The simple answer is that you are out of luck if you're worried about skilled and determined efforts to recover the data.
Journaled filesystems can, and do, write data in ways that make it very difficult to "clean up". In the past simply filling all unused space with random data would get close, but even that is not enough anymore.
To truly remove all trace of a file you must do one of the following:
1) magnetic drives: wipe the entire drive using a secure overwrite pattern.
2) SSD: physically destroy the device; the tactics used to ensure adequate device lifetime also make it nearly impossible to ensure a particular block is truly removed or overwritten.
Modern filesystems simply aren't designed to support secure deletion of data (and probably shouldn't be); so whole-disk encryption and physical custody from use until destruction are about the only options for ensuring your secure data is secure against a determined snoop.
If you're just concerned about casual snooping, however, you can just use shred or wipe and accept the (small) probability that the data still exists (probably fragmented) somewhere on the drive.
Data recovery is actually pretty hard; even for fairly simple cases (rm filename).
On 09/02/2012 11:09 AM, Derek Trotter wrote:
> If you're using a journaled file system, how do you go about deleting a file so it can't be recovered? I've read several places that the wipe command can't be depended on to permanently delete a file. What would one use instead of wipe?
>
> Thanks
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
---------------------------------------------------
PLUG-discuss mailing list -
PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
(text/plain)
