Back to Usenet News Server Club
A discussion of hard disk security and deleting files, proper use of file wiping tools. How to properly delete files from your hard drive so they are really gone. File wiping of your sensitive files is critical and it must be done properly. If you simply delete files from your system and think they are gone for ever, think again!!
Back to News, Tips and SecurityUpdates Page
| Ok, we are going to spend a few talking about your most vulnerable and damning privacy weakness is. It starts with you, amigo, the most common source of failure in a security system is a human being who gets lazy. "I'll encrypt those files in the morning. I"m tired right now. They'll be ok." "I know that I should run a security wipe on all the free space of my hardrives and the swap file areas and the slack area in sectors. Its just that I' ve got 10gigs and 5 drives, its going to take me an hour and 1/2 to run that, and I want to play a couple more games online tonight. I"ll wipe the disk tomorrow. " "Well, I've just got a lousy memory, I cant remember my own username and password to log onto my computer, it won't hurt if I right them down on this piece of paper and I'll tape them up underneath my dresser. No one will find it there." Do any of those things sound familiar? If you are doing file encryption and security disk wipes regularly then you know what I"m talking about. More security errors happen because of laziness and human forgetfulness or error than because of someone actually hacking in and breaking your security. So, make it habit, encrypt sensitive files immediately, before you run to the store. Run the complete security wipe once a week minimum and don't scrimp on how many levels down you wipe. If you know you've had some sensitive files written to the hard disk or the memory, then you must do a security wipe of your hard disk often. Files you simply delete using the explorer file manager are not erased. Remember that when you use delete under most windows 95 or 98 programs, you are not actually deleting the file. You are only removing the first letter of the file name so that explorer thinks its not around anymore. The entire image of that files is still imprinted in its entirety right there on your hard disk until it is either written over sufficiently to eliminate any tracing of its image or until you use a security wipe tool on it in sufficient quantities of passes to block recovery. Companies have developed techniques originally used for recovering lost or damaged file data for other companies that had computer failures or human errors causing loss of data. They made lots of money salvaging data from other peoples screw ups. That same technology however has been usurped by detectives, spies, corporate traitors , industrial spy's and naturally police and law enforcement agencies world wide us it to recover information from suspects hard drives that the suspect had smugly thought was long gone. No one knows for sure just how many levels deep on a hard drive or other magnetic storage medium that the government is capable of digging now, The technology has been naturally improving over time to combat security measures put in place by criminals or by companies protecting secrets. Some people suggest that the government computer specialists may actually be able to go infinite levels deep9 now and that wiping with conventional program wipes is useless already. If that is the case then there are a lot of hard disks running around that could put people in jail, or in lawsuits regarding copyright infringement amongst many other things. Some companies have purchased what they call hard disk shredders. Machines that literally chew up old hard disks rather than the company throw that disk out or pass it along to some charity or other organization. There company secrets and trade information are too valuable to let those disks get into the wrong hands. Even if a hard disk is broken to you , and unrepairable, the data can still be recovered from it in many cases. they simply remove the disks and examine them directly, in fact they do that anyway, even if the disk is good.
No one knows how far they can go and the people who examine disks for information like to keep us not knowing. In fact some people say that the CIA which has used misinformation so successfully to trick Soviet intelligence agencies and many others may be using misinformation on all of us now. Its not unthinkable that since they publish the specifications for what they call a government secure wipe. That is the standard that they tell employees to meet when wiping their own files in a secure environment may actually be misinformation. They say that 7 wipe over is a secure wipe. That number hasn't changed in several years a period over which other computer technology has improved 300% so why would it be silly to think that they were not at least 100% better than when those specs were written. That would mean that they can go maybe 12 layers deep to recover information while we are all running around out here using 7 deep wipes thinking we are perfectly safe after doing that!!! Scary thoughts if you really need to protect what ever your data is. Here is an excellent although a bit outdated source of information on file recovery techniques and security measures for preventing recovery. The author is right now writing an updated paper on the subject and many of us are anxiously awaiting it to see what he has to say. It is still an excellent reference to read to understand the principles of magnetic storage data recovery and wiping. It will get a little to technical for you at some point unless you are an electrical engineer or a physics specialist with some special experience in magnetic storage devices and their methods. Even the lay person will get a lot out of it as it starts out pretty simple however and its interesting. He suggests at one point using removable discs like IOMEGA Ro do all your writing to and that way if necessary the disk is portable and expendable and destroyable. A hot fire would probably do wonders on an Iomega disk. Also he talks about not letting your computer write information to local memory but this is getting pretty deep. If anyone around here is in enough trouble that someone is already willing to go through the expense of ordering a hard drive recovery on your system, then you are probably already in deep doodoo over something, nope don't' tell me I don't want to know. If you are attracting that kind of attention then you had better hire yourself an attorney and a specialist in encryption and security. :-) CLICK HERE TO GO TO THE PAPER I SPOKE OF TO READ HERE IS A LINK TO DOWNLOAD THE PROGRAM CALLED BCWIPE, IT IS A DECENT QUALITY SHAREWARE FILE AND DISK WIPE UTILITY THAT WILL TO GOVT. STANDARDS SECURITY WIPES AND BEST THING ABOUT IT IS YOU CAN SET IT TO ALSO SCRAP YOUR VIRTUAL MEMORY, ALL FREE SPACE ON EACH DRIVE AND TO ALSO INCLUDE THE SLACK SPACE IN SECTORS. WHEN A FILE IS WRITTEN TO DISK IT MY ONLY BE A FILE THAT IS x amount of bits long and there can only be one file in any sector so if the sector is bigger than the file then the space left over can not be used for anything else. The space left over in a sector after a file is finished writing is called the slack space and if it doesn't get wiped it could be a location where a file written their earlier could be easily recovered if not wiped. Here is a special little program created by an encryption expert who has developed encryption programs like Cryptpix and Puffer. File Maven is a file manager that can be used in place of explorer but more importantly it has a built in file wipe tool that makes it great to use when you are doing disk clean up chores and want to be able to do file manager like operations but also want to be able to grab a bunch of files and be able to security wipe them right on the spot so you don't miss or forget any later on. The main thing to learn from this article is that the number one security leak to watch out for is yourself, don't get careless with your important files. Do them first, encrypt them, wipe them, and store them off your computer if possible. Also don't' get lazy about doing complete hard drive free space wipes , you never know what has been written to the disk somewhere in a temp file or a download. You will forget where some are if you don't organize yourself to do it now!! Back to Usenet News Server Club COPYRIGHT 1999,
NOW YOU CAN REALLY DO SOMETHING TO INCREASE THE SPEED OF YOUR INTERNET |