Permanently Delete Files on Linux with Secure-Delete

Permanently Delete Files on Linux with Secure-Delete

There are various reasons why one might want to securely delete files on a hard drive, including sale of the hard drive and/or computer, or for privacy. While there are free and commercially available tools to recover deleted files from hard drives (even from formatted drives), we can only assume there are more powerful tools not readily available that can perform advanced forensics and recover even more files and data.

We will discuss how you can delete files on Linux using secure-delete tools to such a degree that these files cannot be recovered with any known tools and methods. Secure-delete contains tools that can be used to securely delete files from a hard drive in different ways.

On Ubuntu, secure-delete is available in the Ubuntu repositories and can be installed using apt-get like so:

Secure-delete is available in the Ubuntu repositories.

This would install three commands on your system. These are:

  • srm – This command is used to delete files and directories from your hard drive.
  • sfill – Wipes all data from free space on your disk. Running this makes sure there are no more recoverable files on the disk/partition.
  • sswap – Wipes all data from the swap partition.

Much like the Linux command rm, srm removes files and directories. However, it first overwrites the file(s) multiple times with random data, renames the file(s) multiple times and then finally deletes the file(s). When complete, there is no trace left of the file on the drive. To operate on a file, run:

While, for directories:

The srm command removes files and directories.

The -r flag indicates recursive mode. Another useful flag is -z, which writes zeros on the last wipe rather than random data. By default, srm overwrites the data 38 times.

The tool sfill, on the other hand, checks the selected partition for space marked as free/available, and then fills it up with random data. This ensures that there are no more recoverable files on that partition. Like srm, sfill performs 38 writes by default.

The tool sfill checks the selected partition for space marked as free/available.

To run sfill on a partition, simply specify a directory that resides on the partition, or specify a mount point. For example, if “/home” is on a separate partition, the commands:

and

will both completely clean the free space on the “/home” partition. This is a particularly useful tool when you want to hand over a computer, but do not want to go through the hassle of re-installing the OS.

This program securely wipes your swap partitions. The swap partition stores the data of running programs when the RAM is getting full. The swap partition can potentially contain very sensitive data and information. Before running sswap, the swap partition must first be disabled. If you are unsure of your swap device, or even if you have one, you can find out using the command:

The sswap program securely wipes your swap partitions.

From the screenshot above, the swap space is “/dev/sda6”. To disable it would require the command:

After disabling, run sswap on the device:

You can use the -v flag to see more information as the command operates. Like srm and sfill, sswap defaults to 38 writes.

Another useful tool to have is smem, which can be installed on Ubuntu with the command:

This tool securely wipes the computer memory (RAM), which could contain the state of running programs as well as sensitive program data, even after the computer has been powered off.

Data remanence refers to the residue of digital data even after attempts have been made to delete said data. Government agencies are, rightly, wary of data remanence especially on decommissioned computer systems. More information about data remanence can be found on Wikipedia. These tools help ensure that the only data left on the drive would be random gibberish.

5 comments

    • @dragonmouth It really depends on the size of the file (or partition) the command is operating on.

  1. I really hate Linux guides. They never make any sense. You start off by giving a command for Ubuntu. What if you are not running Ubuntu? The guide says nothing about where to start if you are not running Ubuntu.

    • The author is saying ‘Ubuntu’ just to be on the safe side, just so he doesn’t have to verify the advice on every Debian-based distro and every desktop environment that particular distro may run. But, when you see ‘apt-get’ in the directions, and it’s obviously a command line/terminal utility and it’s in your distro’s repo — then you’re running a Debian-based distro and really can’t go far wrong, just by following the directions, as given.

      Just be sure to read the man page, or help text, to make sure you’re pointing it exactly at whatever you want to be erased, before you hit ‘Enter’..

      Or, if you type
      shred –help
      at the terminal/command line and see directions are being displayed, then you may already have a similar utility installed by default (a ‘core utility’).

      Easiest and most fool-proof of all is if the system has ‘bleachbit’ installed — a very useful free utility — just run it either from terminal or your program menu (on KDE, installing the package should have put an entry there), and click on the first menu entry, Files. You’ll see Shred Files, Shred Folders, etc. and then click on whatever is wanted, then migrate to the directory or file to be removed, highlight it, and click Delete, in the screen’s lower-right corner.

Comments are closed.

Sponsored Stories