Sunday 13 July 2008

Secure File Deletion With srm

On any operating system, files deleted using the built-in file deletion utilities are never really deleted. Behind the scenes, deletion is simply a matter of removing the file from the directory entry and adding the blocks occupied by the file to the free block list. The file still exists on the disk like a ghost. The OS might reuse some of the blocks for another file, but it's not guaranteed that the whole file will get overwritten, therefore enough sensitive data from deleted files can be recovered with even the simplest of utilities. Even if all the blocks get casually overwritten, there are sophisticated methods that can be employed by a determined attacker to recover most of the overwritten data from a hard drive platter.

srm is a project that attempts to provide secure file deletion options to the familiar rm command used in all Unix derivatives. srm is fully compatible with the regular rm command, therefore there's no learning curve involved. There are 3 options for secure deletion.
  • -s, --simple : Simple one pass overwriting with random data. (Least secure option.)
  • -P, --openbsd : Emulates OpenBSD behaviour by overwriting in 3 passes.
  • -D, --dod : Conforms to the US DoD specification of overwriting in 7 passes.
Installation is a simple affair. Download the tar ball, extract, configure, make, make install, and you're set.

Although it is dificult to guarantee total security, srm is a good open source solution for normal users who wish to keep their data private. A determined government agency might still get to your data, but certainly not your pesky script-kiddie cousin.

No comments: