File Removal: How to be sure

posted onJuly 15, 2001
by hitbsecnews

By: madirish

File deletion and recovery is often assumed to be as simple as placing a file in the 'Recycle Bin' and selecting 'Empty' or moving a file back onto the desktop from the recycle bin. What actually happens when a file is saved is the data to be saved is moved from RAM (Random Access Memory), which is the computer's sort of short-term memory, onto disk (usually hard disk - the computer's hard drive). The file is saved as magnetic ones and zeros (binary) on the permanent internal disk so that power can be cut but data storage is retained.

While material is stored in RAM (on the clipboard for instance, or an unsaved document in Word) it is being stored in RAM, composed of switches in either the on (passing electrical current) or off positions.

Because these switches require electrical power to maintain their state, RAM is flushed when the computer is turned off (this is why it is essential to shut down a computer using the operating system's shut down procedure rather than simply cutting the power (so that system files and OS material can be removed cleanly from RAM and stored to hard disk for boot strapping on the next boot)). When material is saved to hard disk from RAM, the computer scans the hard disk to find sectors on the disk that are flagged as free (not being used to store other material), and the new material is written on these sectors. This is important to understand because when a file is deleted, the original binary (ones and zeroes) saved on the disk is not removed or altered.

The sectors that the deleted material is saved on are simply marked as available so that new material can be saved over the older material. Because material saved on hard disk is saved in magnetic binary (in terms of polarity - positive or negative) the loss of power does not change storage. Also, because power is required to alter the sectors, it is simpler to mark sectors as free for overwrite than to change their polarity and actually remove data. What this means is that when a file is deleted, it remains on disk until new material overwrites it. This makes data recovery, whole or even partial file retrieval, possible even long after a file is deleted. In order to insure that files are actually deleted beyond recovery it becomes necessary to use special software to immediately overwrite the space of deleted files to prevent recovery.

Software like PGP offers options like 'wipe', which will prevent data recovery. For this reason, it is important for securities sake that material that must be removed from disk without possibility of recovery is removed using a utility that will overwrite old space on disk rather than a simple delete. Most material is not of this sort of sensitive nature, but for files that do deserve this sort of attention should be treated properly.

1.)
File removal: How to be sure - madirish

2.)
NT Security Tools - madirish
3.)
Getting Started with SQL (part 3) - L33tdawg
4.)
Anatomy of Brute Force Attacks - madirish
5.)
IIS Script Directory Exploit - madirish
6.)
Another one bites the dust - L33tdawg
7.)
Using PHP Securely - SecuriTeam

Source

Tags

Intel

You May Also Like

Other Articles In This Section

Recent News

Friday, November 29th

North Korean hackers posing as IT workers steal over $1B in cyberattack
OpenAI is at war with its own Sora video testers following brief public leak
Found on VirusTotal: The world’s first UEFI bootkit for Linux

Tuesday, November 19th

CISA Director Jen Easterly, in Place Since 2021, to Step Down
Korea extradites Russian, Vietnamese suspects linked to $16M ransomware scheme
WhatsApp: NSO Group Operates Pegasus Spyware for Customers

Friday, November 8th

North Korean hackers target cryptocurrency with malware
Man sick of crashes sues Intel for allegedly hiding CPU defects
Law enforcement operation takes down 22,000 malicious IP addresses worldwide

Friday, November 1st

Youth of today say passwords are old news, passkeys are the future
Chinese attackers accessed Canadian government networks – for five years
OpenAI launches ChatGPT with Search, taking Google head-on
Here’s the paper no one read before declaring the demise of modern cryptography
Not just ChatGPT anymore: Perplexity and Anthropic’s Claude get desktop apps

Tuesday, July 9th

China's APT40 gang is ready to attack vulns within hours or days of public release
AI-Powered Super Soldiers Are More Than Just a Pipe Dream
The president ordered a board to probe a massive Russian cyberattack. It never did.
Massive car dealer ransom attack is mostly over after 2 weeks of work-arounds

Wednesday, July 3rd

“RegreSSHion” vulnerability in OpenSSH gives attackers root on Linux
Two of the German military’s new spy satellites appear to have failed in orbit

Friday, June 28th

Indonesian Airports, Data Centres Hit By Worst Cyberattack in Years
Cisco Talos warns of wider security implications following Snowflake breach

Thursday, June 27th

I Wore Meta Ray-Bans in Montreal to Test Their AI Translation Skills. It Did Not Go Well
Researchers upend AI status quo by eliminating matrix multiplication in LLMs
YouTube tries convincing record labels to license music for AI song generator
Critical MOVEit vulnerability puts huge swaths of the Internet at severe risk
Julian Assange to plead guilty but is going home after long extradition fight

Thursday, June 13th

Hackers show off jailbroken checkm8-vulnerable iPad and Apple TV running iPadOS 18 & tvOS 18 respectively
One of the major sellers of detailed driver behavioral data is shutting down
Turkish student creates custom AI device for cheating university exam, gets arrested

Wednesday, June 12th

Chinese-Made Biometric Access System Has 24 Vulnerabilities
Apple and OpenAI currently have the most misunderstood partnership in tech
Adobe to update vague AI terms after users threaten to cancel subscriptions
China state hackers infected 20,000 Fortinet VPNs

Tuesday, June 11th

Russia Is Targeting Germany With Fake Information as Europe Votes