The oposite of file recovery

Hello

I am just wondering, i know you can recover previously deleted, or even formatted files using programs like getdataback, but can you completely delete files so that programs like that cannot recover the information?

I am curious as my boss asked me to recover some files for him and when i did recover them he found some that he didnt want to have recovered, and that he didnt want to be recovered ever (personal stuff).

Just wondering how to perminantly delete a file, or group of files.

Regards
Gavin McMillan
LVL 2
gavinandrewmcmillanAsked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
TolomirConnect With a Mentor AdministratorCommented:
Im using privacy expert:

http://www.acronis.com/homecomputing/products/privacyexpert/

Acronis Privacy Expert Suite provides you with the proactive, real time protection against spyware parasites, adware, keyloggers, hidden dialers, browser hijackers, and other malicious programs. Learn more about spyware removal features...

Acronis Privacy Expert Suite is not only an anti-spyware solution. It delivers the best value on the market with the must-have security and privacy tools:

Internet clean-up: protect your Internet privacy removing traces of your surfing;
System clean-up: eliminate traces of your system activities;
Disk clean-up: securely destroy all the data on your old hard disk;
File shredder: make your deleted data unrecoverable by undelete or unerase utilities;
Pop-up blocker: stop unwanted pop-up ads;
Data destruction methods: wipe out all data without possibility to recover through the use of 8 powerful data destruction methods.

There is a free 15 days trial, 1-year subscription goes for $29.99.

Tolomir


0
 
r-kCommented:
What you are asking is trickier than it seems at first glance. The reason is that there are often multiple copies of a file on disk. For example, say you have a file named private.txt. Chances are that you may have edited that file a few times, and each time you do that the system creates a new version and deletes the old one, but as you discovered, a deleted file only means that it's name is removed from the directory. The contents may still be there on disk.

To securely erase a single file then, you have to also find and delete all older versions of it. This is why it is almost impossible to be sure that you erased all traces of it.

Of course you can be sure if you can erase the entire disk, see e.g.

  http://dban.sourceforge.net/

0
Managing Security Policy in a Changing Environment

The enterprise network environment is evolving rapidly as companies extend their physical data centers to embrace cloud computing and software-defined networking. This new reality means that the challenge of managing the security policy is much more dynamic and complex.

 
softplusCommented:
You might want to look at this collection:
http://www1.umn.edu/oit/security/assureddelete.html

You didn't mention which OS, I assume Windows?

Some problems when securely deleting files (instead of wiping the whole disk or physically destroying it):
- as r-k mentioned, you could have several generations of a file on the disk (bak/temp-files)
- you could have had the contents in memory, saved in the swap-file or in a temp-section of some other application file (word sometimes does that) - this could be any program that requests memory but doesn't zero it before it uses it, and then saves part of it to a file
- you could have had the contents in memory on a crash, where the system creates a dump-file
- the os or a "defragmenting" tool could move the contents of the file to another location on the hd - i.e. parts of it used to be here+there, now the file system pointer is pointing elsewhere, but the old contents haven't been overwritten.
- I've heard that, given enough equipment/money, you can restore data that's been overwritten by these wipe-tools. I don't know if that's still true.

You could help these problems by searching for the contents using a low-level hd-tool and replacing these with random characters. But that's not quite so straightforward .... :)

But all in all, unless you are hiding data from the authorities, just using a simple "secure deletion" tool should be enough for you. If your boss IS hiding data from the authorities, it might be worthwhile to find out how much the data is worth to him  - lol, just kidding. :)

What we do when we have to send in a HD for replacement (our clients are in the medical area) is a) certify that the HD has a problem + specify it and b) physically destroy them before sending them in (we have a very large hammer, also a good stress-relief for the guys). Why take chances? In the meantime our distributers accept + understand this method...

John
0
 
volk125Commented:
Eraser 5.6
http://www.dirfile.com/downloadnow_eraser_freeware.html

Integrates into Windows, allows per file deletion beyond recovery, allows to erase the recycle bin beyond recovery. and so on.
0
 
Reid PalmeiraTelecom EngineerCommented:
There are a few tools you can use. It's harder with individual files because copies may reside at different locations on the physical hard drive at different times.  If you're talking about a whole drive it's an easy matter of taking a shotgun or drill bit to the individual drive platters. or you can do what the DoD specs call for and rewrite the whole physical hard drive multiple times so that even magnetic hard drive recovery tools that can recover from overwrites will be ineffective.  I prefer the shotgun method.

cheers,
reid
0
 
Rich RumbleSecurity SamuraiCommented:
The Gutmann method is still the defacto standard, this is the paper he wrote about his research
http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html
I've found that 35 or more overwrites are needed, BUT our company has been very impressed with the On-Track suite of recovery tools, we actually have an old copy of Tiramisu that still works great! The newer products are much much better still.

Physically damaging a HD is my preferred method of keeping data securely unrecoverable, and even then, the NSA could whip out an electron tunneling microscope and find ALL previous drive data, unless the platters are FUBAR'd.
http://www.ontrack.com/easyrecoveryprofessional/

In our testing, the following programs were more successful at eradicating data beyond recovery:
Steganos Security Suite 6 and 7
(on-track's own wiper still had data recovered btw... weird?)
DiskSanitizer Pro
SPX http://rixstep.com/4/0/spx/
That's it, and we've tested dozens of "secure delete/wipe" utilities.
-rich
0
 
ahoffmannCommented:
> That's it, and we've tested dozens of "secure delete/wipe" utilities.
nice, do you have a compare table?
0
 
Rich RumbleSecurity SamuraiCommented:
We did out "study" about an year ago, and I think we should revisit it, I was not a main participant on it, and I think we definatly should make our results public. I will get together with the rest of the group and see about conducting an updated test.
-rich
0
 
TolomirAdministratorCommented:
@ rich:

Please include: http://www.acronis.com/homecomputing/products/privacyexpert/

It includes:
File shredder: make your deleted data unrecoverable by undelete or unerase utilities;
Data destruction methods: wipe out all data without possibility to recover through the use of 8 powerful data destruction methods.

Unlike its competitors, Acronis Privacy Expert Suite is the only product of its kind to completely wipe out all data without possibility to recover through the use of 8 powerful data destruction methods.

National data destruction standards:

    * U.S.: DoD 5220.22-M (Department of Defense)
    * U.S.: NAVSO P-5239-26 (RLL)
    * U.S.: NAVSO P-5239-26 (MFM)
    * German: VSITR
    * Russian: GOST P50739-95

Two far more powerful pre-defined methods offered by top information security experts:

    * Peter Gutmann's algorithm
    * Bruce Schneier's algorithm

Simple, but fast method to use in less important situations:

    * Fast

A special option to create custom algorithms and save them for future usage.


Tolomir
0
 
Rich RumbleSecurity SamuraiCommented:
We will do an exhaustive suite of these toolst as we did before, I'm afraid the write up was very very informal, and was conducted prior to our incorperation (inc.)- when we turned incorperated, we really started to make professional documentation. I don't have access to the previous report right now. Look's like I have to go out to the store today and buy some HD's ;)
DOD and NSA overwrites are far from "good enough" 7 times is not enough, on-track and even some of the freebie "undelete" utilities still worked. Our study last time was more about which recovery tools worked, more than it was which erasure tools worked as advertized, this time I think we'll do more of both.
-rich
0
 
gavinandrewmcmillanAuthor Commented:
Wow just a bit of curiosity turned into quite an informative thread!! Thank  you all for your ideas, i have recomended that the boss purchases acronis privacy expert.

Richrumble I think everyone here (including me) would be very interested in your findings!!!

Regards
Gavin McMillan
0
 
r-kCommented:
"have recomended that the boss purchases acronis privacy expert"

That is probably a fine program, but do keep in mind that if your boss is paranoid about protecting certain files, a program like this cannot do it, for reasons mentioned above.

AFAIK, there are only a few ways to keep files strictly private:

(1) Use encryption (is built-in with recent versions of Windows).

OR

(2) Destroy the entire disk.

OR

(3) Keep the disk under lock and key (and off the network).

0
 
Rich RumbleSecurity SamuraiCommented:
Yes, I really should of mentioned it earlier also, that encryption is a much better protection than disc wiper's....
Even if they recover the encrypted files, they still have to break them.
-rich
0
 
TolomirAdministratorCommented:
What about the windows efs? Should't that be enough, for normal operations?

Well I you want to keep others away from your files try: http://www.securstar.com/

DriveCrypt Plus Pack
Encrypts the whole operating system

- Full Disk Encryption (Encrypts parts or 100% of your HardDisk including the operating System)
- Pre-Boot authentication (BEFORE the machines boots, a password is requested to decrypt the disk and start your machine)
- Allows secure hiding of an entire operating system inside the free space of another operating system.
- Strong 256bit AES encryption
- USB-Token authentication at pre-boot level

----

@rich, would you please be so kind to give me an url for such of there good working undelete tools, I would like to check if privacy expert does a good job. I'm using windows xp with all drives formatted as ntfs drives. Thank you.

Tolomir

Tolomir
0
 
r-kCommented:
>What about the windows efs? Should't that be enough, for normal operations?

 It should be, provided your password is not trivial and you follow some other simple precautions outlined at several web sites that cover efs.

>I would like to check if privacy expert does a good job.

 I would say that any tool that lets you search the disk by content has some chance of finding data left behind by "privacy expert". The problem is that "privacy expert" can only delete the most recent version of a file - it has no way of knowing how many other copies may exist (see my first comment at the top, as well as other discussion above).
0
 
Rich RumbleSecurity SamuraiCommented:
EFS is the worst, and this is the perfect thread to mention it's number one flaw. EFS creates a temporary file when it does it's encryption, this file is the plain-text version of what EFS is trying to encrypt. The file is deleted, but easily recovered with tools from on-track or even fundelete.exe- the files are called efsX.tmp the "X" is a digit starting at 0 and incrementing with each encryption.
http://www.ntfs.com/issues-encrypted-files.htm
http://www.securiteam.com/windowsntfocus/5ZP052K75A.html
http://cert.uni-stuttgart.de/archive/bugtraq/2001/01/msg00365.html <--- m$'s spin on the files presence

PGP or another 3rd party encryption method should be used. M$ contains flaws like this for a reason, and that reason is the EXPORT regulation laws on cryptography. There are lot's of countries that do not allow the import or sale of encryption software that has over 40-bit's of protection. You can use higher encryption, IF there is a secret-key or backdoor to make a stronger encryption, be no harder to recover than a 40-bit encryption. A temp file that is PT and makred as deleted, is very very recoverable.
http://www.microsoft.com/windows2000/en/server/iis/default.asp?url=/windows2000/en/server/iis/htm/core/iistesc.htm
-rich

0
 
r-kCommented:
>EFS creates a temporary file when it does it's encryption.

Hmm... Did not know about that backdoor, but then again I don't use efs. Thanks for the clarification.
0
 
gavinandrewmcmillanAuthor Commented:
Hi

I would just like to add to Tolomir's post regarding Drive Crypt. I have used this program before and can honestly say it is awesome. One of the power supplies blew up on a computer that was using it. I put the hard drive into another computer to try to decrypt it. It took me 4 hours on a p4 2.6Ghz with 1GB of ram to decrypt the drive. I tried to browse through the disk  before i decrypted it but there was absolutely nothing there. However i did not try any of the undelete tools, would be interesting if someone has the time and resources to try this out!

Just be warned when using it that you dont lose the Emergency Repair disk, could be fatal if you need information on the hard disk.

It also has the option to hide an operating system within an operating system. Which i thought was a very good option, especially if you have a laptop and work with very sensitive data. Avoids giving information away if kidnapped or anything like that.............you never know, it could happen!

the downside of this program is its cost, i got quoted almost $700.00 per computer. So it all depends on how valuable the information on your hard drive is.
0
 
TolomirAdministratorCommented:
Well drivecrypt 4.2 comes for USD 64.94
and the complete  DriveCrypt Plus Pack * 2.0G entice HD encryption costs USD 162.50

1.3 dollars are about 1 Euro. So you still can buy European goods ;-)

Btw. what do you mean by

> I put the hard drive into another computer to try to decrypt it. It took me 4 hours on a p4 2.6Ghz with 1GB of ram to decrypt the drive.

It's a transparent en/decryption. I cannot imagine you actually decrypted it by brute force...

Tolomir


0
 
gavinandrewmcmillanAuthor Commented:
>Btw. what do you mean by

> I put the hard drive into another computer to try to decrypt it. It took me 4 hours on a p4 2.6Ghz with 1GB of ram to decrypt the drive.

>It's a transparent en/decryption. I cannot imagine you actually decrypted it by brute force...

I put the hard drive into another computer and set it as the primary master. you put in the ERD (Emergency Repair Disk) and it lets you enter the passwords to access the hard drive, you then select the apropriate options to decrypt it. You cannot boot from the hard drive in this computer because of the different hardware configurations but you can decrypt the drive (providing you know the passwords). Once it is decrypted you swap it from primary master to primary slave, you can then take ownership of the files and recover them. This is basically the process you have to go through if someones computer breaks and they have drive crypt installed. If they forget the password though i think you have to re format the drive.
0
All Courses

From novice to tech pro — start learning today.