Solved

Shred (Secure Delete) a file in NTFS

Posted on 2011-03-07
9
868 Views
Last Modified: 2012-05-11
I need a secure way to delete a file.
I've gone through the standard procedure of overwriting 6 times with 0 and 255 bytes and then with random data, but when I scan the disk, I see a copy of the information is there.
I've used:

  public static void secureDelete(File file, byte[] b) throws IOException {
    if (file.exists()) {
      long length = file.length();
      SecureRandom random = new SecureRandom();
      RandomAccessFile raf = new RandomAccessFile(file, "rws");
      raf.seek(0);
      raf.getFilePointer();
      byte[] data = new byte[50];
      int pos = 0;
      while (pos < length) {
        random.nextBytes(data);
        raf.write(data);
        pos += data.length;
      }
      raf.close();
      file.delete();
    }
  }

using as 'b' zeros, 255 and random numbers.
It works for FAT but not for NTFS
0
Comment
Question by:RNMisrahi
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
  • 2
9 Comments
 
LVL 92

Accepted Solution

by:
objects earned 300 total points
ID: 35061433
0
 
LVL 11

Assisted Solution

by:lenordiste
lenordiste earned 200 total points
ID: 35061561
Your code is rewriting random data inside a file making the assumption that the OS will actually write the data in place where the file is located. It probably works for some "old" file systems like FAT32 but it sure won't work for NTFS. I don't think this can be achieved without wiping the whole drive.
0
 

Author Comment

by:RNMisrahi
ID: 35061604
If it is true that on an NTFS Secure Delete is impossible (and you guys may be right), how come there are some applications that do that? I mean, they don't wipe all the empty space. So how do they do that? Or is it that there is no guarantee that they do work?
0
Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

 
LVL 92

Expert Comment

by:objects
ID: 35061684
> I mean, they don't wipe all the empty space.

do you know that for a fact?
Native applications can operate at a much lower level than Java can
0
 

Author Comment

by:RNMisrahi
ID: 35061736
I'm ready to accept the fact that it is impossible to guarantee secure deleting on an NTFS, but I cannot imagine these utilities wiping all the empty space on a 1 TB disk in a few seconds. I have a 360GB disk, over half of it is free and when they delete (as far as I can see so far), the info is not there anymore. When I use an app such as HxD to scan the surface for a specific string, it is not there anymore. The HxD app takes hours to scan the whole disk.

But if Java cannot do this, can this be done with C# or Delphi?

0
 
LVL 11

Expert Comment

by:lenordiste
ID: 35061759
there's either no guarantee that they do work or they are written using a low level language
0
 

Author Closing Comment

by:RNMisrahi
ID: 35061842
Good to know what can and cannot be done.
0
 
LVL 11

Expert Comment

by:lenordiste
ID: 35061845
look at the comment from theUnhandledException (one of the last comments) since it's spot on about your problem:
http://stackoverflow.com/questions/4147775/securely-deleting-a-file-in-c-net

as he advises, the solution may be to reconsider the problem and encrypt the files you are writing to disk with a dynamic encryption key.
0
 
LVL 11

Expert Comment

by:lenordiste
ID: 35061856
I've never workd with Delphi, but I know for sure this cannot be achieved in Java or C#.
0

Featured Post

MS Dynamics Made Instantly Simpler

Make Your Microsoft Dynamics Investment Count  & Drastically Decrease Training Time by Providing Intuitive Step-By-Step WalkThru Tutorials.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of you may be aware of the recent Google Docs scam emails that have been floating around coming from various people that you know. Here's a guide on identifying How To Identify the Scam Email You will see an email from someone you’ve had co…
This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
Viewers will learn one way to get user input in Java. Introduce the Scanner object: Declare the variable that stores the user input: An example prompting the user for input: Methods you need to invoke in order to properly get  user input:
This tutorial covers a practical example of lazy loading technique and early loading technique in a Singleton Design Pattern.

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question