Wipe deleted files?

Discussion in 'Computer Security' started by Ken Zones, Dec 3, 2006.

  1. Ken Zones

    Ken Zones Guest

    I thought that after a 'free space' wipe on a hard drive that all the
    files that had been deleted would be overwriten.
    I used 'Directory Snoop' to view the files before and after a wipe. I could
    still see and recover the same files.
    The only way I could seem to get rid of the deleted files was to use the
    'Purge' function on the D Snoop program.

    My question is there any other way to get rid of deleted files besides doing
    a D Snoop prurge or using a full disc
    wipe? I find it hard to believe that 'Directory Snoop' is the only software
    that can find and overwrite deleted files
    in a simple manner.

    Tx
     
    Ken Zones, Dec 3, 2006
    #1
    1. Advertising

  2. Ken Zones

    Arthur T. Guest

    In Message-ID:<>,
    "Ken Zones" <> wrote:

    >I thought that after a 'free space' wipe on a hard drive that all the
    >files that had been deleted would be overwriten.
    >I used 'Directory Snoop' to view the files before and after a wipe. I could
    >still see and recover the same files.


    You didn't mention what program you used to do the freespace
    wipe, nor what options you used. There are many programs which
    will do what you want, some free.

    --
    Arthur T. - ar23hur "at" intergate "dot" com
    Looking for a z/OS (IBM mainframe) systems programmer position
     
    Arthur T., Dec 3, 2006
    #2
    1. Advertising

  3. Ken Zones

    Guest Guest

    i have found "deleted" files content still residing on disk after some
    "cleanup/wipe" programs also.

    only way i have found is to use a hooking program that intercepts the
    windows system delete command and then actually overwrites the file itself
    (usually with zeros) BEFORE it changes the directory to show it as
    "deleted".

    never expect the operating system to do anything that will sustain extra
    time usage, you must do it yourself or get a program that does.


    "Ken Zones" <> wrote in message
    news:...
    > I thought that after a 'free space' wipe on a hard drive that all the
    > files that had been deleted would be overwriten.
    > I used 'Directory Snoop' to view the files before and after a wipe. I

    could
    > still see and recover the same files.
    > The only way I could seem to get rid of the deleted files was to use the
    > 'Purge' function on the D Snoop program.
    >
    > My question is there any other way to get rid of deleted files besides

    doing
    > a D Snoop prurge or using a full disc
    > wipe? I find it hard to believe that 'Directory Snoop' is the only

    software
    > that can find and overwrite deleted files
    > in a simple manner.
    >
    > Tx
    >
    >
    >
     
    Guest, Jan 7, 2007
    #3
  4. <> (07-01-07 20:27:54):

    > i have found "deleted" files content still residing on disk after some
    > "cleanup/wipe" programs also.
    >
    > only way i have found is to use a hooking program that intercepts the
    > windows system delete command and then actually overwrites the file
    > itself (usually with zeros) BEFORE it changes the directory to show it
    > as "deleted".


    That isn't secure either, because even Windows does feature a filesystem
    cache. If you write random content to the file, and then delete it
    right afterwards, you risk that the random data isn't written onto the
    disk, because the operating system considers that as unnecessary (since
    the file is already deleted anyway). Some Linux filesystems are that
    smart. I don't know, if Windows is.

    On the other hand, forcing that data to be written (`synchronizing')
    will have a noticable impact on system performance. So resort to the
    following approach.


    > never expect the operating system to do anything that will sustain
    > extra time usage, you must do it yourself or get a program that does.


    There is only one way to ensure that no sensitive data remains on disk.
    Don't let it be written to it in the first place. Create encrypted
    partitions for such purposes. Encrypt your swap space and any other
    temporary storage also.


    Regards,
    E.S.
     
    Ertugrul Soeylemez, Jan 8, 2007
    #4
  5. Ertugrul Soeylemez wrote:

    > <> (07-01-07 20:27:54):
    >
    >> i have found "deleted" files content still residing on disk after some
    >> "cleanup/wipe" programs also.
    >>
    >> only way i have found is to use a hooking program that intercepts the
    >> windows system delete command and then actually overwrites the file
    >> itself (usually with zeros) BEFORE it changes the directory to show it
    >> as "deleted".

    >
    > That isn't secure either, because even Windows does feature a filesystem
    > cache.


    And a journaling filesystem, thus your data will end up in the journal as
    well. And not-in-place updates, thus you may not actually overwrite the
    data, but instead allocate new clusters.

    > If you write random content to the file, and then delete it
    > right afterwards, you risk that the random data isn't written onto the
    > disk, because the operating system considers that as unnecessary (since
    > the file is already deleted anyway). Some Linux filesystems are that
    > smart. I don't know, if Windows is.


    It is, however that depends on your configuration. Generally, if there's
    time to write data, it will write data, to minimize the loss on power
    failure.

    > On the other hand, forcing that data to be written (`synchronizing')
    > will have a noticable impact on system performance.


    Even Windows is smart enough for a feature to bypass the write cache, thus
    you won't trash the write cache.
     
    Sebastian Gottschalk, Jan 8, 2007
    #5
  6. Ken Zones

    Guest

    Also, it's a good idea to use some file shredder that will run in
    background and wipe all files that are deleted in your system. It is
    better than using wipe free space function and it's better that keep
    deleted files in-secure.

    On 8 ñÎ×., 04:10, Ertugrul Soeylemez <> wrote:
    > <> (07-01-07 20:27:54):
    >
    > > i have found "deleted" files content still residing on disk after some
    > > "cleanup/wipe" programs also.

    >
    > > only way i have found is to use a hooking program that intercepts the
    > > windows system delete command and then actually overwrites the file
    > > itself (usually with zeros) BEFORE it changes the directory to show it
    > > as "deleted".That isn't secure either, because even Windows does feature a filesystem

    > cache. If you write random content to the file, and then delete it
    > right afterwards, you risk that the random data isn't written onto the
    > disk, because the operating system considers that as unnecessary (since
    > the file is already deleted anyway). Some Linux filesystems are that
    > smart. I don't know, if Windows is.
    >
    > On the other hand, forcing that data to be written (`synchronizing')
    > will have a noticable impact on system performance. So resort to the
    > following approach.
    >
    > > never expect the operating system to do anything that will sustain
    > > extra time usage, you must do it yourself or get a program that does.There is only one way to ensure that no sensitive data remains on disk.

    > Don't let it be written to it in the first place. Create encrypted
    > partitions for such purposes. Encrypt your swap space and any other
    > temporary storage also.
    >
    > Regards,
    > E.S.
     
    , Jan 18, 2007
    #6
  7. (07-01-18 07:25:54):

    > Also, it's a good idea to use some file shredder that will run in
    > background and wipe all files that are deleted in your system. It is
    > better than using wipe free space function and it's better that keep
    > deleted files in-secure.


    You don't need to do this for an encrypted filesystem. It is (almost)
    impossible for an outside attacker to get to your data. If someone
    hacks their way into your system through a network, then you're lost
    anyway. A shredder won't help a lot in this case.


    Regards,
    E.S.
     
    Ertugrul Soeylemez, Jan 18, 2007
    #7
  8. Ken Zones

    Guest

    Agree, for encrypted file systems there are other security problems,
    file shredder is good for end user who runs XP on FAT32 drive. File
    shredder is really must-have tool in this case.

    On 19 ñÎ×., 00:50, Ertugrul Soeylemez <> wrote:
    > (07-01-18 07:25:54):
    >
    > > Also, it's a good idea to use some file shredder that will run in
    > > background and wipe all files that are deleted in your system. It is
    > > better than using wipe free space function and it's better that keep
    > > deleted files in-secure.You don't need to do this for an encrypted filesystem. It is (almost)

    > impossible for an outside attacker to get to your data. If someone
    > hacks their way into your system through a network, then you're lost
    > anyway. A shredder won't help a lot in this case.
    >
    > Regards,
    > E.S.
     
    , Jan 18, 2007
    #8
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. John Holmes

    Re: Are deleted pictures REALLY deleted?

    John Holmes, Dec 30, 2008, in forum: Computer Support
    Replies:
    7
    Views:
    668
    §ñühw¤£f
    Dec 31, 2008
  2. Replies:
    3
    Views:
    510
    General Patron
    Jan 1, 2009
  3. Bucky Breeder

    Re: Are deleted pictures REALLY deleted?

    Bucky Breeder, Dec 31, 2008, in forum: Computer Support
    Replies:
    0
    Views:
    637
    Bucky Breeder
    Dec 31, 2008
  4. John O
    Replies:
    1
    Views:
    3,217
    Bill Eitner
    Jun 5, 2008
  5. John O
    Replies:
    0
    Views:
    1,999
    John O
    Jun 13, 2008
Loading...

Share This Page