Why Secure File Deletion Tools Aren’t Foolproof

Kent

Level 10
Thread author
Verified
Well-known
Nov 4, 2013
468
Source------------ http://www.howtogeek.com/172077/why-secure-file-deletion-tools-arent-foolproof/

To actually erase files from a magnetic hard drive, you would have to overwrite the file with useless data. Some tools attempt to make this easier, offering to “securely delete” a file by deleting it and overwriting its sectors with junk.

Such tools will make the specific file you “securely delete” unrecoverable. However, if you have the nuclear launch codes on your computer and need to get rid of them, just “Securely deleting” the file itself isn’t good enough.

How Secure File Deletion Works
On a magnetic hard drive, deleted files aren’t actually removed from the hard drive immediately. Instead, the “pointers” that indicate where the file’s data is stored are deleted. The hard drive sectors containing the file’s data still contain the data. They’re just marked as available for use and can be overwritten in the future.

If you continue writing data to your hard drive, the sectors may eventually be overwritten with new data and the file will probably become unrecoverable. However, if you immediately try to recover the deleted file with a file recovery tool, you’d likely be able to get it back — at least on a magnetic hard drive. Solid-state drives work differently.

Operating systems only mark files as deleted because actually deleting a file’s data from your hard drive is slower. Its sectors would have to be overwritten, so a quick task becomes a much longer operation. For example, if you wanted to completely erase a 1 GB file, you would have to write 1 GB of data to the drive. Your computer would be much slower if it had to do this every time it deleted a file.

Secure file deletion tools do what operating systems don’t normally do. When you “securely delete” a file, the tool will delete the file normally and take note of where its data is stored, overwriting those sectors with junk data. This should prevent the data from being recoverable — yes, you should only have to overwrite the sectors once.

recover-a-deleted-file-with-recuva.png


Places Where the File Might Be Lurking
Such tools do work on magnetic hard drives, erasing the current file’s data from the disk completely so it can’t be recovered from that place. However, there are other places that bits of the file may be lurking:

  • Other Copies of the File: If, at any point, you had an additional copy of the file on your hard drive, the file may still be on your hard drive. Even if you deleted the additional copy, the deleted copy’s data may still be present on your disk.
  • Temporary Files: If any program was using the file, its data may be stored in temporary files. For example, extracting a ZIP, RAR, or other archive file will often place a copy of the archive’s contents into temporary files.
  • Search Indexes: Bits of the file may be recoverable from search indexes. For example, the text of a document may be present in a search index.
  • Shadow Copies: Windows automatically adds copies of files to “shadow copies,” and they can be recovered using System Restore. On Windows 8, File History is constantly making backup copies and may have a backup of your files.
  • Prefetch: The Prefetcher in Windows helps applications load faster by creating prefetch files for applications. If you need to securely delete an .exe file, portions of it may still be present in the Windows prefetch directory.
  • Image Thumbnails: Most operating systems create thumbnail-sized copies of images so they can quickly present image thumbnails later. If you have a sensitive photo you wish to securely delete, a smaller version of that photo may still be available in a thumbnail cache.
Worse yet, if you had any of these at any point — let’s say you had an image thumbnail but deleted it — the deleted files may be recoverable. It’s very difficult to know for sure whether any data from a “securely deleted” file is actually still present on your hard drive.

Wiping your drive’s free space will help somewhat — everything will be overwritten, so no deleted files will be recoverable. However, this doesn’t protect you against copies and bits of the file that may be sitting around undeleted on your drive.

ximage139.png.pagespeed.ic.qo-QKil_qx.png


How To Ensure a File Stays Deleted
Simply “securely deleting” a file isn’t good enough if you’re actually worried about people being able to recover that file. For example, if you have the nuclear launch codes on your laptop, you’ll want to do more than securely delete them. More realistically, if your laptop has a document containing sensitive financial data like credit card payment details and social security data, you’ll want to do more than simply “securely delete” the file before you get rid of the laptop.

If you’re disposing of the computer, you’ll likely want to do a full wipe of the drive and reinstall the operating system. This should ensure that no data is realistically recoverable.

If you want the ability to securely delete a single file without wiping your entire drive, you may want to set up full disk encryption with TrueCrypt or a similar encryption tool ahead of time. If you encrypt your hard drive, you won’t have to worry about people recovering the data unless they get your encryption key.

If you really are disposing of a laptop that once contained the nuclear launch codes, you may want to destroy the drives completely. The military and government physically destroy drives containing very sensitive data, cutting them up into pieces and melting them down to ensure data can never be recovered. Yes, this is overkill for many situations — but if you’re really worried and have extremely sensitive data, it can be worth it.

image241.png
 

Ali80

Level 5
Verified
Nov 13, 2014
218
Matter is indestructible, it only changes its shape in time and space.
So yes files that we want to delete by overwriting those sectors with junk data is good method. Encryption is also good method. Therefore we should not too much strain on these issues.
Good post @Kent :)
 
Last edited:

Cch123

Level 7
Verified
May 6, 2014
335
I wouldn't recommend using Truecrypt though, at least not until the independent review on it is fully completed. Frankly speaking, True crypt shutting down when it was about to be audited by independent security researchers is very suspicious.
 

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
Goverments use (at least what I was told in my country) self destructable flash drives to protect the data.
HDDs in 90s didn't have so much density like modern ones, so overwritting data on those drives with zeros or ones could be recovered by magnetic force microscopy or Advanced MFM. Equipment for that procedure costs differently, but not less than a 50000$.

With modern HDDs and especially flash drives, data securely erased with onepass are really gone. For us mortals.
If you are paranoid go with Guttman 35pass and equip yourself with patience.
 

bribon77

Level 35
Verified
Top Poster
Well-known
Jul 6, 2017
2,392
Well, if I don't get it wrong, what you want is to erase a hard drive.
The best thing for it is a drill, you drill it like a gruyere cheese and that's it.
The idea is not very elegant but I think it will be effective (although I have not tried it yet) :p
 

DeepWeb

Level 25
Verified
Top Poster
Well-known
Jul 1, 2017
1,396
Even Google uses a physical shredder for their HDDs. Even they can't trust any software to do it properly.
I don't think you can secure erase a HDD. There will always be something left. It's like trying to remove a tattoo. :ROFLMAO:
 

plat

Level 29
Top Poster
Sep 13, 2018
1,793
Can't scratching the surface with a nail or razor obliterate the chance of recovering anything? I've read where people take the HDD and/or SSD out to the backyard and shoot it. I mean, you don't want to reuse it, right? Just destroy any chance of recovering something off of it.
 

Thales

Level 15
Verified
Top Poster
Well-known
Nov 26, 2017
708
I'm sure the Bruce Schneier method also works. I trust his work and it is very fast if you want to delete small files.
 
Last edited:

BoraMurdar

Community Manager
Verified
Staff Member
Well-known
Aug 30, 2012
6,598
Just to update you guys with info some may find useful.
I bought new external HDD and wanted to wipe the old one entirely. Booted to Strelec Boot PE and erased the disk with Active KillDisk 1pass fill with zeroes with verification on 10% of the disk.
Process took around 3 hours (320GB HDD).

No recovery software could find anything on it (O&O, Recuva, MiniTool, RStudio, EaseUS, GetDataBack...) It took me full day to complete all the tasks.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top