PDA

View Full Version : How To Securely Sanitize your Trash



testingresults
2013-03-23, 08:51
Personally, I liberally send many files to the Trash (highlighting a file and right clicking and pressing "Move to Trash") to keep my desktop environment organized, but also keep those files on hand incase I moved something important to my trash. After a while, I want to get ride of all those files securely. So, here is what I use for securely erasing my trash.

To get situated, open a terminal and cd to your root directory:

cd ~

STEP 1: Install Anti-Forensic Tool, Scrub

First, install the anti-forensic tool scrub -- the program we will be using to sanitize the contents of our files. This program is in Kali's repositories but not installed by default, so, apt will be the most efficient way of doing this.

apt-get update
apt-get install scrub


STEP 2: Create a script which will perform the procedure

In the same terminal, do the following:

touch secure_trash
gedit secure_trash
Add the following lines to your newly created file:


#!/bin/bash

find ~/.local/share/Trash/files ~/.local/share/Trash/info -type f -print0 | xargs -0 -I{} /usr/bin/scrub -Sfp random {}

find ~/.local/share/Trash/files/* ~/.local/share/Trash/info/* -depth | while read i
do
cleant=$(head -c17 /dev/urandom | tr -d [[:space:]] | tr -d [[:punct:]])
mv "$i" ~/.local/share/Trash/files/"$cleant" 2> /dev/null
done

rm -rf ~/.local/share/Trash/files/*

Save it and exit gedit.

Note:
What this script will do is, sanitize the entire contents of all files within your two Trash directories (i.e.: .../Trash/files/ & .../Trash/info/) using a single random set of data (originally I had the nnsa method as the default in this post, but it takes a bit of time if you have even a decent amount of files in your trash, so I changed the default to a single pass method; personally, I still suggest using nnsa). You can go with more intense algorythms if you'd like, but you'll be sacrificing time by using these, so I suggest you pick which one is right for you. Just replace "nnsa" int the above script with one of the underlined terms below:

Scrub Methods:


nnsa
4-pass NNSA Policy Letter NAP-14.1-C (XVI-8) for sanitizing
Removable and non-removable hard disks, which requires overwriting
all locations with a pseudorandom pattern twice and then
with a known pattern: random(x2), 0x00, verify.

dod
4-pass DoD 5220.22-M section 8-306 procedure (d) for sanitizing
removable and non-removable rigid disks which requires overwriting
all addressable locations with a character, its complement, a
random character, then verify. NOTE: scrub performs the random
pass first to make verification easier: random, 0x00, 0xff, verify.

bsi
9-pass method recommended by the German Center of Security in
Information Technologies 0xff, 0xfe, 0xfd, 0xfb, 0xf7, 0xef, 0xdf, 0xbf, 0x7f.

gutmann
The canonical 35-pass sequence described in Gutmann's paper
cited below.

schneier
7-pass method described by Bruce Schneier in "Applied Cryptography"
(1996): 0x00, 0xff, random(x5)

pfitzner7
Roy Pfitzner's 7-random-pass method: random(x7).

pfitzner33
Roy Pfitzner's 33-random-pass method: random(x33).

usarmy
US Army AR380-19 method: 0x00, 0xff, random. (Note: identical
to DoD 522.22-M section 8-306 procedure (e) for sanitizing magnetic
core memory).

fillzero
1-pass pattern: 0x00.

fillff
1-pass pattern: 0xff.

random
1-pass pattern: random(x1).

random2
2-pass pattern: random(x2).

old
6-pass pre-version 1.7 scrub method: 0x00, 0xff,
0xaa, 0x00, 0x55, verify.

fastold
5-pass pattern: 0x00, 0xff, 0xaa, 0x55, verify.


-Taken from Scrub's man page

Next, it will grab all files AND sub-directories from the above-two directories and rename them to a random string that's 4 characters in length. It will also move them all into .../Trash/files/. Then, it uses a simple recursive remove to free up all the space from disk.
Your trash will be completely sanitized after running it, and both Trash sub-directories (files & info) will remain intact.


STEP 3: Finalize

Move it somewhere safe so you don't accidentally execute it by accident.
Personally, I'll hide it from the desktop environment in the root directory.

mv secure_trash /.secure_trash
Make it executable

chmod +x /.secure_trash
Now run it whenever necessary.

/.secure_trash

(optional) STEP 4: Automatically securely erase your trash at shutdown.

For convenience, you could make this script run automatically at shutdown.

cp /.secure_trash /etc/init.d/secure_trash
ln -s /etc/init.d/secure_trash /etc/rc0.d/K10secure_trash
ln -s /etc/init.d/secure_trash /etc/rc6.d/K10secure_trash
That's it. It's basic, but it works. I'm sure others can improve upon this easily, but I'd imagine some will find this useful.

Amidamaru
2013-03-29, 11:26
Thanks! I'll do the same for my trash :)

CleanZombie
2013-04-25, 15:32
Thanks for the great guide, simple and very handy!

testingresults
2013-04-28, 20:54
Thanks for the great guide, simple and very handy!

Very welcome. I have quite a collection of relatively short scripts I've written to automate certain tasks. I'll get around to posting more when I have some time.

It's nice to know when people find them helpful.

delete
2013-05-01, 20:20
Very interesting idea.

testingresults
2013-08-16, 23:15
Thanks for the great guide, simple and very handy!


Very interesting idea.


I love the user names of the people that are fond of this script, lol

testingresults
2014-12-31, 23:33
It seems as though scrub is installed by default now in Kali

testingresults
2017-04-05, 01:37
nnsa
4-pass NNSA Policy Letter NAP-14.1-C (XVI-8) for sanitizing removable and non-removable hard disks, which requires overwriting all locations with a pseudorandom pattern twice and then with a known pattern: random(x2), 0x00, verify.


dod
4-pass DoD 5220.22-M section 8-306 procedure (d) for sanitizing removable and non-removable rigid disks which requires overwriting all addressable locations with a character, its complement, a random character, then verify. NOTE: scrub performs the random pass first to make verification easier: random, 0x00, 0xff, verify.


bsi
9-pass method recommended by the German Center of Security in Information Technologies (http://www.bsi.bund.de): 0xff, 0xfe, 0xfd, 0xfb, 0xf7, 0xef, 0xdf, 0xbf, 0x7f.


gutmann
The canonical 35-pass sequence described in Gutmann's paper cited below.


schneier
7-pass method described by Bruce Schneier in "Applied Cryptography" (1996): 0x00, 0xff, random(x5)


pfitzner7
Roy Pfitzner's 7-random-pass method: random(x7).


pfitzner33
Roy Pfitzner's 33-random-pass method: random(x33).


usarmy
US Army AR380-19 method: 0x00, 0xff, random. (Note: identical to DoD 522.22-M section 8-306 procedure (e) for sanitizing magnetic core memory).


fillzero
1-pass pattern: 0x00.


fillff
1-pass pattern: 0xff.


random
1-pass pattern: random(x1).


random2
2-pass pattern: random(x2).


old
6-pass pre-version 1.7 scrub method: 0x00, 0xff, 0xaa, 0x00, 0x55, verify.


fastold
5-pass pattern: 0x00, 0xff, 0xaa, 0x55, verify.


custom=string
1-pass custom pattern. String may contain C-style numerical escapes: \nnn (octal) or \xnn (hex).

bluedangerforyou
2017-05-08, 21:42
Awesome stuff! But is there a way to verify it? Using foremost maybe??

mercysit
2017-05-23, 21:21
worked out well for me too, thumbs up man