1

If I have full disk encryption on my computer and want to decrypt it, but want to delete senstive documents before decrypting, how do I ensure they are unrecoverable post-decryption?

Edit: I suspect someone will mention a File Schredder type program. My understanding is that these still leave traces that can be recovered forensically, even with 32 passes. Is this correct?

guest101010
  • 11
  • 1
  • 2
  • You can copy needed files to another place and then just format your drive without decrypting. Or, if you use a self-encrypted SSD, use manufacturer's secure erase command. – Display Name May 28 '14 at 22:43

3 Answers3

1

Depends on the hardware, if you are using an SSD then there is a "chance" (read very expensive material needed) to recover those documents. If it's a magnetic disk, then there is no way to my knowledge.

If you really want to get rid of your documents, burn your hard drive and just reinstall your operating system. That will probably be faster too.

Lucas Kauffman
  • 54,169
  • 17
  • 112
  • 196
  • Good point, I haven't been aware of this until now. I believed that shred will work but will decrease the life of the SSD, but I really thought that It worked as well. – kiBytes Jan 17 '14 at 21:33
0

Like kiBytes, I also don't believe the stories about needing something executing a Gutmann method algorithm to securely delete files. That's one thing that has not been leaked by Snowden (so far). If you're using Windows, you can use the built cipher.exe tool:

cipher /w:c:\

(replace "c:\" with whatever directory you want to "wipe".This doesn't affect normal files.)

Cipher.exe intended to fill the disk with 1s and 0s to remove traces of Windows file encryption certificates.

Another free tool is SDelete by Mark Russinovich.

md_1976
  • 129
  • 2
-1

I was going to suggest shred, I can't find a better way to do it "via software".

Probably if you need further security you will need to buy specific hardware or "one-use hardware" which you will wipe out with a professional demagnetizer.

Edit:

Some more information I read a while ago about secure deletion using shred can be found in this article

Let me quote some info:

How many passes?

You can go with the defaults or set your own. The US Government standard is seven passes but there are apocryphal tales of files being recovered after fourteen passes. Shred's default is twenty five but secure-delete, below, uses thirty eight.

Put shred on steroids

Shred is a powerful command for sure but it doesn't cover all the angles. For that you need something even more powerful; here Ubuntu users are in luck because they have at their disposal a tool that can deal with data in RAM, free space and in swap. Other distros can download the tarball. Just apt-get install secure-delete in a console (as root--su) and issue any of the following commands:

srm confidential.txt (securely deletes files and directories) smem (wipes data from memory to combat data remanence) sfill mountpoint/ (wipes the free space on a disk) Use with a live CD, possibly as root sswap (wipes swap partitions used when RAM is full. Use in conjunction with smem) The last command requires you to turn off swap first. Just open /etc/fstab or type cat /proc/swaps to see where swap is mounted and then disable it with sudo swapoff/dev/hda2 (insert your own detail here). Swap can now be wiped with sudo sswap /dev/hda2 and swap re-enabled again with sudo swapon/dev/hda2.

Also you can read the epilogue and recommendation in this paper

Recommendations

There are two ways that you can delete data from magnetic media, using software or by physically destroying the media. For the software-only option, to delete individual files under Windows I use Eraser and under Linux I use shred, which is included in the GNU coreutils and is therefore in pretty much every Linux distro. To erase entire drives I use DBAN, which allows you to create a bootable CD/DVD running a stripped-down Linux kernel from which you can erase pretty much any media. All of these applications are free and open-source/GPLed, there's no need to pay for commercial equivalents when you've got these available, and they're as good as or better than many commercial apps that I've seen. To erase SSDs.... well, you're on your own there. For the physical-destruction option there's only one product available (unless you want to spend a fortune on something like a hammer mill), but fortunately it's both well-designed and inexpensive. DiskStroyer is a set of hardware tools that lets you both magnetically and physically destroy data on hard drives, leaving behind nothing more than polished metal platters. It's been carefully thought out and put together, there's everything you need included, down to safety glasses for when you're disassembling the drive. It's had very positive reviews from its users. If you really want to make sure that your data's gone, this one gets my thumbs-up (and this isn't a paid endorsement, if only other technical products had this level of thought put into the workflow and usability aspects).

I don't really believe you can restore the information after 32 passes, but if it is possible I think you can be sure that it will need a very special and sensitive machine not available for normal humans.

[Edit 2] Also, what @LucasKauffman said =), beware with SSD drives.

kiBytes
  • 3,450
  • 15
  • 26