Next: Tools
Up: Secure Deletion of Data
Previous: Secure Deletion of Data
Contents
The secure removal of data is not as easy as you may think.
When you delete a file using the default commands of the operating system
(for example "rm" in UNIX or "del" in DOS or emptying the recycle bin in WINDOWS)
the operating system does NOT delete the file, the contents of the file remains on your harddisk.
Most operating systems only remove references to the file when they are asked to delete a file.
The file - you thought has gone forever - remains on the disk until another file is created over it
(until another file overwrites the disk space where the "deleted" file is still stored), and even after
that, it might be possible to recover the data by studying the magnetic fields on the disk platter surface
using forensic equipment.
Before the file is overwritten by a new file, everyone can easily retrieve the data for example by
using a disk undelete utility.
And even after that some people (for example the three-letter-agencies) with special equipment
are able to restore your data at least partially.
Everybody has sensitive data which they want to keep private.
For example financial data, private emails, tracks of your internet surfing habits etc.
I have heard of cases where people sold their old computers or harddisks and the buyer
recovered their financial business data.
The only way to try to make recovering of your sensitive data nearly impossible is to
overwrite ("wipe" or "shred") the data with several defined patterns.
For detailed information see the famous Paper by Peter Gutmann
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
CAUTION:
The use of wiping or shredding tools relies on a very important assumption:
that the filesystem overwrites the data in place. This is the traditional way to do things,
but many modern filesystem designs do not satisfy this assumption for example ReiserFS, XFS, Ext3 etc.
See http://www.die.net/doc/linux/man/man1/shred.1.html for more information.
In this case a solution could be to wipe/shred the entire device (partition) where the
sensitive data was stored to ensure that the data is really overwritten.
SystemrescueCD provides a few tools which are able to make recovering of data nearly impossible
- I say nearly impossible, because no one can give you a guarantee that for example
the NSA or the FBI could not recover at least a part of that data. but using those tools makes it harder.
CAUTION:
On the other hand you will not be able to recover any data, deleted by those tools.
Take care. We will not take responsibility for loss of data.
If you want to have ultimate security, use encryption for example LOOP-AES http://loop-aes.sourceforge.net/ .
Encrypt your home directory or create an encrypted partition or container to save your data there.
Next: Tools
Up: Secure Deletion of Data
Previous: Secure Deletion of Data
Contents
2004-08-17