File Wipe Article Index for
File 		Website Links For
File 		 

Information About

File Wipe
APPAREL
BABY
BEAUTY
BOOKS
CAR TOYS
CELL PHONES
DVD'S
ELECTRONICS
GOURMET FOOD
GROCERIES
HEALTH & PERSONAL
HOME & GARDEN
JEWELRY
MUSIC
MUSIC INSTRUMENTS
OFFICE PRODUCTS
SOFTWARE
SPORTING GOODS
TOOLS & HARDWARE
TOYS
VIDEO GAMES
SHOPPING HOME
MORE SHOPPING...



File wiping is the process of overwriting a file, sometimes multiple times, to ensure its total deletion. Wiping a file is akin to shredding a document using a paper shredder.


REASONS FOR USE


This tool is useful for confidentiality, because files are not entirely deleted using the Operating System 's default delete function. Instead of removing the entire file, the operating system writes data to the beginning of the file so that the File System treats it as free space. As space is occupied, this data is overwritten. However, it is possible to use recovery tools to recover the file if the hard disk has not been used excessively, by telling the file system to treat the deleted sector as a file again.

However, wiping a file takes a considerably longer amount of time than just deleting it. Very large files, typically over 100MB, can take a prohibitively long amount of time to remove.


HOW IT WORKS


File Wipe programs work not only by unlinking a file but also specifically overwriting them with garbage data. For very high security installations, overwiting the file several times is advised. Many government institutions have specific protocols for file deletion. For instance, the U.S. DoD specification 5200.22 standard says a file must be overwritten three times. Some researchers believe that the U.S. DoD standard is weak, yet others believe the standard was created for archaic MFM/RLL encoding, being written in 1995. Peter Gutmann outlines his reason for believing a file needs to be overwritten at ''least'' 22 times with different patterns in his '' Secure Deletion of Data from Magnetic and Solid-State Memory '' paper.

This high security is required as, even after being overwritten, the old file can still be retrieved later by very specialized equipment.


SOFTWARE



Cross Platform


  • Eraser (http://sourceforge.net/projects/eraser/) - free, popular software for Windows and DOS - GPL, hosted by SourceForge.

  • PGP and GPG tools often allow users to wipe files after encoding and some allow any deleted files to be wiped.

  • DBAN - Darik's Boot And Nuke (http://dban.sourceforge.net) - wipe your hard drive quickly and painlessly with only a 3 1/2 inch floppy.

  • BCWipe (http://www.jetico.com) - Windows and ---NIX - Commercial - a much more powerful file wipe utility meeting with government regulations.

  • Active@ KillDisk (http://killdisk.com/) - free version of their commercial hard drive wipe utility

  • ShredIt (http://www.mireth.com/shredit.html) - Easy to use File Shredder for Mac and Windows. Erase a file, hard drive, external device. DoD, NSA compliant.



Windows


  • DeepDelete (http://phoenixlabs.org/deepdelete/) - open-source, easy to use and very secure. From the makers of anti-RIAA PeerGuardian (Methlabs).

  • Eraser (http://www.heidi.ie/eraser/) - open-source, easy to use, recipient of numerous awards.

  • Parisien File Encryption (http://www.parisien.org/products.htm) (PFE) freeware - windows - offers both an encryption tool and simple file-wipe capability.


  • Nix platforms)


  • srm (http://srm.sourceforge.net) (---NIX)

  • grind (http://prp0.prp.physik.tu-darmstadt.de/~mrose/grind) (Linux/FreeBSD)

  • safeshred (http://www.codetek.com/php/safeshred.php) (OSX)

  • shred(1) from GNU coreutils (---NIX)

  • wipe (http://wipe.sourceforge.net) (---NIX)

  • Some Desktop Environments, like KDE for example, have a GUI shredder .



FILE WIPE ON UNIX AND UNIX-LIKE SYSTEMS


  • Nix systems such as DOS, Windows, and Macintosh OS 9 experience strong security benefits from a File Wipe program.


Due to the way UNIX and UNIX-like systems handle deleted files, it is not as vulnerable to an Undelete Attack. These deleted files are only vulnerable temporarily until the OS progressively overwrites this area. UNIX does not immediately wipe the file unless configured to do so but the area where the file resided on the HDD is soon overwritten, much more actively than other systems (where it can remain for months or even years). Sending files to /dev/null via the "rm," or "mv filename /dev/null", command is a generally considered a safe way to remove files from a UNIX system.

Though UNIX systems may be relatively secured against Undelete Attacks, physical inspections of hard drives are more likely recapture data than undelete software (listed above). Using a secure wiping program ensures that attempts are made to overwrite data with patterns of bits that are most likely to render physical inspection useless.


FILE WIPE ON JOURNALING FILESYSTEMS


Many modern operating systems such as Windows XP (NTFS), Mac OS X ( HFS Plus ), and GNU/Linux with a kernel version greater than 2.4 (Ext3, JFS, ReiserFS, and XFS) have the ability to use a Journaling Filesystem that makes complete erasure of data unlikely. Journaling filesystems are used to increase the integrity of data in case of failures. To accomplish this, the filesystems keep meta data and logs in various places known to the filesystem; most filesystems can also journal all data, but turn this functionality off by default. The meta data and logs will not be securely wiped with a file wiping tool. To increase performance, these filesystems will often arrange I/O commands in an efficient manner and may continuously move data around the disk to prevent the need for operations similar to Windows scandisk. The performance enhancing capabilities of the filesystems makes wiping files hard because the data may only be wiped in its present location, leaving unwiped blocks of the data in other locations on the hard disk. Also, the filesystem may not execute all requests of a redundant I/O command.

There are several ways to securely wipe files when using journaling filesystems:

  • 1. Store data that needs to be wiped on a partition (slice, volume, or drive) that uses a non-journaling filesystem. For example, users of Windows can use a Z: drive formatted with FAT32, and users of GNU/Linux can use a partition formatted with Ext2.

  • 2. Store data that needs to be wiped on a partition that is encrypted using Hard Disk Encryption. This eliminates the need to use a secure wiping mechanism for individual files.

  • 3. Store data on a temporary partition using any journaling or non-journaling filesystem. When it is time to wipe all files, use a tool such as Eraser or Wipe to securely wipe the entire partition.

  • 4. Physically destroy the hard drive after use by melting the hard drive. (Passing a magnet over the hard drive will not work.)



GENERAL QUESTIONS:


  • Isn't having a File Wipe tool paranoia?


: Most people own a document shredder to prevent their personal information from being stolen or retrieved. Similarly, a File Wipe tool should be available. Some viruses have been known to send sensitive documents (http://www.bayarea.com/mld/mercurynews/business/technology/6027714.htm) and it is conceivable that a backdoor could be designed to search your hard drive for deleted information. Or, more likely, someone with physical access to your computer. If you have or think you may have had illegal files on your computer, File Wipe is a great way to remove any possible forensic evidence.

: In some airports, laptop theft is one of the most expensive and common crimes. (See: physical security)

  • I don't use my computer for anything but videogames. Is a File Wipe useful for me?


: No. Most applications that do not involve personally identifyable information don't require a File Wipe utility.

  • I may have deleted some files without using a wipe utility/file shredder. How can I make sure they're gone?


: Use one of the following methods:

:# To wipe your hard drive's free space, write data to it until the drive is completely full, then delete and rewrite at least four more times. This can be done quickly by copying the data off of CDs to your hard drive until the drive is full.
:# Set an video or audio tool to record - even without an actual video or microphone connection - until the drive is full. Once the program complains about lack of memory, the temporary file can be dumped, repeated four times, and the wipe process is complete.
:# Use a File Shredder to shred the free space on your hard drive. (refer to the "Software" section of this article)

  • Do the File Wipe utilities also wipe the files data from Swap or RAM?


: No. In Windows, one has to wipe the swap file while it is not in use. This entails using a FAT32 filesystem, and wiping the swap file from a Live-CD package such as Knoppix , or alternating between two swap files or drives; one swap file/drive is wiped while the other is in use. An option for users of OpenBSD and GNU/Linux is to encrypt the swap partition using Hard Disk Encryption. An option for all operating systems is to disable swap and depend upon a large amount of RAM.

  • What about RAM, USB Drives, or Memory Sticks?


: Components and devices using a type of RAM are not completely safe. Such components and devices become more susceptible to physical inspection when data is left alone for lengthy periods. PGP avoided this problem by rotating the bits of keys at timed intervals when the keys were in RAM. For these components and devices, overwriting the memory once works to prevent finding old files. For the most paranoid, ensure that the overwriting occurs as soon as the data is no longer needed (or, do as the PGP program did and periodically move the data).

  • What about the information I don't delete - what about the sensitive information that's on my computer now?



SEE ALSO



EXTERNAL LINKS