Siliconhell Forum - View Single Post

**Benny** · 22-07-2006, 12:18 PM

Some things to bare in mid:

1. When you delete files by sending them to recycle bin and emptying it, the data is not actually removed from the hard disk. It's like taking your phone number out of the phone directory... you can still be contacted on that number, but now it's more difficult for someone to find you.

2. Files that have been deleted in this way (or by a reinstall of the operating system) are easily recoverable using a disk recovery program. These range in price, but there are some good ones that cost very little and recently I saw that PC World are giving one such program away free on their webpage.

3. A better method for deleting files is to write over them with other data. There are various methods for this, but writing zeros over the data is not considered a very secure way to do this*. It's far better to encrypt the data that's on the disk in such a way that it cannot be decrypted**.

* If you think of your data as writing on some paper, then this is a bit like painting over the writing with one colour. It's still possible to see the writing underneath.

** This is more like writing random rubbish over the top of your writing many millions of times. The original writing becomes far more obscured.

4. In practice it very difficult to completely remove all trace of the data due to the physical properties of a hard disk. The longer that your data has been on the disk the stronger an impression it has left behind, even after encryption. However, extraction of data that has been encrypted requires dedicated hardware which is only available to data recovery experts due to its cost. It's pretty safe to say that no one will go to this length to find out what you might have had on your hard disk, unless you're a government spy ;-)

What I would recommend:

1. Delete all the files you want to remain confidential via the recycle bin method (make sure you empty it too) the data in the files is then known as "freespace".

2. Download and install PGPdisk (it's very well-known in the security field and it's free).

3. Use PGPdisk's "Freespace Wipe" feature to have it encrypt all the whitespace on your hard drive (you'll have to repeat this for each drive if you have more than one hard drive). This will take a long time (depending one how much free disk space you have and how many "passes" you do.

Alternatively to 1-3, you can use the "Wipe" feature of PGPdisk to wipe one file at a time, instead of all the above steps. But if you have ever modified the files you're wanting to hide (or deleted previous copies of them) then some of their data maybe already hanging around in "freespace".

4. If you're reinstalling the operating system I would make a backup copy of PGPdisk first (on flash drive or CD, etc.). Then install it ASAP on the fresh installation and do a "Freespace Wipe". This should help wipe data held in your previous operating system's files, such as the registry.

Hope that helps...

Can you tell I work in security? ;-)

22-07-2006, 12:18 PM	#5 (permalink)
Benny Super Duper Poster Join Date: Mar 2004 Location: UK Posts: 604 Credits: 1,639 Nominated 0 Times in 0 Posts TOTW/F/M Award(s): 0	Some things to bare in mid: 1. When you delete files by sending them to recycle bin and emptying it, the data is not actually removed from the hard disk. It's like taking your phone number out of the phone directory... you can still be contacted on that number, but now it's more difficult for someone to find you. 2. Files that have been deleted in this way (or by a reinstall of the operating system) are easily recoverable using a disk recovery program. These range in price, but there are some good ones that cost very little and recently I saw that PC World are giving one such program away free on their webpage. 3. A better method for deleting files is to write over them with other data. There are various methods for this, but writing zeros over the data is not considered a very secure way to do this. It's far better to encrypt the data that's on the disk in such a way that it cannot be decrypted. If you think of your data as writing on some paper, then this is a bit like painting over the writing with one colour. It's still possible to see the writing underneath. ** This is more like writing random rubbish over the top of your writing many millions of times. The original writing becomes far more obscured. 4. In practice it very difficult to completely remove all trace of the data due to the physical properties of a hard disk. The longer that your data has been on the disk the stronger an impression it has left behind, even after encryption. However, extraction of data that has been encrypted requires dedicated hardware which is only available to data recovery experts due to its cost. It's pretty safe to say that no one will go to this length to find out what you might have had on your hard disk, unless you're a government spy ;-) What I would recommend: 1. Delete all the files you want to remain confidential via the recycle bin method (make sure you empty it too) the data in the files is then known as "freespace". 2. Download and install PGPdisk (it's very well-known in the security field and it's free). 3. Use PGPdisk's "Freespace Wipe" feature to have it encrypt all the whitespace on your hard drive (you'll have to repeat this for each drive if you have more than one hard drive). This will take a long time (depending one how much free disk space you have and how many "passes" you do. Alternatively to 1-3, you can use the "Wipe" feature of PGPdisk to wipe one file at a time, instead of all the above steps. But if you have ever modified the files you're wanting to hide (or deleted previous copies of them) then some of their data maybe already hanging around in "freespace". 4. If you're reinstalling the operating system I would make a backup copy of PGPdisk first (on flash drive or CD, etc.). Then install it ASAP on the fresh installation and do a "Freespace Wipe". This should help wipe data held in your previous operating system's files, such as the registry. Hope that helps... Can you tell I work in security? ;-)