[Nottingham] Secure deletion of files

Robert Postill robert at grinning-cat.com
Wed May 25 19:18:02 BST 2005


David,
Now on the assumption none of this "work" involves plans to rule the
world with a Lizard army based at chez Aldred :) 
On Wed, 2005-05-25 at 17:59 +0100, David Aldred wrote:
> A question arising from a discussion at work: how secure is deletion of files 
> in Linux?  
About as secure as it is on windows.  From recollection what happens is
the first inode in the chain is cleared (effectively marooning the rest
of the file), if you recreate the first inode, voila, file returned.
Check out http://recover.sourceforge.net/linux/ for some more details.
> Specifically, if I'm working on something for my employer using my own PC, and 
> need it completely deleted and irrecoverable afterwards, can I do that?
Complete deletion is a relative term, no-one without some unix skills is
going to get that back (and using a filesystem like resier of jfs
complicates matters against an fs like etx2/3).  Saying that you can use
dd and a list of the inodes that compose a file with a home-brew script
to do half a job.  Also check out http://wipe.sourceforge.net/ for a
more professional effort. However a forensics expert can retrieve the
data even after other writes have occurred by a process of "shadowing"
the magnetic surface of the disc (imagine something a little like using
tracing paper on top of a notepad to find out what was last written on
it).  So it all depends on what level of security you're after.  I seem
to recollect you working for a bank so I suspect they have a standard
for this, I'd be interested to hear what they have to say on what is
deemed an acceptable level of deletion.  The only way the truly
determined will erase the data is by destruction of the physical medium
(e.g. melting your platters AFTER securely wiping the disk).  Another
point to make is that RAID setups, databases (and other things that
perform lazy writes) complicate matters as you data may not be committed
to disk when you issue the nuke command.  The upshot of which can be
stupendously difficult to resolve.  So the advice is find the standard,
exceed it (so you're not asking the question next year:) then get on
with living, there's no point worrying about how far someone will go,
because you can guarantee they'll go further than you think. 
> And is there any way of doing it retrospectively, if I were to forget at the 
> time and simply delete the file in the usual way?
My fave is Darik's boot and Nuke http://dban.sourceforge.net/ which
gives a good account of itself, but be prepared to wait for it to
complete.  Make a partition your "nukeable" partition then when you're
done follow the instructions (carefully or it'll be your whole setup
that gets vaped!) from a DBAN CD or floppy.  
> (The video about security which triggered the discussion suggested a way of 
> securely deleting your files under Windows, which would be better than 
> nothing but still not particularly secure - and illustrated it with a video 
> of someone working on a Mac!).
If it was OS X there may be some crossover to linux anyhow.  But there
are a number of commercial products that do this kind of job(see Darik's
pages for some alternatives).

Now if that doesn't get me a visit from Special Branch nothing will :)
Robert.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://mailman.lug.org.uk/pipermail/nottingham/attachments/20050525/d00291b3/attachment.bin


More information about the Nottingham mailing list