[ale] really really deleting files....

Keith R. Watson keith.watson at gtri.gatech.edu
Tue Jun 24 12:28:43 EDT 2003 

At 03:28 PM 6/18/2003 -0400, you wrote:
>Also do a search for "Peter Gutman" (SP?) He wrote a paper
>on permanently delting files. I think he wrote a few tools
>to do this.
>
>Dow Hurst wrote:
>>Check out the wipe package.
>>Dow
>>
>>John Wells wrote:
>>
>>>Any utilities out there that can do a low level delete of particular
>>>directory's contents?
>>>
>>>thanks guys.
>>>
>>>John

John,

It all depends on what you mean by erase. Most people mean that the typical 
undelete tool won't be able to recover the file. There are a number of 
tools that meet this requirement such as wipe (which Dow already mentioned).

http://abaababa.ouvaton.org/wipe/


However if you mean no one, not even a three letter government agency can 
recover the data, then it is not possible to erase data so that it is 
totally safe from recovery. (I'm sure that will start a flame war) The real 
issue is how do you define the terms erase and recoverable:

Erase - 1. The media is destroyed in such a manner that magnetic domains no
            longer exist that can store data.

         2. The media is bulk erased in a manner that all magnetic domains in
            usable and unusable areas are randomized. (this would generally
            require disassembly of a hard drive and degaussing with a *very*
            strong field). In the case of a hard drive the media would not
            be reusable unless timing marks were re-written at the factory.

         3. The data is overwritten or obfuscated in usable areas of the media
            but the it is still usable for data storage. Unusable areas may
            still contain data.

Recoverable - 1. Your data can't be reassembled and viewed by an un-authorized
                  party regardless of the level of effort required (The NSA
                  couldn't do it with unlimited funds)

               2. The level of effort required is more difficult than the vague
                  notions of recoverability most people have in mind.


If you use definition #3 of erase and #2 of recoverable then data is 
recoverable.

As evidence for my point, I offer the following papers on data recovery and 
security from:

Peter Gutmann
Department of Computer Science
University of Auckland
http://www.cs.auckland.ac.nz/~pgut001/


A paper on the Secure Deletion of Data from Magnetic and Solid-State Memory,

http://www.cs.auckland.ac.nz/~pgut001/pubs/secure_del.html

which exposes a number of myths about the deletion of data, shows how data 
can be recovered long after it should have been erased, and indicates a 
method of erasure that should make it a considerable challenge to recover 
any deleted data. This paper was presented at the 1996 Usenix Security 
Symposium, but you had to attend the conference to see the cool colour 
slides of supposedly overwritten disk data which wasn't really overwritten 
(they were too big to fit in the paper itself).


The follow up to this paper, published in August 2001, which looks at Data 
Remanence in Semiconductor Devices,

http://www.cryptoapps.com/~peter/usenix01.pdf

specifically remanence issues in static and dynamic RAM, CMOS circuitry, 
and EEPROMs and flash memory. This paper was presented at the 2001 Usenix 
Security Symposium, the slides for the talk

http://www.cryptoapps.com/~peter/usenix01_slides.pdf

provide a quick overview of the issues, although for real understanding you 
should read the full paper.


You hear the term DOD wipe used quite a bit. The following papers will 
explain just what the DOD means by that:

A Guide to Understanding Data Remanence in Automated Information Systems
http://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-025.2.html
or
http://www.fas.org/irp/nsa/rainbow/tg025-2.htm


A Guide To Understanding Object Reuse In Trusted Systems
http://www.radium.ncsc.mil/tpep/library/rainbow/NCSC-TG-018.html
or
http://www.fas.org/irp/nsa/rainbow/tg018.htm


The only way to erase data securely using definition #1 of erase and #1 of 
recoverable is to sand blast or grind the oxide off the disk platters, or 
melt the disk platters. This is generally considered excessive by most 
people because they're using definition # 3 of erase and #2 of recoverable.

The bottom line is that one should select their methods based on knowledge 
rather than vague ideas. If the vendors lips are moving, they're lying so 
pick a wipe program carefully (Note sections 5.1.1 and 6.3 of "A Guide to 
Understanding Data Remanence in Automated Information Systems").

I'm not aware of any published tests comparing the quality of wipe programs 
(in light of section 6.3 of "A Guide to Understanding Data Remanence in 
Automated Information Systems"). If you know of one, please let me know.

keith

-------------

Keith R. Watson                        GTRI/ITD
Systems Support Specialist III         Georgia Tech Research Institute
keith.watson at gtri.gatech.edu           Atlanta, GA  30332-0816
404-894-0836

_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale

More information about the Ale mailing list