Erasing data is easy. Erasing it so it stays erased, however, can be tricky. Modern data forensics make it theoretically possible to recover at least fragments of data, so you need to use dedicated tools when you want to delete sensitive data in a way that ensures it’s irrecoverable. Whether you need to wipe a hard drive, remove confidential files, or sanitize a storage device, here are 4 commands that provide you with the necessary capabilities for secure data erasure.
1. shred
One of the most widely recognized tools for data erasure on Linux is the shred command. It overwrites a file to hide its contents. It lets you overwrite files with random data, making recovery virtually impossible. Use shred to erase individual files or entire directories securely. With customizable options, such as the number of iterations and the data size to overwrite, you have precise control over the erasure process. The shred command has a number of options, so see its man page for more information. Here are a few examples.
To overwrite and delete a file:
|
1 |
$ shred -u example.txt |
To overwrite a file three times:
|
1 |
$ shred -n 3 example.txt |
2. srm
Another powerful tool in the Linux toolbox is srm. Like shred, the srm command overwrites files with random data to render them unrecoverable. However, srm goes a step further by clearing the file’s metadata, such as its inode and access timestamps. This comprehensive approach ensures that no traces of the original data remain. Use srm to remove single or multiple files.
To delete a file:
|
1 |
$ srm example.txt |
For fast and secure removal:
|
1 |
$ srm -f example.txt |
Delete a directory and all its subdirectories:
|
1 |
$ srm -r exampleDir |
3. dd
While primarily known for its disk cloning capabilities, the dd command can also be used for secure data erasure.You can use dd to overwrite a storage device with random data or zeroes by utilizing specific parameters, effectively wiping its contents. As with all commands that erase data, it’s essential to exercise caution when using dd, because any mistake in specifying the target device can result in permanent data loss.
To overwrite the drive /dev/sdX (which probably doesn’t exist, so replace X with a valid drive letter from lsblk) with zeroes:
|
1 |
$ dd if=/dev/zero of=/dev/sdX bs=1M |
You can overwrite an entire drive with random data:
|
1 |
$ sudo dd if=/dev/urandom of=/dev/sdX bs=4M status=progress |
4. Destructive boot disc
ShredOS is a small Linux distribution with the sole purpose of securely erasing data on your hard drive or SSD. You need a USB drive with at least 8 GB of storage, a computer with a USB port, and the ShredOS image file. Insert it in a computer and boot from it, and it proceeds to erase all data from the machine. Use this with caution!
Use the right tool
Erasing data so that it can’t be recovered requires special tools. Use these tools when retiring hardware from your organization or your own home.
0 Comments