What is destroyed is the "index" or inode number that stores the reference on the hard disk of how to find the data in the file. The space occupied by the data is available for use, this can happen in just seconds, that new blocks of data overwrite the previous ones, or it may take a long time, weeks, months, in which the free space is returned to use.
There are very specialized software or companies dedicated to offering data recovery services, based on the fact that the data can remain there and what they try to do is rebuild the index or read directly track by track from the hard drive, recover as much as possible, including information between tracks and see what results and if the hard drive was not used after erasing, the chances of recovery are really high, very high.
So the rm command as it does not help much if what it is about is to completely eliminate certain sensitive information that you do not want to ever be recovered. So let's figure out how to do it with the shred command
Open a terminal sale and go to the directory where the file to be deleted is located safely and write and execute:
shred delete_file_name
So when executing the command, the file is overwritten 25 times and deleted, making recovery much more difficult. Shred has several parameters that optimize its use. You can check with --help.
Some parameters are:
-f, --force (change permissions, if necessary, for overwriting)
-n, --iterations = N (number of times the file will be overwritten)
-u, --remove (delete the file after overwriting it)
-v, --verbose (operation progress)
-z, --zero (add zeros to the end of the file)
What shred command does is to overwrite the file or files indicated several times (25 by default) with several text patterns, converting the original file and its content into a totally different one and with meaningless information. Its simplest use would be the following:
We assume an archivist who will have a text as content
# more myfile.txt
We execute the shred command
# shred myfile.txt
Then we list it
$ more myarchive.txt
It will look something similar to this
X () z ??? Eo ??? L0rC ???.? (Oh ?? U ?? +; ????? 4uM, ?? K ???: ??? c ??? ksJ8 ?? ? cV ????? Oc
a> ? d?> ???? 2? J? Xo? # [?? kQ? 9? Fi? i0sLS ???? s ??? 7? 6pR ?? e ^ ??; @ \ P ??
As you can see, just indicate the file to destroy and that is enough to make it useless. Note that the file is not deleted only transformed after multiple passes. If you want to remove it, use the -u option:
# shred -u myfile.txt
# more myfile.txt
myfile.txt: No such file or directory
The shred command does not automatically delete the file because its use is not only intended for files but also for devices, so you can for example delete and destroy all the content of a partition as follows:
# shred -n 40 / dev / hda1
In the previous option we do not use -u because we would delete the device too and we do not want that, just destroy or render the information contained in the partition unusable, it is now understood that shred by default does not remove or completely eliminate the file since it is common work with devices like / dev / hda5 that could be a partition that we would like to overwrite with shred but not delete the device itself.
A new option shemos used that is -ne indicates the number of times the file is overwritten, the default is 25. Now, and what exactly does shred overwrite ?, because you can see it with the -v option:
Take the example of an image
# shred -n 10 -v foto.webp
shred: foto.webp: pass 1/10 (random) ...
shred: foto.webp: pass 2/10 (222222) ...
shred: foto.webp: pass 3/10 (aaaaaa) ...
shred: foto.webp: pass 4/10 (555555) ...
shred: foto.webp: pass 5/10 (000000) ...
shred: foto.webp: pass 6/10 (random) ...
shred: foto.webp: pass 7/10 (888888) ...
shred: foto.webp: pass 8/10 (249249) ...
shred: foto.webp: pass 9/10 (ffffff) ...
shred: foto.webp: pass 10/10 (random) ...
The foto.webp file is the file to destroy, you can also delete images, movies, music, whatever, not just text files, in the previous example we indicated only 10 passes, the first was a random pattern, any character, no It is known what it was, the second pass the pattern used was '2', the last 8 shows us a pattern of '249', so it is not always just one character, it can be a combination of several.
Also the -z option could be useful, what it does is add a last pass, independent of those indicated, with a pattern of '0' zeros, the file will eventually be overwritten with '0' although in reality it is completely empty so does not leave evidence of random or encrypted characters.
Finally, let's see what happens when you use the -u option that overwrites and deletes or removes the file:
# shred -n 15 -z -u -v file.doc
shred: file.doc: pass 1/16 (random) ...
shred: file.doc: pass 2/16 (492492) ...
shred: file.doc: pass 3/16 (db6db6) ...
shred: doc file: pass 4/16 (924924) ...
shred: file.doc: pass 5/16 (random) ...
shred: file.doc: pass 6/16 (b6db6d) ...
shred: file.doc: pass 7/16 (6db6db) ...
shred: file.doc: pass 8/16 (random) ...
shred: doc file: pass 9/16 (000000) ...
shred: file.doc: pass 10/16 (aaaaaa) ...
shred: file.doc: pass 11/16 (ffffff) ...
shred: file.doc: pass 12/16 (random) ...
shred: doc file: pass 13/16 (249249) ...
shred: doc file: pass 14/16 (555555) ...
shred: file.doc: pass 15/16 (random) ...
shred: doc file: pass 16/16 (000000) ...
shred: file.doc: removing
shred: file.doc: renamed to 000
shred: 000: renamed to 00
shred: 00: renamed to 0
shred: file.doc: removed
As I mentioned, when using the -z option, one last pass was added, the 16th with a pattern of zeros, then the file is renamed several times and finally it is deleted, all these overwrites and name changes is what makes it very difficult (and in the vast majority of cases, impossible) the recovery of deleted files through shred.
Finally, the -f option allows you to force the overwriting of the file (s) in case it does not have write permissions, of course, only on which the user is the owner, basically it prevents you from using a chmod first to change to write permissions if the file did not have them.
- 0
Articles