In my last blog I detailed why it wasn’t necessary to take a hammer to your hard drive to protect your data. So what can you do if you’re sending an old PC off for recycling and don’t want Joe Random looking over your supposedly deleted files?
Whole disk deletion
The simplest whole-disk solution is DBan — Darik’s Boot and Nuke — “a self-contained boot disk that automatically deletes the contents of any hard disk that it can detect.”
DBan is an open source program that securely erases hard disks by overwriting them with with random garbage. It can be run from a CD, DVD or USB stick and can even be configured to automatically wipe every disk that it finds on a system or network. Download it here.
Linux users have a built-in command-line tool called shred. It overwrites the specified file(s) with random junk — 25 times by default.
Here’s how to use it:
Will shred the contents of secrets.txt but it leaves the file in place! While this is a good way of checking what shred does, you probably really want to …
shred -u secrets.txt
… remove the file after you’ve shredded it. For extra security you can …
shred -u -n 100 secrets.txt
… tell it to overwrite the file 100 times instead of the default 25, and even …
shred -u -n 100 -z secrets.txt
… overwrite the file with zeros on its last pass. This disguises the fact that there was ever any file there at all!
Note that shred does however come with a couple of caveats. The man shred command will give you the full details, but essentially it assumes that the file system overwrites data in place. That’s the usual way of doing things, but Linux has a wide variety of possible file systems and they don’t all work the same way! Still, shred works just fine with the default ext3 file system used on most distributions.
The full kit
The Secure-Delete toolkit provides a suite of tools to:
- securely wipe files
- wipe free disk space
- wipe swap space and computer memory
All work in a similar fashion; writing and rewriting random data, then a set of special cryptographic values, followed by more random data. In addition, the file tool also randomly renames and truncates the file.
Secure-delete may not be installed by default, so use your package manager to add it. Debian / Ubuntu / Mint users can just do:
sudo apt-get install secure-delete
Here’s a quick run-down of the SD tools and how to use them:
srm (secure remove) :
wipes files or directories currently on your hard disk. The algorithm used is based on this paper by local boy Peter Gutmann.
To wipe a file:
To wipe a directory:
srm -r folder_name
sfill (secure free space wiper) :
wipes the free space areas on your disk. If you haven’t used secure deletion tools before, chances are there’s still a lot of recoverable data in regions where files have been unsecurely deleted. sfill will clean this up!
Clean up your home folder:
smem (secure memory wipe) :
deletes data stored in your computer’s memory. Why? Because data held in SDRAM doesn’t “fade away” and can be easily recovered!
To wipe memory:
Note: a full smem run can take some time! Try
smem -ll for a quicker (though less secure) run.
sswap (secure swap space wipe) :
does a secure wipe of your swap partition.
Find your swap partition:
sudo swapoff /dev/swap_partition
Securely wipe it:
sudo sswap /dev/swap_partition
sudo swapon /dev/swap_partition