[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: simple way to securely destroy deleted files in a file system

On 7/15/2010 4:53 PM, Aaron Toponce wrote:
> On 07/15/2010 11:55 AM, H.S. wrote:
>> I was looking for just making the already deleted files unrecoverable by
>> a casual user. In other words, since a deleted file frees the space on
>> disk, by filling up the disk with all zeros and then deleting that zeros
>> file would be overwriting the earlier deleted files with zero. Am I
>> correct in this?
> 
> If the filesystem is NTFS, then it's rather trivial to recover
> overwritten data, due to the journal. While you're probably safe in
> assuming that the next user won't bother doing anything like that, the
> only way to truly, and securely remove the previous data, is to wipe out
> the filesystem too, which means taking out the OS.
> 
> On the flip, I've been happy with "Eraser": http://eraser.heidi.ie/
> 
> Good luck.
> 

On 7/15/2010 4:53 PM, Aaron Toponce wrote:
> On 07/15/2010 11:55 AM, H.S. wrote:
>> I was looking for just making the already deleted files unrecoverable by
>> a casual user. In other words, since a deleted file frees the space on
>> disk, by filling up the disk with all zeros and then deleting that zeros
>> file would be overwriting the earlier deleted files with zero. Am I
>> correct in this?
>
> If the filesystem is NTFS, then it's rather trivial to recover
> overwritten data, due to the journal. While you're probably safe in
> assuming that the next user won't bother doing anything like that, the
> only way to truly, and securely remove the previous data, is to wipe out
> the filesystem too, which means taking out the OS.
>
> On the flip, I've been happy with "Eraser": http://eraser.heidi.ie/
>
> Good luck.
>

Anything, and I repeat anything, is recoverable, even if you remove the
filesystem you can recover pieces of the file. You can remove remnants
of the file using over write methods but you need to make sure they
properly implement the algorithm and do your own research on the
algorithms to make sure they were designed or were updated for modern
hard drives. EXP: Gutmann method was designed for older HD's and will
not work on newer HD's most of the time (depending on who implements
it).  Now, removing remnants of the file doesn't make it unrecoverable
(in all circumstances), you might be able to still do a very low level
recovery, something they would generally reserve for say, a RICO
investigation, terrorists an those sorts.  The only way to stop any and
all data leaks, recoveries or anything of the sort is to either Degauss,
Destroy or use Encryption on the drive from the get go and to be honest,
the only proper implementation of drive encryption (beyond the actual
encryption) would be RedHat (and this is only because they offer the
ability to span encryption across multiple drives and recommend it) and
no drive encryption (beyond truecrypt) offers deniability. Something
I've brought up on both Debian and Ubuntu and even to Redhat. As a
matter of fact, Ubuntu developers fought with me over the idea telling
me that only criminals could possibly want plausible deniability, but
Ubuntu is rather closed minded most of the time when it comes to this
sort of thing.


-- 
Cheers,

Jordon Bedwell
http://envygeeks.com
Reply to: