Some aspects of (secure) file deletion.

View previous topic View next topic Go down

Some aspects of (secure) file deletion.

Post by The_gh0stm4n on Sun 22 Mar 2015, 05:49

Hello all,


The following is meant to be an outline of an issue that most PC users (still) are unaware about: namely the topic about file deletion. Note that I cannot provide an extensive guide to all possibilities that may occur (that would be far beyond the scope of a single thread like this). But what I can give you - again - are some guidelines. So here you go:











As shown in these two screenshots, that is the way (I guess) that many people are going to delete an ordinary file. But not many people know that simply emptying the Recycle Bin does NOT get rid of the files that are supposed to be deleted. The files will basically remain on your hard-drive(s) until they are overwritten by other files or data.

These 'other' files can be newly installed programs/games or any other files (music, videos, documents, etc.) that you may put on your computer. Also note that MOVING files around your hard-drive, can overwrite data that has been 'erased' via the Recycle Bin; as well as defragmenting a hard-drive ! 

What the computer technically does is not actually delete the file. Rather, the system assigns the erased file a tag, which makes it possible for other data to occupy that filespace. Simply put, the computer tells other files that "they can occupy the filespace of the file that was deleted with the Recycle Bin".

And it may be possible, depending on the 'condition' of the file (= whether or not it has been overwritten already by other files), to restore such erased files. Most people are using third-party software for tasks like that. The following screenshot shows an example from my old laptop, with the program "TuneUp utilites 2009".






Note that although the condition of those files is "bad" (meaning that these files were at least partially overwritten by other data), they still show up in this heading. 

What does that mean now ? I will illustrate a couple of example scenarios, showing (possible) ways how to deal with that. Note that for most of you though, this thing won't be necessary. Smile  And for those of you who work in an area where you need to deal with sensitive data, you will (hopefully ?) already know how to deal with that anyway. So here goes:



1) "Regular" file deletion:


Many modern 'maintenance' software will have additional functions that enable you to overwrite files & folders multiple times. This is to ensure that the file will be (largely) destroyed and that no meaningful data can be recovered from it. The following example shows again TuneUp Utilities 2009:











Depending on the software you use, the wording might be different, but I'd suggest that if you really go through the hassle of this special type of file deletion, that you also choose the option "Delete allocated free space". If you do that, it will free up the occupied file space (of the deleted file), for other stuff to be used. Similar to the thing with the "tag", that I described above, just with the difference that the file itself gets deleted (properly).






Again, depending on your particular program, there are several methods of multiple overwritings. The one with the "DoD" in the screenshot overwrites files 3 times, with different data characters (note that as this is an older program, the US Department of Defense may now have different security standards of file deletion, of course. But at the time this program came out, the thing with the 3 "deletion passes" was the guideline...)

The "Gutmann"-method deletes files over 30 (!) times, but of course, that can take a while, depending on the size of the file that is to be deleted.

And of course, if you're really paranoid, you can even multiply those passes by selecting yourself how often these methods are to be repeated... What a Face



2) Microsoft Office documents:


Some of you may have figured out already that in Office documents, you have an option to "autosave" your work, in case of things like power outages or when you simply forget to save. While I personally recommend you use that option, you should also know that these automatic back-up files will usually "disappear" after you save the document in Office. But that does NOT mean those temporary backups are gone for good !

In fact, it is also possible to restore those temporary files, under the conditions I mentioned above (with third-party software, and provided that between the deletion and restore you have not done much file movements - i.e. the document must be in good condition). 

In the recent Microsoft Office "Word" 2013, go to the "FILE"-tab and then under "Options". Click the "Save"-tab now.






Under "Save AutoRecovery information every..." you can set the intervals in which the program saves your work. The "AutoRecover file location" shows the location on your computer where all those temporary files are stored. If I now type in something in Word...








And then look under the location of these temporary files, I will see this here:







If I save the document and exit, the file shown there will be gone. But it can still be restored theoretically. How can you then delete files that are "not directly there" ? You can either de-activate the autosave feature completely by unmarking the box in the above screenshot - though I really cannot tell with 100% certainty whether that's going to prevent "Word" from creating backups of your work. And keep in mind that your work will be lost if you don't save, and if you encounter some sort of technical problem (power outage, etc.). Alternatively, the next passage might give you another idea.




3) Overwriting free disc space on your hard-drive:


Even if you delete individual files in a manner I just described, you will probably want to wipe the "free allocated filespace" on your hard-drive(s) regularly. The following screenshot shows the option in the free version of CCleaner, on my old laptop:







Under "Security", you have the option of selecting with how many deletion passes you want to overwrite the free allocated space. Note that depending on the size of your drive, this process can take quite a while. And therefore you may not want to do it too often. Even once a week may be too much for the average person, but of course, in certain professions there are regular procedures for this kind of stuff.

As a side-note...did anybody of you ever wonder what stuff you can find on used hard-drives that are on sale (e.g. on eBay) ? I haven't done that myself yet, but I'm sure you would be able to recover some data (if you really wanted to), that the owner of the computer/hard-drive did not want anybody to see.

This aspect is something that many people overlook unfortunately: they give away their computers as gifts or sell them, while there still may be sensitive data on it. Now, if the buyer really wanted to go through the hassle, he or she can now try and restore some files...something which you certainly don't want. What to do about that ?

If you decide to give your computer as a gift to someone, it wouldn't be bad if you could trust that person fully. In case you want to sell the computer to a person previously unknown to you, it might be a good idea to go through the hassle of wiping the entire hard-drive. In the screenshot above about CCleaner, under "Wipe", you also have the option to erase the entire hard-drive. Note that this can take quite a while though ! Not sure about CCleaner, but many other modern (maintenance) programs that deal with things like that, have an option to automatically shut down when the process is finished. So you can turn the computer on, do the "wiping", and then leave for work or do anything else.


That's it again ! I hope this small guide gave you some initial ideas of this (underestimated) topic. Smile  Have fun !

_________________
Respectfully,

The_gh0stm4n
G4TW Forum Gatekeeper



avatar
The_gh0stm4n
VETERAN Moderator
Inspector General & Forum O.G.
VETERAN Moderator Inspector General & Forum O.G.

Windows version :
  • Windows 8
  • Windows 7
  • Windows XP
  • Windows 10

System architecture :
  • 32 bits (x86)
  • 64 bits (x64)

Favourite games : The Sims 3, L.A. Noire, Saints Row, Red Faction, Minecraft, Plants vs. Zombies: Garden Warfare, Titanfall, Team Fortress 2, Darkest Hour, GTA V, GTA: San Andreas, S.W.A.T. 4, Counter-Strike, Hitman, Borderlands, Fallout, Dishonored, Call of Duty, Battlefield, The Binding of Isaac: Afterbirth†, Enter the Gungeon.
Male Posts : 14441
Points : 19166
Reputation : 2037
Join date : 2012-11-02
Location : The Situation Room

View user profile

Back to top Go down

Re: Some aspects of (secure) file deletion.

Post by Adwomin on Sun 22 Mar 2015, 12:04

Thank you for this guide, Carlos! Glad someone wrote one, because it's a common mistake indeed.
I'd also like to point out that CCleaner can automate the "overwrite" process, when you do a manual or automatic scan. (See screenshot below)



As you can see, NEVER use "Wipe Free Space" on an SSD, because it can have a negative effect on the drive.
Also keep in mind that this will permanently remove anything you have in your Recycle Bin, so be careful!!!

And for recovering, Recuva is a great free alternative: http://www.piriform.com/recuva


Carlos wrote:This aspect is something that many people overlook unfortunately: they give away their computers as gifts or sell them, while there still may be sensitive data on it. Now, if the buyer really wanted to go through the hassle, he or she can now try and restore some files...something which you certainly don't want. What to do about that ?

If you decide to give your computer as a gift to someone, it wouldn't be bad if you could trust that person fully. In case you want to sell the computer to a person previously unknown to you, it might be a good idea to go through the hassle of wiping the entire hard-drive. In the screenshot above about CCleaner, under "Wipe", you also have the option to erase the entire hard-drive. Note that this can take quite a while though ! Not sure about CCleaner, but many other modern (maintenance) programs that deal with things like that, have an option to automatically shut down when the process is finished. So you can turn the computer on, do the "wiping", and then leave for work or do anything else.
Unfortunately a lot of people forget about that important downside of hard drives.
If you want to sell your HDD/PC and want to be 99% sure that your sensitive data has been removed, don't use that CCleaner, but burn a bootable disc for specialized software that allows you to "Zero Write" the HDD. This will remove EVERYTHING from the HDD. Even your Windows installation, since you're not booting up Windows (and the files are not in use). Note that a Windows installation also holds a lot of personal information, even if you safely remove your important files.
After that, the new owner can install their own fresh Windows installation, and you're worry-free. Smile

_________________
Bonsoir, friend.


~ Nobody's gril. ~
avatar
Adwomin
free society
free society

Windows version :
  • Windows 8
  • Windows 7

System architecture :
  • 32 bits (x86)
  • 64 bits (x64)

Favourite games : GTA Series, Cities: Skylines, Prison Architect, Borderlands series
Female Posts : 19211
Points : 1026422
Reputation : 2253
Join date : 2010-03-12
Age : 16
Location : Del Perro Heights

View user profile https://www.games4theworld.org

Back to top Go down

Re: Some aspects of (secure) file deletion.

Post by The_gh0stm4n on Thu 26 Mar 2015, 02:43

Admin wrote:Thank you for this guide, Carlos! Glad someone wrote one, because it's a common mistake indeed.
I'd also like to point out that CCleaner can automate the "overwrite" process, when you do a manual or automatic scan. (See screenshot below)



As you can see, NEVER use "Wipe Free Space" on an SSD, because it can have a negative effect on the drive.
Also keep in mind that this will permanently remove anything you have in your Recycle Bin, so be careful!!!

And for recovering, Recuva is a great free alternative: http://www.piriform.com/recuva


Carlos wrote:This aspect is something that many people overlook unfortunately: they give away their computers as gifts or sell them, while there still may be sensitive data on it. Now, if the buyer really wanted to go through the hassle, he or she can now try and restore some files...something which you certainly don't want. What to do about that ?

If you decide to give your computer as a gift to someone, it wouldn't be bad if you could trust that person fully. In case you want to sell the computer to a person previously unknown to you, it might be a good idea to go through the hassle of wiping the entire hard-drive. In the screenshot above about CCleaner, under "Wipe", you also have the option to erase the entire hard-drive. Note that this can take quite a while though ! Not sure about CCleaner, but many other modern (maintenance) programs that deal with things like that, have an option to automatically shut down when the process is finished. So you can turn the computer on, do the "wiping", and then leave for work or do anything else.

Unfortunately a lot of people forget about that important downside of hard drives.
If you want to sell your HDD/PC and want to be 99% sure that your sensitive data has been removed, don't use that CCleaner, but burn a bootable disc for specialized software that allows you to "Zero Write" the HDD. This will remove EVERYTHING from the HDD. Even your Windows installation, since you're not booting up Windows (and the files are not in use). Note that a Windows installation also holds a lot of personal information, even if you safely remove your important files.
After that, the new owner can install their own fresh Windows installation, and you're worry-free. Smile


Indeed, there would be a lot to discuss about this, but I deliberately kept it short.  Oh my...


I would not even clear the free space on an HDD, too often. The more you do it, the more writing activity will you have with that drive, and that's going to reduce the lifespan of your drive significantly, over time. Sure, governemnt agencies can do that as much as they like, because they (usually) get as much of this kind of stuff as they want. But it shouldn't be too necessary for the average user either.

Also, is the thing with the bootable disc faster ? I would have probably just plugged out the drive (which I completely want to erase, including Windows), and hooked it up via the SATA controller on a different computer, so that it shows up as a 'second' drive there. I'll then boot up with my regular drive on that other computer, and then format/erase that 'second' hard-drive multiple times. 

In any case, whatever you choose to overwrite the stuff with (be it zero-bytes or anything else), you must make usre to choose not just one pass, but several, to make sure that the data is largely destroyed. And that can take a while to complete.

_________________
Respectfully,

The_gh0stm4n
G4TW Forum Gatekeeper



avatar
The_gh0stm4n
VETERAN Moderator
Inspector General & Forum O.G.
VETERAN Moderator Inspector General & Forum O.G.

Windows version :
  • Windows 8
  • Windows 7
  • Windows XP
  • Windows 10

System architecture :
  • 32 bits (x86)
  • 64 bits (x64)

Favourite games : The Sims 3, L.A. Noire, Saints Row, Red Faction, Minecraft, Plants vs. Zombies: Garden Warfare, Titanfall, Team Fortress 2, Darkest Hour, GTA V, GTA: San Andreas, S.W.A.T. 4, Counter-Strike, Hitman, Borderlands, Fallout, Dishonored, Call of Duty, Battlefield, The Binding of Isaac: Afterbirth†, Enter the Gungeon.
Male Posts : 14441
Points : 19166
Reputation : 2037
Join date : 2012-11-02
Location : The Situation Room

View user profile

Back to top Go down

View previous topic View next topic Back to top


Permissions in this forum:
You cannot reply to topics in this forum