Simply deleting a file from your computer via a "trash bin" or
"rm" command does not ensure that the file is deleted at all.
What most often happens is that the file's name is merely removed from the disk's index,
but the data still remains on the disk itself. There are many undelete programs out there
which can easily recover this data. By overwriting the data with random junk, the ability to
recover it is next to impossible.
More advanced techniques to recover lost data also exist. Overwriting data once is usually not
good enough for these solutions. A popular standard states that you should overwrite three times
with zeros and ones (zero-one-zero-one-zero-one over every byte), and then with random data.
This should even erase the magnetic remains of your data, which still can be detected after it
has been overwritten once. Of course, you can overwrite with ones, zeros and random junk many
times.
Another thing to consider is the file name, location and date/timestamps. Even if you can
erase the data itself, the information about the file may still be availabe in system files
somewhere, giving the attacker some information on the deleted files.
Several of the programs below are capable of also erasing the filename and related information
from the administration table.
Warning: This approach means that the program will write information directly to the
administration table. If something goes wrong, it may corrupt this table. This may result in your
entire hard disk becoming corrupt.
Note on logging filesystems
However, all of the observations made
above about over-writing data in files can be made void by a modern file system,
such as a log-structured file-system (LFS). LFS obtains its performance by
refraining from seeking for blocks on the disk. Instead, new data is written
into new blocks which is placed at the end of the log. This incures a security
issue by leaving data on disk that was supposed to be overwritten. Many programs,
PGP in particular, assumes that data can be physically overwritten through the
file system (by overwriting the data in the file). Although no file system API
guarantees that data will actually be overwritten, most systems will do so
(assuming the file is not extended). In a LFS, this will almost certainly not be
the case.
|
Further Reading
Why a normal delete is not sufficient. A more
detailed analysis of why wiping files is necessary to make sure the data is gone, and what
techniques exist to recover erased files.
File Ghosts - Why and how they are left and how they can be
retreived.
Tools:
The WIPE utility on PGP is a securely designed utility that works great. Highly reccomended on all
platforms. Set your preferences to overwrite files more than 10 times.
DOS/Windows
Real Delete is a DOS
TSR, which intercepts all DOS delete calls, and
turns them into overwriting deletes. Very useful if you use programs that create temporary files, as these may contain
copies of your sensitive data.
Macintosh
Burn 2.5
can overwrite files and free space, while also removing information from the file administration.
Wiping Your Swap File
Many operating systems use a swapfile to store data from RAM, so you can run more programs than
would fit in your memory. This means that anything that is kept in memory can be written to the
swapfile. To get rid of the swapfile and the data in it, you can't just erase the swapfile.
Wiping your swapfile.
Resources:
Secure Deletion of Data from Magnetic and Solid-State Memory
- This whitepaper describes some of the methods available to recover erased data and presents
schemes to make this recovery significantly more difficult.
Disk and File Shredders:
A Comparison of Windows 95/98/NT utilities.
Directory Snoop - A useful freeware program which lets you
view deleted sections of your hard drive, your Windows95 swap file, etc., for residual data.
