Re: Wipe deleted files?



<hapticz@xxxxxxxxxxxxx> (07-01-07 20:27:54):

i have found "deleted" files content still residing on disk after some
"cleanup/wipe" programs also.

only way i have found is to use a hooking program that intercepts the
windows system delete command and then actually overwrites the file
itself (usually with zeros) BEFORE it changes the directory to show it
as "deleted".

That isn't secure either, because even Windows does feature a filesystem
cache. If you write random content to the file, and then delete it
right afterwards, you risk that the random data isn't written onto the
disk, because the operating system considers that as unnecessary (since
the file is already deleted anyway). Some Linux filesystems are that
smart. I don't know, if Windows is.

On the other hand, forcing that data to be written (`synchronizing')
will have a noticable impact on system performance. So resort to the
following approach.


never expect the operating system to do anything that will sustain
extra time usage, you must do it yourself or get a program that does.

There is only one way to ensure that no sensitive data remains on disk.
Don't let it be written to it in the first place. Create encrypted
partitions for such purposes. Encrypt your swap space and any other
temporary storage also.


Regards,
E.S.
.