When you hit the delete button, where does that file go? Does it just
evaporate and leave a blank space on your drive? If you’ve been around
computers long enough, you know that’s not what happens. But if you’re
mostly an email and Facebook type of computer user, you might not know,
or not even thought about it.
You should think about it though, for a couple reasons. The first reason is so that you know you
might be able to
recover an accidentally deleted file. The second reason is so you know that, if you can recover a file you deleted, so can someone else.
What Happens To A File When It is Deleted
Hard Disk Drives (HDDs)
When
you delete a file it goes to the Recycle Bin. That gives you a chance
to recover it in case you accidentally deleted it and need it back. But
what happens when you delete it from the Recycle Bin? Actually, not much
at all. The file doesn’t move or go anywhere. In fact, when you moved
it to the Recycle Bin, it didn’t physically move there either. All that
happened was an index got updated to say that the file is in the Recycle
Bin, not the Documents folder.
The index is called the
Master
File
Table
(MFT) for Hard Disk Drives. It looks like this. The left-most column
are the block addresses. The middle column shows data in hex code. the
right column shows what that data would like as plain text.
When the file is
‘deleted’ the information stays on the drive, but the MFT is changed to say,
“Hey,
you know that spot where Secret-File.txt was? Yeah, Computer, you can
now put data there if you want. We don’t need it anymore.” Until
the computer puts data in that spot, the Secret-File.txt data remains.
It could be minutes, days, weeks, or months until that data is overwritten.
Kind of like a condemned house sitting on a lot. It’s not usable, but
it’s still there until the bulldozer comes and they build something
else.
Here’s an example. The left column shows red Xs for MFT
locations that have been set to be overwritten, the one with the page
icon is marked to stay. The right column shows the data that is still in
that location, even though you can’t find it with Windows Explorer. See
the problem with ordinary deletes now?
Solid State Drives (SSDs)
It’s
not exactly the same for Solid State Drives. SSDs are always shifting
files around, randomly. So, figuratively speaking, if you deleted a file
from location 2871, the deleted info may, sooner or later, get moved
off to another random location, until at some point in time the SSD
decides to finally overwrite that file. How do you target the old file
for secure deletion on an SSD, then?
Well, you can’t really. A group of engineers at the University of California studied
how difficult it is to erase data from an SSD. Trying to securely erase a single file left behind anywhere from
4 to 75% of the information. And it’s tough on the drive. What you can do is make sure you encrypt your SSD, and make sure that you’ve got an SSD drive with TRIM capability.
This
isn’t a problem for most people, but you might be concerned that people
could still access that deleted information. Maybe you handle sensitive
medical documents, or you’re an international art thief, or just a
little paranoid like me. How do you securely get rid of that data,
immediately and forever?
What is ‘Secure’?
Before we get
into the nuts and bolts of secure data deletion, we need to look at what
secure means. Secure means whatever you think it means. If you’re
happy with the level of security you have, then it’s secure. If the data
you don’t want recovered isn’t life threatening, then the measures you
take to delete it don’t need to be as severe as deleting the security
codes for the last sample of smallpox off the CDC’s servers.
Let’s
take a look at the methods in order of least secure to most secure.
Until we get to entire drive deletion, these methods will only apply to
traditional HDDs.
Least Secure Method
Simply delete the
file in your Windows Explorer and empty the Recycle Bin. Unless you
think someone is going to come along with data recovery software and
look for that file in the next week or so, that will probably be secure
enough. Examples of information like this could be anything from a silly
animated GIF to a letter to your Nan. You really should write to her.
She misses you, you know.
Mildly Secure Method (HDD Only)
As
we talked about, overwriting data is a pretty good way to obscure the
old data. You can do this on a file by file basis with programs that are
commonly referred to as .
Although the interfaces for these utilities can differ, the method of
operation is essentially the same – delete the old file, then write
zeroes to the places on the HDD where the file used to be. These tools
are only mildly secure, because you have to make sure you use them when
you need them. If you want to securely delete a file with your Social
Security Number on it, but forget to use the shredder, that info will
still be sitting on your drive for awhile.
Examples
of use for this method is where the person occasionally deals with
sensitive information that pertains only to them. It might be the odd
copy of a tax return, or a bank statement that you want to delete.
That’s where file shredders are most handy.
Moderately Secure Method (HDD Only)
A
more moderately secure method to delete information from your drives is
to use software that allows you to wipe free space on your drives. CCleaner is a favourite for this task. When you choose the
Wipe Free Space
option, it writes zeroes to the blocks where files used to be. The
difference between this and the shredders is that wiping free space
takes care of
ALL deleted files. It’s just that little
bit more thorough. The catch is that this method takes a fair bit of
time and should be scheduled or you’ll forget to do it frequently
enough.
Examples
of good uses for this are for people who frequently delete files that
are quite sensitive. Maybe they are heavy online bankers or do some
online trading. Perhaps they have just backed up their important info to
an encrypted external drive and don’t need it on the computer anymore.
Most Secure Method (HDD & SSD)
The
most secure methods are really for deleting the entire contents of a
drive. Yet again, because of the differences between HDDs and SSDs, the
same methods don’t apply to both. Chose the appropriate one for your
drive and situation.
Examples where you’d want to go to this level
include switching to a new computer which will have the info, but
you’re keeping, selling, or disposing of the old computer. Perhaps you
are re-purposing a computer from an information-sensitive use to a more
day-to-day use.
HDD – Formatting
Formatting is a catch-all
term for a few different things. It can mean simply deleting the MFT so
it appears like all the data is gone, but it isn’t. It’s still there
and intact until overwritten. Or, it can mean true formatting, known as low-level formatting,
which overwrites all the data with zeroes. You can’t low-level format
your entire hard drive from within Windows. You’ll need a formatting
utility that you can boot your computer into, like
Darik’s Boot and Nuke.
You
might be tempted to choose one of the hardcore multipass methods, but
that’s probably going to be overkill. Especially if you want it done
quick and don’t want to shorten the life of your hard drive. The
RCMP TSSIT OPS-II or
DoD Short methods are sufficient.
RCMP is the
Royal
Canadian
Mounted
Police and the
DoD is the British
Department
of
Defence. Good enough for them should be good enough for you.
SSD – Manufacturer’s Utility
Most
SSD manufacturers have a utility for managing and securely erasing
their SSDs. Tim Brookes was kind enough to compile a list of links for
the top manufacturers in his article, .
Download:
Intel Solid State Toolbox /
OCZ Toolbox /
Corsair SSD Toolbox /
Samsung Magician /
SanDisk SSD Toolkit
Paranoid Method (HDD and SSD)
The National Institute of Science and Technology has a
policy to deal with the destruction of extremely sensitive data.
It’s even more aggressive than what the RCMP or DoD use, so it will
destroy your data to the point where not even Sherlock Holmes riding on
Hercule Poirot’s back with Frank Columbo leading them around would get
anything out of it.
That’s
not hyperbole, that’s NIST’s actual standard. Oh, and to meet the grade
you have to find a NIST licensed incinerator to do the job. That job in
the picture above wouldn’t be good enough.
What Will You Do?
You’ve
got the knowledge and some resources now. It’s up to you what you will
do with them. However, if you’re not already using several techniques to
keep your information safe from prying eyes, secure deletion shouldn’t
be your first concern. If someone already has your info, it doesn’t
matter how you delete your copy.
What method do you use to delete
files securely? Are you happy with it? Ever not been able to delete a
file? Let’s talk about it.
Source:
makeuseof
In the screenshot above, you can see that my actual logon name (user account name) is st, but the logon screen of Windows 8.1 shows the display name, which is 'Sergey Tkachenko'.
Press Enter. Now you can close Computer Management.
Here
you’ll be signing up for the Windows Insider Program, which allows you
to download and test out the software. You’ll need a Microsoft account –
Hotmail, Outlook, etc – to login and you’ll need to agree to some terms
and conditions along the way.
Instead, head to the bottom of the upgrade page where it says “Looking
for ISO files?”. Click on "Get the ISO files" and download the version
that’s right for your machine. There are options for US and UK English,
Chinese, and Portuguese as well as 32-bit or 64-bit versions. They're around 3-4GB so be prepared for a little bit of a wait.
If
you don’t have a copy of Windows already on the machine you’ll need to
boot from the disc or USB drive by changing the boot options in your
motherboard’s BIOS.
