In the previous post about computer forensics, We saw How to recover deleted files, even from formatted disks; whenever we had not overwritten the various cluster where the information is stored on the affected drive.
On this occasion we will learn to delete files securely overwriting the disk repeatedly with random data, to preclude or hinder the task of recovery; Depending on the options that we launch this secure deletion software.
To do this we will use the package wipe, available for distributions GNU/Linux based in Debian from the official repositories; and finally We will integrate it into the Nautilus file browser, to make more comfortable handling.
#Instalamos wipe usuario@maquina:~$ sudo apt-get install wipe
Now create a directory with some files inside, to finally delete them safely with Wipe.
sudo mkdir directorio
usuario@maquina:~$ cd directorio usuario@maquina:~$ sudo touch archivo1 archivo2 archivo3 usuario@maquina:~$ ls archivo1 archivo2 archivo3
We can run wipe with many different options, I'm going to explain to them that I have chosen.
– c If the directory permissions is necessary, running chmod to be able to delete it.
– r activates the recursive delete, to remove all of its contents in addition to the directory.
– i mode information, Active mode verbose.
– q quick mode, by default 4 past.
– Q Select the number of passes to apply quick mode.
– k not split files to overwrite them, useful for cleaning a full device.
The other options of wipe You can find them in your manual, accessible from the terminal.
First of all, We will see one of the ways of delete a directory and its contents.
usuario@maquina:~$ sudo wipe -cri /home/usuario/directorio Okay to WIPE 1 directory ? (Yes/No) Yes Entering directory 'directorio' File archivo2 (0 bytes) wiped File archivo1 (0 bytes) wiped File archivo3 (0 bytes) wiped Going back to directory /home/usuario Operation finished. 3 files wiped and 0 special files ignored in 1 directory, 0 symlinks removed but not followed, 0 errors occured.
We can also see How to clean a partition whole, for what I will use the pendrive with the recovered files by Foremost in the previous practice.
usuario@maquina:~$ sudo wipe -kqQ 6 /dev/sdb1 Okay to WIPE 1 special file ? (Yes/No) Yes Wiping /dev/sdb1, pass 5 in quick mode [488896 / 488896] ETA 2h56m Operation finished. 1 file wiped and 0 special files ignored in 0 directories, 0 symlinks removed but not followed, 0 errors occured.
Now We are going to integrate Wipe in the Nautilus file browser to use it more comfortably, so first install the extension.
#Instalamos la extensión para nautilus. usuario@maquina:~$ sudo apt-get install nautilus-wipe
And we have wipe integrated in Nautilus, with different options from which to choose.
We can delete a file, Directory, or selection of directories and/or files with the option “wipe”.
Or we can clean all the free space on a partition with the option “wipe available diskspace”; with this option, as well as with the previous, We can choose if we want to overwrite the data erased one, two or thirty-and-eight times.
Once finished delete files safely, or clean the disc; and you refill completely the process bar, wipe We will notify you with a message.
After cleaning the pendrive with wipe, If we create a partition and try to recover the files with Foremost; We will see that you can't find even one single.
usuario@maquina:~$ sudo foremost -v -T -t all -i /dev/sdb1 -o /home/usuario/Escritorio/recuperados Foremost version 1.5.7 by Jesse Kornblum, Kris Kendall, and Nick Mikus Audit File Foremost started at Tue Jan 6 16:50:28 2015 Invocation: foremost -v -T -t all -i /dev/sdb1 -o /home/usuario/Escritorio/recuperados Output directory: /home/usuario/Escritorio/recuperados_Tue_Jan__6_16_50_28_2015 Configuration file: /etc/foremost.conf Processing: /dev/sdb1 |------------------------------------------------------------------ File: /dev/sdb1 Start: Tue Jan 6 16:50:28 2015 Length: 7 GB (8010072064 bytes) Num Name (bs=512) Size File Offset Comment *****************************************************************************| Finish: Tue Jan 6 16:59:23 2015 0 FILES EXTRACTED ------------------------------------------------------------------ Foremost finished at Tue Jan 6 16:59:23 2015
If you like you can follow me on Twitter, Facebook, Google +, LinkedIn, or share it with the buttons under this publication, If you have any questions or suggestions please do not hesitate to comment.