Join Us!

delete file in safe...
 
Notifications
Clear all

delete file in safe way ?  

Page 1 / 2
  RSS
qassam22222
(@qassam22222)
Active Member

hello all … and good evening
i want to delete some files and flders from my PC how i can do that ?? without leaving any chance to anyone to recover them ?

Quote
Posted : 12/03/2017 9:58 pm
Thomas
(@thomas)
Junior Member

You can do that with "File Shredder". http//www.fileshredder.org/
File Shredder is released under GNU/GPL General Public License. It is free for both personal and commercial use. With File Shredder you can remove files from your hard drive without fear they could be recovered. In File Shredder you can choose between 5 different shredding algorithms, each one gradually stronger than the previous one. Default is DoD 5220-22.M (3 passes), but Gutman algorithm is also available (35 passes). However, this will take some more time -)

The DoD 5220.22-M data sanitization method is usually implemented in the following way

Pass 1 Writes a zero and verifies the write
Pass 2 Writes a one and verifies the write
Pass 3 Writes a random character and verifies the write

ReplyQuote
Posted : 12/03/2017 11:03 pm
MDCR
 MDCR
(@mdcr)
Active Member

Overwriting once is generally enough to wipe out information, earlier wiping recommendations to overwrite N-times refers to older drives that were built differently.

There is now built in wipe capabilities that can be activated fast through special software
http//www.pcworld.com/article/261702/how_to_securely_erase_your_hard_drive.html

While a write-in-place works on mechanical drives, on an SSD there is no guarantee that it will wipe data because of wear-levelling. Instead, simply filling the drive with data to the last block will make it impossible to recover data from it.

Physical destruction is much fastest - and more fun
https://www.youtube.com/watch?v=yd_O7-rqcHc

ReplyQuote
Posted : 13/03/2017 3:44 am
JimC
 JimC
(@jimc)
Member

Short of total physical destruction you probably can't be assured of data deletion. There are lots of ways data could persist beyond simply being overwritten and this is what keeps digital forensics in business. Examples could include

a. Orphaned file fragments from previous operations on a file

b. Fragments in volume shadow copies (Windows)

c. Fragments in bad sectors or mapped out sectors

For these reasons I would be very cautious about any software that claims to selectively erase files in a live file system. For most practical purposes a complete reformat of a non-SSD drive will make meaningful data recovery pretty unlikely. Similarly most recent ATA/SATA drives support a command to perform a "secure" erase. This is similar to a format but performed by the drive firmware itself.

Jim
www.binarymarkup.com

ReplyQuote
Posted : 13/03/2017 3:22 pm
athulin
(@athulin)
Community Legend

Default is DoD 5220-22.M (3 passes),

It should perhaps be noted that the current version of this document (http//www.dss.mil/documents/odaa/nispom2006-5220.pdf) does not contain any such statement. It does say that sanitizion must be done, but leaves it to a 'Cognizant Security Authority' to issue the instructions for how to perform it.

It seems that earlier versions quoted related contents, but as it has been removed, citing this particular document is not useful anymore.

Starman (Daniel Sedory) has already made that point in 2008 http//thestarman.pcministry.com/asm/5220/

And he also cites what appears to be the current source for that earlier NISPOM recommendation of three passes. Today it only accepts degaussing and physical destruction. Overwriting is presumably no longer considered secure for the Defense Security Service.

ReplyQuote
Posted : 13/03/2017 8:23 pm
qassam22222
(@qassam22222)
Active Member

thank u very much all that help me D

ReplyQuote
Posted : 19/03/2017 10:30 pm
Jack_Roger81
(@jack_roger81)
New Member

Dear Senior Member,

Apologize for delay!

Thanks for the question and happy that you are really concerned to your confidential data. D

Absolutely agree with the views of other members, deleting files with the data overwritten method is considered most secure and effective. I called it Eco-friendly way of file deletion.

By this way, you can free up your disk space which can be reused in future.

Few of the reputed software which you may try are-
1) DBAN
2) BitRaser
3) Eraser

Hope you remove your files safely…

ReplyQuote
Posted : 22/03/2017 10:07 am
mscotgrove
(@mscotgrove)
Senior Member

I don't think that anyone has mentioned Defrag programs. These could have moved your critical file to a new location, and the old file may be left in unallocated space.

To overcome this type of issue, I occasionally just write a file (typically fairly blank data) to fill the whole drive. This should catch most of the unallocated data. I then just delete this big file.

Don't forget that very small files, maybe a few 100 bytes long, can be stored in the $MFT

ReplyQuote
Posted : 22/03/2017 2:42 pm
benfindlay
(@benfindlay)
Active Member

hello all … and good evening
i want to delete some files and flders from my PC how i can do that ?? without leaving any chance to anyone to recover them ?

The answer is "it depends".

Some further thoughts over and above the previous comments already given (defrag consideration etc. is an excellent point), you would also need to possibly factor in the file/operating system in use.

Is the file system NTFS, and is the OS Vista or newer? If so, then consideration needs to be given to whether Volume Shadow Service is running - you could delete and wipe the sectors in which the file/folder is sitting, but VSS would kick in and potentially backup the deleted data anyway. Until such time as the data in that shadow copy is itself overwritten (FIFO system if I recall correctly), the. The file is still recoverable.

Likewise, if the system is Mac OS X with Time Machine enabled, then consideration needs to be given to any historic backup copies which might exist.

These are just 2 examples of potentially unanticipated features which might cause the data to be recoverable, even if you had wiped the sectors storing the logical file. There are more!

Ben

ReplyQuote
Posted : 22/03/2017 11:57 pm
jaclaz
(@jaclaz)
Community Legend

Don't forget that very small files, maybe a few 100 bytes long, can be stored in the $MFT

For the "standard" 512 bytes/sector (and conversely 1024 bytes/entry) the limit is around 720-736 bytes
http//www.forensicfocus.com/Forums/viewtopic/t=10403/

An interesting question (that noone seems like interested to test/fiddle with) is what happens on 4096 bytes/sector media (and conversely with the much larger $MFT record size)?
http//www.hexacorn.com/blog/2012/05/04/sector-size-and-mft-file-record-size/
Logically the size of the "embedded" file should expand to around 4096-(1024-736)=3808 bytes.

jaclaz

ReplyQuote
Posted : 23/03/2017 11:46 pm
benfindlay
(@benfindlay)
Active Member

An interesting question (that noone seems like interested to test/fiddle with) is what happens on 4096 bytes/sector media (and conversely with the much larger $MFT record size)?
http//www.hexacorn.com/blog/2012/05/04/sector-size-and-mft-file-record-size/
Logically the size of the "embedded" file should expand to around 4096-(1024-736)=3808 bytes.

jaclaz

That's an interesting point and a good spot - thanks for sharing.

I can't say I've ever personally encountered this in the wild. I'd be interested to hear from practitioners as to what they are seeing at the 'coal face'.

I've taken a quick look over the at sample posted in the link you provided and the following observations jumped straight out at me

The record header size is 72 bytes (previously 56 was the expected size).

The footer is different to previous versions of the MFT.

The Update Sequence Array occurs ever 512 bytes, possibly indicating backwards compatibility with discs with 512 byte sectors.

The information present at offset 168 onwards appears to be slack, based on FF FF FF FF 00 00 00 00 at offset 160 and confirmed by the 68 01 value at offset 18.

Anyone else care to wade in?

Ben

ReplyQuote
Posted : 24/03/2017 1:25 am
jaclaz
(@jaclaz)
Community Legend

I've taken a quick look over the at sample posted in the link you provided and the following observations jumped straight out at me

Good.
I happened to remember that the VSS Microsoft Virtual Disk Driver allows to create virtual disks of a given sector size, so I quickly made one and tested the effect on a file "size.dat" enlarged by fsz.exe.
The limit is 3776 bytes, 3777 gets the "dignity" of occupying a cluster

fsz size.dat 3775
OKMyFragmenter v1.2, 2008 J.C. Kessels
0 clusters, 1 fragments.
Finished, 1 files processed.
Next...
Premere un tasto per continuare . . .
fsz size.dat 3776
OKMyFragmenter v1.2, 2008 J.C. Kessels
0 clusters, 1 fragments.
Finished, 1 files processed.
Next...
Premere un tasto per continuare . . .
fsz size.dat 3777
OKMyFragmenter v1.2, 2008 J.C. Kessels
Extent 1 Lcn=5005, Vcn=0, NextVcn=1
1 clusters, 1 fragments.
Finished, 1 files processed.
Next...
As seen in the mentioned thread this size may vary of a few bytes depending on the actual method that is used to write the file and on the length of the filename, for file size0123.dat the limit is 3768.

jaclaz

ReplyQuote
Posted : 25/03/2017 7:13 pm
mscotgrove
(@mscotgrove)
Senior Member

In my (fairly quiet) data recovery world I have seen a single 0x1000 MFT disk. I cannot remember if the disk was physically 0x1000 or physical 0x200

However I note that my Microsoft Storage Space has 0x1000 byte blocks, even though the physical drives are 'standard' 0x200 bytes.

ReplyQuote
Posted : 25/03/2017 10:21 pm
jaclaz
(@jaclaz)
Community Legend

In my (fairly quiet) data recovery world I have seen a single 0x1000 MFT disk. I cannot remember if the disk was physically 0x1000 or physical 0x200

It was almost certainly 4096 bytes/sector physical.

"Traditional" or "512n" or "512 native" disks are 512 bytes physical AND expose a 512 bytes sector size.
"Advanced Format" or "512e" disks are 4096 bytes physical BUT expose a 512 bytes sector size.
"Large sectored" or "4k native" disks are 4096 bytes physical AND expose a 4096 bytes sector size.

There is not AFAIK any device that is 512 bytes physical but exposes 4096 bytes.

An interesting (strange) case JFYI is what happened here
http//www.msfn.org/board/topic/173642-mkprilog-batch-to-access-a-same-disk-under-two-different-interfaces/
http//www.msfn.org/board/topic/173265-formatting-an-external-drive-using-different-interfaces/
where an AF disk changed exposed size when in an external case it was connected to either USB or eSATA connector.

jaclaz

ReplyQuote
Posted : 26/03/2017 2:38 pm
RolfGutmann
(@rolfgutmann)
Community Legend

qassam22222's topic sounds criminal in itself and should be banned from this forum. I no more trust qassam22222.

You can start a new tirade of hate against me, but this is my opinion, you either like it or not. I don't care.

ReplyQuote
Posted : 27/03/2017 2:18 am
Page 1 / 2
Share: