Shredding is overwriting data in a file or storage with random bits, making it nearly impossible to recover.
# shred sudo shred -vfz path_name # Shred after finding files ## cd into the directory you want to recursively shred 48 times find . -type f -print0 | xargs -0 shred -fuzv -n 48
blkdiscard (Recommended)# basic blkdiscard /dev/disk_name # secure blkdiscard --secure /dev/disk_name
Because blkdiscard is a host command, it doesn't communicate to the SSD controller directly.
SSDs typically include more flash memory than they advertise to the host OS (spare space to account for bad sectors by design).
The controller knows where all the bits are located, but not the host so there may be 99% guarantee that the data was erased, but not 100%.
Find name of the drive
fdisk -l # unix diskutil list # macos df -h # show all partitions
Unmount the drive first.
dd: /dev/disk_name: Operation not permittedsudo diskutil unmountDisk /dev/disk_name
Using dd, copy bits from if to of location.
dd is disk/data duplicator/destroyer in Unix-like systems.bs stands for block size.
dd overall, but plateaus/dev/zero is a special Unix file filled with zeroes
/dev/urandom is filled with random numbers (slower)disk_name is obtained from diskutil list
# fill with zero sudo dd if=/dev/zero of=/dev/disk_name bs=1M # fill with random sudo dd if=/dev/urandom of=/dev/disk_name bs=1M
Keep in mind, this process can take hours if disk is large
373086326 bytes/sec373MB/second
2000398942208 bytes transferred in 5508.083470 secs (363175132 bytes/sec)1907730+0 records in 1907729+1 records out 2000398860288 bytes transferred in 5999.167580 secs (333446071 bytes/sec)
View progress of dd process while transfer is in progress:
# send signal to the process to print to its stderr stream sudo kill -INFO $(pgrep ^dd$)
status=progresssudo dd if=/dev/zero of=/dev/disk_name bs=1M status=progress
openssl enc -aes-128-ctr -pass file:/dev/random 2>/dev/null | tail -c+17