Sysresccd-manual-en Secure Deletion of Data
The secure removal of data is not as easy as you may think. When you delete a file using the default commands of the operating system (for example "rm" in UNIX or "del" in DOS or emptying the recycle bin in WINDOWS) the operating system does NOT delete the file, the contents of the file remains on your hard disk.
Most operating systems only remove references to the file when they are asked to delete a file. The file - you thought has gone forever - remains on the disk until another file is created over it (until another file overwrites the disk space where the "deleted" file is still stored), and even after that, it might be possible to recover the data by studying the magnetic fields on the disk platter surface using forensic equipment.
Before the file is overwritten by a new file, everyone can easily retrieve the data for example by using a disk undelete utility. And even after that some people (for example the three-letter-agencies) with special equipment are able to restore your data at least partially.
Everybody has sensitive data which they want to keep private. For example financial data, private emails, tracks of your internet surfing habits etc. I have heard of cases where people sold their old computers or harddisks and the buyer recovered their financial business data.
The only way to make recovering of your sensitive data nearly impossible is to overwrite ("wipe" or "shred") the data with several defined patterns. For detailed information see the famous Paper by Peter Gutmann http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
CAUTION: The use of wiping or shredding tools relies on a very important assumption: that the filesystem overwrites the data in place. This is the traditional way to do things, but many modern filesystem designs do not satisfy this assumption for example ReiserFS, Reiser4, XFS, Ext3 etc.
See http://www.die.net/doc/linux/man/man1/shred.1.html for more information. In this case a solution could be to wipe/shred the entire device (partition) where the sensitive data was stored to ensure that the data is really overwritten.
SystemrescueCd provides a few tools which are able to make recovering of data nearly impossible - I say nearly impossible, because no one can give you a guarantee that for example the NSA or the FBI could not recover at least a part of that data. but using those tools makes it harder.
CAUTION: On the other hand you will not be able to recover any data, deleted by those tools. Take care. We will not take responsibility for loss of data.
If you want to have ultimate security, use encryption for example LOOP-AES http://loop-aes.sourceforge.net/ . Encrypt your home directory or create an encrypted partition or container to save your data there.
- SHRED from the GNU coreutils (Fileutils) see http://www.gnu.org/software/coreutils/ or http://www.gnu.org/software/fileutils/doc/manual/html/fileutils.html#shredYou can use shred to securely delete simple files but also entire partitions or harddisks. Shred uses by default 25 overwriting passes, you can increase and decrease the number of overwriting passes. Therefore shred is faster than wipe (see below).
For example securely deleting all data on the first IDE harddrive:
shred -v /dev/hda.
- WIPE from Sourceforge see http://wipe.sourceforge.net Similar to shred you can use wipe to securely delete simple files but also entire partitions or harddisks. Wipe uses by default 35 overwriting passes according to the Paper by Peter Gutmann http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html. Wipe is slower than shred, because it uses by default more overwriting passes and therefore it is more secure.
For example securely deleting the Windows 98 Swap File from a mounted (FAT) windows partition using 35 overwriting passes:
wipe -D /mnt/windows/win386.swp
- SRM from the THC-Secure Deletion Tools see http://www.thc.org/releases.php?q=delete
srm does secure deletion of files
- SFILL from the THC-Secure Deletion Tools see http://www.thc.org/releases.php?q=delete
sfill does a secure overwriting of the unused disk space on the harddisk. sfill is the only UNIX tool I know which is able to clean the unused (free) disk space of a partition/harddisk. You can also use the "dd" command to overwrite the unused disk space with zero or random bytes.
- SSWAP from the THC-Secure Deletion Tools see http://www.thc.org/releases.php?q=delete
sswap does a secure overwriting and cleaning of the swap filesystem.
- SMEM from the THC-Secure Deletion Tools see http://www.thc.org/releases.php?q=delete
smem does a secure overwriting of unused memory (RAM)
The THC-Secure Deletion Tools use by default 38 overwriting passes based on the Paper by Peter Gutmann http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html, you can decrease the number of passes.
There are other tools on the SystemRescue CD which you can use similarly to overwrite especially devices, for example
- "dd": if=/dev/zero or /dev/urandom, of=device
- "dd_rescue": works similar to "dd"
- "badblocks": with -w option for writes 4 static passes
For more information take a look at the manuals.
In order to see how the tools work and to check if all sectors for example of a floppy have been overwritten, you can use VCHE, the virtual console hex editor. In our example we will securely erase all data from a floppy.
First type the following command:
shred -v -n 1 /dev/fd0
Shred will overwrite the floppy with one random pass.
Then let's run:
The floppy should be filled with random values.
Then we type the following command:
shred -v -n 1 -z /dev/fd0
The -z option will make an additional pass with zero values.
And we run VCHE again
The floppy should be filled with zero values.
Critical Comments, and Suggestions are welcome: klemens(dot)hofer(at)aon(dot)at