There have been a few articles/news items flying around about the fact that computer forensics can find data no matter how hard you try to hid it “even if you press the delete key, they can find it” “the only way to ensure they can’t find the data is to destroy the hard-disk”
Well, the first time I saw this I thougt ‘rubbish!’ and about 4 seconds later figured out how to permanently delete data.
The ‘key’ knowledge is that when you press the delete key, all that gets deleted is the reference to the file. it saves OS time to just leave the file there and add the size of the file to the ‘free space’ figure.
The first ‘way’ I thought of was to simply fill the hard disk with something other than the sensetive data in question. This would not take too long with today’s huge file sizes (such as the files on a DVD) You simply fill the hard disk gradually until the ‘free space’ figure is nil.
Now unless hard disks can store more data than they claim to - the aforementioned method HAS to work.
The second ‘way’ If you are a programmer - you simply write a very simple program that creates a file, and then grows it (by simply adding ‘data’ to it) until it fills the hard disk.
If there is a chance that windows will not let you completely fill a hard disk (maybe it just refuses to let files be written if the free space is lower than say 50MB) then simpy do it in DOS, or from a boot disk.
Now unless I am dumber than I thought, these methods should work shouldn’t they?
I watched a computer-forensic-scientist being interviewed and he said the only way was to destroy the HD. I immediately believed he knew he was lying. that if he told the truth he would be out of business/a job.
Am I right or am I wrong?
I hope you’re right. The cops are just about through the furniture barricade, and I gotta get rid of these stolen credit-card numbers fast.
(Pouring nail-polish remover into computer)
Dissolve, damn you! Dissolve!
There are many utilities available that perform a destructive delete of a file. That is, the area of the disk occupied by the file is overwritten several times with a random pattern. I always assumed that the original data was unrecoverable after such an operation.
OrganicMatter There are probably loads of methods. There are probably many shareware things out there that do this task. The one you mention probably does do the job.
Heck, I used to believe that a format would do it. The so-called forensic scientists claim not.
I think even a defrag of your hard disk will do the job. The almost total 'physical’movement of every single file is sure to place non-deleted files over deleted files.
They should work. I’ve got one from AlalogX called SuperShredder. Not that I deal in super sensitive information mnd you but it’s nice to have handy in case I ever decide to buy a new computer and give this one away.
Now I can’t say if the file I deleted was permanently deleted since I don’t know how to retrieve things but it sure did spend a very long time working on the hard drive for the almost 80 MB file I tossed in there. It is not a quick process.
Here is a good explanation of how your delete can fail you.
Osiris when I said ‘quick’ I was speaking relatively. You could probably do the whole HD over one day by leaving it on a task and coming back a few times until it’s done.
you could watch TV in between.
chuckles Um Lobsang, you didn’t say quick at all. I was just giving a review of SuperShredder.
Other then that I agree. What they should make is a program that you run during the night that will go through and ‘mop the floor’ of your hard drive. That is clean out all the useless bits while leaving everything important untouched.
That kinda reminds me of when I first started downloading stuff. Start just before you go to sleep and hope it doesn’t crash during the night.
As I understand it, all magnetic media leave traces of data behind when overwritten. While the majority of the microscopic magnetic particles embedded in the medium are realigned to store the new data, some always retain their previous configuration. With specialized equipment this data can sometimes be salvaged. I believe this would require opening the hard drive case and removing the platters, in order to use more advanced drive heads. This sort of thing works for every type of magnetic media, including video and audio tape. In fact, I read an article recently about an audio expert who is trying to recover audio from the erased Watergate tape.
Unless you have are believed to have information potentially compromising to national security, I doubt these methods would be brought to bear against the average citizen. Your mp3’s are safe America.
Your confidence is misplaced.
For just one example of why this is so, consider the swap file. This is a Windows tool that permits you to increase your virtual RAM size by swapping out bits of memory to the hard disk. Windows reserves the swap file space, and won’t let you write over it. If your forbidden document was loaded in memory – that is, if you viewed or used it – it’s conceivable that traces of it might remain in the swap file space.
There are methods of reliably deleting data on drives that fall short of complete physical destruction; they usually involve booting the drive up in DOS mode and overwriting it repeatedly with different patterns.
The flaw in both your theories is that you can simply fill up any spot on the drive where the data might have been. Because Windows FAT, FAT32, and NTFS are not simple linear file storage systems, this assumption is incorrect.
Genseric and the article pointed to by don’t ask hit the nail on the head.
To read or write a sector of the disk, the head has to be positioned over the track. Since these devices wear over time, the position is not necessarily centered exactly over the old data. By using special hardware, a forensic disk expert can move the head just a little off to one side or another and read the old data. Writing just zeroes actually makes things easy. Writing random patterns many times helps but is not a cure all.
It appears to be sufficiently economical to do this that all large US cities support businesses that do this. Which also means it’s available to law enforcement.
Hammers, chainsaws, etc. only destroy part of the disk surface. Blow torches and other sources of high heat are recommended as long as 100% of the disk surfaces are heated well above their Curie point.
BTW, I buy 2nd hand computer equipment and I’m amazed what people leave on computers before getting rid of them.
As with all issues of security, the real problem is the human.
According to a navy pal of mine, the crypto people on his ship destroy their hard drives by:
Going at them with an axe.
Pouring acid on the now (very) exposed platters.
Setting them on fire.
Kicking them overboard into the ocean.
Not very environmentally friendly, but quite thorough.
So those possibly incriminating pics I took with the webcam but didn’t save are still there somewhere?
I wonder how long it would take to check 50 gigs of hard drive and more importantly how?
Well , if it turns out that old data can remain. then SURELY HD manufacturers could capitalize on this by USING the area where forensic scientists find old date thus DOUBLING or TRIPLING or more. the capacity of their HDs?!
And anyway someone can always travel back in time to a date when the data was not erased!
Norton Ghost has a function called ‘DoD wipe’ which stands for Departemnt of Defence wipe or what the standard the DoD uses to insure that sensitive data can never be retreived. According to norton it is erasing and writing random digits over the file 8 times.
I use Webroot’s Window Washer and it also “bleaches” all internet-generated files up to 10 times. You can also indicate any files you’d like to be bleached.
When I used to run Windows, the version of PGP that I had would optionally overwrite data up to 26 times. The first time I used it, it took 18 hours to work -luckily I slept through a good bit of it.
Now that I’m running Linux, I just use wipe. Much better.
Lobsang, the size of a “bit” on written on the disk is larger than necessary for reading. This helps make sure the data is readable years later due to (a) the magnetized spot losing some magnetization over time and (b) the head not lining up perfectly over the same spot later (as I mentioned earlier). Reducing the size of the written spot will create numerous errors far earlier in the lifetime of the drive. Improved disk capacity relies on simultaneous improvements in media properties, head technology and servo controller systems.
Again, overwriting with random data helps but will not always stop the real experts.
If you’re paranoid and use MS-Windows 9x (that didn’t come out right), I recommend ScramDisk. Just reading their docs can be helpful. There are several other similar products available for the common platforms.