I heard some people mention that files are deleted from flash drive for good, there is no tracing back. Is that really true?
If not, how do I permanently delete files from it? I have a sensitive file on a flash drive and before passing the flash drive around, I want to make sure nobody will be able to see that file.
The best delete tool that (little) money can buy:
EDIT: To counter the detractors
Furthermore, I did include instruction on how to do a thorough logical wipe of the thumbdrive.
END EDIT
Don't take chances. Flash drives are cheap and yes, data can be recovered from them. I've done it myself. You could DBAN it. You could also cipher /w a few times on a Windows machine (dd if=/dev/zero bs=2048 of=/mnt/disk/file on a *NIX machine). However, hitting things with a hammer is so much more fun and permanent.
It depends on who your adversary is. If it is a casual user, e.g. friend/coworker/spouse/etc., then preventing regular undelete is good enough: format the flash drive, then fill it with random/non-private files till it's 100% full, then format the flash drive again. Your original sensitive data will be gone for good, and unrecoverable using undelete tools or direct scan of the drive.
However, if your adversary is a major corporation, government, etc., then the only safe course is to destroy the media physically, e.g. burn your flash drive in a high-temperature industrial oven.
There's an excellent free open-source program called Eraser that removes data by overwriting it with your choice of data patterns - high level security for data erasure.
But - there is a big issue with flash drives when erasing by overwriting. The problem is the "wear leveling" methods used on solid state drives, which writes in a different place each time you add or replace data. There is a full explanation and discussion at Erasing USB key Drives
The short answer - erase the file but also use the "erase open space" function in the Eraser program. This overwrites all unused space, including the earlier version of your file.
Because of wear leveling of modern flash devices, it's not under your control. You think you've overwritten your data 25 times, it may still be there. If you want to store sensitive data on a flash device, use an encrypted container like truecrypt, so you won't be in trouble when you lose the device (unless you give away the key).
Use shred.
shred /dev/sdx -n 25
should clean your drive well.
I heard some people mention that files are deleted from flash drive for good, there is no tracing back. Is that really true?
NO, A Files start with a bit referred to as a flag. When you delete a file,what you are doing is actually setting the flag off, which tells the computer that the space is now free to hold new data.
If you really want to destroy the data on a disk, you need to repeatedly overwrite the data with a random mixture of 0's an 1's. Just doing a format won't work because someone with the proper sniffing hardware & software can restore and reset the flags so the data can be read.
One way you can do this without anyone's help is, write_data - delete_data - write_data - delete_data - write_data - delete_data :) (ensure every bit of the drive gets written to, and that what you write is sufficiently random)
Use a file shredder , Google it and you'll get many free file shredders, if you have bit-defender, I've seen file shredder in-built in that.
I plan to use this flash drive at home, but it's very possible one of the family members give it to somebody else accidentally. I just wanted to be safe. – progtick
In that case, you won't have the chance to delete the files beforehand anyways.
Just encrypt your files, and don't worry about deleting them if the drive is ever lost - no one will be able access them without the password.
I heard some people mention that files are deleted from flash drive for good, there is no tracing back. Is that really true?
Yes and no; it depends on your definition of “gone for good”.
What they were likely talking about was that deleting a file from a flash-drive is always equivalent to holding ⇧ Shift when deleting the file.
This is because Windows only puts a Recycle Bin on fixed volumes like hard-drives, not removable volumes like flash-drives, memory cards, floppy disks, packet-writing CD+RWs, network drives, or substituted drive letters (even ones mapped to fixed-disks). Therefore, if you delete a file in Windows from a hard-drive with just Del instead of ⇧ Shift+Del, you should be able to restore it from the Recycle Bin, but deleting a file from a removable media with Del is the same as using ⇧ Shift+Del to permanently delete it since it has no Recycle Bin.
However, for performance reasons, permanently deleting a file doesn’t actually delete the file. Instead, the system only marks it as deleted and its disk-space as free for use by new files. Until its clusters are overwritten by other files, it can theoretically be recovered, and if there is a lot of free space, then it could take a while before it gets overwritten—of course if you are actually trying to recover an accidentally deleted file, it is likely to immediately overwritten even with plenty of free space (ಠ_ಠ).
If not, how do I permanently delete files from it? I have a sensitive file on a flash drive and before passing the flash drive around, I want to make sure nobody will be able to see that file.
Use a secure-deletion tool. They will overwrite the file before deleting it. The better ones also delete the directory entry to wipe out even its filename and the best will even overwrite its meta-data like its size and timestamp. Some can also wipe existing free space which can be handy to wipe previously deleted files, however it can take a while if there is a lot of free space since it is writing to every byte of that space, e.g., wiping a drive with 300GB of free space is like creating a 300GB file. Most provide one or more techniques like different patterns of bytes to overwrite with and number of repetitions.
If you want to absolutely sure that nobody will be handling the drive again, a generous application of suspect liquid to the circuit board should take care of both the data on the chips and prevent people from handling it.
Depends. If you just want to make sure noone can recover the data with regular file recovery/carving tools: Overwrite the flash drive with random data using linux (dd if=/dev/urandom/ ... or the already mentioned shred). Alternatively, if you have no such tools available, format it (this will destroy the metadata), then fill completely with irrelevant data, then format again. This is less reliable than the proper, tool-assisted method, but should be sufficient for data of low sensitivity.
If you want to delete an individual file (unreliable, not recommended), rename it to a random name, then delete it, then fill the drive completely with irrelevant data.
These methods will not reliably prevent recovery that involves hardware manipulation ("laboratory attack"). If the data is so sensitive that you want to avoid this risk, follow the NIST Guidelines for purging flash-based media:
Purging: See Physical Destruction.
Physical destruction: Destroy media in order of recommendations.
- Shred.
- Disintegrate.
- Pulverize.
- Incinerate by burning in a licensed incinerator.
System Mechanic has a tool called Incinerator which does exactly what you are asking for.
If your drive supports one of these commands, you're in luck:
sg_sanitize - remove all user data from disk with SCSI SANITIZE command
or similar commands to hdparm:
hdparm --security-erase PWD
Erase (locked) drive, using password PWD (DANGEROUS). Password
is given as an ASCII string and is padded with NULs to reach 32
bytes. Use the special password NULL to represent an empty
password. The applicable drive password is selected with the
--user-master switch (default is "user" password). No other
options are permitted on the command line with this one.
hdparm --security-erase-enhanced PWD
Enhanced erase (locked) drive, using password PWD (DANGEROUS).
Password is given as an ASCII string and is padded with NULs to
reach 32 bytes. The applicable drive password is selected with
the --user-master switch (default is "user" password). No other
options are permitted on the command line with this one.
at the time of frmating unselect the Quick format and start. It will take time but fully delets all the deta an no other recovary app can back it up.
If physical destruction is warranted I would go for an angle grinder - a cheaply available tool. Hold the piece with a pair of pliers against the rotating disc until the chip is consumed.
Sometimes the flash drive is damaged and you can't delete/overwrite data on it and you just want to destroy it before disposing of it.
Note: wear eye protection in case the piece flicks off.
Here's a method I've cooked up after reading all these answers.
erase1 and place it there. erase1 untill you've reached this 1/3 number, so you now you have a folder with roughly one third free space now occupied in it by a bunch of safe 100 MB files... erase2, and then try copying it again to erase3.erase2 copies to erase3.erase2, copy erase3 and call it erase2a.erase3, copy erase2a and call it erase3a.erase2a and erase3a.erase1 to erase1a.erase1.Start the process over again
erase1a to erase2berase2b to erase3b.erase2berase3b to erase2c.erase3berase2c to erase3c.erase2c and erase3c.erase1a to erase1b and delete erase1a.You could go it again, but probably two times is safe, delete the remaining erase1b folder and you should have overwritten everything in the open region of the flash drive.
Crude method, but if you only need to do it once it should work I think. Any comments out there?
Find a safe file that is just under 100 MB in size Define “safe”. Would a blank file (e.g., filled with nulls) be safe? Not really; an NTFS volume with encryption would compress it and leave the free space unaffected. The same goes if the file is created as a sparse file. Unfortunately, things are not as simple as they were in teh old FAT days when you could easily and manually ensure things were clean with a low-level disk editor in DOS.