7

I already know that using shred will overwrite my files in such a way that leaves them unrecoverable. However shred can't be used to hide directories.

Error Message:

failed to open for writing: Is a directory

I can't use hard-drive blasters/reformaters like dd as I do not own the hard-drive(I can only access it through ssh).

My problem is that after I have deleted all of my actual files, my usefully named folder names are still there. The names tell the viewer what would have been inside. If I delete an empty folder is it still recoverable? Is there a shred for directories?

Gilles 'SO- stop being evil'
  • 829,060
1478963
  • 171

3 Answers3

2

So you want to hide directory names... an experiment.

# truncate -s 1G foobar
# losetup -f --show foobar
/dev/loop0
# mkfs.ext4 /dev/loop0
# mount /dev/loop0 /mnt/tmp
# cd /mnt/tmp
# mkdir collywobbles
# sync
# mv collywobbles shriggelfigs
# sync
# mv shriggelfigs flapjacks
# sync
# rmdir flapjacks
# cd ..
# umount /mnt/tmp

So basically we have an empty filesystem, created a directory in it, renamed it twice and deleted it in the end. What is recoverable?

# strings /dev/loop0 | grep -E '(collywobbles|shriggelfigs|flapjacks)'
flapjacksles
shriggelfigs
flapjacksles
shriggelfigs
collywobbles
shriggelfigs

Ah. All of it. Great. Although flapjacks at least seems to have overwritten two collywobbles, turning it into flapjacksles since flapjacks just was a bit shorter...

How to securely delete a directory without leaving a trace?

You can't securely delete a single file, or indeed get properly rid of a directory name. At best, you can overwrites the contents of the current representation of a file that the filesystem still knows about. Ever created a copy of the file? Ever edited and saved the file? Too bad, there's probably a copy the filesystem itself no longer knows about because it was deleted, and replaced with a file that has the same name.

You can shred files. You can also shred the entire free space of the filesystem. That's good for getting rid of about 99% of it. If that's not good enough, you have to go all out. You never know if it's really gone until you do the full thing.

Copy all data off. shred -v -n 1 /dev/thedisk. Copy the data back (only the bits you want to keep).

frostschutz
  • 48,978
2

The only safe way is to

  1. Copy all the files to a different filesystem.
  2. Unmount the filesystem.
  3. Wipe the partition or volume containing the filesystem.
    This is the “hard-drive blaster” you mention in your question. Don't use dd, cat is just as good. You can do that remotely, unless this is the root filesystem, in which case what you want to do is impossible.
  4. Re-create a filesystem and restore the files.

I won't repeat frostschutz's excellent explanation as to why less stringent approaches won't reliably wipe what you want to wipe.

The best way to manage this is preventively: encrypt your data (with a filesystem that encrypts file names, such as encfs or ecryptfs). When you want to wipe the data, simply make sure that you destroy all copies of the key.

Community
  • 1
Gilles 'SO- stop being evil'
  • 829,060
0

If OP is using Debian / Ubuntu or their variants, check out this Ask Ubuntu post, especially the secure-delete package in the recommended answer.

Community
  • 1
Abel Cheung
  • 621