How to clean your disks and erase files safely

A long time ago, we shared a well-known tip: Shift + Delete is usually a combination of keys usually assigned to delete the selected file without sending it to the trash. However, a forensic unit could recover the file using a special software.How delete that secret information en final form? Come in and find out ...


First of all, conspiratorial friends, let me warn you that if you are concerned about the security of your files, the best option is to encrypt the entire disk (if you are really persecuted) or, in the best of cases, the folder where you keep your files. ultra-secrets.

If, even so, you want to know how to delete a file permanently, read on.

Table of Contents

shred

This tool runs from the command line and is installed by default on almost all popular distros. It allows you to erase files and partitions safely, using the Gutman method.

Quick chopping

shred -vzn 0 / dev / sda1

erases partition sda1, padding it with zeros.

Safe chopping

shred -vzn 3 / dev / sda1

erase the entire sda1 partition, filling it with random numbers, after 3 iterations. Also, write zeros to hide the chopping process at the end. This method takes 4 times longer than Quick Chopping.

To delete a simple file, just type:

shred -u mysecret.txt

For more information on shred, enter:

man shred

SRM

Another alternative is SRM, from the Secure Delete toolkit.

Install Secure Delete:

apt-get install secure-delete

Secure Delete comes with 4 tools:

SRM (secure remove), which allows you to permanently delete files and directories

srm mysecret.txt

To delete a folder:

srm -r / my / secret / path /

the -r attribute is for it to work recursively, removing all subfolders.

meme (secure memory wiper), which allows you to clean your RAM memory

Although it is true that the RAM is emptied when we turn off the computer, it is likely that you do not know that there are certain traces of residual information that remain in the memory and that, as in the case of hard drives, they are not erased until they are rewritten several times. This means that someone skilled enough with the appropriate tools can discover at least some of the information stored in your RAM.

The smem command can be used with some parameters to optimize performance, but the most common is to run it alone.

meme

sfill (secure free space wiper), which permanently cleans all the free space on your drives

sfill is ideal for those who want to make a disc "clean". It is likely that to run it without problems you need administrator permissions.

sfill / path / mount / disk

swap (secure swap wiper), which permanently cleans all the information stored in the swap partition.

If you were tempted by the idea of ​​smem, then you can't stop using sswap. Otherwise, the cleaning will be "half done".

First, you need to disable swap. Let's first find out which partition it is on:

cat / proc / swaps

Then we disable it

sudo swapoff / dev / sda5

Don't forget to replace sda5 with the swap partition you are using.

Finally, run the sswap command, passing the swap path as a parameter:

sudo sswap / dev / sda5

Once again, replace sda5.

Both shred and srm may not be 100% effective on a solid state drive (SSD) or even some advanced mechanical drives where the drive may not be writing where you imagine (See more).

The content of the article adheres to our principles of editorial ethics. To report an error click here!.

16 comments, leave yours

Leave a Comment

Your email address will not be published.

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.

  1.   hoes said

    The article is interesting, especially for what makes reference to ssd disks. You are unaware of these erasure techniques and that they do not work 100% on this type of disc.

  2.   Alejandro Diaz said

    Excellent many thanks to favorites.

  3.   Osseline said

    I can't delete music files. It tells me the files don't exist. What I can do?

  4.   Xkalaze said

    This is excellent if I didn't know it 😀 thanks for the information.

  5.   Let's use Linux said

    That's right ... that's why the warning at the end of the post.

    Cheers! Paul.

  6.   Javier Debian Bb Ar said

    The best: 2 minutes in the microwave ... PEM, what do they say. Now seriously: in man wipe you can read “I hereby speculate that hard disks can use the spare remapping area to secretly make copies of your data. Rising totalitarianism makes this almost a certitude. It is quite straightforward to implement some simple filtering schemes that would copy potentially interesting data. Better, a harddisk can probably detect that a given file is being wiped, and silently make a copy of it, while wiping the original as instructed. » Discs with "journalling" do not ensure their complete erasure. Look around, and notice that NOTHING claims to eliminate all information. The only sure thing is the physical destruction of the surface of the disc platters.

  7.   DIGITAL PC, Internet and Service said

    Very good information.

    Greetings.

  8.   eM Say eM said

    Very, very good info so every day one learns more about this excellent and layers that become one of my top commands, you can also delete information from HDD with the dd command

    for n in {1..7}; do dd if = / dev / urandom of = / dev / sda bs = 8b conv = notrunc; done

    I read it in another blog a while ago and I wrote it down, it looks very useful, what it does is fill the HDD 7 times with random characters

  9.   Let's use Linux said

    You're welcome! 🙂

  10.   Courage said

    I thought Shred is a guitar technique xD

  11.   Let's use Linux said

    Haha! As well…

  12.   Envi said

    Normally I do "echo tatata> file", this way I delete the content and then delete the file. What I don't know is if actually shrinking the file size will keep data on the freed disk sectors.

    1.    desikoder said

      That doesn't seem to work to me, because you only partially write the file. I remember that what I did before knowing shred (I knew him before this post), was to create an alias called crush that what I was doing was

      head -c $ (wc -c FILE) / dev / urandom> FILE

      the $ (..) gives you the result of a command, so that with wc -c I look at the size in bits of the file, I take X random characters (yes, paranoid, I know that it is better to use / dev / random because it is real random, but come on, to delete a file with urandom is ok and it's faster), and I write them in the file. Then you erase it

      Even so, I already tell you that it is a fairly homemade solution, there is shred for something

      regards

  13.   pedro said

    very interesting

  14.   cuervo291286 said

    Very good I needed.

  15.   desikoder said

    The thing about deleting the ram I see it from an extreme paranoia, and look that I have the encrypted hard disk, but come on, rescuing data from a ram is extremely complicated and it is very likely that the capacitors have been discharged before. From what I understand, what is done in cases of forensic analysis (I have an acquaintance from my hacklab whose specialty is that), is to open the lid of the server on, start the ram with the device on (which causes a « nice »interruption 0x00 to the microprocessor, turning off the pc, because a failure to be fat is not tolerable), you put the ram pouring milk in liquid nitrogen with a specialized reading unit ... anyway, erasing the ram is already a good paranoid level ...

    In addition, one way to unload your motherboard and all its components, is in the case of a desktop unplug it, if it is a laptop remove the battery, press the power button several seconds repeatedly and there is nothing left in the capacitors, only on the CMOS stack (BIOS setup memory)

    regards