sys-shred 1.1.0

A forensic-grade, multi-threaded command-line utility for secure file erasure and anti-forensics.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152

# sys-shred

`sys-shred` is a multi-threaded, forensic-grade Rust library and CLI for the irreversible destruction of sensitive files.

> [!CAUTION]
> **IRREVERSIBLE DATA DESTRUCTION NOTICE**
>
> Data processed by `sys-shred` is physically overwritten at the hardware level. Please verify your target paths carefully before execution. Once processed, data cannot be recovered by forensic software.

---

## Disclaimer

This project is not affiliated with any government or military entity. It is provided for legitimate data sanitization, privacy protection, and compliance purposes. Users are responsible for using this tool legally and ethically. The maintainers discourage any malicious or unauthorized usage and are not liable for any misuse.

## Key Features

- **Hardware-Level Sync:** Uses `fsync` and `sync_all` to bypass volatile OS caches and ensure data is written to physical media.
- **Memory Efficient:** A stream-based architecture that maintains a low RAM footprint even when processing millions of files.
- **SSD Optimization:** Supports hardware `TRIM` commands to mitigate wear-leveling artifacts on modern flash storage.
- **Parallel Performance:** Powered by `rayon` for massive parallel execution and high throughput.

> [!IMPORTANT]
> This is the official repository for `sys-shred`. Please report bugs and request features via [GitHub Issues](https://github.com/v1lleneuve/sys-shred/issues).

---

## Quick Start

For a detailed list of options, run `sys-shred --help`.

To perform a standard cryptographic overwrite on a file:
```bash
sys-shred target_file.txt
```

### Installation

**Via Cargo (Recommended):**
```bash
cargo install sys-shred
```

**Via AUR (Arch Linux):**
```bash
yay -S sys-shred
```

---

## Documentation Index

- [Erasure Algorithms](#erasure-algorithms)
  - [Standard Cryptographic](#standard-cryptographic)
  - [Military Grade (DoD)](#military-grade-dod)
  - [Maximum Security (Gutmann)](#maximum-security-gutmann)
- [Advanced Targeting](#advanced-targeting)
  - [Recursive Destruction](#recursive-destruction)
  - [Glob Exclusions](#glob-exclusions)
  - [Dry-Run Simulation](#dry-run-simulation)
- [Enterprise Features](#enterprise-features)
  - [SSD TRIM / Discard](#ssd-trim--discard)
  - [JSON Audit Logging](#json-audit-logging)
  - [Hardware Read-Back Verification](#hardware-read-back-verification)
- [Safety Guards](#safety-guards)

---

## Erasure Algorithms

### Standard Cryptographic
Overwrites data using three passes of cryptographically secure random entropy (default).
```bash
sys-shred confidential.pdf
```

### Military Grade (DoD)
Implements the US Department of Defense 5220.22-M standard (Pass 1: Zeros, Pass 2: Ones, Pass 3: Random).
```bash
sys-shred sensitive_data.bin --method dod
```

### Maximum Security (Gutmann)
The rigorous 35-pass Gutmann algorithm, designed for older magnetic media.
```bash
sys-shred classified_archive.tar.gz --method gutmann
```

---

## Advanced Targeting

### Recursive Destruction
Destroy entire directory trees using a highly optimized, lock-free parallel execution engine.
```bash
sys-shred ./project_folder --recursive
```

### Glob Exclusions
Exclude specific files or directories using wildcard patterns.
```bash
sys-shred ./server_logs --recursive --exclude "*.git/*"
```

### Dry-Run Simulation
Preview which files will be targeted without modifying the filesystem.
```bash
sys-shred ./directory --recursive --dry-run
```

---

## Enterprise Features

### SSD TRIM / Discard
Dispatches hardware-level block deallocation commands (`FALLOC_FL_PUNCH_HOLE` on Linux, `FSCTL_SET_ZERO_DATA` on Windows) to handle SSD wear-leveling.
```bash
sys-shred ./nvme_drive --method zero --trim
```

### JSON Audit Logging
Generate verifiable destruction reports for GDPR/HIPAA compliance.
```bash
sys-shred ./financials -r --audit-log ./report.json --audit-format json
```

### Hardware Verification
Validates destruction by reading physical blocks back into memory to ensure they were correctly overwritten.
```bash
sys-shred ./target --verify
```

---

## Safety Guards

- **Symlink Protection:** Isolates symbolic links, unlinking the reference without traversing or destroying the external target.
- **Interactive Prompts:** Confirmation prompts help prevent accidental recursive destruction. Use `--force` to bypass.

---

## Links

- [GitHub Repository](https://github.com/v1lleneuve/sys-shred)
- [Crates.io](https://crates.io/crates/sys-shred)
- [AUR Package](https://aur.archlinux.org/packages/sys-shred)

---

## License

Copyright (c) 2026 V1lleneuve. Licensed under the [MIT License](LICENSE).