Is shred, srm, or wipe, considered good enough against forensics (when using with ext4)?

The following is from an article whereby the use of one or more of the previous commands is called into question when using them with ext4: https://www.computerhope.com/unix/shred.htm

CAUTION: Take note that shred relies on an important assumption: that the file system overwrites data "in-place." This assumption is the traditional way to do things, but many modern file systems do not do things exactly this way. The following are examples of file systems on which shred is not effective, or is not guaranteed to be effective in all file system modes:

log-structured or journaled file systems, such as those supplied with AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)
file systems that write redundant data and carry on even if some writes fail, such as RAID-based file systems
file systems that make snapshots, such as Network Appliance's NFS server
file systems that cache in temporary locations, such as NFS version 3 clients
compressed file systems

In the case of ext3 file systems, the above disclaimer applies (and shred is thus of limited effectiveness) only in data=journal mode, which journals file data in addition to file metadata. In both the data=ordered (default) and data=writeback modes, shred works as usual. Ext3 journaling modes can be changed by adding the data=something option to the mount options for a particular file system in the /etc/fstab file, as documented in the mount manual.

......................

I found the following article which is very close to where I am at right now. https://stackoverflow.com/questions/...rely-on-centos

"I would like to know how would to permanently and securely delete files on CentOS. The problem I'm having right now is that, the filesystem is ext3, and when I thought of using srm- it said something like

"It should work on ext2, FAT-based file systems, and the BSDnative file system. Ext3 users should be especially careful as it can be set to journal data as well, which is an obvious route to reconstructing information."

If I can't use shred or srm, and secure-delete is also not an option, I'm clueless about how to securely and permanently delete the data. The files I'm deleting are NOT encrypted. linux security filesystems centos

ANSWER: just use shred:

shred -v -n 1 -z -u /path/to/your/file

this will shred the given file by overwriting it first with random data and then with 0x00 (zeros), afterwards it will remove the file happy shreding!

notice that ext3/ext4 (and all journaling FS) could buffer the shred with random data and zeros and will only wirte the zeros to disk, this would be the case when you have a little file. for a little file use this:

shred -v -n 1 /path/to/your/file #overwriting with random data sync #forcing a sync of the buffers to the disk shred -v -n 0 -z -u /path/to/your/file #overwriting with zeroes and remove the file

for ext3 1MB or greater should be enough to write to the disk (but im not sure on that, its a long time since i used ext3!), for ext4 theres a huge buffer (up to half a gig or more/less).

** AS A SIDENOTE ONLY: I don't understand the following: "for ext4 theres a huge buffer (up to half a gig or more/less)."

if you really want to make files unavailable you ought to destroy your disk completely.
(the solution depends on how paranoiac is the owner).

Quote:

Originally Posted by pan64 if you really want to make files unavailable you ought to destroy your disk completely. (the solution depends on how paranoiac is the owner).

Yes, I agree. But, the safest way is to 'shred' them, or something like this, and then after a certain period of time, securely erase the disk. Until the disk is securely erased, this is one of the best options. The other is to encrypt the disk. But in the meantime, everyone should 'shred' when trying to remove so they can not be recovered. Thanks.

Why do you care ?. Most files probably don't matter - and who cares enough to bother with forensics on your deleted data ?.
For the data that does matter, it should always be encrypted when at rest - at least.

Quote:

Originally Posted by hddfsck Yes, I agree. But, the safest way is to 'shred' them, or something like this, and then after a certain period of time, securely erase the disk. Until the disk is securely erased, this is one of the best options. The other is to encrypt the disk. But in the meantime, everyone should 'shred' when trying to remove so they can not be recovered. Thanks.

ACTUALLY... If my hdd is encrypted, this doesn't seem to prevent anyone remotely connected to my computer from using recovery software to recover deleted files after I decrypt the hdd to use the computer/ internet.......?

This brings me back to where I started.

Quote:

Originally Posted by hddfsck ACTUALLY... If my hdd is encrypted, this doesn't seem to prevent anyone remotely connected to my computer from using recovery software to recover deleted files after I decrypt the hdd to use the computer/ internet.......?

If your threat model includes remote attackers being able to execute code on your computer, then I think you're setting the bar too high. It's just not feasible to defend against that kind of thing.

Quote:

In the case of ext3 file systems,.... In both the data=ordered (default) and data=writeback modes, shred works as usual

Check the setting on your system, but I believe it's very rare for anyone to change the 'default' setting, so you would be good to go .