Simply overwrite the very beginning of the disk, to destroy the headers for the encrypted volume. If you ever need to completely destroy all your data, you don't need to do a Gutmann wipe of your whole disk. If you hibernate (rather than suspend) your computer when it's not in use, then you should be pretty safe. A thief or police officer would need to swipe your computer while it's on, (or within a minute or two of turning it off if they're very good) in order to access your data.
If your whole disk - and all your removable media - is encrypted, there's much less to worry about. You can even store the passphrase on your (encrypted) keyring, so that you don't need to enter the phrase every time you plug that disk into your computer. Setting up an encrypted external disk is as simple as checking the "encrypt underlying filesystem" box when formatting the disk. You can also encrypt external media like USB drives using Ubuntu's Disk Utility. Once installed, the encryption is almost invisible to you: after you enter the passphrase (be sure to pick a good, long one) when the computer starts up, everything looks and feels just like normal Ubuntu. If you use the alternate installer, Ubuntu can automatically set up a fully-encrypted disk for you you, but you can also customize and configure the settings yourself. However, if you're using a solid state disk, or even some newer mechanical disks, shred and other overwriting-based methods may not be effective, since the disk may not actually write where you think it's writing ( source).Ī more convenient option is full-disk encryption. That means that whenever you (or another program) tries to delete something using rm, the secure delete command will run instead.
If you're feeling bold, you can replace the rm command with shred or srm to securely delete files going forward. However, there are a number of things you can do to reduce your vulnerability to this sort of attack in future.Īs others have said, using tools like shred or srm allows you to delete a specific file by actually overwriting it, rather than just removing it from the filesystem. There isn't one command that you can run which will easily clean up all the already-deleted files for you. Select "Appearance Conditions" and select "Other Files" For Nautilus see this question and those related.In Thunar, open "Edit" then "Configure Custom Actions".These options can be added in the context menu of Nautilus and Thunar. At present there is no general recommendation on the wiping processes or number of erase iterations needed to securely remove all data remnants on all SSDs available. Some SSDs may have an inbuilt feature to erase data but this may not always be efficient (see this link from comment). Overwriting whole partitions rather than single files will effectively erase all data even when using a journaling file system.Įrasing data on a solid state disk (SSD) can if at all only be done by overwriting the whole drive (not only single partitions) with several iterations. Please read the notes in the linked manpages on security issues arising from still recoverable backups in journaling file systems when erasing single files. wipe filenameĪdditional notes on journaling file systems and SSDs: More options, and the possibility of erasing directories in addition to single files, are offered by this command line utility. Files we want to keep will have to be backed up before shredding. This can also be used to remove unwanted remnants of deleted files. It therefore efficiently deletes everything including file system caches on that partition forever. NOTE: By shredding a partition we will overwrite this partition with 0 or random numbers. This will take 4 times longer than the fast method. In addition (option -z) this writes zeros to hide the shredding process at the end. Secure shredding shred -vzn 3 /dev/sdc1Įrases the whole partition using 3 iterations with random numbers. If no legal aspects require another procedure, doing so is most probably safe to securely delete your private data.įrom Craig Wright Lecture Notes in Computer Science, 2008, 5352, 243-257. Fast shredding shred -vzn 0 /dev/sdc1Įrases whole partitions by overwriting everything with 0s in a single iteration.
This command line tool is already installed from the core utilities in Ubuntu to securely erase and overwrite single files using the Gutman method.