4

Possible Duplicate:
How to wipe free disk space in Linux?

This question is inspired by What is the best tool for file-shredding on a memory card?, in which brice recommended the simple pattern for wiping an SD card using dd if=/dev/random. That's the solution to the problem I googled. brice++

I saw that question refer to the more general one: Is there a program to truly delete all deleted files?. But that question is tagged windows. I'd like to add the Linux answer to our knowledge base. I use shred -uz FWIW.

I'd also like to hear from experts about success against forensic techniques. (No, I am not under threat of indictment. I have nothing to hide from authorities. I'm just curious. ;) Does shred(1) have a track record for thwarting subpoenas? What about brice's technique for the SD card? There are no forensic techniques to recover from flash once it's been overwritten in just a single pass, right?

Last, kudos to splattne for linking to Guidelines for Media Sanitization (PDF) in another related Windows question. But that document doesn't mention Linux or UNIX in 43 pages!

djsmiley2kStaysInside
  • 6,943
  • 2
  • 36
  • 48
tbc0
  • 319

2 Answers2

5

This is a similar question to How to wipe free disk space in Linux?

Here is the answer I gave then;

You can use a suite of tools called secure-delete.

sudo apt-get install secure-delete

This has four tools:

srm - securely delete an existing file
smem - securely delete traces of a file from ram
sfill - wipe all the space marked as empty on your hard drive
sswap - wipe all the data from you swap space.

From the man page of srm

srm is designed to delete data on mediums in a secure manner which can not be recovered by thiefs, law enforceā€ment or other threats. The wipe algorythm is based on the paper "Secure Deletion of Data from Magnetic and Solid-State Memory" presented at the 6th Usenix Security Symposium by Peter Gutmann, one of the leading civilian cryptographers.

The secure data deletion process of srm goes like this:

  • 1 pass with 0xff
  • 5 random passes. /dev/urandom is used for a secure RNG if available.
  • 27 passes with special values defined by Peter Gutmann.
  • 5 random passes. /dev/urandom is used for a secure RNG if available.
  • Rename the file to a random value
  • Truncate the file

As an additional measure of security, the file is opened in O_SYNC mode and after each pass an fsync() call is done. srm writes 32k blocks for the purpose of speed, filling buffers of disk caches to force them to flush and overwriting old data which belonged to the file.

Hope this helps.

Community
  • 1
fnord_ix
  • 3,282
0

shred can do multiple overwrites with its -iterations= parameter (25 by default) and that is the best way to make a file unrecoverable.

Kevin
  • 2,101