There are various reasons why one might want to securely delete files on a hard drive, including sale of the hard drive and/or computer, or for privacy. While there are free and commercially available tools to recover deleted files from hard drives (even from formatted drives), we can only assume there are more powerful tools not readily available that can perform advanced forensics and recover even more files and data.
We will discuss how you can delete files on Linux using secure-delete tools to such a degree that these files cannot be recovered with any known tools and methods. Secure-delete contains tools that can be used to securely delete files from a hard drive in different ways.
On Ubuntu, secure-delete is available in the Ubuntu repositories and can be installed using
apt-get like so:
sudo apt-get install secure-delete
This would install three commands on your system. These are:
- srm – This command is used to delete files and directories from your hard drive.
- sfill – Wipes all data from free space on your disk. Running this makes sure there are no more recoverable files on the disk/partition.
- sswap – Wipes all data from the swap partition.
Much like the Linux command
srm removes files and directories. However, it first overwrites the file(s) multiple times with random data, renames the file(s) multiple times and then finally deletes the file(s). When complete, there is no trace left of the file on the drive. To operate on a file, run:
While, for directories:
srm -r directory/
-r flag indicates recursive mode. Another useful flag is
-z, which writes zeros on the last wipe rather than random data. By default,
srm overwrites the data 38 times.
sfill, on the other hand, checks the selected partition for space marked as free/available, and then fills it up with random data. This ensures that there are no more recoverable files on that partition. Like srm,
sfill performs 38 writes by default.
To run sfill on a partition, simply specify a directory that resides on the partition, or specify a mount point. For example, if “/home” is on a separate partition, the commands:
sudo sfill /home/myuser
sudo sfill /home
will both completely clean the free space on the “/home” partition. This is a particularly useful tool when you want to hand over a computer, but do not want to go through the hassle of re-installing the OS.
This program securely wipes your swap partitions. The swap partition stores the data of running programs when the RAM is getting full. The swap partition can potentially contain very sensitive data and information. Before running
sswap, the swap partition must first be disabled. If you are unsure of your swap device, or even if you have one, you can find out using the command:
From the screenshot above, the swap space is “/dev/sda6”. To disable it would require the command:
sudo swapoff /dev/sda6
After disabling, run sswap on the device:
sudo sswap /dev/sda6
You can use the
-v flag to see more information as the command operates. Like srm and sfill,
sswap defaults to 38 writes.
Another useful tool to have is
smem, which can be installed on Ubuntu with the command:
sudo apt-get install smem
This tool securely wipes the computer memory (RAM), which could contain the state of running programs as well as sensitive program data, even after the computer has been powered off.
Data remanence refers to the residue of digital data even after attempts have been made to delete said data. Government agencies are, rightly, wary of data remanence especially on decommissioned computer systems. More information about data remanence can be found on Wikipedia. These tools help ensure that the only data left on the drive would be random gibberish.