@@ Deleting Files !!
 

Question on deleting files:

My understanding that in Unix (MAC OS X 10.3.x) that when you delete a file,
its gone ? something about the filing system, writes over the data?

--
Okay, to add to the statement above, if there was some way,
can it be use to recover from Apple's secure delete.?

TKS -

:confused:

If you delete a file in Terminal with the Unix tool rm, the file will not be moved to Trash. It will however not be overwritten, its entry will just be removed from the directory listing. So I suppose there are tools that could recover deleted data as long as the freed space was not overwritten by a new file.

I don't know about Apple's secure delete but normally such tools overwrite the data in a file with random data and there should be - for it to be secure - no easily feasable way to recover a file thus deleted.

There are also secure delete tools for Unix such as srm (which is part of Mac OS X) and shred (which is available via fink).

chris

Initially all that happens is the file system 'forgets' where the file is, but over time the file to be overwritten with new data from other files. If important you can recover this data with a data recovery service (but only assuming the data has not yet been overwritten, and you have lots of money) If you want to proceed with this approach, it is vital that you do not use the hard drive with the erased file at all.

Secure delete means that in addition to forgetting where the file is, the file is overwritten - not once, but at least 3 times (I'm not sure how many times) It is effectively unrecoverable, although the security services are said to have the means to still recover the data.

Whom or what, would be interested, to see what kind of application,
can get back shredded data.

Thanks -
:D

Note that 'srm' is what is used by Finder's "Secure Empty Trash".

That kind of information is often classified (as "secret" and only for use by the NSA etc).

Okay: now I am concerned.... you mean if we deleted something (secure delete)
that some one can get back the data?

That would mean all those application out there, that say, shred data,
and wipe the free space are FAKE ? not real? or don't work 100%

I figured, since I secure deleted "oops" my file, its gone.. forever,
I would like to get it back... however ! since we start up this issue, about
if a file is deleted or not: got me concern. when I delete a client's file,
I want it gone forever. (credit card info, bank statements, personal data)
So, what is the final word on this ?

TKS - :eek:

if a client of yours was interested in having their data 100% removed I'd format the drive and then "write zeros" as well. Even then, some data recovery services can still recover small pieces of data. Data recovery services start around $1000k, and most people aren't capable of clean-room operations at home. With that said, if you secure delete a file it's more than safe from the advanced computer user.

if said file is sought after by a government agency...drill holes into the drive's plates and then run a huge magnet over the remains and then set fire to the whole pile.

Well said... Burn baby Burn....
:D

I know they're expensive, but a million dollars?

Fun, and you'll feel satisfied, but all that is needed is to raise the temperature of the platter's surface to the curie point for cobalt, about 1000 deg. C. Driving a nail through the platter is faster than a drill and will distort it enough that there's no way a head will track that disk again. Ceramic platters will explode nicely after a nail hit, solving all issues.

Die drive! Die!
 

Go purchase some liquid Nitrogen from your local University, soak the drive for an hour, then drop it on a concrete surface from about 20 feet. :D

There's a local company that specializes in recovering fire-damaged drives. Very successful at it. And they're not the NSA. Their "clean room" is some aquariums with gloves permanently attached and sealed on the open side.

We were goofing around one day, and I took an open drive, scratched on it with my keys, touched it all over, dropped it on tile, etc. They went on to recover an amazing amount of data from it.

I have never had to use a data recovery company but i know of two of them:

ontrack and drivesavers.

You may also want to do a thorough defragmentation of your disk first.

What they do
 

when overwriting data the heads are usually slightly positioned differently on each pass, due to slight positioning and temperature effects. So the edges of the data track can be read. Obviously, reading the outer 1-10% of a track takes special equipment. Additionally, one can coat the media with a film that renders visible the magnetic fields. Then, with a microscope, the technician visually reads off the bits. Both of these techniques are non-standard read procedures. For the regular user, no risk of having files read. If you want full security, open the drive and scrape or abrade off the magnetic media. You could also gring the disk to powder. But as the post above explained, recovery from a secure erase is very expensive.

Steve

We need to port Eraser for Mac.

http://sourceforge.net/projects/eraser/

It's seems to only be on Windows right now (God only knows why), but it writes over all data something like 32 times with different hash algorithms on each pass.

I'm pretty sure if you find a way to get something back after that some university would give you a doctorate on sheer principle.

When you write over data, there is a weak image of it "behind" the new data. Write over it enough times though, and it becomes impossible to tell which is the original data.

Since secure delete takes a noticeable amount of time to erase even a small file, it seems likely that it does several passes. I doubt that a data recovery service would have much success, especially if it's been overwritten again with real data.

If the original poster is that concerned about data being recovered from someone at NSA from a secure erase it would make a lot more sense to keep the data encrypted in the first place.

There's nothing that will guarantee data is 100% gone if someone is willing to spend the time and money on recovering it. The NSA, FBI (and indeed, your local university), etc have the ability to measure the residual effects that data storage has on the individual molecules of a hard drive. But I doubt your data is really interesting enough for anyone to spend years and a few million dollars recovering it.

Following the DoD standards ensures that any conventional data recovery techniques will be useless, and even very aggressive recovery will be a slow and painful process. one thing to note is that the DoD standards explicitly require that the file name itself is randomized before deletion, so that it will much more difficult to even know which hard drive sectors to examine.

I should really proofread my posts...the $1million dollar statement I made was meant to be ONE THOUSAND. I think the average cost of the drives I sent out for recovery was $1500.00

Now if molecules and PHDs are involved, perhaps it will approach my first typo of $1 million.

Isn't that exactly what srm does? If you read the manual page for srm you'll see that by default it uses a 35 pass Gutmann algorithm for securely deleting the file.

One less thing requiring porting (unless you really want a GUI version)!

Cheers,
Paul

You already have a GUI version since 'srm' is what is used behind the scenes by Finder's "Secure Empty Trash" (as I pointed out above).

If you wanted to secureley delete files and have a working drive afterwards - would running a large magnet over the drive for an extended period of time destroy it? Would the read heads accross the closest drive platters lose their magnetism? Or is it electromagnetically induced?

I heard that NASA shoots 9-Millimetres into its drive platters once the drive is finished with...

Wiping a drive with an electromagnet will also erase the embedded sectoring, leaving you with an expensive paperweight. Sectoring an IDE drive can only be done at the factory.

As NASA is a public agency, not a secret one, I have a problem with the 9mm story, although that would be effective. NSA might use them for target practice, but other destruction methods are just as effective.

Running a DoD-spec application would be far more reliable than a magnet.

I worked at NASA for 5+ years and never heard of anything being shot (officially, of course :P). As far as I know, standard desktop drives are recycled per government requirements (software sanitize, then either used in other govt systems or sold). Drives containing sensitive data would be erased and then destroyed (I believe the platters are actually ground up).

All the "shoot it, drive a nail through it" stuff might be fun to look at, but it wouldn't do anything to the 98% of the disk surface that isn't physically destroyed. It would make it extremely difficult to read casually, since you couldn't just mount the platters on a new drive and read them, but data recovery centers deal with out-of-shape and physically damaged platters on a regular basis.

Yah, its probably just hearsay... but I saw a photo of a drive with a bullet hole in it with that idea in an Australian PC World Magazine...

Eraser also has the ability to do things such nuke disks - remove everything from a disk so you can safetly give it to someone else or sell it on EBay. Also you can set up scheduled jobs to write over everything on a drive that isn't currently in the filesystem (say, once a week), to clean up temp file images and "possibly?" paging space. The hardest part of that, of course, would be getting it to play nice with all the different filesystems OS X supports.