs.exfat, mkfs.ntfs, mkfs.ext4)
- USB NVMe issues: Try different USB ports, check kernel logs, ensure proper initialization
Recovery Options
- Stopped operations can be resumed (ddrescue supports mapfiles)
- Failed operations are logged with error details
- Device status is tracked to prevent accidental re-wiping
- Hardware error compensation allows continuation despite bad sectors
⚠️ WARNING: This documentation is for ReclaimNUKM version 1.6.0 with GUI interface. Always ensure you have proper backups before performing any data destruction operations.