how to prevent retrieval of deleted files
in [Windows XP]
|
From: Christine on 9 Mar 2010 04:54 I deleted some confidential files from D drives (harddisk paritioned into C & D drives) then I go to Recycle Bin to empty all. then I go do Disk Cleanup. Can the deleted files be un-deleted/retrieved? If not, how to fool-proof? Thanks
From: Paul on 9 Mar 2010 05:40 Christine wrote: > I deleted some confidential files from D drives (harddisk paritioned into C > & D drives) > > then I go to Recycle Bin to empty all. > > then I go do Disk Cleanup. > > Can the deleted files be un-deleted/retrieved? > > If not, how to fool-proof? > > Thanks This is one tool to use. It is free. http://eraser.heidi.ie/ Allow the following file to download. Add a file extension to the end of the filename, of type PDF, to read the SANS report. The file name should be "secure_file_deletion_fact_or_fiction_631.pdf" in your download folder. This document will address some of the details about secure erasure. http://www.sans.org/reading_room/whitepapers/incident/secure_file_deletion_fact_or_fiction_631?show=631.php&cat=incident What you've done so far, can be undeleted. The files are marked for deletion, but don't actually get deleted until the space is reused. Then the sectors would be overwritten. This is why other mechanisms or tools are required for more secure deletion. Information leakage is actually a pretty complicated subject, and requires a bit of study to avoid embarrassing accidents. Even encryption is not without its own pitfalls. When using something like EFS, if you aren't careful, you can still leave confidential information on a computer. And that means, as a mere user, you actually have to do a *lot* of research, to not leave your footprints all over the hard drive. My conclusion, after looking at the topic casually for a while, is you might as well rely on physically locking up a hard drive or USB flash, that has been used for confidential file usage, as it may be very difficult to ensure there isn't something incriminating on there. It all depends on what you feel the odds are, of someone attacking the disk with forensic tools. Temporary files can be left all over the place. Like, take Microsoft Word storing temporary copies of the thing you're editing, every five minutes. It isn't only the final file you've saved to the disk which is a concern. It is all the (multiple) copies created, stored and "deleted" temporarily you have to worry about as well. Those could be undeleted and recovered. Those sectors on the disk, still have the copy of the file, until a later write operation overwrites them. It means any tool with automated backup copy storage (which protects you against a computer crash), is also "leaking" your confidential file all over the disk. The best way I can think of, to avoid some of this, is to boot a Linux LiveCD with a copy of OpenOffice on it. A Linux LiveCD doesn't use a hard drive. Temporary files are stored in system memory. You only have to worry about the details of storing the resulting edited files, back on your storage device (portable hard drive or USB stick). When you turn off the computer power at the end of the day (via the switch on the back of the computer), the RAM contents will be lost. So any temporary files will be erased that way. But the portable hard drive or USB stick, is still a fertile ground for data recovery. And locking it up, or smashing it, are the only ways I can see of guaranteeing there isn't *something* on there. Formatting or erasure, may not clear the spare sectors. There is a kind of hard drive, that has full volume encryption implemented in hardware. If you lose the "key", the entire disk is so much random garbage. That would at least take care of some level of exposure. Even the spare sectors, if they happened to get used at some point, would be in encrypted form. Naturally, as with many encryption schemes, there is always a danger of you losing the key, and losing all the confidential files. More info here. http://en.wikipedia.org/wiki/FDE It's a fun topic. Paul
From: duke on 9 Mar 2010 05:42 On Mar 9, 2:54 am, "Christine" <cent...(a)singnet.com.sg> wrote: > I deleted some confidential files from D drives (harddisk paritioned into C > & D drives) > > then I go to Recycle Bin to empty all. > > then I go do Disk Cleanup. > > Can the deleted files be un-deleted/retrieved? > > If not, how to fool-proof? > > Thanks When you delete a file, followed by emptying the recycle bin, the actual file is not removed from the disk rather is tagged as deleted and the area is made available for reuse to the O/S. The problem is that the file will remain intact until eventually parts or all of it is overlayed with another file by the O/S. There are software tools available to identify these tagged files and restore them back. Similarly, there are tools available that will render the file useless by changing the entire contents of the files, before deleting them, even if someone does manage to restore the file. Googling >> strong delete files <<<< yielded several links such as the one below which included several shareware and freeware programs that will probably do the job you require. http://www.freedownloadmanager.org/downloads/wiping_software/ Duke
From: Doug on 9 Mar 2010 08:06 I use http://www.handybits.com/shredder.htm Christine wrote: >> I deleted some confidential files from D drives (harddisk paritioned >> into C & D drives) >> >> then I go to Recycle Bin to empty all. >> >> then I go do Disk Cleanup. >> >> Can the deleted files be un-deleted/retrieved? >> >> If not, how to fool-proof? >> >> Thanks
From: Centrol on 9 Mar 2010 08:35
I see. How about emails deleted from MS Office Outlook. Can I ensure the deleted emails are gone permanently? Plse advise. "Christine" <centrol(a)singnet.com.sg> wrote in message news:hn51dr$qqh$1(a)mawar.singnet.com.sg... >I deleted some confidential files from D drives (harddisk paritioned into C >& D drives) > > then I go to Recycle Bin to empty all. > > then I go do Disk Cleanup. > > Can the deleted files be un-deleted/retrieved? > > If not, how to fool-proof? > > Thanks > |