Wiping "underneath" the files.

[defr]

wiping "underneath" the files

Hi, i got this idea dunno if it works

I heard that the more times the disk is wiped
the more difficult it is to recover the data by some advanced means,
because each time the empty disk space is wiped a new "layer" of
protection is added on top of deleted sensitive data. So the free
space on disk gets many wipes/"layers" of protection but as the disk
fills up over time the area allready occupied by files no longer
get these "layers" written on it.

If you have new empty disk and you put highly sensitive file
at the beginning of it and then delete it and then install some new
software and the deleted file gets overwritten by some other file
then there is only one layer of data on top of that highly sensitive
deleted data it may be easier to recover by attacker because area
occupied by files cannot be wiped by eraser software anymore.

What if eraser software could move files/clusters to somewhere else,
wipe the place previously occupied by them with random data
and then move the files/clusters back on to their original places
going through all files/clusters of the disk (allmost like defragment
utility). That way it could wipe "underneath" the files and the
beginning of the drive would get same amount of wipe "layers"
as the free space at the end of it, would this work?.

 

[Arno Wagner]

wiping "underneath" the files

Hi, i got this idea dunno if it works

I heard that the more times the disk is wiped
the more difficult it is to recover the data by some advanced means,
because each time the empty disk space is wiped a new "layer" of
protection is added on top of deleted sensitive data. So the free
space on disk gets many wipes/"layers" of protection but as the disk
fills up over time the area allready occupied by files no longer
get these "layers" written on it.

Yes, true. Athough there is a limit on the "resolution" since
older signals pretty fast drop below the basis-noise of
the macgnetic coating. There is no way to recover them when
that has happened. Presently sommercial data recovery companies
claim they cannot even recover from a single overwrite. It is
possible that this already weakens the signal to below the noise
level. After all HDDs try to use the maximal possible data
density.

If you have new empty disk and you put highly sensitive file
at the beginning of it and then delete it and then install some new
software and the deleted file gets overwritten by some other file
then there is only one layer of data on top of that highly sensitive
deleted data it may be easier to recover by attacker because area
occupied by files cannot be wiped by eraser software anymore.

True. That is why your original secure deletion operation
has to complete the job and you should never depend on
any further operations adding to the security level.

What if eraser software could move files/clusters to somewhere else,
wipe the place previously occupied by them with random data
and then move the files/clusters back on to their original places
going through all files/clusters of the disk (allmost like defragment
utility). That way it could wipe "underneath" the files and the
beginning of the drive would get same amount of wipe "layers"
as the free space at the end of it, would this work?.

Yes. But instead try to overwrite the files securely the first time.

If that is not possible (e.g. the file deletion is done insecurely
by a piece of software you have no control over), just do a backup
of the files not to be deleted, overwrite the entire source partition
securely (on sector level, since directories and other admin
structures could otherwise "cover" sectors, just wipeing under
regular files is not enough), recreate the filesystem,
copy your files back and securely delete the backups created
in the intermediate step.

This is about what you say, with some small but important details
added.

Regards,
Arno