shred – Deleting Files Securely



 

 


In this age of high computer risk it can be very important to delete critical files securely. Simply deleting the file does not delete or overwrite the data that was in the file. It remains on the hard drive. Even if the data blocks belonging to the file are overwritten by another file, the magnetic signature of the original file remains . This signature can be reduced with many overwrites, but will still remain strong enough for the original file to be recovered over many iterations. Thus the reason that the shred program exists.

Securely removing a file means not merely deleting the file but also overwriting the file many times to ensure that it can never be retrieved from the hard drive even using the most advanced forensic techniques.

The shred command provides a method for overwriting all of the data blocks that belong to the file any arbitrary number of times. For example, the command shred -vun 5 4c323688ccb3e shreds the file 4c323688ccb3e five times. The v option means verbose, u means to remove the file’s directory entry after it has been shredded, and n means that the following number, 5 in this case, is the number of times to overwrite the file’s data blocks. The result of this command looks like the output below:

[root@david1 tmp]# shred -vun 5 4c323688ccb3e
shred: 4c323688ccb3e: pass 1/5 (random)…
shred: 4c323688ccb3e: pass 2/5 (ffffff)…
shred: 4c323688ccb3e: pass 3/5 (random)…
shred: 4c323688ccb3e: pass 4/5 (000000)…
shred: 4c323688ccb3e: pass 5/5 (random)…
shred: 4c323688ccb3e: removing
shred: 4c323688ccb3e: renamed to 0000000000000
shred: 0000000000000: renamed to 000000000000
shred: 000000000000: renamed to 00000000000
shred: 00000000000: renamed to 0000000000
shred: 0000000000: renamed to 000000000
shred: 000000000: renamed to 00000000
shred: 00000000: renamed to 0000000
shred: 0000000: renamed to 000000
shred: 000000: renamed to 00000
shred: 00000: renamed to 0000
shred: 0000: renamed to 000
shred: 000: renamed to 00
shred: 00: renamed to 0
shred: 4c323688ccb3e: removed

The shred program overwrites the data blocks belonging to the file multiple times with different bit patterns to confuse would be crackers trying to recover the file.

Notice that the file is renamed multiple times as well before finally deleting it to help prevent reading even its name.

In a real-world environment it would be better to overwrite a file many more times; more is better. I cannot definitively state a specific number, and you should remember that the more times you specify the longer it will take to complete the process, especially for many very large files. I would say, however, that a number in the hundreds would be a reasonable amount.

Not every file needs to be shredded in this manner. Anything you wish to delete that contains personal identification or financial data should definitely be shredded in this way. Think of it as you would a paper shredder. If you don’t want the data that can help someone steal your identity or your financial information, you should shred it. This would be especially true if you will be discarding the computer or giving it away when you purchase a new one.