Data Deletion-EN

Da PoliArch.


Altre Pagine: · Home Page · Documentazione · Downloads · Screenshots · Contatti

Introduction

The safe removal of data is not as simple as you may think. When you delete a file using standard operating system commands, in fact the file 'NOT' has been deleted and the contents of the file remains on your hard-disk.


Many operating systems only remove references to the file when asked to delete it. The file - that you think has been deleted forever - remains on disk until another file overwrites not created, and even then it may be possible to recover data by studying the magnetic fields on the disk using chemical materials.


Before a file is overwritten by a new one, anyone can easily restore the data, for example using a tool to "undelete". And even after some people (some agencies) with special tools would be able to restore the data even partially.


All have some data that they want to remain private, such as financial data, e-mails, tracking websites visited, etc ... I've heard of cases where people were selling their old computer to the other, and the buyer was able to restore the financial data.


The only way to cover up your data is to use some pattern defined. For detailed information read the famous text by Peter Gutmann.

Warning: Using the tools of "wiping" or "shredding" should be bearing in mind an element: The filesystem overwrites data in place. This is the traditional way of doing things, but many modern file systems do not comply with this rule, for example, ReiserFS, Reiser4, XFS, Ext3, etc..

Read this document for more information. In this case the solution would be to delete the entire device (partition) where the private data is stored, and make sure that the data is actually overwritten.

PoliArch provides some tools to ensure that data recovery is almost impossible - I say "almost impossible" because nobody can guarantee that agencies like the NSA or the FBI can not reconstruct at least part of it.

Tools

  • 'Shred:' You can use shred to delete files safely simple but also entire partitions or hard disk. Shred uses a default overwriting to 25 steps, it can increase or decrease the number of steps. In any case shred is faster than wipe (see below).

For example, to securely erase all data on the first IDE harddrive: 

# shred -v /dev/sda
  • 'Wipe:' Similar to shred you can use to delete files definitely simple but also entire partitions or hard disk.

Wipe by default, use an override to 35 passes as explicate in text by Peter Gutmann. Wipe is slower than shred, because it uses multiple steps to override the default and is very safe.

For example, to delete the file 'pagefile.sys' from a Windows partition using 35 passes of overwriting: 

# wipe -D /mnt/windows/pagefile.sys
  • 'dd:' dd is a command of the operating system Unix and Unix-like systems, and more generally POSIX systems, which copies the data in blocks, optionally performing conversions.

To overwrite a disk (sda in this example) with a sequence of random data: 

# dd if=/dev/urandom | pv | dd of=/dev/sda

To complete you can overwrite everything with a sequence of zeros (zero filling) 

# dd if=/dev/zero | pv | dd of=/dev/sda
Warning: The use of 'pv' is not strictly needed, in fact, it's used to monitor the progress of data through a pipe, it can still be useful to get an idea of ​​the timing.


Altre Pagine: · Home Page · Documentazione · Downloads · Screenshots · Contatti

Estratto da "http://www.poliarch.org/wiki/index.php?title=Data_Deletion-EN&oldid=303"