LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 03-17-2007, 09:06 PM   #1
jhsu
Member
 
Registered: Mar 2007
Posts: 35

Rep: Reputation: 15
Deleting and recovering files


Before you get rid of a computer, you're supposed to do more than just delete your files, because that means only deleting the references to them. From what I've read, you can only truly get rid of deleted files by overwriting them many, many times. (I've read a few articles that claimed that deletions in the ext3 format are secure but deletions in other formats, especially Windows formats, are not secure.)

So what software do you use to get rid of old files?

Is there any software that will wipe out deleted files but leave all other files alone?

And how do you verify that your wiped out files are truly unrecoverable? What software tools are used to find deleted files?
 
Old 03-17-2007, 10:16 PM   #2
Mizzou_Engineer
LQ Newbie
 
Registered: Jan 2006
Location: Missouri
Distribution: Gentoo 2007.0 x86 & amd64
Posts: 25

Rep: Reputation: 15
Files can be recoverable after they're supposedly deleted because files are not truly deleted until they are overwritten with new data. On a big hard drive, that may take a while. Note that reformatting a drive does not necessarily delete the magnetic 1s and 0s pattern for the data- just all references to it in the file system. Here's how to securely delete ALL files on an old hard drive so that they are not recoverable.

1. Get a Linux live CD, boot computer from it.
2. Find the device node where the hard drive is that you want to delete. For an IDE hard drive, this is probably /dev/hda and a serial ATA drive would be /dev/sda. If you have questions as to which one yours is, feel free to ask later.
3. Open a terminal on the live CD desktop and type in the following with no quotes:

shred -n 2 -z -v /dev/hda

Replace /dev/hda with the actual hard drive device node. This writes random junk over the entire hard drive twice (-n 2) and then writes zeros over the entire hard drive (-z) and tells you the progress (-v.) This will render the hard drive completely blank and any data is unrecoverable.

If you just want to overwrite certain files on your hard drive, that is MUCH harder. Your best bet is to delete the files, make an image of the hard drive using dd or Ghost, then shred the hard drive like I said above, then replace the dd or Ghost image on the hard drive. Modern file systems make actually overwriting only a certain area extremely difficult, so the pitch, image, shred, reimage is about as good as you can do (and it does work, but is a lot of work.)

You can verify if your data was successfully deleted by either getting your hands on some professional HDD forensics tools or by taking your drive to a drive data recovery specialist and seeing if they can recover it. If you did what I suggested correctly, they won't be able to see anything.
 
Old 03-17-2007, 11:27 PM   #3
Electro
LQ Guru
 
Registered: Jan 2002
Posts: 6,042

Rep: Reputation: Disabled
Quote:
So what software do you use to get rid of old files?
I just delete the files using rm.

Quote:
Is there any software that will wipe out deleted files but leave all other files alone?
To remove them with some security, write a script that notes the size of the file and use dd that includes /dev/urandom to write garbage to the file several times. Then delete the file.

The dd syntax that I would use.

dd if=/dev/urandom of=desire_file bs=size_of_desire_file count=1

This method does not take into count of how Linux filesystems saves data. Another way is encrypt the files with either pgp or gpg and then delete.

Quote:
how do you verify that your wiped out files are truly unrecoverable? What software tools are used to find deleted files?
Use foremost, testdisk, grep, hex viwers, and many others.

To secure yourself that the data is completely gone for good, look up Darik's Boot and Nuke.

I recommend do not use dd to put an image onto a hard drive. Each hard drive has different geometries even if they are the same capacity. Use Ghost for Linux.

You can use hardware encryption that attaches between the controller and the hard drive. Any dummy you give your hard drive to will not be able to read your data. Though a smart and patient user can probably decrypt the data.

Last edited by Electro; 03-18-2007 at 02:41 PM.
 
Old 03-18-2007, 03:13 AM   #4
syg00
LQ Veteran
 
Registered: Aug 2003
Location: Australia
Distribution: Lots ...
Posts: 18,981

Rep: Reputation: 3281Reputation: 3281Reputation: 3281Reputation: 3281Reputation: 3281Reputation: 3281Reputation: 3281Reputation: 3281Reputation: 3281Reputation: 3281Reputation: 3281
Quote:
Originally Posted by jhsu
Is there any software that will wipe out deleted files but leave all other files alone?
Not that I'm aware of.
As per others suggestions,when I need to be sure, I trash everything. I've never needed to sell a working O/S, but if I did it'd be Linux, and it'd be reloaded after I had wiped the entire system.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
recovering from grub-install /dev/hda1 deleting windows XP boot loader Steve Mading Linux - Software 7 02-22-2010 07:53 PM
Help Recovering Files? ArenaKen Linux - General 3 06-14-2005 08:42 AM
recovering deleting files scarr3d Debian 1 03-12-2005 07:27 PM
recovering files sigeberht Linux - Software 1 06-30-2004 08:43 AM
recovering files nocturnal Linux - General 3 04-19-2003 04:31 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 06:48 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration