1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

Secure File Deletion

Discussion in 'All Other Software' started by caper6201, Jul 5, 2005.

Thread Status:
Not open for further replies.
Advertisement
  1. caper6201

    caper6201 Thread Starter

    Joined:
    Aug 8, 2004
    Messages:
    14
    Does anyone know if, when you delete files and use secure delete, is there any possiable way to retrive them back.
     
  2. CouchMaster

    CouchMaster

    Joined:
    May 26, 2003
    Messages:
    3,303
    If you use a program to securely delete files it usually overwrites them a few times making it almost impossible to recover...
     
  3. caper6201

    caper6201 Thread Starter

    Joined:
    Aug 8, 2004
    Messages:
    14
    Ya, I used Partition Magic. I dont see any magic in that. (ha ha ha)
     
  4. jonasdatum

    jonasdatum

    Joined:
    Jul 15, 2000
    Messages:
    3,062
    You are using the wrong word. You want to Erase a file, not delete it! Erasing a file and deleting a file are two different things.

    HelpOnThe.Net > TSG Forums > Operating Systems > Windows 95/98/Me
    Solved: Wiping my computer clean.

    http://forums.techguy.org/t352254.html
     
  5. Surreal2

    Surreal2

    Joined:
    May 21, 2005
    Messages:
    579
    LOL...if the question really is...'is there ANY POSSIBLE way' then the answer is yes.

    Expert scientists, using extremely sophisticated equipment, can retrieve data from hard drives that have been deleted, erased, wiped, attached to electromagnets like those used to lift cars in scrap metal merchants, etc.

    A university recently demonstrated that redundant PCs donated by medical and other establishments for re-use still had extremely sensitive information on them that was accessible - even tho some of the organisations had wiped the drives using high-end techniques.

    However, such equipment and expertise is extremely expensive and isn't realistically to be found outside of government agencies and research establishments. It's also very time-consuming...even spammers wouldn't find it cost-effective.

    If your computer contains the formula for transmuting lead into gold, the blueprints for a working time machine, or the names and locations of all 'sleeper' spies working for a particular government, then it might be worth someone using these techniques.

    There is no way to completely remove all traces of data from a hard drive...some suggest the best thing is to literally destroy it (ie take the hd out of the PC, open it, remove and hammer all the platters into tiny pieces).

    However, for most of us we're concerned only with protecting against casual snooping, and erase software that overwrites the data x number of times is sufficient.
     
  6. little den

    little den

    Joined:
    Jun 2, 2005
    Messages:
    6,336
    But what about if you use those 'unerase' programs? I've used one before after a someone formatted their drive and it brought everything back up.
     
  7. junker39

    junker39

    Joined:
    Jun 12, 2004
    Messages:
    1,661
    I use Eraser 5.7 for sensitive stuff. If someone wants to go to the trouble and expense to attempt data recovery after it's been overwritten 35 times, they most likely wouldn't be trying to get MY stuff. I'd think they'd go for the CIA or others, like Surreal2 said.
    little den, formatting doesn't erase anything. It just makes the data available to be overwritten with new data. It's all still there for the taking with the right software.
     
  8. CouchMaster

    CouchMaster

    Joined:
    May 26, 2003
    Messages:
    3,303
    My point exactly - if your data is "End of the World" sensitive then you need to shred the HD, literally shred it - in a hammer mill! Then burn it and toss it in the Devils Triangle...
    Else someone could spend the $$$$$ to make your life miserable...
    But it is possible!
     
  9. jonasdatum

    jonasdatum

    Joined:
    Jul 15, 2000
    Messages:
    3,062
    Hello. Many companies do the ladder and destroy the physical platters, disk, etc. However many of those you would think do it "don't." That's a problem. As you mentioned the erasing is analogus to encrypting a file. Encryption can be defeated no matter what level. It just takes "time." That's the point of erasing a file. To make it too time consuming.

    "Now I said it and asked it before. If you have for instance a 100MB HD. Then you erase it and then write 100MB of new data. Then wouldn't that data be all but lost ecept for the clusters and what-not? From what I recall... yes."
     
  10. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    jonasdatum

    Yes you are correct for the most part. However there are procedures that can retrieve the data which was previously stored and is now overwritten. I wish I could locate the article I read explaining the need for multiple writes to diminish the data image shadow remaining from previous data after overwriting occurs.
    This is why most eraser\government wipe programs specify many writes over platters.

    Take care

    Dave
     
  11. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    Here is the Article

    It is rather deep but it explains the data image\distortion I was referring to.

    Take care

    Dave
     
  12. jonasdatum

    jonasdatum

    Joined:
    Jul 15, 2000
    Messages:
    3,062
    Thanks! They have a eraser pattern on here I'll copy and try to put in eraser later.
     
  13. Davey7549

    Davey7549

    Joined:
    Feb 28, 2001
    Messages:
    11,584
    jonasdatum

    I guess the ultimate prevention of unwanted data recovery is the destruction of the medium. Short of that it is best to keep sensitive data off your hard drive (Out of your Computer) and use programs designed to allow the user to designate and apply their own patterns per pass as suggested in the article.

    Even with the 35 pass suggested layout there is still a possibility of recovering data but the hacker would have to be rather determined, patient and probably possess expensive equipment. RE: Government, or Universities, or Forensic Labs.

    The Residual memory latency of RAM modules I found quite interesting. Was not aware they to can be inspected and data recovered without precautions.

    Lastly the Conclusion and Epilogue was also interesting:

    Conclusion
    Data overwritten once or twice may be recovered by subtracting what is expected to be read from a storage location from what is actually read. Data which is overwritten an arbitrarily large number of times can still be recovered provided that the new data isn't written to the same location as the original data (for magnetic media), or that the recovery attempt is carried out fairly soon after the new data was written (for RAM). For this reason it is effectively impossible to sanitize storage locations by simple overwriting them, no matter how many overwrite passes are made or what data patterns are written. However by using the relatively simple methods presented in this paper the task of an attacker can be made significantly more difficult, if not prohibitively expensive.

    Epilogue
    In the time since this paper was published, some people have treated the 35-pass overwrite technique described in it more as a kind of voodoo incantation to banish evil spirits than the result of a technical analysis of drive encoding techniques. As a result, they advocate applying the voodoo to PRML and EPRML drives even though it will have no more effect than a simple scrubbing with random data. In fact performing the full 35-pass overwrite is pointless for any drive since it targets a blend of scenarios involving all types of (normally-used) encoding technology, which covers everything back to 30+-year-old MFM methods (if you don't understand that statement, re-read the paper). If you're using a drive which uses encoding technology X, you only need to perform the ***** specific to X, and you never need to perform all 35 passes. For any modern PRML/EPRML drive, a few passes of random scrubbing is the best you can do. As the paper says, "A good scrubbing with random data will do about as well as can be expected". This was true in 1996, and is still true now.

    Looking at this from the other point of view, with the ever-increasing data density on disk platters and a corresponding reduction in feature size and use of exotic techniques to record data on the medium, it's unlikely that anything can be recovered from any recent drive except perhaps one or two levels via basic error-canceling techniques. In particular the the drives in use at the time that this paper was originally written have mostly fallen out of use, so the methods that applied specifically to the older, lower-density technology don't apply any more. Conversely, with modern high-density drives, even if you've got 10KB of sensitive data on a drive and can't erase it with 100% certainty, the chances of an adversary being able to find the erased traces of that 10KB in 80GB of other erased traces are close to zero.

    Take care and Carry a Big Hammer! :eek: ;)

    Dave
     
  14. jonasdatum

    jonasdatum

    Joined:
    Jul 15, 2000
    Messages:
    3,062
    You are right the best way is to completely remove the data. I've strongly suggested this myself. However, I still have some data on my drive that I use on a dialy basis. Once I obtain a good flash drive this will not be an issue.
     
  15. hewee

    hewee

    Joined:
    Oct 26, 2001
    Messages:
    57,791
    Hard drives are cheap so put another one in the PC and just keep the one that is in it now and that way no one will have your data to even try to recover.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/378230

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice