9
February
2021
14:21

Carefully clean up traces of files on disk using the SFill and DD commands

,
9 February 2021 14:21

ОднOnce I had to give an employee a USB flash drive on which both programs and personal photos were stored. I deleted the photos, but they remained in the sectors and their employee could restore them if he wanted. Therefore, we need a way to clean up free disk space. I found a command on how to do this - it works with NTFS, FAT and EXT3 file systems. The command line program is called SFill.

Selectively clear free space after deleting files using the sfill command

The sfill command allows you to selectively destroy information on a disk - clearing deleted files in the INODE directory and the traces of files remaining after deletion in the free part of the disk.

  1. Install sfill

    sudo apt-get install secure-delete

  2. Read the documentation (optional)

    dpkg-query -L secure-delete
    
gzip -dc /usr/share/doc/secure-delete/secure_delete.doc.gz | more

Command Format:
sfill [-i] [-I] [-f] [-l] [-l] [-v] [-z] target-directory
Where
-i wipe only free inode space (destroy remote directories)
-I destroy only free space (without affecting inode directories)
-f fast write (excludes O_SYNC and sync() commands) which speeds up work, but is less reliable
-l weaken security for the sake of speed. Only a random number pass and then a second pass of 0xFF are used
-l further weaken the security and increase the speed - just one pass that overwrites the disk with 0xFF
-v output progress information (verbose)
-z uses zeros instead of random data
target-directory - target directory for cleaning (usually the root directory of the disk)

  1. Find out the name of the mount point of the flash drive that we are going to clean

    lsblk

    (См. столбец "MOUNTPOINT" - выделяем значение и копируем в буфер обмена).

  2. Run disk or directory cleanup

For example, quick cleaning of a flash drive:

lsblk
sfill -fllvz /media/vladimir/8C3E-FFF0

Message "Warning: you are not root. You might not be able to wipe the whole filesystem." ignore.

During execution, you can see that a large file oooooooo.ooo is created, the size of free disk space, consisting of zeros.

First, files are deleted, then deleted directories: "Wiping inodes ... Done ... Finished."

The command can also be run with administrative rights (root user):

sudo sfill -fllvz /media/vladimir/8C3E-FFF0

NB: The command uses the name of the directory, not the physical device.

How to perform a full disk wipe using Linux OS - dd command

Method 1:

sudo dd if=/dev/zero of=/dev/sdb bs=1M

where sdb is the device name.

The disk will be filled with zeros (0x00) - the partition table, file area and free space will be erased.

The disadvantage of this cleaning method is obvious - you cannot selectively clear only free space, leaving any necessary files on the disk.

Method 2:

sudo dd if=/dev/urandom of=/dev/sdb bs=1M

The same as method 2, but filled with random numbers 0xda 0x02, etc.. The method has one drawback - indiscriminate deletion and destruction of disk partitions.
The advantage is maximum disk cleaning speed.

Method 3:

The names of the sections can be found, for example, using the command

df -h | grep /sd

Command to clear the selected partition:

dd if=/dev/zero of=/dev/sdb1 bs=1M

Only the selected volume (partition) will be quickly cleared, for example sdb1.

With this method, the dd command destroys all information on the disk, including files and directories.

How to create partitions and format a blank disk using Linux

sudo apt-get install gparted
sudo gparted

Detailed description of working with the utility gparted cited from the article https://pingvinus.ru/note/harddrive-format-ubuntu-linux.



Related publications

Languages

Theme

RSS feeds

Atom 1.0 RSS

Popular tags

Random post

I'll be lucky!

Archive of posts

Search here

Weather forecast