Solved

How to ensure a file is deleted permanently

Posted on 2004-10-01
9
304 Views
Last Modified: 2013-12-27
How do you ensure a file is deleted permanently on sun solaris.
We are trying to ensure the files data can not be recovered by any means
0
Comment
Question by:inzaghi
9 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 125 total points
ID: 12199595
To ensure that a reasonable effort can't recover data from a file you need to overwrite the file with at least three passes (all zeros, all ones, and a random pattern). Then the file can be safely deleted. There are tools for doing this sort of thing like UniShred (http://www.lat.com/Our_Products.html)
0
 
LVL 10

Assisted Solution

by:Nukfror
Nukfror earned 125 total points
ID: 12205406
As jlevie said "reasonable effort" ... but you said "by any means" which means you must phsyically degause the media and then smash it to bits.  Don't laugh - I've worked at places where this is a regular practice.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12205621
Nukfor is correct. If you really mean "by any means" the only option becomes physical destruction of the disk drive(s). And that means dropping them into a hammer mill or a furnace hot enough to melt the platters down. Nothing less than this will suffice if that requirement must be met.
0
Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

 
LVL 4

Expert Comment

by:Otetelisanu
ID: 12214737
echo " " >file_name
0
 

Expert Comment

by:jcarnevale
ID: 12248369
If we are dealing with a single file than the easiest way to make sure that it can no longer be read is to simply delete it (rm -rf <filename>) and then create the same file again with nothing in it  (touch <filename>).  I'm guessing you don't want to destroy your HDD and you certainly don't want to wipe out your partition.

Another option would be to create a new file system, mv the file to it, then blow out the file system.

Neither of these options really cover the "by any means" qualification but I don't know anyone who would be able to find that file or the contents of it if you follow either of these methods.  Good luck.
0
 
LVL 3

Expert Comment

by:Mike R.
ID: 12252342
After removing a file with “rm”, writing null data again to the same file name does not necessarily guarantee the data will be nullified from the disk, as the “new” file may not point to the same physical location on the disk (inode).  To make sure the actual magnetic media section of the disk on which the file resided is wiped, you would have to access the area by inode.

-You can use "ls -i" to obtain the inode number of the file.
-Look into "man clri" (man on "clear inodes" command) to see about clearing the data at the inode (however, I believe this permanently removes the data area from usability.)
-Look into obtaining “debugfs” for modifying data by inode (not sure if its avail for Solaris though.)
-This link has some good info about UNIX file systems and inodes...
http://www.unix.org.ua/orelly/networking/puis/ch05_01.htm

…if you are looking to clear the entire hard drive without destroying it…do the following…

1.      Boot to the Solaris install disk
2.      When it starts the install GUI, open a terminal window (don’t start the install)
3.      In the terminal window, type “format”
4.      Select the appropriate disk from the menu which will appear
5.      From the next menu, select “Analyze”

This will do a four pass read/write to the entire drive…writing zeros to the disk.  This should SUFFICIENTLY clear the data.  This is acceptable for most DoD level security…however, again, the ONLY way to guarantee the data is unrecoverable is to destroy the platter.

Best of Luck!
M
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12254560
A four pass overwrite is only acceptable for data at the DoD Secret level or below. Above that destruction is the only acceptable method. And there are caveats for sanitization relating to bad block replacement at the Secret level. Chapter 8 of the NISPOM covers this for non-government agencies.
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
Why Shell Scripting? Shell scripting is a powerful method of accessing UNIX systems and it is very flexible. Shell scripts are required when we want to execute a sequence of commands in Unix flavored operating systems. “Shell” is the command line i…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now