Silk Road forums
Discussion => Security => Topic started by: intelligence on December 22, 2012, 10:54 pm
-
What is in your opinion the best software that can securely delete files and why?
What are it's pros and cons?
-
I'm no expert, but I think it has alot to do with your computer settings and if those files you wish deleted has software conjoined - changing your settings and allowing malicious activity such as home page hack or firewall settings ect.
With that in mind I never install or download suspicious files, run AVG, Malwarebytes and CCleaner. I have these three programs on a usb and have helped out a couple of friends (just plug it in and run those three consecutively - wait for five / six beers - and its surprising how much crap never gets seen again) Never had a problem. All free software.
In short, nothing is safe. Don't download sus shit. You might just get the attention of someone who knows what they are doing
Hope this helps!
-
Deleting individual files is unsafe because of filesystem journaling and defragging. Each file has almost certainly been written to multiple places on the disk and is potentially recoverable. The only NIST-approved method of secure file erasure, for example for destroying medical records before decommissioning a hospital computer, is offline and full disk. Boot DBAN or a Linux Live CD and do a single random write across the entire hard drive.
-
as stated prior, your file system will write files to multiple points on your hard-drive, making it difficult to completely erase it so someone can not recover it. Your best bet is to use CCleaner for windows or secure remove for linux to erase the empty parts of your hard-drive (check the documentation for exact directions/ command line arguments). The algorithm needed is the gutman 35 pass (double check it, it might be 37, Id have to look). For full blown military version use the gutman 35 pass + demagnetization of the hard-drive followed by thermite.
-
Nah, no need for Gutman 35. I've tested it myself before I set up FDE. Did a single random write across the whole disk, then used a program to scan for files and found nothing. Not a single file was recovered. NSA might have technology not available to us, but NSA won't be analyzing the hard drive of a low or mid-level drug dealer. They're worried about terrorists and spies.
The important thing is you have to write across the whole disk while the host OS is offline (like from a boot disk), filling the empty space is not enough.
-
I use File Shredder. It's free and does the job. Many options to do the wiping too.
Also has an option to "shred free disk space". Astor your opinion on this?
-
Highlights from the article, "Can Intelligence Agencies Read Overwritten Data?":
"Of course it has been several years since Gutmann published. Perhaps microscopes have gotten better? Yes, but data densities have gotten higher too. A hour on the web this month looking at STM sites failed to come up with a single laboratory claiming it had an ability to read overwritten data."
"Another fact to ponder is the failure of anyone to read the "18 minute gap" Rosemary Woods created on the tape of Nixon discussing the Watergate breakin. In spite of the fact that the data density on an analog recorder of in the 1960s was approximately one million times less than current drive technology, and that audio recovery would not require a high degree of accuracy, not one phoneme* has been recovered."
* - I would have gone with "phone" here. ;)
"The requirements of military forces and intelligence agencies that disk drives with confidential information be destroyed rather than erased is sometimes offered as evidence that these agencies can read overwritten data. I expect the real explanation is far more prosaic. The technician tasked with discarding a hard drive may or may not have enough computer knowledge to know if running the command "urandom >/dev/sda2c1" has covered an entire disk with random data, or only one partition, nor is it easy to confirm that it was done. How would you confirm that the overwrite was not pseudo-random? Smashing the drive with a sledgehammer is easy to do, easy to confirm, and very hard to get wrong."
CLEARNET: http://www.nber.org/sys-admin/overwritten-data-guttman.html
So it seems just one pass may be sufficient- *assuming* the program is doing what it says it's doing.
-
In Ubuntu, my strategy has been this:
1) "sudo sh" to open a root shell without bash history.
2) "shred filename" to overwrite the file with junk.
3) "rm filename" to remove the file.
4) Finally, when you have a few hours spare (overnight) run BleachBit which will fill up all the free space on the disk as well as clear your swap.
You could obliterate this manually like "cat /dev/zero > temporary_file & rm temporary_file", then swapoff and reformat your swap partition.
Will this completely remove the file on a journaling filesystem? I'm guessing there's a small chance that it won't. If you want real security then create a non-journaliing filesystem (like ext2) and you can skip step 4.
-
Nah, no need for Gutman 35. I've tested it myself before I set up FDE. Did a single random write across the whole disk, then used a program to scan for files and found nothing. Not a single file was recovered. NSA might have technology not available to us, but NSA won't be analyzing the hard drive of a low or mid-level drug dealer. They're worried about terrorists and spies.
The important thing is you have to write across the whole disk while the host OS is offline (like from a boot disk), filling the empty space is not enough.
Gutman 35 is used to bypass hard drive crimping, a tactic used by the FBI and there are civilian labs that will do it as well. it costs no more that 2500 for a civilian lab to do it, so I am willing to bet the FBI or DEA would be willing to spend the money for it, the spend a lot more to go after a lot less.
-
It's interesting, because I have not heard of a civilian lab or company that claims to be able to recover data that has been overwritten, even once. If the technology existed, there's certainly a market for it. I also don't think the FBI has any technology not available to civilians. Their technical capabilities are vastly overrated. They can't even find a few high profile hidden services, even though there are known methods of identifying them.
If you know of a company, I'll gladly submit a hard drive for analysis, after a single random write. The hard drive will be filled with millions of copies of a text file with a unique message. If they can recover a single one of those files they can provide the message. :)
-
Only write sensitive files to an encrypted drive using software such as TrueCrypt. For SR-related activities I recommend the entire system drive be encrypted, whether it be a physical system or a virtual machine system.
-
I use Eraser
Eraser is free, open source (Last I checked) and can do batch deletions...
It uses a pRNG to over-write files up to 35 times.
If you are on UNIX, the standard deletion program is "shred", alternatively, you can install "wipe"... OR you can be creative like:
dd if=/dev/urandom of=/direct/path/to/your/file