Deleting files or formatting drives do not destroy the data, it just removes pointers to the data. Which means it is possible to recover the data using sophisticated tools which can look for data in a file system/hard drive without pointers. While this is good for recovering accidentally deleted files or formated drives, it definitely is bad for sensitive data that you really want to destroy (financial data,passwords etc..).
The way to erase data completely from a file or device is to overwrite it completely with random data. Repeating this multiple times decreases even the remote chance of recovering the data.
In Linux there are many tools, we will examine the "shred" command here. We can use it either for erasing a file or a drive.
* To erase a file
safeer@lin01:~$sudo /usr/bin/shred -n 10 -z -v /home/safeer/passwords.txt
/usr/bin/shred: /home/safeer/passwords.txt: pass 1/11 (random)...
/usr/bin/shred: /home/safeer/passwords.txt: pass 2/11 (111111)...
/usr/bin/shred: /home/safeer/passwords.txt: pass 3/11 (aaaaaa)...
......................ouput truncated............................
/usr/bin/shred: /home/safeer/passwords.txt: pass 9/11 (555555)...
/usr/bin/shred: /home/safeer/passwords.txt: pass 10/11 (random)...
/usr/bin/shred: /home/safeer/passwords.txt: pass 11/11 (000000)..
The options and their meaning
-n 10 : Overwrite the file 10 times ( 10 passes )
-z : after rewriting specified passes overwrite another pass with all zeroes. This helps in hiding the fact that disk/file was shred-ed.
-v : Verbose output, provides progress made so far in shredding.
This command will erase the contents of the file, but will keep the file in place. It is possible that the file size will slightly increase, but the data inside will be all gibberish.
Before shred:
safeer@lin01:~$ ls -l /home/safeer/passwords.txt
-rw-rw-r-- 1 safeer safeer 938848 Mar 13 23:55 /home/safeer/passwords.txt
After shred:
safeer@lin01:~$ ls -l /home/safeer/passwords.txt
-rw-rw-r-- 1 safeer safeer 942080 Mar 14 00:12 /home/safeer/passwords.txt
If you want to remove the file as well, use the "-u" option along with the command
safeer@lin01:~$ sudo /usr/bin/shred -n 10 -z -v -u /home/safeer/passwords.txt
/usr/bin/shred: /home/safeer/passwords.txt: pass 1/11 (random)...
.........output truncated.........
/usr/bin/shred: /home/safeer/passwords.txt: pass 11/11 (000000)...
/usr/bin/shred: /home/safeer/passwords.txt: removing
/usr/bin/shred: /home/safeer/passwords.txt: renamed to /home/safeer/00000
/usr/bin/shred: /home/safeer/00000: renamed to /home/safeer/0000
/usr/bin/shred: /home/safeer/0000: renamed to /home/safeer/000
/usr/bin/shred: /home/safeer/000: renamed to /home/safeer/00
/usr/bin/shred: /home/safeer/00: renamed to /home/safeer/0
/usr/bin/shred: /home/safeer/passwords.txt: removed
safeer@lin01:~$ ls -l /home/safeer/passwords.txt
ls: cannot access /home/safeer/passwords.txt: No such file or directory
As you can see, the file is renamed multiple times before it is actually removed, to eliminate any trace of even the filename hanging around some where.
* Now shred-ing a drive/disk.
We cant use -u option as we don’t want to delete a drive. Also based on the size of the drive you might need to cut down the number of passes as overwriting the whole drive/disk will take a lot of time.
So this is how we do it:
safeer@lin02:~$ sudo /usr/bin/shred -v -n 2 -z /dev/sdb1
shred: /dev/sdb1: pass 1/2 (random)...
shred: /dev/sdb1: pass 1/2 (random)...55MiB/466GiB 0%
shred: /dev/sdb1: pass 1/2 (random)...95MiB/466GiB 0%
........
........
shred: /dev/sdb1: pass 1/2 (random)...466GiB/466GiB 100%
shred: /dev/sdb1: pass 2/2 (000000)...
shred: /dev/sdb1: pass 2/2 (000000)...795MiB/466GiB 0%
....
....
shred: /dev/sdb1: pass 2/2 (000000)...464GiB/466GiB 99%
shred: /dev/sdb1: pass 2/2 (000000)...465GiB/466GiB 99%
shred: /dev/sdb1: pass 2/2 (000000)...466GiB/466GiB 100%
As you can see, I am using only two passes here as the disk I am shredding is 500GB sized. It took me almost 10 hours to complete the first pass, so chose your numbers wisely.
No comments:
Post a Comment