Récupérer et supprimer des données
De Banane Atomic
Aller à la navigationAller à la recherche
Liens
- Secure File Deletion, Safely Destroy Old Files
- Why You Only Have to Wipe a Disk Once to Erase It
- Securely wipe disk
Récupérer des fichiers supprimés
TestDisk
- testdisk
- No Log
- Choix par défaut (None, Intel)
- Advanced
- Undelete
PhotoRec
- photorec
extundelete
Securely wipe disk and files
Wiping a disk is done by writing new data over every single bit.
 |
An SSD can wipe data it self: Memory cell clearing |
An entire drive
|
dd if=/dev/urandom of=/dev/sdX bs=4096 status=progress # faster alternative with openssl DEVICE="/dev/sdX" PASS=$(tr -cd '[:alnum:]' < /dev/urandom | head -c128) openssl enc -aes-256-ctr -pass pass:"$PASS" -nosalt </dev/zero | dd obs=64K ibs=4K of=$DEVICE oflag=direct status=progress |
shred
Overwrite an entire drive or a file to hide its contents.
|
|
shred -fuzv -n1 --random-source=/dev/urandom /folder/file.ext # -f (--force): change permissions to allow writing if necessary # -u: deallocate and remove file after overwriting # --zero (-z): add a final overwrite with zeros to hide shredding # -v (--verbose): show progress # --iterations=N (-n): overwrite N+1 times instead of the default (3) # --random-source=/dev/urandom : use entropy sudo shred -fzv -n1 --random-source=/dev/urandom /dev/sdX |
 |
shred is part of coreutils package |
srm
|
|
# srm fait partie du packet secure-delete srm -llrv Dossier # -d: ignore the two special dot files . and .. on the commandline. (so you can execute it like "srm -d .* *") # -f (fast): no /dev/urandom, no synchronize mode # -l (lessens the security): Only two passes are written: one mode with 0xff and a final mode random values # -ll (lessons the security even more): only one random pass is written # -r (recursive): deletes all subdirectories # -v (verbose) # supprimer tous les fichiers avec shred find Dossier -type f -print0 | xargs -0 -I file shred -fuvzn 0 file # puis les dossiers avec srm srm -llrv Dossier |
Version bootable
Écraser seulement l'espace libre
|
|
# sfill fait partie du packet secure-delete # créé un fichier sur la partition qui grossit jusqu'à remplir tout l'espace. Ainsi tous l'espace libre sera écrasé. sfill -llv /media/mounted-partition # -l (lessens the security): Only two passes are written: one mode with 0xff and a final mode random values # -ll (lessons the security even more): only one random pass is written # -v (verbose) |
Disques SSD
|
|
# Make sure the drive security is not frozen sudo hdparm -I /dev/sdX # Security: # Master password revision code = 65534 # supported # not enabled # not locked # frozen → PAS BON ! # not expired: security count # supported: enhanced erase # 2min for SECURITY ERASE UNIT. 8min for ENHANCED SECURITY ERASE UNIT. # une mise en veille puis un réveil passe le disque en not frozen ! # définir un mot de passe, étape nécessaire pour le security-erase sudo hdparm --user-master u --security-set-pass PasSWorD /dev/sdX # vérifier que le Master password est enabled sudo hdparm -I /dev/sdX # lancer le security-erase sudo hdparm --user-master u --security-erase PasSWorD /dev/sdX # --security-erase-enhanced pour le ENHANCED SECURITY ERASE # à la fin, le Master password devrait être not enabled sudo hdparm -I /dev/sdX |
|
Secure erase overwrites all user data areas with binary zeroes. Enhanced secure erase writes predetermined data patterns (set by the manufacturer) to all user data areas. |
