All HowTo's Cyber-Security

Securely Wipe Disk and Try to Recover the Contents

This article demonstrates how to securely delete files and all content from a disk, and then attempt to recover files form that disk.

Warning: There is a risk you’ll make a mistake and wipe the wrong disk. So be careful.

Identify the disk you want to work with:

lsblk

For me, it’s “/dev/sda”.

Optionally, place a file on the disk so we have something to work with when we’re validating our efforts to securely wipe the disk.

mkdir /dev/sda1 /media/sda1
echo "Try recover me once cleared" > /media/sda1/README
umount /media/sda1

Assuming that’s the partition where the contents are.

Install the “scrub” program to do the content removal.

apt install scrub

Do the removal. Warning, this is where we securely wipe the disk resulting in complete removal of the content from the target disk.

scrub /dev/sda

Note: This process took about 10 minutes for an 8GB USB-2 disk.

Now we can try to recover the contents from the disk. We’ll use the “testdisk”.

apt install testdisk

“testdisk” is interactive. Start it using the command:

testdisk /dev/sda

If you deleted the contents of the disk using normal methods, you will likely have some luck and get the files back. However, if you used the secure method to wipe the disk, the files should not be recoverable with this tool. Try the tool below.

Let’s try with another recovery tool called “photorec”. Despite the name, it works for all kinds of files. This tool look similar to “testdisk” but works differently.

photorec /dev/sda

Again, this is an interactive tool. Go through the process and see if it has success. This process can take a long time.

Leave a Reply

Your email address will not be published. Required fields are marked *