Wipe in Linux.
November 26th, 2019, 7:07
Hello,
How can I wipe the free space of a drive in the Linux? If I use below command then can I sure the data is unrecoverable?
Thanks.
How can I wipe the free space of a drive in the Linux? If I use below command then can I sure the data is unrecoverable?
- Code:
# dd if=/dev/zero of=/dev/sdaX
Thanks.
Re: Wipe in Linux.
November 26th, 2019, 7:32
hack3rcon wrote:How can I wipe the free space
the command above will wipe the entire partition (/dev/sdaX)
not only free space
Re: Wipe in Linux.
November 27th, 2019, 2:17
You right. I corrected it:
I want to know that when a partition wiped like it then can it recoverable?
- Code:
# dd if=/dev/zero of=/dev/sdaX/file.dd
I want to know that when a partition wiped like it then can it recoverable?
Re: Wipe in Linux.
November 28th, 2019, 14:20
I think data wiping is a minefield at file level as you have little or no control as to how a file or data is written to disk.
you make a request and trust the OS carry the job out, but have no idea where other data are actually copied and stored.
if you are wiping in situ, ie same drive you are using, maybe grab Bleachbit?
will it be secure? shred/dd/<more> yes, on modern drives, one pass is usually good.
That might nor guarantee that the data or parts of it are not available in some other part of the drive though.
ie how do you know if there are data still held in temp files, or that the request to wipe has actually physically wiped and more..
If you want to ensure data are overwritten you might be better secure erasing at device level. ie the entire drive, in which case use a liveCD/USB and make sure the drive to be erased is the only one hooked up.
even then, do an actual check to see, and ensure, the drive is erased.
to read:
https://en.wikipedia.org/wiki/Data_erasure#Limitations
https://en.wikipedia.org/wiki/File_deletion
https://en.wikipedia.org/wiki/Data_remanence
and the other link throughs
you make a request and trust the OS carry the job out, but have no idea where other data are actually copied and stored.
if you are wiping in situ, ie same drive you are using, maybe grab Bleachbit?
will it be secure? shred/dd/<more> yes, on modern drives, one pass is usually good.
That might nor guarantee that the data or parts of it are not available in some other part of the drive though.
ie how do you know if there are data still held in temp files, or that the request to wipe has actually physically wiped and more..
If you want to ensure data are overwritten you might be better secure erasing at device level. ie the entire drive, in which case use a liveCD/USB and make sure the drive to be erased is the only one hooked up.
even then, do an actual check to see, and ensure, the drive is erased.
to read:
https://en.wikipedia.org/wiki/Data_erasure#Limitations
https://en.wikipedia.org/wiki/File_deletion
https://en.wikipedia.org/wiki/Data_remanence
and the other link throughs
Re: Wipe in Linux.
November 28th, 2019, 18:12
Thank you for your info.
In your opinion, the drive that filled with "dd" command maybe recoverable?
I know "shred" is good, but erase all data and not just free space.
In your opinion, the drive that filled with "dd" command maybe recoverable?
I know "shred" is good, but erase all data and not just free space.
Re: Wipe in Linux.
November 30th, 2019, 8:50
it depends on what level of security you require.
at national security level, or concerns about police/jail etc you physically destroy the drive, overkill, like in a crusher or pickaxe, hammer, small bits.
Youtube has many semi entertaining videos on how one might do this
at the "i'm selling this and am scared some (ebay) crook might have tech knowledge" - use a reputable utility that covers even hidden sections of the drive and verify.
If the drive allows it use an internal "secure erase" which the drive controls, not the OS, don't do anything until it completes as it may lock the drive.
at the "I'm selling this; it's got non critical data but i don't want people looking or trying to recover docs/pics/vids etc" - same as above or dd it and verify.
at the internal redeploy level, any of the above repartiton and high/low level format (not Quick)
be careful of naming conventions though
https://en.wikipedia.org/wiki/Disk_form ... tting_(LLF)_of_hard_disks
whichever means, use some sort of hex editor to visually check the drive is full of zero/random, after you erase.
K
at national security level, or concerns about police/jail etc you physically destroy the drive, overkill, like in a crusher or pickaxe, hammer, small bits.
Youtube has many semi entertaining videos on how one might do this
at the "i'm selling this and am scared some (ebay) crook might have tech knowledge" - use a reputable utility that covers even hidden sections of the drive and verify.
If the drive allows it use an internal "secure erase" which the drive controls, not the OS, don't do anything until it completes as it may lock the drive.
at the "I'm selling this; it's got non critical data but i don't want people looking or trying to recover docs/pics/vids etc" - same as above or dd it and verify.
at the internal redeploy level, any of the above repartiton and high/low level format (not Quick)
be careful of naming conventions though
https://en.wikipedia.org/wiki/Disk_form ... tting_(LLF)_of_hard_disks
whichever means, use some sort of hex editor to visually check the drive is full of zero/random, after you erase.
K
Re: Wipe in Linux.
December 1st, 2019, 2:32
digitalferret wrote:it depends on what level of security you require.
at national security level, or concerns about police/jail etc you physically destroy the drive, overkill, like in a crusher or pickaxe, hammer, small bits.
Youtube has many semi entertaining videos on how one might do this
at the "i'm selling this and am scared some (ebay) crook might have tech knowledge" - use a reputable utility that covers even hidden sections of the drive and verify.
If the drive allows it use an internal "secure erase" which the drive controls, not the OS, don't do anything until it completes as it may lock the drive.
at the "I'm selling this; it's got non critical data but i don't want people looking or trying to recover docs/pics/vids etc" - same as above or dd it and verify.
at the internal redeploy level, any of the above repartiton and high/low level format (not Quick)
be careful of naming conventions though
https://en.wikipedia.org/wiki/Disk_form ... tting_(LLF)_of_hard_disks
whichever means, use some sort of hex editor to visually check the drive is full of zero/random, after you erase.
K
Thank you.
Government using special tools? If a drive wiped by a tool like "shred" then they can recover it?
Re: Wipe in Linux.
December 1st, 2019, 6:56
hack3rcon wrote:digitalferret wrote:it depends on what level of security you require.
at national security level, or concerns about police/jail etc you physically destroy the drive, overkill, like in a crusher or pickaxe, hammer, small bits.
Youtube has many semi entertaining videos on how one might do this
at the "i'm selling this and am scared some (ebay) crook might have tech knowledge" - use a reputable utility that covers even hidden sections of the drive and verify.
If the drive allows it use an internal "secure erase" which the drive controls, not the OS, don't do anything until it completes as it may lock the drive.
at the "I'm selling this; it's got non critical data but i don't want people looking or trying to recover docs/pics/vids etc" - same as above or dd it and verify.
at the internal redeploy level, any of the above repartiton and high/low level format (not Quick)
be careful of naming conventions though
https://en.wikipedia.org/wiki/Disk_form ... tting_(LLF)_of_hard_disks
whichever means, use some sort of hex editor to visually check the drive is full of zero/random, after you erase.
K
Thank you.
Government using special tools? If a drive wiped by a tool like "shred" then they can recover it?
or the real question - are you important enough that they might try?? If so, basically you are F***d anyway as they would use a variety of other ways to get at you.
What Kern said above should be plenty good enough
Re: Wipe in Linux.
December 1st, 2019, 15:52
Technically, on modern mechanical/spinning drives it's generally accepted that if shred or dd have *actually* overwritten data on a mechanical drive, it's beyond recovery.
When you overwrite a drive, you are making a request for the system to overwrite it.
There is some level of trust there unless you also have the capability to verify the wipe.
as per Brians reply, if the Govt are after you the drive might be the least of your problems.
That said, the Govt aren't going to publish their own capability and if your life depended on it, the dollar value of the drive would be insignificant compared to the consequence associated with Govt level authority coming down on you.
If it's a solid state drive, check:
https://www.zdnet.com/article/how-to-se ... ives-ssds/
a lot of wipe review sites are shill trying to sell someones solution and take a commision, so be wary of reviews
If in doubt, find the manufacturers site and d/l their own utility or go grab PartedMagic or and invoke a secure erase.
K
When you overwrite a drive, you are making a request for the system to overwrite it.
There is some level of trust there unless you also have the capability to verify the wipe.
as per Brians reply, if the Govt are after you the drive might be the least of your problems.
That said, the Govt aren't going to publish their own capability and if your life depended on it, the dollar value of the drive would be insignificant compared to the consequence associated with Govt level authority coming down on you.
If it's a solid state drive, check:
https://www.zdnet.com/article/how-to-se ... ives-ssds/
a lot of wipe review sites are shill trying to sell someones solution and take a commision, so be wary of reviews
If in doubt, find the manufacturers site and d/l their own utility or go grab PartedMagic or and invoke a secure erase.
K
Powered by phpBB © phpBB Group.