Secure file wiping question

Discussion in 'Computer Support' started by thsman, Dec 17, 2007.

  1. thsman

    thsman Guest

    I've used various utilities to "securely" wipe files from disks so
    that the disk owner is happy to recycle the disk in a machine destined
    for a new home.

    I've found that while these utilities are good at overwriting the
    files themselves they always seem to leave the file name intact in the
    FAT, or whatever the file name table is called. This means that files
    are not recoverable but you can still easily find out if a certain
    file had at one time been resident on the disk.

    Short of reformatting is there a way of removing the filename from the
    table?
    thsman, Dec 17, 2007
    #1
    1. Advertising

  2. thsman

    PeeCee Guest

    "thsman" <> wrote in message
    news:...
    > I've used various utilities to "securely" wipe files from disks so
    > that the disk owner is happy to recycle the disk in a machine destined
    > for a new home.
    >
    > I've found that while these utilities are good at overwriting the
    > files themselves they always seem to leave the file name intact in the
    > FAT, or whatever the file name table is called. This means that files
    > are not recoverable but you can still easily find out if a certain
    > file had at one time been resident on the disk.
    >
    > Short of reformatting is there a way of removing the filename from the
    > table?




    Realistically the only way to clear a drive short of physically destroying
    it is to overrite the drive with random
    characters many times.
    Download an ISO of the UBCD http://www.ultimatebootcd.com/ and burn it to
    CD.
    After booting from the CD you can then use the utilities on there to wipe
    the drive.

    This way you are not relying on the Hard disks operating system to be
    working to run the cleanup utility and so the UBCD
    utility can wipe 'all' of the hard drive.

    Best
    Paul.
    PeeCee, Dec 17, 2007
    #2
    1. Advertising

  3. thsman

    why? Guest

    On Mon, 17 Dec 2007 11:56:32 -0800 (PST), thsman wrote:

    >I've used various utilities to "securely" wipe files from disks so
    >that the disk owner is happy to recycle the disk in a machine destined
    >for a new home.
    >
    >I've found that while these utilities are good at overwriting the
    >files themselves they always seem to leave the file name intact in the
    >FAT, or whatever the file name table is called. This means that files


    Part of the filename, and yes FAT.
    http://www.webopedia.com/TERM/f/file_allocation_table_FAT.html

    >are not recoverable but you can still easily find out if a certain
    >file had at one time been resident on the disk.
    >
    >Short of reformatting is there a way of removing the filename from the
    >table?


    So you want a secure disk wipe, which most likely means reformat /
    reinstall an OS. Which can be a good thing.


    Try this www.bootdisk.com look in tools / utils.


    http://www.thefreecountry.com/security/securedelete.shtml
    SDelete is a secure delete application that can overwrite a disk's
    unused or unallocated space, or securely delete existing files. It
    implements the US Department of Defense clearing standard DOD 5220.22-M,
    and you can specify the number of overwrite passes it makes. It can also
    wipe Windows NT/2K compressed, encrypted and sparse files (it uses
    Windows defragmentation API to accomplish this), and clears the NTFS
    Master File Table (MFT).

    (It does not delete the filenames of your files in the free disk space
    though - apparently it is not possible to do this in NT/2K.)
    http://www.microsoft.com/technet/sysinternals/FileAndDisk/SDelete.mspx



    check the features, list of apps
    http://www.freedownloadscenter.com/Best/free-dod-delete.html

    another list,
    http://pcwin.com/popular/Dod_Disk_Delete-1.htm
    similar list apps
    http://pcwin.com/Utilities/Free_File_Wipe/index.htm

    Don't recall any of the few I ever used, wipe FAT entries. I always
    wiped the disk and did the OS reinstall.

    You will have to search for something and read the feature lists.

    Me
    why?, Dec 17, 2007
    #3
  4. thsman

    thsman Guest

    Thanks for the replies and suggestions. I'll take a look at those
    links. Just to state the question again; I don't want to have to
    reformat. Right now I have about 28 disks to do this with and a
    reformat/reinstall is just too time consuming. All that is needed is a
    way of removing the filenames. There are lots of utilities to
    overwrite the files themselves but I have yet to find a way to remove
    the filenames from wherever they are kept.

    To see what I mean you could use a utility that overwrites the files
    in a particular directory and then use a file recovery program to see
    what could be recovered. The file recovery program is unsuccessful at
    recovering the files but does show you the list of files you just
    overwrote. That is what I want to avoid.
    thsman, Dec 17, 2007
    #4
  5. thsman

    nobody > Guest

    thsman wrote:
    > I've used various utilities to "securely" wipe files from disks so
    > that the disk owner is happy to recycle the disk in a machine destined
    > for a new home.
    >
    > I've found that while these utilities are good at overwriting the
    > files themselves they always seem to leave the file name intact in the
    > FAT, or whatever the file name table is called. This means that files
    > are not recoverable but you can still easily find out if a certain
    > file had at one time been resident on the disk.
    >
    > Short of reformatting is there a way of removing the filename from the
    > table?


    Some more info needed:

    Are you completely totally wiping the drive or are you just removing
    personal data, leaving the operating system and (some) programs intact?

    How are you looking at the FAT tables to see those filenames?

    What programs did you use? Something sounds "not right" here,

    Did you reboot after wiping to clear any filename caches?

    Did you clear the Recycle bin?
    nobody >, Dec 18, 2007
    #5
  6. thsman

    PeeCee Guest

    "thsman" <> wrote in message
    news:...
    >
    > Thanks for the replies and suggestions. I'll take a look at those
    > links. Just to state the question again; I don't want to have to
    > reformat. Right now I have about 28 disks to do this with and a
    > reformat/reinstall is just too time consuming. All that is needed is a
    > way of removing the filenames. There are lots of utilities to
    > overwrite the files themselves but I have yet to find a way to remove
    > the filenames from wherever they are kept.
    >
    > To see what I mean you could use a utility that overwrites the files
    > in a particular directory and then use a file recovery program to see
    > what could be recovered. The file recovery program is unsuccessful at
    > recovering the files but does show you the list of files you just
    > overwrote. That is what I want to avoid.




    Well you could try a FAT editor and manually edit out each FAT entry.
    http://www.filetransit.com/view.php?id=2016
    http://www.runtime.org/diskexpl.htm
    This would achieve your objective:
    "Short of reformatting is there a way of removing the filename from the
    table?"
    But somehow I think this will take longer than wiping and reinstalling.

    Another reason why a full wipe and restore is recommended is the FAT is not
    the only place that information is stored.
    There are many places in the average Window install where info is stored eg
    the Registry and Temp caches.
    While temp cache files can be simply erased the Registry can't without a
    'lot' of hand editing or effectively killing Windows anyway.

    In reality while you may remove all reference to any given file or files the
    Registry is likely to have passwords, bank access codes and references to
    the same files etc still in it.
    I'm sure your benefactor would not be best pleased if such information
    leaked from a drive you had supposedly cleaned up before passing it on.

    BTW "28 disks" ! suggests either a floppy install or an awfull lot of extra
    software.
    I would respectfully suggest you need to review what is on the hard drives
    when they are passed on.

    Best
    Paul.
    PeeCee, Dec 18, 2007
    #6
  7. thsman

    Guest

    Restoration 2.5.14 can recover deleted files and also can overwrite
    vacant clusters on your HDD.

    available free here http://www.snapfiles.com/get/restoration.html

    the readme.txt mentions FAT tables

    quote

    "Complete deletion
    Erase all vacant clusters by overwriting with random numbers and then
    with zeros.
    After that, erase all deleted file information(FAT partition)/file
    records(NTFS partition) by using random numbers and zeros.

    1. Click "Others" and then "Delete Completely" from the menu bar.

    2. Answer the dialog boxes. "

    secure overwriting can take several hours

    for undelete, its best to restore the file by copying to a different
    partition, flash drive etc to prevent overwring any original data
    , Dec 18, 2007
    #7
  8. thsman

    why? Guest

    On Mon, 17 Dec 2007 15:12:27 -0800 (PST), thsman wrote:

    >
    >Thanks for the replies and suggestions. I'll take a look at those
    >links. Just to state the question again; I don't want to have to
    >reformat. Right now I have about 28 disks to do this with and a


    You already said you don't want to reinstall, That's why I said you have
    to check the features of the apps.

    >reformat/reinstall is just too time consuming. All that is needed is a
    >way of removing the filenames. There are lots of utilities to
    >overwrite the files themselves but I have yet to find a way to remove
    >the filenames from wherever they are kept.
    >
    >To see what I mean you could use a utility that overwrites the files
    >in a particular directory and then use a file recovery program to see
    >what could be recovered. The file recovery program is unsuccessful at
    >recovering the files but does show you the list of files you just
    >overwrote. That is what I want to avoid.


    You mean like the old days (when I used to do a lot of this) with plain
    FAT when the 1st letter of a erased file is converted to E5(hex) IIRC
    and I used to use Norton Utils manually to zero fill FAT and partition
    tables.

    Me
    why?, Dec 18, 2007
    #8
  9. thsman

    Plato Guest

    thsman wrote:
    >
    > I've used various utilities to "securely" wipe files from disks so
    > that the disk owner is happy to recycle the disk in a machine destined
    > for a new home.
    >
    > I've found that while these utilities are good at overwriting the
    > files themselves they always seem to leave the file name intact in the
    > FAT, or whatever the file name table is called. This means that files
    > are not recoverable but you can still easily find out if a certain
    > file had at one time been resident on the disk.
    >
    > Short of reformatting is there a way of removing the filename from the
    > table?


    Best bet is to assume that anything you do on your PC can be, and may
    be, on the front page of tomorrows newspaper.


    --
    http://www.bootdisk.com/
    Plato, Dec 20, 2007
    #9
  10. thsman

    JJ Guest

    why? wrote:
    > On Mon, 17 Dec 2007 11:56:32 -0800 (PST), thsman wrote:
    >
    >> I've used various utilities to "securely" wipe files from disks so
    >> that the disk owner is happy to recycle the disk in a machine destined
    >> for a new home.
    >>
    >> I've found that while these utilities are good at overwriting the
    >> files themselves they always seem to leave the file name intact in the
    >> FAT, or whatever the file name table is called. This means that files

    >
    > Part of the filename, and yes FAT.
    > http://www.webopedia.com/TERM/f/file_allocation_table_FAT.html
    >
    >> are not recoverable but you can still easily find out if a certain
    >> file had at one time been resident on the disk.
    >>
    >> Short of reformatting is there a way of removing the filename from the
    >> table?

    >
    > So you want a secure disk wipe, which most likely means reformat /
    > reinstall an OS. Which can be a good thing.
    >
    >
    > Try this www.bootdisk.com look in tools / utils.
    >
    >
    > http://www.thefreecountry.com/security/securedelete.shtml
    > SDelete is a secure delete application that can overwrite a disk's
    > unused or unallocated space, or securely delete existing files. It
    > implements the US Department of Defense clearing standard DOD 5220.22-M,
    > and you can specify the number of overwrite passes it makes. It can also
    > wipe Windows NT/2K compressed, encrypted and sparse files (it uses
    > Windows defragmentation API to accomplish this), and clears the NTFS
    > Master File Table (MFT).
    >
    > (It does not delete the filenames of your files in the free disk space
    > though - apparently it is not possible to do this in NT/2K.)
    > http://www.microsoft.com/technet/sysinternals/FileAndDisk/SDelete.mspx
    >
    >
    >
    > check the features, list of apps
    > http://www.freedownloadscenter.com/Best/free-dod-delete.html
    >
    > another list,
    > http://pcwin.com/popular/Dod_Disk_Delete-1.htm
    > similar list apps
    > http://pcwin.com/Utilities/Free_File_Wipe/index.htm
    >
    > Don't recall any of the few I ever used, wipe FAT entries. I always
    > wiped the disk and did the OS reinstall.
    >
    > You will have to search for something and read the feature lists.
    >
    > Me

    DBAN it.
    Dariks Boot And Nuke is a binary wiper and if you or your clients want
    secure erasure of past info this is the way to go.
    It completely destroys ALL data by writing zeros and ones to the drive
    in a number of passes.
    http://dban.sourceforge.net/
    If i remember correctly it was made by some NASA guy for wiping top
    secret stuff. I use it on a regular basis before reinstalling OS and
    reformatting the HDD.
    JJ, Dec 20, 2007
    #10
  11. thsman wrote:

    > I've used various utilities to "securely" wipe files from disks so
    > that the disk owner is happy to recycle the disk in a machine destined
    > for a new home.
    >
    > I've found that while these utilities are good at overwriting the
    > files themselves they always seem to leave the file name intact in the
    > FAT, or whatever the file name table is called. This means that files
    > are not recoverable but you can still easily find out if a certain
    > file had at one time been resident on the disk.
    >
    > Short of reformatting is there a way of removing the filename from the
    > table?


    You've got some good advice in the other followups... but no one mentioned
    ALTERNATE DATA STREAMS.

    In the later versions of windows, the os uses alternate data streams as a
    means of tracking what the user is doing during normal, regular usage.
    It'll save filenames, data, url's that you visit, etc and you'll never know
    it was doing it. Even if you delete files off the harddrive, it's quite
    likely there will be a copy of it in the ADS. And what makes it maddening,
    the normal user can't get to the ADS. However, Microsoft can and so can
    most police forces and probably all government agencies.

    Google for it, it makes for interesting reading. It'll leave you with a
    definite feeling of "big brother is watching" if you are on the windows
    platform. If you don't use windows, chances are you are accessing a windows
    machine "somewhere else" like your bank, motor vehicle agency, doctor's
    office, etc... It's a sobering thought.




    --

    Jerry McBride ()
    Jerry McBride, Dec 20, 2007
    #11
  12. thsman

    why? Guest

    On Thu, 20 Dec 2007 11:54:45 -0500, Jerry McBride wrote:

    >thsman wrote:
    >
    >> I've used various utilities to "securely" wipe files from disks so
    >> that the disk owner is happy to recycle the disk in a machine destined
    >> for a new home.
    >>
    >> I've found that while these utilities are good at overwriting the
    >> files themselves they always seem to leave the file name intact in the


    <snip>

    >> Short of reformatting is there a way of removing the filename from the
    >> table?

    >
    >You've got some good advice in the other followups... but no one mentioned
    >ALTERNATE DATA STREAMS.
    >
    >In the later versions of windows, the os uses alternate data streams as a


    True, although not many utils allow any access to ADS. It also seemed a
    bit too in depth for OP. You also didn't mentions issues with toirectly
    in the MFT.

    So cure is back to using 1 of the DOD wipe utils and a reformat.

    Not even a link posted earlier mentions ADS
    http://technet.microsoft.com/en-us/sysinternals/bb897443.aspx
    however it does say,
    Even when you encrypt files with Win2K's Encrypting File System (EFS), a
    file's original unencrypted file data is left on the disk after a new
    encrypted version of the file is created.

    That's very helpful, wonder who in MS worked that one out.

    >means of tracking what the user is doing during normal, regular usage.
    >It'll save filenames, data, url's that you visit, etc and you'll never know
    >it was doing it. Even if you delete files off the harddrive, it's quite
    >likely there will be a copy of it in the ADS. And what makes it maddening,


    You could also mention that anyone could take the disk to a data
    recovery service and the use of a force microscope.

    <snip>

    Me
    why?, Dec 20, 2007
    #12
  13. thsman

    why? Guest

    On Thu, 20 Dec 2007 11:54:45 -0500, Jerry McBride wrote:

    >thsman wrote:
    >
    >> I've used various utilities to "securely" wipe files from disks so
    >> that the disk owner is happy to recycle the disk in a machine destined
    >> for a new home.
    >>
    >> I've found that while these utilities are good at overwriting the
    >> files themselves they always seem to leave the file name intact in the
    >> FAT, or whatever the file name table is called. This means that files
    >> are not recoverable but you can still easily find out if a certain
    >> file had at one time been resident on the disk.
    >>
    >> Short of reformatting is there a way of removing the filename from the
    >> table?

    >
    >You've got some good advice in the other followups... but no one mentioned
    >ALTERNATE DATA STREAMS.
    >

    <snip>

    Couldn't remember where I saw this earlier,
    http://technet.microsoft.com/en-us/sysinternals/bb897440.aspx
    Streams
    The NTFS file system provides applications the ability to create
    alternate data streams of information. By default, all data is stored in
    a file's main unnamed data stream, but by using the syntax
    'file:stream', you are able to read and write to alternates.

    Me
    why?, Dec 21, 2007
    #13
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. jake

    Help! Need some advice on file name wiping

    jake, May 3, 2005, in forum: Computer Security
    Replies:
    13
    Views:
    1,151
    nemo_outis
    May 16, 2005
  2. hubcap

    file wiping

    hubcap, May 14, 2005, in forum: Computer Security
    Replies:
    4
    Views:
    487
    DavidPostill
    May 15, 2005
  3. Trevor
    Replies:
    0
    Views:
    438
    Trevor
    Dec 30, 2007
  4. Replies:
    0
    Views:
    559
  5. Replies:
    0
    Views:
    606
Loading...

Share This Page