Any computer user with normal level skill set knows that any data removed from computer system can be recovered later with little bit of efforts. This is a good thing in the scenario when you have accidentally deleted your critical data. But in most cases, you don’t want your private data to be recovered easily. Whenever we remove anything, the operating system deletes just the index of the particular data. It means that data is still there somewhere on the disk, this method is insecure, as any smart computer hacker can use any good data recovery tool to easily recover your deleted data. Linux users utilizes the well know “rm” command to remove data from their operating system, but “rm” command works in the conventional fashion. Data removed using this command can be recovered by special file recovery tools.
Let’s see how we can safely and completely remove files/folders from our Linux system. The methods mentioned below remove data completely so it becomes very hard for recovery tools to find traces of the actual data and recover it.
Secure-Delete is a set of tools for Linux operating system and they provide advanced techniques for permanent removal of files. Once Secure-Delete has been installed on any Linux system, it provides following four commands:
Run following command in the terminal to install it in ubuntu:
Run following command to install it in RHEL, Fedora or Centos:
“srm” command works similarly to “rm” command, but instead of just deleting the file, it first overwrites it multiple times with some random data and then removes the file permanently. The syntax for this command is pretty simply, just specify the file or directory to remove and it will take care of the task.
“sfill” checks the specified partition/directories for space marked as free or available, and then uses its algorithm to fill it up with some random data. In this way it ensures that there are no more recoverable files/folders on the partition.
“sswap” command is used to securely wipe your swap partitions. Swap partition is used to store data for running programs. First of all find out your swap partition by running the following command:
Example output of above command is show below:
From here, you can see that swap is set to which partition, and then securely clean it by running the following command. Replace the “/dev/sda5” part with your partition name.
“smem” is used to clean the contents of memory, its true that RAM contents are cleaned when system is rebooted or powered off, but some residual traces of data still remain in the memory. This command provides secure memory cleaning, simly run smem command on the terminal.
“shred” command destroys files/folder’s contents in a way that it is impossible to recover. It keeps overwriting the files with randomly generated data patterns so in this way it becomes very hard to recover any data from them even if hackers or thief uses high level of data recovery tools/equipments. Shred is installed by default on all Linux distributions, if you want, you can find its installation path by running following command:
Run following command to remove file using shred utility.
Run following command to securely remove any partition using shred ; Replace partition name with your desired partition.
Shred by default overwrites file with random contents 25 times. If you want it to overwrite file more than this, simply specify the desired number with “shred -n” option.
If you want to truncate and remove file after overwriting, use “shred -u” option
This command is originally used for Disk Cloning. It is used to copy contents of one partition or disk to another. But it is also used for securely wiping out the contents of a hard disk or partitions. Run following command to overwrite your current data with random data.You don’t need to install dd command, all Linux distributions include this command already.
You can also overwrite the contents of hard disk or partitions by simply replacing everything with “zero”.
Wipe was originally developed to securely erase files from magnetic media. This command line utility writes special patterns to the files repeatedly. It uses fsync() call and/or the O_SYNC bit to force disk access. It uses Gutmann algorithm for repeated writes. You can remove contents of single file, folder or entire hard disk with this command, but whole hard disk format using wipe command will take good amount of time. The installation and use of this utility is pretty easy.
Install wipe on ubuntu by running the following command on the terminal.
Install Wipe in Redhat Linux, Centos or Fedora by running the following command:
Once the installation is complete, run following command on the terminal to get complete list of its available options:
Remove any file or directory as:
Securely remove your tmp partition by running following command:
Use following command to remove contents of complete partition (replace partition name with your desired partition).
We hope you find this article useful, the privacy of your data is critical, its important to have such secure file removal utilities installed on your system so you may be able to remove your private data without fear of being recovered easily. All of the above mentioned tools are pretty lightweight, they take minimum system resources to run, and does not affect performance of your system in anyway. Enjoy!
There are plenty of free and paid software available to recover the deleted data from a hard drive. You may not want your personal data to be recovered or you simply wants to make it harder to recover the data. Because, someone might recover and misuse the data for their own benefit. So, it is very important that you must remove all personal, official, or any kind of important data before selling or exchanging your old hard drive. This brief tutorial describes how to securely and permanently delete your data in Linux.
While there are many tools and methods are available to delete your important files or folders in Unix-like operating systems, we are going to see only one tool named “secure-delete”. It provides four useful utilities that helps you to securely and permanently erase the data from your system, so that it would be very hard to recover those data by using any data recovery software.
A word of caution: Please remember that it is very hard to recover after deleting your files or folders using secure-delete. So, double check before using secure-delete utilities. Also, all of these are unnecessary and dangerous on SSD drives or other flash based media. SSDs store data differently from hard disk drives. I recommend you to use the manufacturer utilities to erase SSDs. For HDDs, this method will just work fine as described below.
secure-delete is available in the default repositories of DEB and RPM based systems.
In Debian, Ubuntu, Linux Mint, you can install secure-delete using command:
In Arch Linux, you can install it from AUR using any AUR helper programs, for example Yay:
Securely And Permanently Delete Your Data In Linux
Like I already mentioned, secure-delete package provides the following four utilities to securely erase file/folder, disk, swap, and memory of your Linux system.
- srm – secure remove
- sfill – Secure free disk and inode space wiper
- sswap – Secure swap wiper
- smem – secure erase memory
Let us discuss the usage of each command with examples.
srm is used to erase your files and folders securely and permanently, so the data can’t be recovered by data recovery software, law enforcement or any other threats.
The typical syntax of this command is:
- -d – Ignore the two special dot files . and .. on the command line.
- -f – fast and insecure mode. no /dev/urandom, no synchronize mode.
- -l – lessens the security. If you use this option for second time, it lessens the security even more.
- -r – Recursive mode (Deletes all sub-directories and its contents).
- -v – Verbose mode.
- -z – Wipes the last write with zeros instead of random data.
srm usage is pretty same as rm command.
The following command will recursively delete a folder called ostechnix.
And this one will delete a file called sk.txt.
Please note that srm will not completely delete NFS shares (remote file systems), RAID systems, and swap file system.
sfill will scan the specified partition or directory and look for space marked as free or available. If there is any free space, it will fill it up with some random data ensuring that there are no more recoverable data on the specified partition.
The syntax for this command is:
The following command will fill some random data on the empty space in the /home partition.
Swap partition can be used when the RAM is full. If the system needs more memory resources and the RAM is full, inactive pages in memory are moved to the swap space. To securely erase this data (inactive pages), you need sswap utility. As the name implies, sswap command will securely erase the data from swap partition.
The syntax of sswap command is:
First, find the swap partition using command:
Sample output of the above command in my Arch Linux is:
As you see above, my swap partition is /dev/sda3.
Disable swap partition using command:
Now, securely wipe the swap partition’s data with command:
After securely erasing the Swap partition’s data, enable it back:
semem command is used to securely erase the contents of the RAM which contains the state of running programs.
The Syntax for the above command is:
To securely clear the RAM which could contain any sensitive data of running programs, enter the following command:
You might want to protect some important files and directories from accidental deletion or modification. Here are the two simple ways to protect your important files from accidental deletion.
In most cases the means we use to delete a file from our computers such as using Delete key, Trash files or rm command, which do not permanently and securely remove the file from the hard disk (or any storage media).
The file is simply hidden from users and it resides somewhere on the hard disk. It can be recovered by data thieves, law enforcement or other threats.
Assuming a file contains classified or secret content such as usernames and passwords of a security system, an attacker with the necessary knowledge and skills can easily recover a deleted copy of the file and access these user credentials (and you can probably guess the aftermath of such as scenario).
In this article, we will explain a number of command line tools for permanently and securely deleting files in Linux.
1. Shred – Overwrite a File to Hide Content
shred overwrites a file to hide its contents, and can optionally delete it as well.
In the command below, the options:
- -z – adds a final overwrite with zeros to hide shredding
- -v – enables display of operation progress
- -u – truncates and removes file after overwriting
- -n – specifies number of times to overwrite file content (the default is 3)
shred – overwrite a file to hide its contents
You can find more usage options and information in the shred man page:
2. Wipe – Securely Erase Files in Linux
A Linux wipe command securely erases files from magnetic memory and thereby making it impossible to recover deleted files or directory content.
First, you need to install wipe tool in order to it, run the appropriate command below:
The following command will destroy everything under the directory private.
where the flags used:
- -r – tells wipe to recurse into subdirectories
- -f – enables forced deletion and disable confirmation query
- -i – shows progress of deletion process
Wipe – Securely Erase Files in Linux
Note: Wipe only works reliably on magnetic memory, therefore use the other methods for solid state disks (memory).
Read through the wipe man page for additional usage options and instructions:
3. Secure-deletetion Toolkit for Linux
Secure-delete is a collection of secure file deletion tools, that contains srm (secure_deletion) tool, which is used to remove files securely.
First you need to install it using the relevant command below:
Once installed, you can use srm tool to remove files or directories securely on a Linux system as follows.
where the options used:
- -v – enables verbose mode
- -z – wipes the last write with zeros instead of random data
srm – Securely Delete Files in Linux
Read through the srm man page for more usage options and information:
4. sfill -Secure Free Disk/Inode Space Wiper
sfill is a part of secure-deletetion toolkit, is a secure free disk and inode space wiper, it deletes files on free disk space in a secure method. sfill checks the the free space on the specified partition and fills it with random data from /dev/urandom.
The command below will execute sfill on my root partition, with the -v switch enabling verbose mode:
Assuming you created a separate partition, /home to store normal system users home directories, you can specify a directory on that partition to apply sfill on it:
The are a few limitations of sfill that you can read about in the man page, where you can also find additional usage flags and instructions:
Note: These following two tools (sswap and sdmem) in the secure-deletetion toolkit are not directly relevant for the scope of this guide, however, we will explain them for knowledge purpose and future use.
5. sswap – Secure Swap Wiper
It is a secure partition wiper, sswap deletes data present on your swap partition in a secure manner.
Caution: remember to unmount your swap partition before using sswap! Otherwise your system might crash!
Simply determine you swap partition (and check if paging and swapping devices/files are turned on using swapon command), next, disable paging and swapping devices/files with swapoff command (renders swap partition unusable).
Then run sswap command on the swap partition:
sswap – Secure Swap Wiper
Make an effort to read through the sswap man page for more usage options and information:
6. sdmem – Secure Memory Wiper
sdmem is a secure memory wiper, it is designed to remove data present in your memory (RAM) in a secure manner.
It was originally named smem, but because on Debain systems there exists another package called smem – report memory consumption on per-process and per-user basis, the developer decided to rename it sdmem.
For more usage information, read through the sdmem man page:
That’s it! In this article, we reviewed a number command line tools for permanently as well as securely deleting files in Linux. As usual, offer your thoughts or suggestions about the post via the comment form below.
If You Appreciate What We Do Here On TecMint, You Should Consider:
TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.
If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.
We are thankful for your never ending support.
I am new to real system administration but have been running Linux servers at my home for years. I haven’t cared too much about security because the few servers I maintained at work have always been on the intranet and all of the information stored on the servers was accessible by all employees anyway, so this is my first foray into truly securing a system.
I know quite a bit (or can find it on the Internet) about locking down a system for production use, but I can’t seem to find a whole lot of documentation about securely deleting a file on a Linux machine that is using a journaled file system.
From what I have read, due to the journalling process, even using tools such as srm or shred leave you vulnerable to data recovery.
So, what is the best method you have found to securely delete files on Linux? Does using LVM make any differences?
Thanks very much!
Edit 1: To add a bit of clarification, the server I want to secure will contain other users’ data, so whilst I can delete (or shred) the files, I can’t do so with the entire partition as it will contain data still important to other users. I’m not worried about securing the drive when it’s time is up; I can stick it in front of a huge magnent and toss it in a volcano if I need to, I’m worried about securing it from remote access. The physical site is fairly secure, although encrypting the drive may still be a good idea.
Edit 2: Edited title to be more descriptive of exactly the problem I am facing.
Is there a way to make sure that a deleted file can not be recovered?
As you know, deleting a file by pressing shift-del or using trash doesn’t mean that file is gone forever. It resides somewhere in the computer.
In day to day life, law enforcement or thieves use recovery programs to reveal our private data or something else.
They can recover all data that resides on hard disk, in RAM, and even USB.
To protect us from these people, what should one do? Which program should one use?
Note: I don’t want an answer like first use a recovery program then erase that file with shred. With just one program, I want to erase all unused/deleted files on my computer.
11 Answers 11
This command line tool is already installed from the core utilities in Ubuntu to securely erase and overwrite single files using the Gutman method.
erases whole partitions by overwriting everything with 0 s in a single iteration. If no legal aspects require another procedure, doing so is most probably safe to securely delete your private data.
from Craig Wright Lecture Notes in Computer Science, 2008, 5352, 243-257 .
erases the whole partition using 3 iterations with random numbers. In addition (option -z ) this writes zeros to hide the shredding process at the end. This will take 4 times longer than the fast method.
NOTE: By shredding a partition we will overwrite this partition with 0 or random numbers. It therefore efficiently deletes everything including file system caches on that partition forever. This can also be used to remove unwanted remnants of deleted files. Files we want to keep will have to be backed up before shredding.
More options, and the possibility of erasing directories in addition to single files, are offered by this command line utility.
Additional notes on journaling file systems and SSDs:
Please read the notes in the linked manpages on security issues arising from still recoverable backups in journaling file systems when erasing single files. Overwriting whole partitions rather than single files will effectively erase all data even when using a journaling file system.
Erasing data on a solid state disk (SSD) can if at all only be done by overwriting the whole drive (not only single partitions) with several iterations. Some SSDs may have an inbuilt feature to erase data but this may not always be efficient (see this link from comment). At present there is no general recommendation on the wiping processes or number of erase iterations needed to securely remove all data remnants on all SSDs available.
These options can be added in the context menu of Nautilus and Thunar.
- In Thunar, open “Edit” then “Configure Custom Actions”
Add (the plus sign)
Name “Shred File”
Description whatever you like
Action “shred -u %f”
Similarly for wipe .
- For Nautilus see this question and those related
Select “Appearance Conditions” and select “Other Files”
There isn’t one command that you can run which will easily clean up all the already-deleted files for you. However, there are a number of things you can do to reduce your vulnerability to this sort of attack in future.
As others have said, using tools like shred or srm allows you to delete a specific file by actually overwriting it, rather than just removing it from the filesystem. If you’re feeling bold, you can replace the rm command with shred or srm to securely delete files going forward. That means that whenever you (or another program) tries to delete something using rm , the secure delete command will run instead.
However, if you’re using a solid state disk, or even some newer mechanical disks, shred and other overwriting-based methods may not be effective, since the disk may not actually write where you think it’s writing (source).
A more convenient option is full-disk encryption. If you use the alternate installer, Ubuntu can automatically set up a fully-encrypted disk for you you, but you can also customize and configure the settings yourself. Once installed, the encryption is almost invisible to you: after you enter the passphrase (be sure to pick a good, long one) when the computer starts up, everything looks and feels just like normal Ubuntu.
You can also encrypt external media like USB drives using Ubuntu’s Disk Utility. Setting up an encrypted external disk is as simple as checking the “encrypt underlying filesystem” box when formatting the disk. You can even store the passphrase on your (encrypted) keyring, so that you don’t need to enter the phrase every time you plug that disk into your computer.
If your whole disk — and all your removable media — is encrypted, there’s much less to worry about. A thief or police officer would need to swipe your computer while it’s on, (or within a minute or two of turning it off if they’re very good) in order to access your data. If you hibernate (rather than suspend) your computer when it’s not in use, then you should be pretty safe.
If you ever need to completely destroy all your data, you don’t need to do a Gutmann wipe of your whole disk. Simply overwrite the very beginning of the disk, to destroy the headers for the encrypted volume. Unlike with a regular filesystem, this will actually make it impossible to recover the data.
So, how do you go from your current setup to a safely encrypted disk? It’s quite a challenge to retrofit a currently-installed operating system to use an encrypted disk. The easiest approach is to backup all your data and settings, then reinstall with an encrypted disk. When backing up, make sure to back up your data to an encrypted external drive, but don’t save the passphrase in your keyring.
After you’ve backed everything up, you may want to aggressively wipe your hard drive, to make sure that none of your existing data can be recovered in the future. If you’re using an SSD, the process is even more challenging, so depending how much you want to invest in the process, it might be worth destroying your current disk (a challenging proposition) and starting with a new one.
When reinstalling the OS, if you haven’t aggressively wiped the disk already, you should make sure to completely fill the new encrypted partition, which will overwrite all your old data. Once you’ve restored your backup, you may want to aggressively wipe the start of the backup disk, to destroy the encryption header, so that it can’t be recovered again.
Learn how to delete files permanently in a Linux system using command line and GUI
The deletion of files is quite a prevalent task for users of any operating system on any device. Whether you want to delete unused files on your PC, or you want to free up space by deleting older log files on your server, it is handy to know various options for file deletion.
Secure deletion of files is also a vital measure when it comes to data privacy and various legalities surrounding it. Many new file systems use new technologies such as Journaling, in which deletion does not “delete” the data, but makes a “Deleted” entry for the deleted file in the Journal, and marks its space as available for use. A simple rm command does not, at all, guarantee that the “deleted” contents cannot be recovered.
From the rm man page:
If you use rm to remove a file, it might be possible to recover some of its contents, given sufficient expertise and/or time.
Hence, it is essential to know tools in Linux which guarantee, at least to a degree, that the data is deleted and cannot be recovered by either a recovery tool or any other method for data recovery.
Command Line Tools to Permanently Delete Files on Linux
Using rm command
rm is the standard program to remove files in GNU/Linux systems. It is a part of GNU Coreutils and comes pre-installed in almost all Linux distributions.
To delete file(s) using rm, you can run:
This does not work on directories. To delete entire directories, along with the hierarchies below, you can run:
Data deleted using rm is recoverable until new data is written on the disk space occupied by the deleted data. Hence, rm is a good option if the data to be deleted does not contain any sensitive information.
Using shred command
The shred command overwrites the file with random data multiple times along with the option to delete the file. This makes recovery of the data extremely improbable, even with expensive hardware.
To shred contents of file (overwrite with random data), run the following command:
Note that by default, it overwrites random data 3 times. To overwrite in a different number of iterations, run the following command:
This will overwrite the data 10 times. Note that the above will not delete the file, only data is overwritten.
To use shred to delete and overwrite the contents of a file, use the following command:
One downside with using shred is absence of a ‘recursively shred’ option.
Using srm command
The program srm is part of the secure-delete package in Debian and Red Hat-based distributions. It uses a similar method as shred for secure deletion of a file. However, the algorithm used for overwriting a file are different in both the tools.
To install srm on Ubuntu and similar distributions, run the following command:
Note: For older Ubuntu versions (version 14.04 and below), you need to use apt-get should be used instead of apt .
To install srm on Red Hat based distributions, run the following command:
To delete your files and folders recursively using srm , run the follwing command:
GUI tools to Completely Delete Files on Linux
Nautilus is the default file explorer for most Linux distributions. You can permanently delete files in Nautilus by following the instructions below.
First, open Nautilus and Go to the folder from which you wish to delete the files.
Select the file/folder and press key combination Shift + Delete .
On the confirmation dialogue, click Delete to permanently delete the file or folder.
In case you prefer using mouse over keyboard, then you can add the Delete option in the context menu so that you can right-click on files/folders and select Delete. By default, the only option context menu has is “Move to trash”.
To enable the option of permanent delete in the right-click menu, do the following:
- Go to Edit » Preferences in the file explorer.
- Then select the Behaviour Tab.
- Check the box for Include a Delete command that bypasses Trash.
This will add a Delete option to the context menu in Nautilus on Ubuntu and other Linux distros.
Using Nautilus Scripts (For running any program from GUI)
Nautilus has the option of adding manual scripts to execute on selected files. We can make use of this to run shred or srm command from GUI.
Let us create a script to run srm recursively. Open the terminal, and go to Nautilus scripts folder location by running the command below:
Create a blank script file using the command below:
Add the following lines to the script file that we created in the step above.
Here $NAUTILUS_SCRIPT_SELECTED_FILE_PATHS is a variable that contains paths of all files and folders selected by the user in Nautilus.
Save the file by first pressing the ESC key, and then type :wq to save the file and exit the vim console.
Finally, make the script executable by granting execute permission using the command below.
After setting the script file, go back to the Nautilus GUI and right-click on a file or folder. You should see the script Secure_Delete under Scripts option in the context menu.
Click on the script name (that is Secure_Delete in this case) to permanently delete the files you selected before right-clicking.
In a similar way, you can add script for shred or any other tool and execute it from the GUI.
There are more GUI tools available, such as Nautilus-wipe and Bleachbit, which also use similar algorithms as shred and srm . Both can be installed from the standard Ubuntu repository.
Note that even after using these methods, there still lies a small chance that the data can be recovered using software (Disk recovery) or hardware methods (Hard Disk Drive Freezing). Hence in case of extremely sensitive data to be deleted permanently, methods like heating the hard drive at 1500 degrees Celsius make sure that no tools can recover any data from the disk.
Nov 28, 2015, 6:40 am EST | 3 min read
Some utilities have a “secure delete” option that promises to securely erase a file from your hard drive, removing all traces of it. Older versions of Mac OS X have a “Secure Empty Trash” option that tries to do something similar. Apple removed this feature recently because it just doesn’t work reliably on modern drives.
The problem with “secure delete” and “secure empty trash” is that it provides a false sense of security. Rather than relying on these sorts of bandaid file-deletion solutions, you should rely on full-disk encryption. On a fully encrypted disk, both deleted and undeleted files are protected.
Why “Secure Delete” Options Were Created
Traditionally, deleting a file from a mechanical hard drive didn’t actually delete that file’s contents. The operating system would mark the file as deleted, and the data would eventually be overwritten. But that file’s data was still sitting on the hard drive, and file-recovery tools could scan a hard disk for deleted files and recover them. This is still possible on USB flash drives and SD cards, too.
If you have sensitive data — for example, business documents, financial information, or your tax returns — you might worry about someone recovering them from a hard drive or removable storage device.
How Secure File Deletion Tools Work
“Secure delete” utilities attempt to solve this problem by not just deleting a file, but overwriting the data with either zeros or random data. This should, the theory goes, make it impossible for someone to recover the deleted file.
This is sort of like wiping a drive. But, when you wipe a drive, the enter drive is overwritten with junk data. When you securely delete a file, the tool attempts to overwrite only that file’s current location with junk data.
Tools like this are available all over the place. The popular CCleaner utility contains a “secure delete” option. Microsoft offers an “sdelete” command for download as part of the SysInternals suite of utilities. Older versions of Mac OS X offered “Secure Empty Trash”, and Mac OS X still offers an included “srm” command for securely deleting files.
Why They Don’t Work Reliably
The first problem with these tools is that they’ll only attempt to overwrite the file in its current location. The operating system may have made backup copies of this file in a number of different places. You may “securely delete” a financial document, but older versions of it may still be stored on disk as part of your operating system’s previous versions feature or other caches.
But, let’s say you can solve that problem. It’s possible. Unfortunately, there’s a bigger problem with modern drives.
With modern solid-state drives, the drive’s firmware scatters a file’s data across the drive. Deleting a file will result in a “TRIM” command being sent, and the SSD may eventually remove the data during garbage collection. A secure delete tool can tell an SSD to overwrite a file with junk data, but the SSD controls where that junk data is written to. The file will appear to be deleted, but its data may still be lurking around somewhere on the drive. Secure delete tools just don’t work reliably with solid-state drives. (The conventional wisdom is that, with TRIM enabled, the SSD will automatically delete its data when you delete the file. This isn’t necessarily true, and it’s more complicated than that.)
Even modern mechanical drives aren’t guaranteed to work properly with secure file deletion tools thanks to file-caching technology. Drives try to be “smart”, and there’s not always a way to ensure all bits of a file were overwritten instead of being scattered over the drive.
You shouldn’t try to “securely delete” a file. If you have sensitive data you want to protect, there’s no guarantee it will be erased and made unrecoverable.
What to Do Instead
Rather than using secure-file-deletion tools, you should just enable file-drive encryption. Windows 10 has Device Encryption enabled on many new PCs, and Professional versions of Windows also offer BitLocker. Mac OS X offers FileVault encryption, Linux offers similar encryption tools, and Chrome OS is encrypted by default.
When you use full-drive encryption, you don’t have to worry about someone getting access to your drive and scanning it for deleted files. They won’t have the encryption key, so even the bits of deleted files will be incomprehensible to them. Even if bits of the deleted files are left on the drive, they’ll be encrypted and just look like random nonsense unless someone has the encryption key.
Even if you have an unencrypted drive that contains sensitive files you want to get rid of, and you’re about to dispose of the drive, you’re better off wiping the entire drive rather than attempting to wipe just the sensitive files. If it’s very sensitive, you’re better off destroying the drive entirely.
As long as you use encryption, your files should be protected. Assuming your computer is powered down and the attacker doesn’t know your encryption key, they won’t be able to access your files — including the deleted ones. If you have sensitive data, just encrypt your drive and delete files normally rather than attempting to rely on secure-deletion tools. They might work in some cases, but can often offer a false sense of security. Secure file deletion just doesn’t work reliably with modern hard drives.
We saw how you can fully erase the contents of your hard disk in the past, but what happens if all you want is to delete one, two or a dozen files? Isn’t there a way to entirely remove them from your computer, beyond recovery, without having to nuke your whole HDD? The answer to this question is not only a resounding yes but also followed by a more than one! Let’s see some of the most popular solutions for complete file deletion in Linux.
Note: Ignore with SSDs
Most solid-state drives on the market today support TRIM for managing their free space, a feature in their firmware that reallocates their contents. Combined with the journaling file systems in Linux, like Ext3/4 and Reiser FS, the deletion beyond recovery of individual files can’t be guaranteed. The only solution in those cases is, unfortunately, is a full nuke of all contents in an SSD.
Bypass the trash
We saw in detail how you can pull this off in the past, but it’s worth another brief mention: if you wish, you can bypass the trash folder. This way, your deleted files won’t linger in the trash and will be marked fully gone. It won’t make their recovery impossible, but it is a step up from having them accessible.
To do that in a distro like Kubuntu with KDE, run its default file manager, Dolphin. Click on “Control -> Preferences -> Trash” to reach the related preferences. There isn’t an option to fully disable the trash, but you can use a neat trick that covers most bases: enable the Size limit and reduce it to the smallest value.
On our disk, this translated to 205.09 KiB. Dolphin will erase the contents of the trash when they exceed that value, and that would probably happen every other hour with typical desktop use. Other file managers like Nautilus or Nemo have options for you to bypass the trash completely.
If you’re running some variant of Ubuntu, shred is probably already a part of it. You can start using it immediately to fully erase any sensitive files you want to send to oblivion. How?
If you wanted to obliterate “deleteme.jpg,” you could use:
From the options …
- u tells shred to first remove the file before overwriting it.
- v displays verbose information.
- z fills the space that was taken by the data with zeros to further reduce any chance of recovery.
- -n 2 translates to three deletion passes – shred does one pass by default, and with “-n,” you can specify how many additional passes you require over that for extra security. The general consensus is that three passes should be more than enough for most people.
To eliminate multiple files or the contents of a folder, you can use wildcards like:
In the first case, “?” would be a wildcard for a single character, and shred would delete files named “delete_those_images_01.jpg” and “delete_those_images_02.jpg,” for example.
In the second case, shred would wipe out all files in the directory Pictures, no matter their name or type.
Wipe is another excellent alternative. Search for it in the software center of your distribution and install it from there or use:
Its use is almost as simple as shred’s, if not simpler. To erase any file or directory or use wipe, use:
This can become annoying since, by default, wipe uses too many time-consuming passes for extra security. Plus, it will request confirmation for the deletion.
Use the f flag to get rid of the confirmation and r to recurse into subdirectories. c tells wipe to chmod if necessary (when a file or directory has no write permissions set), and q allows you to reduce the number of passes for a quicker deletion. When using q , notice that it’s lowercase. It can be followed by a capital “Q” specifying the number of passes you demand. For example, the previously simple command, with those tweaks applied, would change to:
Using Secure Delete
SRM is one of the tools in the Secure Delete suite of tools that specializes in secure removal of data from your HDD. It’s held by many as the best tool for this job.
To install the full Secure Delete suite on Ubuntu and compatible distributions, use:
Afterward, you’ll be able to annihilate any file with:
You’ll probably want to use the z flag, that overwrites your file’s contents with zeros for extra security and v to get verbose information about the process. If dealing with directories and subdirectories, also include the r flag for recursive mode. If the 38 rewrites are too much for you, you can decrease the time required – as well as the security – by utilizing the l flag to reduce the number of passes to “only” two. This would turn the previous command to:
The GUI way: using Bleachbit
If you have an aversion to the command line, Bleachbit is one of the best solutions for securely erasing your data. By default, the tool specializes in discovering and disposing “redundant files” that keep taking up space long after you’ve needed them. But it also incorporates the usually forgotten ability to manually “shred” any file beyond recovery.
You can install it on your Ubuntu-compatible distribution through its software center or by using:
Click on “Edit -> Preferences” and enable the option “Overwrite contents of files to prevent recovery” for enhanced security.
Go back to its main interface, click on “File -> Shred,” and from the requester that pops up, choose the files you wish to beam to nothingness. Click “Delete” and re-assure Bleachbit that you’re sure of what you’re trying to do.
You should always keep in mind that our use of journaling file systems, and the fact we don’t know how each HDD’s firmware “manages,” for lack of a better term, its contents, means that the best solution is wiping out the full HDD – or even better, physically destroying the device.
OK’s real life started at around 10, when he got his first computer – a Commodore 128. Since then, he’s been melting keycaps by typing 24/7, trying to spread The Word Of Tech to anyone interested enough to listen. Or, rather, read.
Each time you re-install Linux and format your hard drive partitions, the data on them isn’t fully purged. The reasons for this are complicated, but suffice it to say, anyone that gets their hands on an old hard drive that hasn’t been adequately erased can recover personal files and sensitive data. That’s why in this article, we’ll be going over all of the best ways to erase a hard drive on Linux. Everything from using something like DD, to Shred and even DBAN.
Note: Shred and DD require knowing what letter is assigned to the drive you want to erase. To find the drive letter for the hard drive you plan to erase, open up a terminal and enter the lsblk command. The names they show correspond to the hard drives.
Zeroing A Drive – DD
The most common method for securely erasing a hard drive (aka zeroing) on Linux is done using the DD command. This method isn’t quick, but given the fact that every Linux and Unix system comes with the DD tool pre-installed, it makes this way of erasing a hard drive very accessible. There’s one catch though, and that is the fact that DD will not zero a drive currently in use. Meaning you can’t just do a DD overtop of your running Linux operating system. Instead, you’ll need to either unplug the hard drive and put it in another PC or load up a Linux live disk.
Assuming you’ve done one of these two things, here’s how to securely erase a hard drive using DD on Linux.
Step 1: make sure that the drive isn’t mounted. If it is attached, unmount it using the file manager. Alternatively, use the umount command.
Note: replace X with the actual drive letter, and the Y with the partition number (e.g., /dev/sda1).
Using /dev/urandom to write zeros on top of your entire hard drive is going to take a very long time. The best way to go about using DD in this manner is to turn it on and let it run overnight. When the next day comes around, everything should be good to go. You’ll know that the DD command is done when you can type in the terminal window again.
Another reliable way to erase a hard drive is with the GNU Shred tool. Like DD, it’s included on all Linux distributions in some form. Unlike DD, it can delete both files and entire hard drives. This method is ideal, especially if you want to erase aspects of the hard drive, but maybe not the whole file system. Here’s how to delete files with shred.
Lastly, use the Shred tool to erase a hard drive by running this command.
Like DD, using Shred to erase a drive takes quite a while. Best to just run this tool overnight and let it delete everything. When the terminal can accept typing again, you’ll know it’s finished.
Note: change X with your drive letter (e.g. /dev/sda).
If DD and Shred aren’t good enough for securely wiping your hard drive, consider using the Darik’s Boot And Nuke tool. It’s a Linux powered open source tool that will delete anything and everything connected to your PC, as long as its running. Using DBAN requires a USB live disk. Download the Etcher USB imaging tool, as well as the latest DBAN ISO image. The DBAN tool is only a 15 MB file, so pretty much any USB drive i.e., any capacity, will work.
When everything is downloaded, open up the Etcher USB tool and use it to flash the DBAN ISO image. Then restart your PC. Be sure to log into your PC’s BIOS and change the bootloader so that the USB key loads first.
Note: disconnect any hard drives from your PC that you do not want to erase. DBAN will delete absolutely everything that is connected to it.
On the DBAN boot screen, enter “autonuke” into the prompt. This command will automatically nuke anything and everything connected to the PC. So once again, be very sure that every hard drive you want to save IS NOT CONNECTED, and that only ones you do wish to erase are connected. There is no way to undo this one it’s been done.
Running autonuke will bring up the DBAN UI. It’ll scan for drives and erase them one at a time. Be patient, as this process takes a long time. You’ll know when DBAN is complete, as it will tell you on the screen. Best to just leave the tool running.
After the erasing process completes, the screen will turn black and say “All selected disks have been wiped”. Press any key to continue with the tool to the end screen.