Making files unrecoverable
There are a several ways to avoid a deleted file from being restored (at least using standard tools).
Table of Contents
shred is a tool that overwrites a file repeatedly with random data and, optionally, deletes the file.
- To delete the file after overwriting it, add the
- You can use
shredwith devices like
/dev/sdb(do not use
-uin such cases). You may want to use
-zto overwrite with zeros. Remember to recreate the filesystem (if you wipe a partition) or the partition table (if you wipe an entire disk) after the process.
This method is useless if there are backups, snapshots, the disks are part of a RAID system or if the filesystem is journaled or compressed. In short,
shred assumes the file system and hardware overwrite data in place. If it’s not the case, files will be recoverable.
As I showed you in Examples of the dd command usage, you can use
dd to wipe a partition or disk. Remember that you will need to recreate the filesystem or the partition table after the process.
dd if=/dev/zero of=<partition or device path>
<partition or device path>: block partition or device name, like
- You can add
bs=<bytes>to specify how many bytes read and write at a time, and
count=<number>to copy only a number of blocks (of the size specified in
shred, if there are backups in other partitions or disks or if the disk is part of a RAID system, files could be restored.
chattr allows to set attributes on files (like
chmod). One of its available parameters is
s. When a user remove a file, its blocks are overwritten with zeros.
# Use + or - to enable or disable this attribute chattr +s file
This feature will not work on ext2/3/4 filesystems with modern Linux kernels.
If you have any suggestion, feel free to contact me via social media or email.
Latest tutorials and articles: