Deleting a file or reformatting a disk does not destroy your sensitive data. The data can easily be undeleted or read by sector editors or other forensic tools
(1) Shred
Although it has some important limitations, the shred command can be useful for destroying files so that their contents are very difficult or impossible to recover. shred accomplishes its destruction by repeatedly overwriting files with data patterns designed to do maximum damage so that it becomes difficult to restore data even using high-sensitivity data recovery equipment.
Deleting a file with the rm command does not destroy the data; it merely removes an index listing pointing to the file and makes the file’s data blocks available for reuse. Thus, a file deleted with rm can be easily recovered using several common utilities until its freed data blocks have been reused.
Shred Syntax
shred [option(s)] file(s)_or_devices(s)
Available Options
-f, --force - change permissions to allow writing if necessary
-n, --iterations=N - Overwrite N times instead of the default (25)
-s, --size=N - shred this many bytes (suffixes like K, M, G accepted)
-u, --remove - truncate and remove file after overwriting
-v, --verbose - show progress
-x, --exact - do not round file sizes up to the next full block
-z, --zero - add a final overwrite with zeros to hide shredding
-shred standard output
--help - display this help and exit
--version - output version information and exit
Shred Examples
1) The following command could be used securely destroy the three files named file1, file2 and file3
shred file1 file2 file3
2) The following would destroy data on the seventh partition on the first HDD
shred /dev/hda7
3) You might use the following command to erase all trace of the filesystem you’d created on the floppy disk in your first drive. That command takes about
20 minutes to erase a “1.44MB” (actually 1440 KB)
floppy.
shred --verbose /dev/fd0
4) To erase all data on a selected partition (in this example sda5), you could use a command such as
shred --verbose /dev/sda5
(2) Wipe
wipe Syntax
wipe [options] path1 path2 … pathn
Wipe Examples
Wipe every file and every directory (option -r) listed under /home/test/plaintext/, including /home/test/plaintext/.Regular files will be wiped with 34 passes and their sizes will then be halved a random number of times. Special files (character and block devices, FIFOs…) will not. All directory entries (files, special files and directories) will be renamed 10 times and then unlinked. Things with inappropriate permissions will be chmod()’ed (option -c). All of this will happen without user confirmation (option -f).
wipe -rcf /home/test/plaintext/
Assuming /dev/hda3 is the block device corresponding to the third partition of the master drive on the primary IDE interface, it will be wiped in quick mode (option -q) i.e. with four random passes. The inode won’t be renamed or unlinked (option -k). Before starting, it will ask you to type “yes”.
wipe -kq /dev/hda3
Since wipe never follows symlinks unless explicitly told to do so, if you want to wipe /dev/floppy which happens to be a symlink to /dev/fd0u1440 you will have to specify the -D option. Before starting, it will ask you to type “yes”.
wipe -kqD /dev/floppy
Here, wipe will recursively (option -r) destroy everything under /var/log, excepting /var/log. It will not attempt to chmod() things. It will however be verbose (option -i). It won’t ask you to type “yes” because of the -f option.
wipe -rfi >wipe.log /var/log/*
Due to various idiosyncrasies of the OS it’s not always easy to obtain the number of bytes a given device might contain (in fact, that quantity can be variable). This is why you sometimes need to tell wipe the amount of bytes to destroy. That’s what the -l option is for. Plus, you can use b,K,M and G as multipliers, respectively for 2^9 (512), 2^10 (1024 or a Kilo), 2^20 (a Mega) and 2^30 (a Giga) bytes. You can even combine more than one multiplier !! So that 1M416K = 1474560 bytes.
wipe -Kq -l 1440k /dev/fd0
(3) Secure-Delete tools
Tools to wipe files, free disk space, swap and memory. Even if you overwrite a file 10+ times, it can still be recovered. This package contains tools to securely wipe data from files, free disk space, swap and memory.
The Secure-Delete tools are a particularly useful set of programs that use advanced techniques to permanently delete files.
The Secure-Delete package comes with the following commands
srm(Secure remove) - used for deleting files or directories currently on your hard disk.
smem(Secure memory wiper) - used to wipe traces of data from your computer’s memory (RAM).
sfill(Secure free space wiper) - used to wipe all traces of data from the free space on your disk.
sswap(Secure swap wiper) - used to wipe all traces of data from your swap partition.
srm - Secure remove
srm removes each specified file by overwriting, renaming, and truncat-ing it before unlinking. This prevents other people from undeleting or recovering any information about the file from the command line.
srm, like every program that uses the getopt function to parse its arguments, lets you use the -- option to indicate that all arguments are non-options. To remove a file called ‘-f’ in the current directory, you could type either “srm -- -f” or “srm ./-f”.
srm Syntax
srm [OPTION]… FILE…
Available Options
-d, --directory - ignored (for compatibility with rm)
-f, --force - ignore nonexistent files, never prompt
-i, --interactive - prompt before any removal
-r, -R, --recursive - remove the contents of directories recursively
-s, --simple - only overwrite with a single pass of random data
-m, --medium - overwrite the file with 7 US DoD compliant passes (0xF6,0×00,0xFF,random,0×00,0xFF,random)
-z, --zero - after overwriting, zero blocks used by file
-n, --nounlink - overwrite file, but do not rename or unlink it
-v, --verbose - explain what is being done
--help display this help and exit
--version - output version information and exit
srm Examples
Delete a file using srm
srm myfile.txt
Delete a directory using srm
srm -r myfiles
smem - Secure memory wiper
smem is designed to delete data which may lie still in your memory (RAM) in a secure manner which can not be recovered by thieves, law enforcement or other threats.
smem Syntax
smem [-f] [-l] [-l] [-v]
Available Options
-f - fast (and insecure mode): no /dev/urandom.
-l - lessens the security. Only two passes are written: the first with 0×00 and a final random one.
-l -l for a second time lessons the security even more: only one pass with 0×00 is written.
-v - verbose mode
sfill - secure free space wipe
sfill is designed to delete data which lies on available disk space.
sfill Syntax
sfill [-f] [-i] [-I] [-l] [-l] [-v] [-z] directory/mountpoint
Available Option
-f - fast (and insecure mode): no /dev/urandom, no synchronize mode.
-i - wipe only free inode space, not free disk space
-I -wipe only free disk space, not free inode space
-l -lessens the security. Only two passes are written: one mode with 0xff and a final mode with random values.
-l -l for a second time lessons the security even more: only one random pass is written.
-v - verbose mode
-z - wipes the last write with zeros instead of random data
directory/mountpoint this is the location of the file created in your filesystem. It should lie on the partition you want to write.
sswap - Secure swap wiper
sswap is designed to delete data which may lie still on your swapspace.
sswap Syntax
sswap [-f] [-l] [-l] [-v] [-z] swapdevice
Available Option
-f - fast (and insecure mode): no /dev/urandom, no synchronize mode.
-l - lessens the security. Only two passes are written: one mode with 0xff and a final mode with random values.
-l -l for a second time lessons the security even more: only one pass with random values is written.
-v - verbose mode
-z - wipes the last write with zeros instead of random data
sswap Examples
Before you start using sswap you must disable your swap partition. You can determine your mounted swap devices using the following command
cat /proc/swaps
Disable swap using the following command
sudo swapoff /dev/sda3
/dev/sda3 - This is my swap device
Once your swap device is disabled, you can wipe it with sswipe using the following command
sudo sswap /dev/sda3
After completing the above command you need to re-enable swap using the following command
sudo swapon /dev/sda3
(4) DBAN
Darik’s Boot and Nuke (“DBAN”) is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.
