Software Technical

Command of the day: shred

The shred command can be used for destroy files so that their contents are very difficult or even impossible to recover. The shred command accomplishes its destruction by repeatedly overwriting files with data patters designed to do maximum damage. Even the use of high-sensitivity data recovery methods and equipment make it difficult to recover files that have been shredded.

In Linux I often find myself using the ‘rm’ command to delete files, however this does not destroy the data it just destroys the index which lists the location of the file and makes the data blocks available for reuse. In short, a delete of the file does not remove the files and there are utilities that can read the blocks and get the data back. Such a tool is ‘testdisk’ which can image all the blogs on disk and recover deleted files.

Using ‘shred’

shred’s syntax is: shred [option(s) file(s) or device(s)

When using ‘shred’ without any options it will overwrite any file or device 25 times, which is generally sufficient to remove all traces of data. A device can be a partition or even an entire HDD, USB Key, etc.

Example: I would like to use shred to delete a file(s) and cause full destruction. By typing the following ‘shred filename1’ this will shred the file with the default setting of 25 times.

The default number of overwriting can be changed by using the -n option followed by an integer representing the desired number

The most reliable way to destroy data is to ‘shred’ an entire partition. For example, the following would destroy data on a unmounted SD Card: shred /dev/mmcblk0 thats if the device is plunged into this location. The location may be different so please be sure to use the correct one for your situation.

End Notes:

Even after overwriting data, it is possible for someone to take the HDD or other storage device to a specialized data recovery laboratory and use highly sensitive (and expensive) equipment to search for the faint traces of the original data, which can be relatively easy to detect if it has been overwritten only one or a few times. Thus, the best way to remove data on a HDD irretrievably is to physically destroy the media on which it is stored, such as by opening the drive and rubbing the individual platters with sandpaper. However, as this can be tedious, shred provides a alternative that can be almost as good but which requires much less effort and cost.