|
A long time ago, we shared a well-known tip: Shift + Delete is usually a combination of keys usually assigned to delete the selected file without sending it to the trash. However, a forensic unit could recover the file using a special software.How delete that secret information en final form? Come in and find out ... |
First of all, conspiratorial friends, let me warn you that if you are concerned about the security of your files, the best option is to encrypt the entire disk (if you are really persecuted) or, in the best of cases, the folder where you keep your files. ultra-secrets.
If, even so, you want to know how to delete a file permanently, read on.
shred
This tool runs from the command line and is installed by default on almost all popular distros. It allows you to erase files and partitions safely, using the Gutman method.
Quick chopping
shred -vzn 0 / dev / sda1
erases partition sda1, padding it with zeros.
Safe chopping
shred -vzn 3 / dev / sda1
erase the entire sda1 partition, filling it with random numbers, after 3 iterations. Also, write zeros to hide the chopping process at the end. This method takes 4 times longer than Quick Chopping.
To delete a simple file, just type:
shred -u mysecret.txt
For more information on shred, enter:
man shred
SRM
Another alternative is SRM, from the Secure Delete toolkit.
Install Secure Delete:
apt-get install secure-delete
Secure Delete comes with 4 tools:
SRM (secure remove), which allows you to permanently delete files and directories
srm mysecret.txt
To delete a folder:
srm -r / my / secret / path /
the -r attribute is for it to work recursively, removing all subfolders.
meme (secure memory wiper), which allows you to clean your RAM memory
Although it is true that the RAM is emptied when we turn off the computer, it is likely that you do not know that there are certain traces of residual information that remain in the memory and that, as in the case of hard drives, they are not erased until they are rewritten several times. This means that someone skilled enough with the appropriate tools can discover at least some of the information stored in your RAM.
The smem command can be used with some parameters to optimize performance, but the most common is to run it alone.
meme
sfill (secure free space wiper), which permanently cleans all the free space on your drives
sfill is ideal for those who want to make a disc "clean". It is likely that to run it without problems you need administrator permissions.
sfill / path / mount / disk
swap (secure swap wiper), which permanently cleans all the information stored in the swap partition.
If you were tempted by the idea of smem, then you can't stop using sswap. Otherwise, the cleaning will be "half done".
First, you need to disable swap. Let's first find out which partition it is on:
cat / proc / swaps
Then we disable it
sudo swapoff / dev / sda5
Don't forget to replace sda5 with the swap partition you are using.
Finally, run the sswap command, passing the swap path as a parameter:
sudo sswap / dev / sda5
Once again, replace sda5.
The article is interesting, especially for what makes reference to ssd disks. You are unaware of these erasure techniques and that they do not work 100% on this type of disc.
Excellent many thanks to favorites.
I can't delete music files. It tells me the files don't exist. What I can do?
This is excellent if I didn't know it 😀 thanks for the information.
That's right ... that's why the warning at the end of the post.
Cheers! Paul.
The best: 2 minutes in the microwave ... PEM, what do they say. Now seriously: in man wipe you can read “I hereby speculate that hard disks can use the spare remapping area to secretly make copies of your data. Rising totalitarianism makes this almost a certitude. It is quite straightforward to implement some simple filtering schemes that would copy potentially interesting data. Better, a harddisk can probably detect that a given file is being wiped, and silently make a copy of it, while wiping the original as instructed. » Discs with "journalling" do not ensure their complete erasure. Look around, and notice that NOTHING claims to eliminate all information. The only sure thing is the physical destruction of the surface of the disc platters.
Very good information.
Greetings.
Very, very good info so every day one learns more about this excellent and layers that become one of my top commands, you can also delete information from HDD with the dd command
for n in {1..7}; do dd if = / dev / urandom of = / dev / sda bs = 8b conv = notrunc; done
I read it in another blog a while ago and I wrote it down, it looks very useful, what it does is fill the HDD 7 times with random characters
You're welcome! 🙂
I thought Shred is a guitar technique xD
Haha! As well…
Normally I do "echo tatata> file", this way I delete the content and then delete the file. What I don't know is if actually shrinking the file size will keep data on the freed disk sectors.
That doesn't seem to work to me, because you only partially write the file. I remember that what I did before knowing shred (I knew him before this post), was to create an alias called crush that what I was doing was
head -c $ (wc -c FILE) / dev / urandom> FILE
the $ (..) gives you the result of a command, so that with wc -c I look at the size in bits of the file, I take X random characters (yes, paranoid, I know that it is better to use / dev / random because it is real random, but come on, to delete a file with urandom is ok and it's faster), and I write them in the file. Then you erase it
Even so, I already tell you that it is a fairly homemade solution, there is shred for something
regards
very interesting
Very good I needed.
The thing about deleting the ram I see it from an extreme paranoia, and look that I have the encrypted hard disk, but come on, rescuing data from a ram is extremely complicated and it is very likely that the capacitors have been discharged before. From what I understand, what is done in cases of forensic analysis (I have an acquaintance from my hacklab whose specialty is that), is to open the lid of the server on, start the ram with the device on (which causes a « nice »interruption 0x00 to the microprocessor, turning off the pc, because a failure to be fat is not tolerable), you put the ram pouring milk in liquid nitrogen with a specialized reading unit ... anyway, erasing the ram is already a good paranoid level ...
In addition, one way to unload your motherboard and all its components, is in the case of a desktop unplug it, if it is a laptop remove the battery, press the power button several seconds repeatedly and there is nothing left in the capacitors, only on the CMOS stack (BIOS setup memory)
regards