Solved

How to ensure a file is deleted permanently

Posted on 2004-10-01
9
311 Views
Last Modified: 2013-12-27
How do you ensure a file is deleted permanently on sun solaris.
We are trying to ensure the files data can not be recovered by any means
0
Comment
Question by:inzaghi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
9 Comments
 
LVL 40

Accepted Solution

by:
jlevie earned 125 total points
ID: 12199595
To ensure that a reasonable effort can't recover data from a file you need to overwrite the file with at least three passes (all zeros, all ones, and a random pattern). Then the file can be safely deleted. There are tools for doing this sort of thing like UniShred (http://www.lat.com/Our_Products.html)
0
 
LVL 10

Assisted Solution

by:Nukfror
Nukfror earned 125 total points
ID: 12205406
As jlevie said "reasonable effort" ... but you said "by any means" which means you must phsyically degause the media and then smash it to bits.  Don't laugh - I've worked at places where this is a regular practice.
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12205621
Nukfor is correct. If you really mean "by any means" the only option becomes physical destruction of the disk drive(s). And that means dropping them into a hammer mill or a furnace hot enough to melt the platters down. Nothing less than this will suffice if that requirement must be met.
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 4

Expert Comment

by:Otetelisanu
ID: 12214737
echo " " >file_name
0
 

Expert Comment

by:jcarnevale
ID: 12248369
If we are dealing with a single file than the easiest way to make sure that it can no longer be read is to simply delete it (rm -rf <filename>) and then create the same file again with nothing in it  (touch <filename>).  I'm guessing you don't want to destroy your HDD and you certainly don't want to wipe out your partition.

Another option would be to create a new file system, mv the file to it, then blow out the file system.

Neither of these options really cover the "by any means" qualification but I don't know anyone who would be able to find that file or the contents of it if you follow either of these methods.  Good luck.
0
 
LVL 3

Expert Comment

by:Mike R.
ID: 12252342
After removing a file with “rm”, writing null data again to the same file name does not necessarily guarantee the data will be nullified from the disk, as the “new” file may not point to the same physical location on the disk (inode).  To make sure the actual magnetic media section of the disk on which the file resided is wiped, you would have to access the area by inode.

-You can use "ls -i" to obtain the inode number of the file.
-Look into "man clri" (man on "clear inodes" command) to see about clearing the data at the inode (however, I believe this permanently removes the data area from usability.)
-Look into obtaining “debugfs” for modifying data by inode (not sure if its avail for Solaris though.)
-This link has some good info about UNIX file systems and inodes...
http://www.unix.org.ua/orelly/networking/puis/ch05_01.htm

…if you are looking to clear the entire hard drive without destroying it…do the following…

1.      Boot to the Solaris install disk
2.      When it starts the install GUI, open a terminal window (don’t start the install)
3.      In the terminal window, type “format”
4.      Select the appropriate disk from the menu which will appear
5.      From the next menu, select “Analyze”

This will do a four pass read/write to the entire drive…writing zeros to the disk.  This should SUFFICIENTLY clear the data.  This is acceptable for most DoD level security…however, again, the ONLY way to guarantee the data is unrecoverable is to destroy the platter.

Best of Luck!
M
0
 
LVL 40

Expert Comment

by:jlevie
ID: 12254560
A four pass overwrite is only acceptable for data at the DoD Secret level or below. Above that destruction is the only acceptable method. And there are caveats for sanitization relating to bad block replacement at the Secret level. Chapter 8 of the NISPOM covers this for non-government agencies.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This tech tip describes how to install the Solaris Operating System from a tape backup that was created using the Solaris flash archive utility. I have used this procedure on the Solaris 8 and 9 OS, and it shoudl also work well on the Solaris 10 rel…
FreeBSD on EC2 FreeBSD (https://www.freebsd.org) is a robust Unix-like operating system that has been around for many years. FreeBSD is available on Amazon EC2 through Amazon Machine Images (AMIs) provided by FreeBSD developer and security office…
This video shows how to set up a shell script to accept a positional parameter when called, pass that to a SQL script, accept the output from the statement back and then manipulate it in the Shell.
In a previous video, we went over how to export a DynamoDB table into Amazon S3.  In this video, we show how to load the export from S3 into a DynamoDB table.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question