Secure data deletion

In my last blog I detailed why it wasn’t necessary to take a hammer to your hard drive to protect your data. So what can you do if you’re sending an old PC off for recycling and don’t want Joe Random looking over your supposedly deleted files?


Whole disk deletion

The simplest whole-disk solution is DBan — Darik’s Boot and Nuke — “a self-contained boot disk that automatically deletes the contents of any hard disk that it can detect.”

DBANDBan is an open source program that securely erases hard disks by overwriting them with with random garbage. It can be run from a CD, DVD or USB stick and can even be configured to automatically wipe every disk that it finds on a system or network. Download it here.


File-by-file deletion

Linux users have a built-in command-line tool called shred. It overwrites the specified file(s) with random junk — 25 times by default.

Here’s how to use it:

shred secrets.txt
Will shred the contents of secrets.txt but it leaves the file in place! While this is a good way of checking what shred does, you probably really want to …

shred -u secrets.txt
… remove the file after you’ve shredded it. For extra security you can …

shred -u -n 100 secrets.txt
… tell it to overwrite the file 100 times instead of the default 25, and even …

shred -u -n 100 -z secrets.txt
… overwrite the file with zeros on its last pass. This disguises the fact that there was ever any file there at all!

Note that shred does however come with a couple of caveats. The man shred command will give you the full details, but essentially it assumes that the file system overwrites data in place. That’s the usual way of doing things, but Linux has a wide variety of possible file systems and they don’t all work the same way! Still, shred works just fine with the default ext3 file system used on most distributions.


The full kit

The Secure-Delete toolkit provides a suite of tools to:

  • securely wipe files
  • wipe free disk space
  • wipe swap space and computer memory

All work in a similar fashion; writing and rewriting random data, then a set of special cryptographic values, followed by more random data. In addition, the file tool also randomly renames and truncates the file.

Secure-delete may not be installed by default, so use your package manager to add it. Debian / Ubuntu / Mint users can just do:
sudo apt-get install secure-delete

Here’s a quick run-down of the SD tools and how to use them:


srm (secure remove) :
wipes files or directories currently on your hard disk. The algorithm used is based on this paper by local boy Peter Gutmann.

To wipe a file:
srm filename.txt

To wipe a directory:
srm -r folder_name


sfill (secure free space wiper) :
wipes the free space areas on your disk. If you haven’t used secure deletion tools before, chances are there’s still a lot of recoverable data in regions where files have been unsecurely deleted. sfill will clean this up!

Clean up your home folder:
sfill /home/yourname


smem (secure memory wipe) :
deletes data stored in your computer’s memory. Why? Because data held in SDRAM doesn’t “fade away” and can be easily recovered!

To wipe memory:

Note: a full smem run can take some time! Try
smem -l
smem -ll for a quicker (though less secure) run.


sswap (secure swap space wipe) :
does a secure wipe of your swap partition.

Find your swap partition:
cat /proc/swaps
Disable swap:
sudo swapoff /dev/swap_partition
Securely wipe it:
sudo sswap /dev/swap_partition
Re-enable swap:
sudo swapon /dev/swap_partition


Don’t hammer your hard drive!

Last year, The Guardian took a set of power tools to the computers — and particularly the hard drives — that had stored data released by Edward Snowden. There’s even a video of what they did.



This, without a doubt, is the best way of preventing anyone from ever recovering data from your machine. Indeed, a few years ago the BBC reported that that British consumer magazine Which? Computing recommended taking a hammer to your old hard disk drive to prevent secondhand purchasers recovering data from it. They bought eight used computers and recovered 22,000 supposedly deleted files.

There’s a popular misconception that Delete actually deletes files. It doesn’t. It simply removes them from the disk’s index. (Ever wondered why it’s just as quick to delete a 2GB file as it is a 2-byte one…?) The same applies to the Format command. It doesn’t delete files either, it simply prepares the disk drive for new data by completely wiping the index. Recovering “deleted” and “formatted” files is just a matter of using the right software to rebuild the index.

But in most cases, you don’t need power tools, or even a hammer. Because in most cases, your data isn’t as sensitive as the Snowden files.

Instead, I suggest you use a good file shredder instead. These overwrite the target file(s) with garbage — again and again and again.

While it’s theoretically possible to recover at least some overwritten data, others reckon that these claims are “overwrought”. Besides, it’s highly unlikely that the person picking up your old drive will have access to a scanning transmission electron microscope and the other bits and pieces of kit necessary!

All that most people need is a really good file shredder. There are plenty of free ones around, especially for Linux users. We’ll take a look at them next time. So put that hammer away!