Gourt Home::Gourt :: File wiping
File wiping is the process of overwriting a file, sometimes multiple times, to ensure its total deletion. Wiping a file is akin to shredding a document using a paper shredder.
Reasons for use
This tool is useful for confidentiality, because files are not entirely deleted using the operating system's default delete function. Instead of removing the entire file, the operating system writes data to the beginning of the file so that the file system treats it as free space. As space is occupied, this data is overwritten. However, it is possible to use recovery tools to recover the file if the hard disk has not been used excessively, by telling the file system to treat the deleted sector as a file again.
However, wiping a file takes a considerably longer amount of time than just deleting it. Very large files, typically over 100MB, can take a prohibitively long amount of time to remove.
How it works
File Wipe programs work not only by unlinking a file but also specifically overwriting them with garbage data. For very high security installations, overwiting the file several times is advised. Many government institutions have specific protocols for file deletion. For instance, the U.S. DoD specification 5220.22 standard says a file must be overwritten three times. Some researchers believe that the U.S. DoD standard is weak, yet others believe the standard was created for archaic MFM/RLL encoding, being written in 1995.
Software
Cross Platform
- PGP and GPG tools often allow users to wipe files after encoding and some allow any deleted files to be wiped.
- DBAN - Darik's Boot And Nuke (http://dban.sourceforge.net) - a bootable floppy or CD to quickly wipe your hard drive.
Windows
- DeepDelete (http://phoenixlabs.org/deepdelete/) - open-source, easy to use, but not very secure. From the makers of (claimed) anti-RIAA PeerGuardian (Methlabs).
- Eraser (http://www.heidi.ie/eraser/) - open-source, easy to use, recipient of numerous awards.
- SDelete (http://www.sysinternals.com/Utilities/SDelete.html) - open-source, command-line only, very secure with a detailed description on what special precautions need to be taken.
Posix (*Nix platforms)
- srm (http://srm.sourceforge.net) (*NIX)
- grind (http://prp0.prp.physik.tu-darmstadt.de/~mrose/grind) (Linux/FreeBSD)
- safeshred (http://www.codetek.com/php/safeshred.php) (OSX)
- shred(1) from GNU coreutils (*NIX)
- wipe (http://wipe.sourceforge.net) (*NIX)
- Some Desktop Environments, like KDE for example, have a GUI shredder .
File Wipe on UNIX and UNIX-like systems
Most modern UNIX computers do not necessarily require file wipe for security against Undelete Attacks. Non-*Nix systems such as DOS, Windows, and Macintosh OS 9 experience strong security benefits from a File Wipe program.
Due to the way UNIX and UNIX-like systems handle deleted files, it is not as vulnerable to an Undelete Attack. These deleted files are only vulnerable temporarily until the OS progressively overwrites this area. UNIX does not immediately wipe the file unless configured to do so but the area where the file resided on the HDD is soon overwritten, much more actively than other systems (where it can remain for months or even years). Sending files to /dev/null via the "rm," or "mv filename /dev/null", command is a generally considered a safe way to remove files from a UNIX system.
Though UNIX systems may be relatively secured against Undelete Attacks, physical inspections of hard drives are more likely recapture data than undelete software (listed above). Using a secure wiping program ensures that attempts are made to overwrite data with patterns of bits that are most likely to render physical inspection useless.
File Wipe on Journaling Filesystems
Many modern operating systems such as Windows XP (NTFS), Mac OS X (HFS Plus), and GNU/Linux with a kernel version greater than 2.4 (ext3, JFS, ReiserFS, and XFS) have the ability to use a journaling filesystem that makes complete erasure of data unlikely. Journaling filesystems are used to increase the integrity of data in case of failures. To accomplish this, the filesystems keep meta data and logs in various places known to the filesystem; most filesystems can also journal all data, but turn this functionality off by default. The meta data and logs will not be securely wiped with a file wiping tool. To increase performance, these filesystems will often arrange I/O commands in an efficient manner and may continuously move data around the disk to prevent the need for operations similar to Windows scandisk. The performance enhancing capabilities of the filesystems makes wiping files hard because the data may only be wiped in its present location, leaving unwiped blocks of the data in other locations on the hard disk. Also, the filesystem may not execute all requests of a redundant I/O command.
There are several ways to securely wipe files when using journaling filesystems:
- Store data that needs to be wiped on a partition (slice, volume, or drive) that uses a non-journaling filesystem. For example, users of Windows can use a Z: drive formatted with FAT32, and users of GNU/Linux can use a partition formatted with ext2.
- Store data that needs to be wiped on a partition that is encrypted using Hard Disk Encryption. This eliminates the need to use a secure wiping mechanism for individual files.
- Store data on a temporary partition using any journaling or non-journaling filesystem. When it is time to wipe all files, use a tool such as Eraser or Wipe to securely wipe the entire partition.
- Physically destroy the hard drive after use by melting the hard drive. (Passing a magnet over the hard drive will not work.)
- On ext3, set the journal mode to ordered data mode (the default for newer versions). In ordered mode, ext3 only journals metadata, not actual data. To find out if you are using ordered data mode, type 'dmesg | grep ordered' (on a Debian GNU/Linux system) and look for a message saying that the partition has been mounted ordered data mode.*
See also
External links
"File wiping"