Solved

How to ensure a file is deleted permanently

Posted on 2004-10-01
9
310 Views
Last Modified: 2013-12-27
How do you ensure a file is deleted permanently on sun solaris.
We are trying to ensure the files data can not be recovered by any means
0
Comment
Question by:inzaghi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 125 total points
ID: 12199595
To ensure that a reasonable effort can't recover data from a file you need to overwrite the file with at least three passes (all zeros, all ones, and a random pattern). Then the file can be safely deleted. There are tools for doing this sort of thing like UniShred (http://www.lat.com/Our_Products.html)
0
 
LVL 10

Assisted Solution

by:Nukfror
Nukfror earned 125 total points
ID: 12205406
As jlevie said "reasonable effort" ... but you said "by any means" which means you must phsyically degause the media and then smash it to bits.  Don't laugh - I've worked at places where this is a regular practice.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12205621
Nukfor is correct. If you really mean "by any means" the only option becomes physical destruction of the disk drive(s). And that means dropping them into a hammer mill or a furnace hot enough to melt the platters down. Nothing less than this will suffice if that requirement must be met.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Expert Comment

by:Otetelisanu
ID: 12214737
echo " " >file_name
0
 

Expert Comment

by:jcarnevale
ID: 12248369
If we are dealing with a single file than the easiest way to make sure that it can no longer be read is to simply delete it (rm -rf <filename>) and then create the same file again with nothing in it  (touch <filename>).  I'm guessing you don't want to destroy your HDD and you certainly don't want to wipe out your partition.

Another option would be to create a new file system, mv the file to it, then blow out the file system.

Neither of these options really cover the "by any means" qualification but I don't know anyone who would be able to find that file or the contents of it if you follow either of these methods.  Good luck.
0
 
LVL 3

Expert Comment

by:Mike R.
ID: 12252342
After removing a file with “rm”, writing null data again to the same file name does not necessarily guarantee the data will be nullified from the disk, as the “new” file may not point to the same physical location on the disk (inode).  To make sure the actual magnetic media section of the disk on which the file resided is wiped, you would have to access the area by inode.

-You can use "ls -i" to obtain the inode number of the file.
-Look into "man clri" (man on "clear inodes" command) to see about clearing the data at the inode (however, I believe this permanently removes the data area from usability.)
-Look into obtaining “debugfs” for modifying data by inode (not sure if its avail for Solaris though.)
-This link has some good info about UNIX file systems and inodes...
http://www.unix.org.ua/orelly/networking/puis/ch05_01.htm

…if you are looking to clear the entire hard drive without destroying it…do the following…

1.      Boot to the Solaris install disk
2.      When it starts the install GUI, open a terminal window (don’t start the install)
3.      In the terminal window, type “format”
4.      Select the appropriate disk from the menu which will appear
5.      From the next menu, select “Analyze”

This will do a four pass read/write to the entire drive…writing zeros to the disk.  This should SUFFICIENTLY clear the data.  This is acceptable for most DoD level security…however, again, the ONLY way to guarantee the data is unrecoverable is to destroy the platter.

Best of Luck!
M
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12254560
A four pass overwrite is only acceptable for data at the DoD Secret level or below. Above that destruction is the only acceptable method. And there are caveats for sanitization relating to bad block replacement at the Secret level. Chapter 8 of the NISPOM covers this for non-government agencies.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Java performance on Solaris - Managing CPUs There are various resource controls in operating system which directly/indirectly influence the performance of application. one of the most important resource controls is "CPU".   In a multithreaded…
Every server (virtual or physical) needs a console: and the console can be provided through hardware directly connected, software for remote connections, local connections, through a KVM, etc. This document explains the different types of consol…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:

749 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question