~/

Securely Wipe Disks and Delete Files


Table of Contents


Introduction

In this guide I will try to show you how to safely wipe disks and delete files, or at least, make data recovery quite hard. Secure data deletion is a complex matter, there are several factors that come in to play when you have to delete data from a memory, some of them are:

As the Arch Linux Wiki explains:

Wiping a disk is done by writing new data over every single bit.

..This is the general concept to follow when deleting data from a volume. For more information about data that may remain after deletion, see:

Wikipedia:Data remanence

ArchWiki:Data remanence

Note: These operations should be performed in an isolated environment such as a Live Operating System or a virtual environment (VirtualBox, VMWare, QEMU, etc…). The utilities and commands shown in the examples are mostly in the GNU/Linux environment but you can also find some examples for Windows :)

Wipe Disk

Wipe All Data Fast With Zeros

The most common case is when the device is to be sold or given to someone else, You may need to protect your data from a simple forensic investigation or File Recovery software in general. To delete everything quickly from a disk, writing zeros (i.e. 0, /dev/zero) allows maximum performance in terms of speed.

Zeros

Overwriting with /dev/zero or simple patterns is considered secure in most situations. With today’s HDDs, it is deemed appropriate and fast for disk wiping. However, a drive that is abnormally fast in writing patterns or zeroing could be doing transparent compression. It is obviously presumable not all blocks get wiped this way. Some #Flash memory devices do “feature” that.

Source: ArchWiki:Data remanence

A single, full overwrite with zeros or random data does not lead to any recoverable data on a modern high-density storage device, the common view is that repeating the operation after a full overwrite should not be necessary nowadays.

See: 1, 2, 3

However there are different opinions about it.

Now let’s look at the different methods for writing zeros (0) on a volume:

dd

Writes zero bytes to the entire volume using the /dev/zero stream:

There is no confirmation regarding for this command so double-check that the correct drive or partition has been targeted.

dd if=/dev/zero of=/dev/sdX bs=4096 status=progress

Where /dev/sdX is the name of the partition that you want to erase (e.g. /dev/sda), see: #Securely wipe disk: Select a target, the process is finished when dd reports No space left on device:

dd: writing to ‘/dev/sdX’: No space left on device
7959553+0 records in
7959552+0 records out
4075290624 bytes (4.1 GB, 3.8 GiB) copied, 1247.7 s, 3.3 MB/s

Windows format

On Windows You can use the format command:

Format the drive with the selected file system and write zeros to every sector of the drive once.

format g: /fs:NTFS /p:0

Where g is the name of the volume G and NTFS is the selected file system.

Write Pseudorandom Data

If you want to rewrite the record in addition to the zeros, for example to prepare a drive for block device encryption inside the wiped area afterwards, it is recommended to use Random Data generated by a cryptographically strong random number generator referred as a “RNG”.

True random data source using /dev/random is impractical for wiping large capacities as it will take too long to wait for the entropy generation. Then /dev/urandom can be used as a reasonable source of Pseudorandom data.

For differences between random and pseudorandom data and other information about, please see:

ArchWiki:Random Number Generation

Wikipedia:Random number generation

Wikipedia:Cryptographically-secure pseudorandom number generator (CSPRNG)

Redirect output: cat, xz, dd and cp commands

Redirected output, rewrite the partition or a block device by redirecting stdout from other utilities (cat, xz, dd):

cat /dev/urandom > /dev/sdXY

...

cat: write error: No space left on device
xz -z0 /dev/urandom -c > /dev/sdXY

...

xz: (stdout): Write error: No space left on device
dd if=/dev/urandom of=/dev/sdX bs=4096 status=progress

...

dd: writing to ‘/dev/sdX’: No space left on device
7959553+0 records in
7959552+0 records out
4075290624 bytes (4.1 GB, 3.8 GiB) copied, 1247.7 s, 3.3 MB/s

also you can use the command cp to rewrite the device:

cp /dev/urandom /dev/sdXY

...

cp: error writing ‘/dev/sd"XY"’: No space left on device
cp: failed to extend ‘/dev/sd"XY"’: No space left on device

With all the commands listed the procedure ends with an error message of “No space left on device”, it means that the program has written all sectors of the volume, so it’s all ok :)

In the examples /dev/sdX and /dev/sdXY are relative to the name of the chosen partitions:

/dev/sdX = sda

/dev/sdXY = sda1

shred

shred is a Unix utility for delete individual files or full devices. By default shred uses 3 passes, writing pseudorandom data to the device at each pass.

Run shred with default settings and show progress:

shred -v /dev/sdX

shred can be used also on a single partition:

shred -v /dev/sdX1

Use shred to write only 1 pass, but with entropy from /dev/urandom:

shred -v --random-source=/dev/urandom -n1 /dev/sdX

dd advanced example

To speed up wiping a large drive, you can also use this trick :)

Randomize the data using a randomly-seeded AES cipher from OpenSSL and write them with dd:

DEVICE="/dev/sdX"
PASS=$(tr -cd '[:alnum:]' < /dev/urandom | head -c128)
openssl enc -aes-256-ctr -pass pass:"$PASS" -nosalt </dev/zero | dd obs=64K ibs=4K of=$DEVICE oflag=direct status=progress

The command above creates a 128 byte encryption key seeded from /dev/urandom. AES-256 in CTR mode is used to encrypt /dev/zero’s output with the urandom key. Utilizing the cipher instead of a pseudorandom source results in very high write speeds and the result is a device filled with AES ciphertext.

Source: Securely wipe disk/Tips and tricks#dd - advanced example

DBAN

DBAN is software for delete information stored on hard disk drives (HDDs, not SSDs) in PC laptops, desktops, or servers. The program is in .iso format so it must be installed by creating a pendrive USB or CD bootable. Basically the program performs the operations we have seen above, you can install it on a USB pendrive for example, then select at boot priority the volume with DBAN for start it.

In the main menu we can see the available options with a command prompt to type commands:

alt text

Pressing F3 displays the list of available commands:

alt text

Use the command dod for wipe the disk with method: DoD 5220.22-M

alt text

Then the program starts wipe the disk, (be careful because there is no confirmation after the commands):

alt text

DBAN also offers an interactive mode, which can be accessed by pressing the Enter key. In the interactive mode, press Space key for select the volume you want to erase:

alt text

Press M for select the wipe method:

alt text

After selecting the preferred method, press F10 to start the wipe:

alt text

For more information about this program see the documentation on the official website.

Wipe a Single File

As shown above, when deleting a single file you must take into account some limitations, there may be copies, links or metadata of the file scattered on the same or other volumes, the type of file system is another factor that affects deletion, see: Comparison of file systems#Metadata.

shred

Use shred to delete a file overwriting 7 times and add a final overwrite with zeros to hide shredding

shred -uvzn 7 myfile.txt
-u  deallocate and remove file after overwriting
-v  show progress
-z  add a final overwrite with zeros to hide shredding
-n  overwrite N times instead of the default (3)

See: shred --help for more information

You can delete a folder recursively using shred and find:

find mydirectory -type f -exec shred {} \;

srm (secure rm)

ON Unix and Windows you can use the command line program srm for securely delete files and folders.

Remove a file and overwrite with 7 US DoD compliant passes:

srm -Dv myfile.txt

Remove a folder with 7 US DoD compliant passes:

srm -DRv myfolder/

…by default srm use the 35-pass Gutmann method to overwrite files which can be very slow, for a complete list of options see the command help srm -h.

Stay Safe

In short, we’ve learned that securely wiping disks and deleting files is not a simple matter. So if we need to eliminate data we have to follow certain procedures, as always in computer security, paranoia is a good friend, so here are some tips on how to prevent sensitive files from falling into the hands of third parties:

Encrypt your disk

The first countermeasure is to encrypt the volume/disk, this is the first layer of data protection in a device. Therefore, before thinking about how to delete a file you have to think about how to protect the volume in which it is contained. If you do not have the key to decrypt the volume, the file can be considered lost. However, if you need to clean a disk, you can encrypt the disk, throw away the key and rewrite it thus making the data inaccessible, or rather “very difficult to recover”.

If you really need to delete data, destroy the device

As for me I try to use any electronic device until his death, but in this case if we want to be 100% sure of the deletion of the data then we have to destroy the device. Furthermore, we understand that with Flash memories the procedures for deleting files are more complex and are often ineffective. So destroy the device!.


Credits:

ArchWiki - Securely Wipe Disk

Wikipedia - Data remanence

GNU Coreutils

Data Removal: Darik’s Boot and Nuke - DBAN

secure rm