Securely wipe disk/Tips and tricks
See Securely wipe disk for the main article.
This article describes alternative wiping methods to the specialized utilities that can speed up wiping.
tune2fs
. Wipe a single file
Wiping of a single file consists of two basic and one advanced anti-forensic time consumed method that can be done only with specialized tools, the last one method will not be covered in this article.
- Overwrite with random data before deletion or replace content with another one without changing file size.
- Wipe file and meta-data stored by the filesystem with specialized tools
- Search the whole disk for the deleted left-over parts of the file and wipe them too without making any changes to other files and their traces.
Overwriting of the file without changing its size can be done with common Linux utilities:
- Invoking
shred -x file
will replace content of file with pseudo-random data without changing the filesize (-x
). Using the-u
option will remove file after overwriting it. - With
mkfs
you can convert file into the filesystem that will alter everything in it, mount and fill in with any other content for a better overwriting. - The
dd
will create a file with preset size and content of your chose, if destination file name exist then it will become overwritten. Withdd
command you can replace the whole file or only a part in it with another content by combiningskip
andseek
options. You need to know size of the file to avoid expand of the file, to do it can usedu -b file_name | cut -f1
orstat -c "%s" file_name
. It is mandatory to useiflag=fullblock
option, see dd#Partial read. - Replace content in a file with a single symbol to avoid size changing you can do with perl utility.
To wipe meta-data you can fill in partition with files that makes file system replace old entries about files with new or use specialized utilities for that, see wipe free space section below.
It is up to you how to combine all of Linux file creation and conversion tools to prevent recovery of files and/or mislead recovery tools and them who uses it by rewriting with random or replace with predefined content.
- Simple overwriting has a chance to leave dislocated parts of file if free space is available.
- To rewrite content of specific files without changing their location on the disk you can first create a file or files to make partition full and then rewrite or replace content in files you want to hide with preferred utilities. It consumes much useful time if free space is very big and files are very few.
Examples:
Perl command that will replace everything in the file with .
:
$ perl -p -i -e 's\[^*]\.\g' file_name
dd:
$ source_content | dd bs=size_in_bytes count=1 iflag=fullblock of=destination_file seek=0
Or by using stdout redirection that works a slightly faster for creation but you will not be able to use seek
option for skipping some parts in the destination:
$ source_content | dd bs=size_in_bytes count=1 iflag=fullblock > destination_file
while
loop described in the section below.See also:
- convert charset in text files
- Advanced Bash-Scripting Guide - describes more advanced ways about how to create files from a bash script
- sed alternatives - a perl example that works better than sed for replacing content in a file
Overwrite the target
Prevent wiping mounted partitions
Choosing the device to be wiped needs extra care; a simple typo can be enough to damage the system. To minimize these risks, you can use a simple script to wrap your favourite wipe tool. For example:
if [[ -e "$1" && -b "$1" ]];then NOT_safe="$(lsblk -o "NAME,MOUNTPOINT" ${1//[0-9]/} | grep -e / -e '\]')"; if [[ -z "$NOT_safe" ]];then # Here you can use any of your favourite wiping tools # to wipe destination passed on command line and stored in variable "$1" # else echo 'Not allowed to destroy if any of the partitions is mounted: '"$NOT_safe" fi fi
dd - advanced example
An alternative is to randomize the drive/partition using a randomly-seeded AES cipher from OpenSSL. For example:
DEVICE="/dev/sdX" PASS=$(tr -cd '[:alnum:]' < /dev/urandom | head -c128) openssl enc -aes-256-ctr -pass pass:"$PASS" -nosalt </dev/zero | dd obs=64K ibs=4K of=$DEVICE oflag=direct status=progress
The command above creates a 128 byte encryption key seeded from /dev/urandom
. AES-256 in CTR mode is used to encrypt /dev/zero
's output with the urandom key. Utilizing the cipher instead of a pseudorandom source results in very high write speeds and the result is a device filled with AES ciphertext.
The block size is set to 64K above as it is usually faster than the default 512 bytes. Experiment with larger block sizes to find the optimal transfer rate for your hardware: [1] and the references therein.
See also Dm-crypt/Drive preparation#dm-crypt wipe on an empty disk or partition for a similar approach.
Using a template file
Instead of zeros you can use a bunch of files you want to be found or partition prints made by mkfs
formatted files but you should mount and fill it up with content or with any other repeated output from utilities of your choice.
One way is to wipe until device ends, but this type of redirection is not recommended because you have to use stop keys to break the while
loop when errors about device end will show up:
$ while [ 1 -lt 2 ];do cat file1-to-use.as-template file2-to-use.as-template /tmp/templatefiles/* ;done > /dev/sd"XY"
With dd you can safely wipe repetitively without out-of-space-errors, if size to be wiped is set up correctly with options. By using dd inside the while loop for stdout you will be able to chose which part of the file you want to restore by combining the skip
and seek
options with random or fixed values e.g. restore only partition start or end from a file, related are head(1) and tail(1) commands for output of the file parts to stdout.
while [ 2 -gt 1 ]; do if [ -z "$(pidof dd)" ];then break ; fi; cat file1-to-use.as-template file2-to-use.as-template /tmp/templatefiles/* ; done | dd of=/dev/sd"XY" seek=start_sector bs=sector_size count=sectors_to_wipe
while ... done | dd ...
to change destination of the source template files to use on each new loop.
See also:
- sector size - file creation and sector sizes
Wipe free space
You can wipe free space by several ways:
- Redirect output into a file instead of partition or device.
- Create multiple file copies by using e.g.
cp
command in loops with random file names or destination directories until no free space will be left.
- Use an utility that creates encrypted files with random password and file names. Some of the file compression utilities have options for compression methods, file types and can even split file into volumes of the preset size upon creation. By using some options randomly into a loop you will be able to fill the whole free space up with encrypted data and overwrite previous data.
- Use a specialized program for the free space wiping such as:
wipefreespace — Wipe Free Space securely erases the free space on file systems to prevent recovery of deleted sensitive data.
zerofree — Scans for non-zero free blocks in a filesystem and fills them with zeroes
Using dd
One can create a file that fills the empty space using dd:
dd if=source of=junk sync rm junk
The source
can be the /dev/urandom
or /dev/zero
stream.
The file is removed after making sure data has synchronized on disk.
Using 7-Zip
Password="$(dd if=/dev/urandom bs=128 count=1)" DestinationFile="$((${RANDOM/0/1}$(date "+%s")/${RANDOM/0/1}))" 7z a -t7z -mhe=on -p"${Password}" -mx=0 -v1m ${DestinationFile} source
See also 7z(1) for description of used options.
The source
can be a predefined file with random data or a device, e.g. /dev/urandom
or another block device or partition on it, e.g. /dev/sd"XY"
, with data you are not afraid to be found then even deleted files on it will be compressed to the destination.
- It is not necessary to set level of compression, enough to store data for minimizing CPU usage and a faster fill free space up.
- If you are using a single file as a source then you can put it into the RAM disk or the
/tmp
folder, because it uses tmpfs that allocates some amount of RAM because it will speed up reading.
Create multiple files with help of the timeout command
The timeout
command with randomized waiting time used it in a loop will break the command that will leave a file with random size. This is a slow method but is one of the possible alternatives. You can also use an array with predefined file names before the random part of it.
AA=${RANDOM/0/1}; timeout $((AA/100)) cat /dev/urandom > filename${RANDOM}.tmp;
See also:
- limits for the file creation on the different file systems.
- meta-data in the filesystem may keep information about file after it was deleted.
- forensic software uses meta-data to recovery and what need to do for wiping of the meta-data.