1) Shred
Although it has some important limitations, the shred command can be useful for destroying files so that their contents are very difficult or impossible to recover. shred accomplishes its destruction by repeatedly overwriting files with data patterns designed to do maximum damage so that it becomes difficult to recover data even using high-sensitivity data recovery equipment1.
Deleting a file with the rm command does not actually destroy the data; it merely destroys an index listing the location of the file and makes the file’s data blocks available for reuse. Thus, a file deleted with rm can be easily recovered using special utilities or commands if its freed data blocks have not yet been reused. However, on an active system with a nearly full hard disk drive (HDD), freed space can be reused in a matter of minutes or even seconds.
Deleting a file with the rm command does not actually destroy the data; it merely destroys an index listing the location of the file and makes the file’s data blocks available for reuse. Thus, a file deleted with rm can be easily recovered using special utilities or commands if its freed data blocks have not yet been reused. However, on an active system with a nearly full hard disk drive (HDD), freed space can be reused in a matter of minutes or even seconds.
Shred Syntax
shred [option(s)] file(s)_or_devices(s)
Available Options
-f, –force - change permissions to allow writing if necessary
-n, –iterations=N - Overwrite N times instead of the default (25)
-s, –size=N - shred this many bytes (suffixes like K, M, G accepted)
-u, –remove - truncate and remove file after overwriting
-v, –verbose - show progress
-x, –exact - do not round file sizes up to the next full block
-z, –zero - add a final overwrite with zeros to hide shredding
-shred standard output
–help - display this help and exit
–version - output version information and exit
Shred Examples
1) The following command could be used securely destroy the three files named file1, file2 and file3
shred file1 file2 file3
2) The following would destroy data on the seventh partition on the first HDD
shred /dev/hda7
3) You might use the following command to erase all trace of the filesystem you’d created on the floppy disk in your first drive. That command takes about
20 minutes to erase a “1.44MB” (actually 1440 KiB)
floppy.
shred –verbose /dev/fd0
4) Erase all data on a selected partition of your hard disk, you could give a command like this
shred –verbose /dev/sda5
Adding shred to Nautilus menu in Ubuntu
First Install nautilus-actions package using the following command in the terminal
sudo aptitude install nautilus-actions
Now Open up Nautilus Actions Configuration from System->Preference->Nautilus Actions Configuration
Once opens you should see similar to the following screen here Click Add
Now Enter the following details
Label: Shred
Tooltip: shred utility to securely erase files
Icon: gtk-dialog-warning
Path: shred
Parameters: -f -u -v -z %M
Click on the Conditions tab Under the “Appears if selection contains“, check “Only files” (If you want files and folders select Both).Check the box “Appears if selection has multiple files or folders“. Click OK
After adding you should see similar to the following screen click close
Open up a terminal, run the following commands to update the nautiuls
nautilus -q
nautilus
Now this will open nautilus window Now right click on any files, you should be able to see the shred command in the menu.
wipe
wipe is a little command for securely erasing files from magnetic media. It compiles under various unix platforms, including Linux 2.*, (Open+Net+Free)BSD, aix 4.1, SunOS 5.5.1, Solaris 2.6. Recovery of supposedly erased data from magnetic media is easier than what many people would like to believe. A technique called Magnetic Force Microscopy (MFM) allows any moderately funded opponent to recover the last two or three layers of data written to disk. Wipe repeatedly writes special patterns to the files to be destroyed, using the fsync() call and/or the O_SYNC bit to force disk access.
Install wipe in Ubuntu
sudo aptitude install wipe
wipe Syntax
wipe [options] path1 path2 … pathn
Wipe Examples
Wipe every file and every directory (option -r) listed under /home/berke/plaintext/, including /home/berke/plaintext/.Regular files will be wiped with 34 passes and their sizes will then be halved a random number of times. Special files (character and block devices, FIFOs…) will not. All directory entries (files, special files and directories) will be renamed 10 times and then unlinked. Things with inappropriate permissions will be chmod()’ed (option -c). All of this will happen without user confirmation (option -f).
wipe -rcf /home/berke/plaintext/
Assuming /dev/hda3 is the block device corresponding to the third partition of the master drive on the primary IDE interface, it will be wiped in quick mode (option -q) i.e. with four random passes. The inode won’t be renamed or unlinked (option -k). Before starting, it will ask you to type “yes”.
wipe -kq /dev/hda3
Since wipe never follows symlinks unless explicitly told to do so, if you want to wipe /dev/floppy which happens to be a symlink to /dev/fd0u1440 you will have to specify the -D option. Before starting, it will ask you to type “yes”.
wipe -kqD /dev/floppy
Here, wipe will recursively (option -r) destroy everything under /var/log, excepting /var/log. It will not attempt to chmod() things. It will however be verbose (option -i). It won’t ask you to type “yes” because of the -f option.
wipe -rfi >wipe.log /var/log/*
Due to various idiosyncracies of the operating
wipe -Kq -l 1440k /dev/fd0
Adding Wipe to Nautilus menu in Ubuntu
First Install nautilus-actions package using the following command in the terminal
sudo aptitude install nautilus-actions
Now Open up Nautilus Actions Configuration from System->Preference->Nautilus Actions Configuration Click Add
Enter the following details
Label: Wipe
Tooltip: Wipe utility to securely erase files
Icon: gtk-dialog-warning
Path: wipe
Parameters: -rf %M
Click on the Conditions tab Under the “Appears if selection contains“, check “both”
Check the box “Appears if selection has multiple files or folders“. Click OK
Open up a terminal, run the following commands to update the nautiuls
nautilus -q
nautilus
From Now right click on any files, you should be able to see the wipe command in the menu.You can check above procedure for screenshots.
Secure-Delete tools
Tools to wipe files, free disk
The Secure-Delete tools are a particularly useful set of programs that use advanced techniques to permanently delete files. To install the Secure-Delete tools in Ubuntu, run the following command
sudo aptitude install secure-delete
The Secure-Delete package comes with the following commands
srm(Secure remove) - used for deleting files or directories currently on your hard disk.
smem(Secure memory wiper) - used to wipe traces of data from your computer’s memory (RAM).
sfill(Secure free space wiper) - used to wipe all traces of data from the free space on your disk.
sswap(Secure swap wiper) - used to wipe all traces of data from your swap partition.
srm - Secure remove
srm removes each specified file by overwriting, renaming, and truncat-ing it before unlinking. This prevents other people from undeleting or recovering any information about the file from the command line.
srm, like every program that uses the getopt function to parse its arguments, lets you use the — option to indicate that all arguments are non-options. To remove a file called ‘-f’ in the current directory, you could type either “srm — -f” or “srm ./-f”.
srm Syntax
srm [OPTION]… FILE…
Available Options
-d, –directory - ignored (for compatibility with rm)
-f, –force - ignore nonexistent files, never prompt
-i, –interactive - prompt before any removal
-r, -R, –recursive - remove the contents of directories recursively
-s, –simple - only overwrite with a single pass of random data
-m, –medium - overwrite the file with 7 US DoD compliant passes (0xF6,0×00,0xFF,random,0×00,0xFF,random)
-z, –zero - after overwriting, zero blocks used by file
-n, –nounlink - overwrite file, but do not rename or unlink it
-v, –verbose - explain what is being done
–help display this help and exit
–version - output version information and exit
srm Examples
Delete a file using srm
srm myfile.txt
Delete a directory using srm
srm -r myfiles
smem - Secure memory wiper
smem is designed to delete data which may lie still in your memory (RAM) in a secure manner which can not be recovered by thiefs, law enforcement or other threats. Note that with the new SDRAMs, data will not wither away but will be kept static - it is easy to extract the necessary information! The wipe algorythm is based on the paper “Secure Deletion of Data from Magnetic and Solid-State Memory” presented at the 6th Usenix Security Symposium by Peter Gutmann, one of the leading civilian cryptographers.
smem Syntax
smem [-f] [-l] [-l] [-v]
Available Options
-f - fast (and insecure mode): no /dev/urandom.
-l - lessens the security. Only two passes are written: the first with 0×00 and a final random one.
-l -l for a second time lessons the security even more: only one pass with 0×00 is written.
-v - verbose mode
sfill - secure free space wipe
sfill is designed to delete data which lies on available diskspace on mediums in a secure manner which can not be recovered by thiefs, law enforcement or other threats. The wipe algorythm is based on the paper “Secure Deletion of Data from Magnetic and Solid-State Memory” presented at the 6th Usenix Security Symposium by Peter Gutmann, one of the leading civilian cryptographers.
sfill Syntax
sfill [-f] [-i] [-I] [-l] [-l] [-v] [-z] directory/mountpoint
Available Option
-f - fast (and insecure mode): no /dev/urandom, no synchronize mode.
-i - wipe only free inode space, not free disk space
-I -wipe only free disk space, not free inode space
-l -lessens the security. Only two passes are written: one mode with 0xff and a final mode with random values.
-l -l for a second time lessons the security even more: only one random pass is written.
-v - verbose mode
-z - wipes the last write with zeros instead of random data
directory/mountpoint this is the location of the file created in your filesystem. It should lie on the partition you want to write.
sswap - Secure swap wiper
sswap is designed to delete data which may lie still on your swapspace in a secure manner which can not be recovered by thiefs, law enforce?ment or other threats.The wipe algorythm is based on the paper “Secure Deletion of Data from Magnetic and Solid-State Memory” pre?sented at the 6th Usenix Security Symposium by Peter Gutmann, one of the leading civilian cryptographers.
sswap Syntax
sswap [-f] [-l] [-l] [-v] [-z] swapdevice
Available Option
-f - fast (and insecure mode): no /dev/urandom, no synchronize mode.
-l - lessens the security. Only two passes are written: one mode with 0xff and a final mode with random values.
-l -l for a second time lessons the security even more: only one pass with random values is written.
-v - verbose mode
-z - wipes the last write with zeros instead of random data
sswap Examples
Before you start using sswap you must disable your swap partition.You can determine your mounted swap devices using the following command
cat /proc/swaps
Disable swap using the following command
sudo swapoff /dev/sda3
/dev/sda3 - This is my swap device
Once your swap device is disabled, you can wipe it with sswipe using the following command
sudo sswap /dev/sda3
After completing the above command you need to re-enable swap using the following command
sudo swapon /dev/sda3
Other Tool
DBAN
Darik’s Boot and Nuke (”DBAN”) is a self-contained boot disk that securely wipes the hard disks of most computers. DBAN will automatically and completely delete the contents of any hard disk that it can detect, which makes it an appropriate utility for bulk or emergency data destruction.
No comments:
Post a Comment