hi,
My company gave me a laptop for work and after some time they will give it to another person when I quit the company so I want to make sure I don’t leave any of my data behind so which command should I run to delete my home directory to delete all the data?
is it just
rm -rf /home/myname
Don’t store any personal information on the company computer.
Anything you do, they may be able to monitor, back up, recover, etc
Don’t look at porn on the company computer, Don’t use Facebook on the company computer, don’t like sketchy models on Instagram from the company computer.
If they just gave you a computer budget, and then ask you to return the computer at the end, and they don’t run any of the software… You could use full disc encryption, and then reformat put a new key on it when you return it. You could just take the disc out, and replace it with a new disc when you return it
Anecdote time:
A company would give people company blackberries, but people would have to add their own personal cell phone plan if they wanted to make and receive phone calls and text messages. But the phone was managed by the company. When a friend had some spicy text messages flagged by HR for review, they rather indignantly said this is my phone! This is my phone plan! They have no right… And our boss very kindly very nicely said, we don’t pay you enough to buy your own phone?
“No, you do not. Next question please”
Deleting a file does not overwrite the data. It just marks that area of the drive as “free”. Using forensic tools (or simply dd) you can read data from “empty” parts of the drive. To be save you have to overwrite each file. You can try tools like shred to scramble the data of a file before deleting it, but as they say themselfes, unfortunately your filesystem might not actually let you do that (scroll to the CAUTION section).
You can use dd to write bytes to arbitrary places of the drive, but again, the filesystem might lie to you where a file is actually located. The ONLY way to be entirely sure is to wipe the whole drive. And if your IT does not do that before handing a system to a new employee, then they are not doing their job correctly.
Not legal advice: just tell them you installed a few viruses (while the system was not connected to the company network of course) and they should nuke the system before handing it to anybody else.
(You can also wipe the drive yourself by booting from a stick and overwriting the entire drive)
you can fill up the disk a few times after deleting files, so the system has to use up all free space and no matter where your data was it gets overwritten.
Not necessarily true. SSDs can mark sectors that have been written too much as bad, so the data still there to be read forensically, but you can’t write to it anymore.
If you’re that worried about privacy, then your only option is hammer+fire+spread the remains in multiple places. For the average paranoid I think it’s enough to make generic file recovery tools ineffective.
It’s much easier to use full disc encryption, and just change the keys
But every company I’ve ever worked for, when they retire machines they keep the drives no exceptions.
If it’s good enough for corporate security, we know works at least.
For context, a cheap internal SSD is about $20. Not some crazy impossible expense. When we talk about taking the storage device out of the computer, we’re talking about investing $20 to not have to worry about data leaking into the future. And at that cost it’s basically a no-brainer. It would be crazy not to do it
On a semi-related note, I’ve had a few external hdds die with data I’d have liked to recover. In my previous research I have found mostly “use this expensive proprietary software” as a suggestion for data recovery, but seeing you list dd here: is it possible to learn your powers? I’m better about backups now but you never know!
If the drive is dead, as in, it has a hardware defect that keeps the computer from reading the data, you’re out of luck. For a lot of money, someone can take out the disk platter in a clean room, and read it with another read head.
If only the partitions, partition table or file system are corrupt, you can dd it to a different drive and either re-write the metadata if you know what it was or use software to recognize the start- and endpoints of the file types that are stored on it and recreate them with free tools. But you’ll lose all file names and the folder structure.
I used to replace the disk drive before handing it in. That way, for a minimal investment, I’d get to keep my data and they got a never before used drive. That’s only possible if your laptop has an upgradeable. drive rather than a soldered on one.
You can use
shred
instead ofrm
, but even there the chance of recovering the files exist. If you have you homedir encrypted, just nucking the encrypted drive would do. Or you can replace the drive with a new, cheap one.Just having part of your file system encrypted is insufficient, ram can get swapped to disc, files can get written to temporary file locations, log files can leave fingerprints, if there’s any part of the drive that’s unencrypted, the disk has to be considered tainted
That’s why you
shred
from a live cd, rather than from the live system, right?
The usual advice is that you can’t so you have to destroy the drives. People like that because it’s a funny answer and it makes them feel good to care more about information than a physical object.
The unusual advice is that you can’t, so just call the drives secure delete command and don’t worry about it. People don’t like that because it’s at the right hand side of the bell curve meme and they’re not monks.
The complex advice is that it really depends on what you want to erase, why, and to what extent you’re expecting someone to invest in recovering it.
The simple advice is to just pay for the drive and keep it.
I’ll be the naysayer and say you should not do this.
From an IT perspective, it’s entirely unnecessary. You are potentially tampering with company property by destroying user data and files, even your own. What you make and do on this computer belongs to the company, so deleting your user folder could violate contracts you signed in onboarding. Say you neglect to upload a file to a shared drive and your boss needs it after you leave the company. If IT already wiped the computer, that’s on them and not your fault. But if you proactively deleted these files and IT hadn’t gotten around to giving the laptop to the next person, that could be actionable even after your employment is over.
From a practical perspective, your company’s IT team should be wiping and reinstalling the OS in between users. Even on Windows and MacOS, this is standard practice and a non issue to anyone who has 30 minutes to spare during onboarding computer setup. If your company isn’t doing this, that isn’t your problem because again, this is company property. Don’t use personal stuff on the laptop if you’re concerned about the next person getting access to those files.
If you use
shred
instead of rm to delete a file, the contents should be unrecoverable for all practical intents and purposes.I don’t believe
shred
can work recursively on a directory structure, like rm, so you’ll have to cobble something together with thefind
command I guess.after rm fill up the file system with random data a few times, then copy /etc/skel/ over to get the default configs back. maybe, if you’re paranoid, use a few apps like browsers, so if they actually look, there will be misleading results.
Depending on your threat model this will be very insufficient.
Discs have provisions for bad sectors, they have backup sectors, so if a sector gets too many errors, or has been written to too many times, disks can set aside that sector never to be written to again. So you can have unencrypted data just sitting there ready for somebody to read it
All of the operations indicated in the above post, rely on the file system behaving, and not at the disc level. So superblocks inodes journals and other file system specific data structures could be completely missed. Some file systems store user data inside of these special structures for efficiency purposes such as locality of reference, and time locality.
Use IBM’s “wipe” command, not just rm -rf.
Wipe overwrites the files ( you don’t need to use the default many-times method: that’s for spinning-platters ), but it makes undeleting stuff require serious work, instead of just some fs-surgery, if that’s significant to/for you.
wipe is available with many distros, iirc.