8-Ball said:
Ok, so when I delete something it goes to the recycle bin.
When I delete something from the recycle bin it is gone forever. -THINK
AGAIN-
I deleted somthing from the recycle bin and got it back a few days
later...I
also found a ton so stuff I was told was "deleted" forever by Windows. I
brought it back (using some uber-simple free program) just to see it it
was
really there (not just a file name) I was able to open it and read it as
well
as continue to edit it... This is PROBLEMATIC; some of these files contain
sensitive data such as SSNs', medical info, and other stuff that I had
believed to be "deleted" and wasn't.
Here's the deal, followed by a few suggestions that don't involve using
external tools:
Windows guarantees to protect erased data from being accessed by other
normal Windows processes - i.e. those processes that don't have privilege to
read and write raw data from selected random sectors of your hard drive.
There are two ways to do this - you can either zero-on-open, or
zero-on-close. Zero-on-open means that when a file access requires assigning
a disk cluster to a file that didn't own that cluster before, it will zero
out the data at that time. Zero-on-close means that when a file relinquishes
its assignment of a disk cluster, it is zeroed at that time.
Zero-on-close is time-intensive. You can't delete a file without filling its
contents with zeroes. You can't even guarantee that this will happen,
because someone may turn off the computer half-way through a delete
operation.
Zero-on-open is much less time-intensive, because by the time you actually
need to zero clusters on the disk, the zeroing operation may be unnecessary
anyway, because the application opening the file usually has data to put in
that cluster.
Zero-on-open has the problem that deleted files leave their contents in
place on the disk until such time as those clusters are allocated to a new
purpose.
File shredders generally only 'shred', or write repeatedly over, the
clusters that the file occupies _now_, and as such they give a false
impression of security.
The file whose contents you're trying to destroy will generally have been
copied to a number of different locations:
* temporary folders (open a Word document, it creates a temporary copy, for
instance - most applications will create temporary copies of your files
while working on them)
* pagefile and hibernation files - if your file's contents are loaded into
memory, unless they are marked specifically to only be loaded into physical
memory without going through an intermediate cache, they will at some point
be swapped out to the pagefile. After some time, they will be wiped over by
other memory contents, but this can be a concern; if you hibernate your
computer, the hibernation file contains a copy of all the contents of your
memory, including files.
* slack space - if you ever defragment your drive (and by default, Vista
defragments drives when you're not looking), your files are moved around to
different clusters on disk. The old clusters they used to occupy are not
wiped over.
* backup store - volume shadow copy services retain copies of older versions
of files.
* search index - some contents may be locatable in a search index.
So, to delete files so that no evidence of their contents remains on disk,
here's what you have to do:
1. Delete the file.
2. Delete all temporary files and folders (you have to know your
applications in order to determine where and how these temporary files are
stored)
3. Disable hibernation and either disable or encrypt the pagefile
4. Disable volume shadow copy service
5. Disable any desktop search utilities
6. Wipe the slack space using the command "cipher /w"
Better still is to never have the data on the hard-drive in the first place.
How do you do that?
You encrypt the whole drive - and when you want to lose the data on that
drive, you format and reinstall Windows. Or you can follow steps 1-5, and
then decrypt and re-encrypt the drive. The free space may contain your
protected data, but it's encrypted with a key that you have wiped by virtue
of decrypting and re-encrypting. Sadly there isn't a single-step process to
re-encrypt an encrypted drive with a new key, an operation you might want to
do if you fear exposure of the old volume encryption key, or if you want to
unambiguously wipe old data so that it cannot be recovered.
Alun.
~~~~