There are a several ways to avoid a deleted file from being restored (at least using standard tools).

Table of Contents

shred

shred is a tool that overwrites a file repeatedly with random data and, optionally, deletes the file.

shred <file>
  • To delete the file after overwriting it, add the -u parameter.
  • You can use shred with devices like /dev/sdb (do not use -u in such cases). You may want to use -z to overwrite with zeros. Remember to recreate the filesystem (if you wipe a partition) or the partition table (if you wipe an entire disk) after the process.

This method is useless if there are backups, snapshots, the disks are part of a RAID system or if the filesystem is journaled or compressed. In short, shred assumes the file system and hardware overwrite data in place. If it’s not the case, files will be recoverable.

dd

As I showed you in Examples of the dd command usage, you can use dd to wipe a partition or disk. Remember that you will need to recreate the filesystem or the partition table after the process.

dd if=/dev/zero of=<partition or device path>
  • <partition or device path>: block partition or device name, like /dev/sdb1.
  • You can add bs=<bytes> to specify how many bytes read and write at a time, and count=<number> to copy only a number of blocks (of the size specified in bs).

As with shred, if there are backups in other partitions or disks or if the disk is part of a RAID system, files could be restored.

chattr

chattr allows to set attributes on files (like chmod). One of its available parameters is s. When a user remove a file, its blocks are overwritten with zeros.

# Use + or - to enable or disable this attribute
chattr +s file

This feature will not work on ext2/3/4 filesystems with modern Linux kernels.

If you have any suggestion, feel free to contact me via social media or email.