Despite what procrastinating students and thesis authors might tell you, its actually pretty difficult to lose your homework if its ever been written to disk. This is usually good news. However, there are those few occasions when you really wish people couldn’t pull up every retirement planning document, bank statement, credit report, or other personal information you’ve ever stored on your computer. Those occasions include getting rid of old computers or hard drives, sending in a machine for tech support, or leaving a job. I can tell you, if I were in a position where I was receiving someone’s old hard drive, I’d have a hard time not at least taking a peek.
“So, what do you do?” If someone is getting rid of a computer or hard drive, they might at least format the disk. If they are sending their computer in for technical support, they might move their sensitive documents over to a thumb drive and delete them from the disk. These are both decent tactics to prevent access by a true novice, but will rarely do anything to deter a more experienced data recovery expert. The reason for this? When files are deleted or disks are formatted, typically the information about the files on the disk is updated, but the actual memory where the files were written is unchanged. “So, really though, what should you do?” Well fortunately there are a few tools out there to help. Their basic function is to scramble the actual memory where the files were written and then update the file information appropriately.
DBAN: The Hard Drive Final Solution
Darik’s Boot and Nuke, or DBAN, is the tool to use for wiping whole hard drives. When you’re getting rid of old disks, leaving a job, or really just want to stress test a hard drive, just download the ISO, burn it to a CD and boot from it on the computer that you want to nuke. There are a few options available on startup. These control the type of disk wipe to perform. Generally speaking, unless you are either very paranoid or just have a week to kill, the default (dodshort) is sufficient. At the prompt, simply type “autonuke” and hit enter. Depending on disk speed and size the time to completion can vary wildly, but plan for at least a day of operation.
Shred: Single File Destruction
Shred is a pretty standard Linux command. It has a few useful command line options, including whether to use random data when over writing the file, use only zeros on the last pass, the number of passes over the file to make and finally to actually delete the file afterwards. Typically I use something like: shred -uzn38 <target file>
. It is important to note that if you are using a Journaling file system, this may not be an effective mechanism. However, you can in most cases tweak journaling levels so that this will not be an issue.
Secure-Delete: More than just a Shredder
The people (person?) at Techthrob wrote a pretty good article on this subject and I found their coverage of Secure-Delete especially wonderful. I’ll be lifting a few parts here.
Secure-Delete is a bit of an all in one solution for scrubbing a computer, not just the hard drive. It comes with a shredder (srm), a memory scrubber (smem), a free disk space scrubber (sfill), and a swap space wiper (sswap). This is a tool-set which is appropriate for cleaning up a machine that you don’t quite want to nuke. The man pages for these tools provide wonderful documentation, but if you really need a more in depth explanation check out the Techthrob link below.
Install Secure-Delete with your package manager: apt-get install secure-delete
Resources
For a bit more detail and background check out:
- http://techthrob.com/2009/03/02/howto-delete-files-permanently-and-securely-in-linux/
- The DBAN site
- At a linux command prompt type:
man shred
- At a linux command prompt type:
man smem
- At a linux command prompt type:
man srm
- At a linux command prompt type:
man sfill
- At a linux command prompt type:
man sswap