Récupérer et supprimer des données
De Banane Atomic
Aller à la navigationAller à la recherche
Liens
- Secure File Deletion, Safely Destroy Old Files
- Why You Only Have to Wipe a Disk Once to Erase It
- Securely wipe disk
Récupérer des fichiers supprimés
TestDisk
- testdisk
- No Log
- Choix par défaut (None, Intel)
- Advanced
- Undelete
PhotoRec
- photorec
extundelete
Securely wipe disk
Wiping a disk is done by writing new data over every single bit.
An entire drive
dd if=/dev/urandom of=/dev/sdX bs=4096 status=progress
# faster alternative with openssl
DEVICE="/dev/sdX"
PASS=$(tr -cd '[:alnum:]' < /dev/urandom | head -c128)
openssl enc -aes-256-ctr -pass pass:"$PASS" -nosalt </dev/zero | dd obs=64K ibs=4K of=$DEVICE oflag=direct status=progress
|
shred
Overwrite an entire drive or a file to hide its contents.
shred -fuzv -n1 --random-source=/dev/urandom /folder/file.ext
# -f (--force): change permissions to allow writing if necessary
# -u: deallocate and remove file after overwriting
# --zero (-z): add a final overwrite with zeros to hide shredding
# -v (--verbose): show progress
# --iterations=N (-n): overwrite N+1 times instead of the default (3)
# --random-source=/dev/urandom : use entropy
sudo shred -fzv --random-source=/dev/urandom /dev/sdX
|
srm
# srm fait partie du packet secure-delete
srm -llrv Dossier
# -d: ignore the two special dot files . and .. on the commandline. (so you can execute it like "srm -d .* *")
# -f (fast): no /dev/urandom, no synchronize mode
# -l (lessens the security): Only two passes are written: one mode with 0xff and a final mode random values
# -ll (lessons the security even more): only one random pass is written
# -r (recursive): deletes all subdirectories
# -v (verbose)
# supprimer tous les fichiers avec shred
find Dossier -type f -print0 | xargs -0 -I file shred -fuvzn 0 file
# puis les dossiers avec srm
srm -llrv Dossier
|
Version bootable
Écraser seulement l'espace libre
# sfill fait partie du packet secure-delete
# créé un fichier sur la partition qui grossit jusqu'à remplir tout l'espace. Ainsi tous l'espace libre sera écrasé.
sfill -llv /media/mounted-partition
# -l (lessens the security): Only two passes are written: one mode with 0xff and a final mode random values
# -ll (lessons the security even more): only one random pass is written
# -v (verbose)
|
Disques SSD
# Make sure the drive security is not frozen
sudo hdparm -I /dev/sdX
# Security:
# Master password revision code = 65534
# supported
# not enabled
# not locked
# frozen → PAS BON !
# not expired: security count
# supported: enhanced erase
# 2min for SECURITY ERASE UNIT. 8min for ENHANCED SECURITY ERASE UNIT.
# une mise en veille puis un réveil passe le disque en not frozen !
# définir un mot de passe, étape nécessaire pour le security-erase
sudo hdparm --user-master u --security-set-pass PasSWorD /dev/sdX
# vérifier que le Master password est enabled
sudo hdparm -I /dev/sdX
# lancer le security-erase
sudo hdparm --user-master u --security-erase PasSWorD /dev/sdX
# --security-erase-enhanced pour le ENHANCED SECURITY ERASE
# à la fin, le Master password devrait être not enabled
sudo hdparm -I /dev/sdX
|
Secure erase overwrites all user data areas with binary zeroes. Enhanced secure erase writes predetermined data patterns (set by the manufacturer) to all user data areas. |