Tools to permanently delete files

liven

Does anyone know of any good tools for this? Windows/unix or both?

techster79

killdisk works great, DOD compliant.

liven

does that wipe the entire disk?

shednik

liven wrote:

does that wipe the entire disk?

Darik's Boot and Nuke

http://dban.sourceforge.net/

Great if you want to securely erase a hard disk

liven

what about just selected files not the entire disk?

Sie

I remember JD saying before something about an industrial sander and the disk platters if i remember correctly.....

dynamik

Sie wrote:

I remember JD saying before something about an industrial sander and the disk platters if i remember correctly.....

Nope. It was Schluep referring to installing wireless drivers on linux, and it involved teeth, not HDs. I'm sure an industrial sander would work wonders on an HD though!

Schluep wrote:

I'll follow that up with getting Intel wireless cards configured and working even when you have the Linux drivers can often be like taking an industrial sander to your teeth instead of pulling them.

http://www.techexams.net/forums/viewtopic.php?t=31427



I don't really keep track of things that well. I just googled: "industrial sander" site:techexams.net

I figured there wasn't going to be a lot of results

Schluep

When it comes to hard drives, I prefer:



over the sanders. If you are strapped for cash you can always use:



or one of the many available free programs or relatively inexpensive software packages to properly sanitize the drive. There is a thread in the Off-Topic section created today regarding DOD standards for sanitizing hard drives.

For more along the lines of your second question liven, I do not know of any tools to safely wipe only a portion of the drive where the specific data you want to ensure is permanantly deleted resides without affecting other files. Even if you overwrite data on a specific portion of the hard drive where the file was located it is often still possible to recover it in some cases. I personally wouldn't trust any software that claims to safely remove all trace of a given file without having an affect on anything else on the drive.

dynamik

Schluep wrote:

For more along the lines of your second question liven, I do not know of any tools to safely wipe only a portion of the drive where the specific data you want to ensure is permanantly deleted resides without affecting other files. Even if you overwrite data on a specific portion of the hard drive where the file was located it is often still possible to recover it in some cases. I personally wouldn't trust any software that claims to safely remove all trace of a given file without having an affect on anything else on the drive.

Agreed. That's why I **** everything that's even semi-private into TrueCrypt in the first place. Even if they manage to recover a TC file, their work is only just beginning.

Nice visual aids, btw

liven

dynamik wrote:

Schluep wrote:

For more along the lines of your second question liven, I do not know of any tools to safely wipe only a portion of the drive where the specific data you want to ensure is permanantly deleted resides without affecting other files. Even if you overwrite data on a specific portion of the hard drive where the file was located it is often still possible to recover it in some cases. I personally wouldn't trust any software that claims to safely remove all trace of a given file without having an affect on anything else on the drive.

Agreed. That's why I **** everything that's even semi-private into TrueCrypt in the first place. Even if they manage to recover a TC file, their work is only just beginning.

Nice visual aids, btw

Yes truecrypt is the bomb I use it all the time.

But there has to be some way to erase data. I am all to aware of the DOD regs... And the methods employed to deal with media that needs to be "permanently" erased.

However I would prefer to not have to destroy my media to reuse it.

Anyway since I was studying for CEH, my studies took me down this road and I thought I would ask my fellow geeks for their thoughts.

snadam

ahhh, there is nothing like taking a sledge-hammer and going 'office space' on a hard drive...fantastic stress reliever if you ask me!

sprkymrk

dynamik wrote:

Schluep wrote:

For more along the lines of your second question liven, I do not know of any tools to safely wipe only a portion of the drive where the specific data you want to ensure is permanantly deleted resides without affecting other files. Even if you overwrite data on a specific portion of the hard drive where the file was located it is often still possible to recover it in some cases. I personally wouldn't trust any software that claims to safely remove all trace of a given file without having an affect on anything else on the drive.

Agreed. That's why I **** everything that's even semi-private into TrueCrypt in the first place. Even if they manage to recover a TC file, their work is only just beginning.

The OS keeps track of exactly where every bit and byte of data is on the hard drive, or you wouldn't be able to access it. So a program that takes advantage of that and only overwrites the portion of the drive that contains that data is entirly possible. As a matter of fact, without googling, I seem to recall the name "File Shredder" as doing that exact thing.

Here is a quick example:
http://www.softpedia.com/get/Security/Secure-cleaning/PermanentFileDelete.shtml

I'd be safe and make sure it does what it claims if you have an undelete program.

Schluep

I am certainly no where near an expert on the subject. To be honest it isn't something I wouldn't have even thought to try and do until I read this thread.

It was my understanding however that any program accessing those files has to do so through the OS and the OS typically would not let the software identify and overwrite the specific bits on the hard drive. Any virus or other malicous program capable of interacting directly with hardware typically has to infect a system process belonging to the OS that can communicate directly with hardware. Otherwise I would imagine there would be many more viruses that immediately wipe entire hard drives through overwriting of various random portions of the drive. The degree of privilege escalation to control what should be controlled only by the OS would be a concern me in terms of trusting the software to execute properly when it's intent isn't to overwrite everything. I would also imagine the OS manufacturers likely continue to fix and block such software from having this capability like they typically due to patch various forms of privilege escalation.

When I write programs I never tell it where to find the files on the hard drive, and wouldn't probably never finish a program if I had to. I have never had to write into a program how to access a particulr manufacturer's CD drive when I want it to read data from a CD. I don't even know how I could write it with any of the languages I am familiar with, but at the same time I have never been a full time programmer. I would imagine all of the different hard drives and manufacturers that such a precise process on the part of the software would be even more difficult.

I haven't tested any of this software personally and don't know of any organizations that consider such methods of destruction to be sufficent. Maybe I am thinking too much into it, but I certainly wouldn't trust a program claiming to perform that function without sufficient testing. It is definitely something interesting that I plan to research more. Some of this software seems worth testing to see how effective it is (or if is is effective).

For some reason I sense a post from Keatron saying I am completely wrong and explaining that software does this all time without my knowng .

sprkymrk

I am certainly not an expert on this either, I just remember there were some programs out there that claim to be able to do it.

In one sense, a simple defrag can assist in making it harder to recover files that have been deleted. I would assume a program written specifically to really delete files would be possible. It may be that once you install the program, it takes over control of the hard drive (or a designated portion of it) from the OS similar to partitioning software.

Then again, maybe not.

JDMurray

If you want to wipe and entire disk partition or hard drive then DBAN using two or three rounds of the pseudorandom data is more than enough. If you only want to erase individual files and folders then give Eraser a try. I like Eraser because it also wipes free disk space and the slack space present in most files. I only wish that Eraser had a setting to rename files before it erased them. As it is now, the erased file's name will persist in the partition file table.

liven

JDMurray wrote:

If you want to wipe and entire disk partition or hard drive then DBAN using two or three rounds of the pseudorandom data is more than enough. If you only want to erase individual files and folders then give Eraser a try. I like Eraser because it also wipes free disk space and the slack space present in most files. I only wish that Eraser had a setting to rename files before it erased them. As it is now, the erased file's name will persist in the partition file table.

HEY , THANKS!!!

What if the file was manually remaned? Then "erased"?

Also does anyone know of any of these types of utilities for linux/unix/bsd?

Schluep

From the looks of that Eraser program it seems that it does in fact overwrite specific portions of the disk. I am somewhat surprised to see that the OS allows it to do so, but it does seem to accomplish that purpose.

There are still some concerns however as I summarize from their FAQ:

They state in their FAQ that recovering data from the disk platters can still be possible but difficult if everything goes according to plan. If it doesn't go according to plan the following issues could allow for data recovery:

1. After defragmenting the drive the software would not truly erase the file by overwriting it from it's current location because it was moved all around the drive during the defragment process.

2. Many software programs exist that create temporary back-ups of the files while they are running which would still be accessible from various places on the drive if the temporary back-up is written to the drive.

Those two concerns from their FAQ above seemingly contradict the claim "Erases FreeSpace on 95, 98, ME, NT, 2000, XP and DOS." because if it could erase all free space without harming affected data those above two concerns should not exist.

I guess I was incorrect in my initial analysis that software cannot determine the location of the file on the drive, but correct in that it cannot be used to safely delete a file without the possiblity of recovering it.

I think I will download it when I get a chance sometime soon and try to test it out a bit.

JDMurray

Keep in mind that there's a difference between erasing a file that currently exists and erasing a file that has already been deleted. The only difference between the two types of files is that the deleted file's disk sectors may be over-written by other files, including a defrag operation. If you "erase" a file, the file's contents are over-written and then the file is deleted. The file itself may be recovered using forensic tools, but the contents of the file are already forever destroyed.

In any case, the information of the erased file's existence (file name, date, size) remains in the partition's file table. If you really want to hide the fact that a file ever existed, the best you can do is rename it to some random name before erasing it. (Actually, "the best" would be to only ever write the file to a TrueCrypt volume and then erase the volume file.) Renaming before erasing is the feature that I wish Eraser had. I have also looked for a tool to clean obsolete entries from file tables, but I've been told for DOS and NTFS file systems that operation is impossible to reliably perform.

I recommend experimenting with both Eraser and Recuva to see exactly what Eraser is doing to files and how recoverable they are (and aren't).

sthomas

snadam wrote:

ahhh, there is nothing like taking a sledge-hammer and going 'office space' on a hard drive...fantastic stress reliever if you ask me!

classic

liven

JDMurray wrote:

Keep in mind that there's a difference between erasing a file that currently exists and erasing a file that has already been deleted. The only difference between the two types of files is that the deleted file's disk sectors may be over-written by other files, including a defrag operation. If you "erase" a file, the file's contents are over-written and then the file is deleted. The file itself may be recovered using forensic tools, but the contents of the file are already forever destroyed.

In any case, the information of the erased file's existence (file name, date, size) remains in the partition's file table. If you really want to hide the fact that a file ever existed, the best you can do is rename it to some random name before erasing it. (Actually, "the best" would be to only ever write the file to a TrueCrypt volume and then erase the volume file.) Renaming before erasing is the feature that I wish Eraser had. I have also looked for a tool to clean obsolete entries from file tables, but I've been told for DOS and NTFS file systems that operation is impossible to reliably perform.

I recommend experimenting with both Eraser and Recuva to see exactly what Eraser is doing to files and how recoverable they are (and aren't).

HEY thanks again!!!

Very good info.