Secure file erase

[netmaestro]

Would this code wipe a file safely? Can I be sure the written bytes are going exactly where the existing bytes are? Help is appreciated.

Code: Select all

If OpenFile(0, filename$)
  For i = 1 To 7
    FileSeek(0,0)
    For j= 1 To Lof(0)
      WriteByte(0,0)
    Next
  Next
  CloseFile(0)
  DeleteFile(filename$)
EndIf

[Joakim Christiansen]

Can I be sure the written bytes are going exactly where the existing bytes are?

From my understanding they will. But to really be secure it should be filled with random bytes a couple of times I've heard.
Maybe let the user decide the security level he wants.

[Rescator]

One would assume so, but unless it's a secure drive then no.
There is no guarantee that the file has not been defragmented between creation and deletion.
(and if you delete something right after creation why put it on disc at all).

There is also the issue of the page file, things get swapped into there a lot.

Also, the hard drive might change blocks without the OS knowing, usually if a block goes bad or similar, so there may be fragments around.
And who knows how USB sticks or SSD disks do things *shrug*

The most secure way to delete something on a normal harddrive is to melt the sucker down

One solution though is to use encrypted storage of the file, loose the key and delete the file, anyone trying to recover the file will have to fight the encryption to get to the contents.

[PB]

> Would this code wipe a file safely?

Yes. I've used a similar snippet for my own secure erasing and it works, in
that popular recovery apps weren't able to recover it. However, I was very
hesitant to rely on it for end-users because I was scared they'd sue me if
an app recovered the data, ie. they could say my app wasn't strong enough
with the scrambling. I don't need that kind of aggro, so I ended up ditching
the idea. Worth considering.

[Trond]

It is "software-safe", ie no software can recover the file. But with special equipment it can still be recovered.

[cas]

There will be left some metadata about file (date of creation,etc..) but actual contents of file won't be recoverable.

But with special equipment it can still be recovered.

And that 'special equipment' is portable time machine.

[Thorium]

Thats a very interesting article: http://www.cs.auckland.ac.nz/~pgut001/p ... e_del.html

9. Conclusion
Data overwritten once or twice may be recovered by subtracting what is expected to be read from a storage location from what is actually read. Data which is overwritten an arbitrarily large number of times can still be recovered provided that the new data isn't written to the same location as the original data (for magnetic media), or that the recovery attempt is carried out fairly soon after the new data was written (for RAM). For this reason it is effectively impossible to sanitise storage locations by simple overwriting them, no matter how many overwrite passes are made or what data patterns are written. However by using the relatively simple methods presented in this paper the task of an attacker can be made significantly more difficult, if not prohibitively expensive.

[cas]

Data overwritten once or twice may be recovered by subtracting what is expected to be read from a storage location from what is actually read

If anyone wants to recover data from HDD then this will be main problem for them.

Data which is overwritten an arbitrarily large number of times can still be recovered provided that the new data isn't written to the same location as the original data

This is how windows explorer deletes files, it just removes it from allocation table but actual contents of file are still on HDD. netmaestro's code writes new data at same location so recovery is impossible.

[Thorium]

This is how windows explorer deletes files, it just removes it from allocation table but actual contents of file are still on HDD. netmaestro's code writes new data at same location so recovery is impossible.

No, that is not the meaning of that text.
Read the article closely. It shows some interessting problems and solutions.
At the end erasing a file by overwriting it with different pattern is very secure. But it is not 100% secure.

[cas]

This article is not so good.
My point is that let's say i have a file that i want to securely erase. Use code from first post and all data will be erased (overwritten):

...can still be recovered provided that the new data isn't written to the same location

New data is written to the same location.


only file metadata will stay and 100% file recovery will be impossible, even 0,1% of file recovery will be impossible.

[Thorium]

My point is that let's say i have a file that i want to securely erase. Use code from first post and all data will be erased (overwritten):

...can still be recovered provided that the new data isn't written to the same location

New data is written to the same location.
only file metadata will stay and 100% file recovery will be impossible, even 0,1% of file recovery will be impossible.

How could be be sure aboud that?
For example SSD HD's switching the chips to garantee a minimum of writes to every single chip. The chip will not be erased on switch.
This is just one example.

On magnetic HDD's the position of the write head is not allways 100% the same. So with some luck you can read out the erased file by analysing the surface of the disk. Thats what Trond was meaning. You need special equipment for that.

[KJ67]

On magnetic HDD's the position of the write head is not allways 100% the same. So with some luck you can read out the erased file by analysing the surface of the disk. Thats what Trond was meaning. You need special equipment for that.

That is indeed a problem. If you really are concerned with safety you need to encrypt the disk. TrueCrypt or similar could secure you disk, without problems with SSD's internal relocation, indexation and meta data. But there is a small price in speed and the annoyance of extra passwords.

[cas]

How could be be sure aboud that?

It's simple. If i want to change one byte on file with another then this will be done directly at same position. Only if i am adding new data to file then i don't know where on disk will this new data be written (but that's not the case here).

For example SSD HD's switching the chips to garantee a minimum of writes to every single chip. The chip will not be erased on switch.
This is just one example.

First to say that you can't say "SSD HD" - that means "solid state drive hard disk", SSD is not hard disk.
I believe there is some sort of buffer like in classic HDD's but that buffer is not infinite in size and probably will be erased when powering off.

On magnetic HDD's the position of the write head is not allways 100% the same.

That would mean if i want to download purebasic installation file then probably i will loose some other file on hdd because position of write track is not always the same and it goes over other sectors when writing new data?

So with some luck you can read out the erased file by analysing the surface of the disk.

:roll:

[Thorium]

Sorry but you have misunderstood what i have written. Maybe it's my poor english, or maybe you don't want to understand. It doesn't madders, what you are writting is wrong.

First HD is a term for a disk that is not removable. It would be wrong calling it a disk, right. But on the view of point of the user it is a HD. I think using the term HD to clearify what someone speaks of is ok.

On magnetic HD's the write head will not go over another sector. But there are a tollerance, like every machanic constuction have. A tollerance of 0 is impossible. So the position of the write within one sector can differ.

On SSD, i don't speak about a buffer, i speak about the actual storage chips. They have a limited life time, limited by the count of writes they take. To garantee a high life time, the SSD internal controler is switching the chips for a file that you write to. To spread the write access over all the chips. To not write one chip to it's death.

[cas]

Sorry but you have misunderstood what i have written. Maybe it's my poor english, or maybe you don't want to understand.

Hey, don't need to be so rude, i respect everyone on this forum. I want to understand you and your english isn't bad.

It doesn't madders, what you are writting is wrong.

Sorry but i can say the same thing for you.
This is example of you being wrong:

First HD is a term for a disk that is not removable.

HD is a term of mechanic drive that can be removable. You have USB cases in which you put them and they are then removable (portable).

On magnetic HD's the write head will not go over another sector. But there are a tollerance, like every machanic constuction have. A tollerance of 0 is impossible. So the position of the write within one sector can differ.

Yes, i know that there is no perfect thing on this world. What are you saying was probably true when first HDD's were on market, then were probably best chances to recover data after overwriting. Today, this additional track width added for tolerance is so small that you have less than 1% of chance to recover one byte, imagine what chances are to recover 1MB or more of real, reusable data, which was there before secure erasing...



More info here:
http://www.devtopics.com/secure-delete- ... overwrite/