Zeroing empty sectors on various Linux filesystems

Question

There exist various tools for Windows filesystems (NTFS, FAT) to write zeroes or random numbers to free space on the drive/filesystem.

Do there exist tools like this for Linux filesystems like ext4 and btrfs?

Probably duplicate of: http://unix.stackexchange.com/questions/44234/clear-unused-space-with-zeros-ext3-ext4 — Bob Brown, Dec 18 '14 at 20:23

score 2 · Answer 1 · answered Dec 18 '14 at 20:41

There are various tools for the task. It depends on what are think exactly.

If you want to securely delete an already existing file, then the zerofree and sfill tools are for you (as you can read on @BobBrown's link). If these are not available, or you like more do things combining system functionality instead of downloading toos for everything, then there is another solution:

You set a loopback device from the file to erase (losetup /dev/loop0 /this/file/to/delete).
From this point you can pay with /dev/loop0 without the fear that it freed the block of /this/file/to/delete instead of rewriting. You can safely fill them with zeros (dd if=/dev/zero of=/dev/loop0), or with random numbers (using /dev/urandom instead of /dev/zero)m even multiple times if you want.
If you are ready, deallocate the loopback (losetup -d /dev/loop0), and you can safely delete the now rewritten file.

There is another case, if you want to make some already deleted file unrecoverable. In this case you had to ask "free" and not "empty" sectors. The problem is, that you can't address or manipulate sectors on a filesystem, which doesn't belong to any file. Even this is because it is free.

But there is a workaround. If you create a file enough big to fill the whole free _space on the hard disk if you fill it zeroes or random numbers, you will surely overwrite all free sectors in your system. So, there is very simple what you had to do: simply fill you partition with a big, empty file, until it doesn't stop with a "filesystem full" or similar error:

dd if=/dev/urandom of=/filler

...is even enough. While it works, you can even watch with some df commands, how are the things going. After /filler filled your disk with random bytes, and then the dd command stopped with the error, it is practical to sync one (to make sure everything is really overwritten), and then you can remove the /filler.

There were enough to protect from everything which a normal human can do to recover your data. If you want yet more, you had to replay that 3 or even more than 10 times. Even the NSA doesn't do more.

So there's no tool available to fill all _empty_ sectors then? — Naftuli Kay, Dec 18 '14 at 21:24
@NaftuliTzviKay Probably there is, and here I explained, why isn't it really needed (although you can use a such thing if you want). — peterh, Dec 18 '14 at 21:28

Zeroing empty sectors on various Linux filesystems

1 Answers1