Maybe use
shredorwipeto delete logs? That would make your script truly antiforensic
Without firmware access, effective file-level shredding is simply not possible on SSD due to the way hardware works. If you look at the script, you will see it does something (IMO) better:
# Create void symlinks to prevent log saving
for file in "${logfiles[@]}"; do
sudo ln -sfT /dev/null "${file}"
done
I.e. no logging actually occurs (even to RAM). The only persistent info that remains is the metadata trace of the erased symlink name on the filesystem. With an encrypted storage, non-revealing VM names (like “my_password_is_helloworld”) and volatile dom0 journal, that seems to me quite insignificant, even for a paranoid who is scared of an adversary being able to unlock encrypted storage, inspect the filesystem, find the erased metadata remnants and from that act.
Unfortunately, for e.g. /var/log/qubes/guid.abc1234.log, the link gets overwritten with an actual file by the system upon abc1234 start but even so I don’t see any forensic data in that file.
root@dom0:~ # cat /var/log/qubes/guid.abc1234.log
Icon size: 128x128
If you see any significant traces remaining anywhere else, please let me know.