//View Tip #829
Similar Tips
» Create a file of specific size
» Make an iso image of cd
» Convert nrg to iso
» MBR (Master Boot Record) backup & restore
» Connect your mic to a remote speaker

 

Latest tips by RSS
Click here to subscribe
Follow Shell-Fu on Twitter
Click here to follow
Follow Shell-Fu on identi.ca
Click here to follow
Give the finger to forensics.

dd if=/dev/zero of=DELETEME; sync; rm -f DELETEME

will zero all free space on your partition. (/dev/random can be used if you're paranoid)


View Comments »




Comments 

Add your comment

Comments are currently disabled
David Schuetz
I'm not sure if this is 100% reliable. Don't some (many?) filesystems write data to new blocks instead of overwriting the existing data (and then just adjust the pointers)?

Granted, it's been years since I've delved into how filesystems work, so I might be off, but with all the different Linux filesystems out there, I'd wager *at least* one wouldn't support this approach.
Posted 2009-06-09 12:49:31
Walter
@David Schuetz:

You'll be filling all available space on the partition, which means even if the filesystem prefers to write to new blocks initially it will be forced to overwrite previously used blocks eventually given that the above will write over every single free byte on the disk before making the space available again.
Posted 2009-06-09 13:27:18
David Schuetz
@Walter - Um, yeah. You're right, of course.

I even read that "will zero all free space" line before and still screwed up. Should probably stop commenting first thing in the morning.... :)
Posted 2009-06-09 20:42:29
I suspect that the block size that dd uses would play in, but only in the unlikely event that dd's block size is larger than your filesystem's.

It's probably also important to run this as root, since many filesystems have a number of blocks reserved (typically) for root.
Posted 2009-06-10 07:12:31
Ohad
There is a specialized utility for this called shred.
Posted 2009-06-11 09:52:47
shred only works on files you haven't deleted yet, though.  However, there is a point to be made relating to shred: zeroing bytes, or even writing over them with only one pass of /dev/random or /dev/urandom, isn't sufficient to completely obliterate all hopes of forensic data recovery.
In light of this, the truly paranoid might want to do something like the following:
dd if=/dev/zero of=DELETEME; sync; shred -u DELETEME
Posted 2009-08-14 22:08:08

Home Latest Browse Top 25 Random Hall Of Fame Contact Submit