Secure File Deletion | SUSE LINUX Enterprise Server 9 Administrators Handbook

One thing many users often forget is that when you delete a file, it isn't actually gone. Even if you overwrite the file, reformat the drive, or otherwise attempt to destroy the stored information, chances are it can be recovered. A typical data recovery service costs only a few thousand dollars, so depending on the type of information involved, it might well be worth an attacker's time and money to have it done. The trick is to scramble the erased data by repeatedly flipping the magnetic bits on the disk (the 1's and 0's) so that, when finished, no traces of the original data remain.

The following Linux tools can perform secure file deletion:

Wipe (http://wipe.sourceforge.net)
ArticSoft Command Line Scriptor combined with PGP or GnuPG (http://www.articsoft.com/open_pgp_command_line.htm)
BCWipe for Unix (http://www.jetico.com)
Shred (included with SLES 9; installed as part of the core system)

The following shows the verbose output when shred is used to securely delete a file:

 Athena:/home/admin/test # shred -uzv myFile shred: myFile: pass 1/26 (random)... shred: myFile: pass 2/26 (aaaaaa)... shred: myFile: pass 3/26 (db6db6)... shred: myFile: pass 4/26 (000000)... shred: myFile: pass 5/26 (bbbbbb)... shred: myFile: pass 6/26 (555555)... shred: myFile: pass 7/26 (888888)... shred: myFile: pass 8/26 (492492)... shred: myFile: pass 9/26 (6db6db)... shred: myFile: pass 10/26 (cccccc)... shred: myFile: pass 11/26 (222222)... shred: myFile: pass 12/26 (999999)... shred: myFile: pass 13/26 (random)... shred: myFile: pass 14/26 (b6db6d)... shred: myFile: pass 15/26 (444444)... shred: myFile: pass 16/26 (ffffff)... shred: myFile: pass 17/26 (111111)... shred: myFile: pass 18/26 (666666)... shred: myFile: pass 19/26 (777777)... shred: myFile: pass 20/26 (249249)... shred: myFile: pass 21/26 (dddddd)... shred: myFile: pass 22/26 (eeeeee)... shred: myFile: pass 23/26 (924924)... shred: myFile: pass 24/26 (333333)... shred: myFile: pass 25/26 (random)... shred: myFile: pass 26/26 (000000)... shred: myFile: removing shred: myFile: renamed to 0000000 shred: 0000000: renamed to 000000 shred: 000000: renamed to 00000 shred: 00000: renamed to 0000 shred: 0000: renamed to 000 shred: 000: renamed to 00 shred: 00: renamed to 0 shred: myFile: removed

Bear in mind that some of these secure deletion applications work only on certain types of filesystems. For example, shred is not effective on a journaled filesystem such as ReiserFS. Furthermore, even though a file has been shredded from the disk, copies may still exist on (tape) backups.

TIP

If you are to retire a hard disk from your server, either by throwing it out or donating it to a school or charity, ensure you first completely and securely wipe the data off the drive. You can use something like Darik's Boot and Nuke (DBAN; dban.sourceforge.net), Acronis Drive Cleanser (www.acronis.com/enterprise/products/drivecleanser), or Active@ KillDisk (www.killdisk.com/downloadfree.htm) for such purposes.