Computer forensics – Secure deletion of files with Wipe, and integration in the Nautilus Explorer

In the previous post about computer forensics, We saw How to recover deleted files, even from formatted disks; whenever we had not overwritten the various cluster where the information is stored on the affected drive.

Delete-album - 700 x 500On this occasion we will learn to delete files securely overwriting the disk repeatedly with random data, to preclude or hinder the task of recovery; Depending on the options that we launch this secure deletion software.

To do this we will use the package wipe, available for distributions GNU/Linux based in Debian from the official repositories; and finally We will integrate it into the Nautilus file browser, to make more comfortable handling.

#Instalamos wipe
usuario@maquina:~$ sudo apt-get install wipe

Now create a directory with some files inside, to finally delete them safely with Wipe.

usuario@maquina:~$ sudo mkdir directorio
usuario@maquina:~$ cd directorio
usuario@maquina:~$ sudo touch archivo1 archivo2 archivo3
usuario@maquina:~$ ls
archivo1 archivo2 archivo3

We can run wipe with many different options, I'm going to explain to them that I have chosen.

c If the directory permissions is necessary, running chmod to be able to delete it.

r activates the recursive delete, to remove all of its contents in addition to the directory.

i mode information, Active mode verbose.

q quick mode, by default 4 past.

Q Select the number of passes to apply quick mode.

k not split files to overwrite them, useful for cleaning a full device.

The other options of wipe You can find them in your manual, accessible from the terminal.

usuario@maquina:~$ man wipe

First of all, We will see one of the ways of delete a directory and its contents.

usuario@maquina:~$ sudo wipe -cri /home/usuario/directorio
Okay to WIPE 1 directory ? (Yes/No) Yes
Entering directory 'directorio'
File archivo2 (0 bytes) wiped 
File archivo1 (0 bytes) wiped 
File archivo3 (0 bytes) wiped 
Going back to directory /home/usuario
Operation finished.
3 files wiped and 0 special files ignored in 1 directory, 0 symlinks removed but not followed, 0 errors occured.

We can also see How to clean a partition whole, for what I will use the pendrive with the recovered files by Foremost in the previous practice.

usuario@maquina:~$ sudo wipe -kqQ 6 /dev/sdb1
Okay to WIPE 1 special file ? (Yes/No) Yes
Wiping /dev/sdb1, pass 5 in quick mode [488896 / 488896] ETA 2h56m 
Operation finished. 
1 file wiped and 0 special files ignored in 0 directories, 0 symlinks removed but not followed, 0 errors occured.

Now We are going to integrate Wipe in the Nautilus file browser to use it more comfortably, so first install the extension.

#Instalamos la extensión para nautilus.
usuario@maquina:~$ sudo apt-get install nautilus-wipe

And we have wipe integrated in Nautilus, with different options from which to choose.


We can delete a file, Directory, or selection of directories and/or files with the option “wipe”.

Or we can clean all the free space on a partition with the option “wipe available diskspace”; with this option, as well as with the previous, We can choose if we want to overwrite the data erased one, two or thirty-and-eight times.

Once finished delete files safely, or clean the disc; and you refill completely the process bar, wipe We will notify you with a message.

After cleaning the pendrive with wipe, If we create a partition and try to recover the files with Foremost; We will see that you can't find even one single.

usuario@maquina:~$ sudo foremost -v -T -t all -i /dev/sdb1 -o /home/usuario/Escritorio/recuperados
Foremost version 1.5.7 by Jesse Kornblum, Kris Kendall, and Nick Mikus
Audit File

Foremost started at Tue Jan 6 16:50:28 2015
Invocation: foremost -v -T -t all -i /dev/sdb1 -o /home/usuario/Escritorio/recuperados 
Output directory: /home/usuario/Escritorio/recuperados_Tue_Jan__6_16_50_28_2015
Configuration file: /etc/foremost.conf
Processing: /dev/sdb1
File: /dev/sdb1
Start: Tue Jan 6 16:50:28 2015
Length: 7 GB (8010072064 bytes)
Num Name (bs=512) Size File Offset Comment 

Finish: Tue Jan 6 16:59:23 2015


Foremost finished at Tue Jan 6 16:59:23 2015

If you like you can follow me on Twitter, Facebook, Google +, LinkedIn, or share it with the buttons under this publication, If you have any questions or suggestions please do not hesitate to comment.

Help us to reach more readers Share on LinkedIn
Share on Facebook
Tweet about this on Twitter
Share on Google+
Google +
Email this to someone

Leave a Reply