Is there a plugin for for secure delete files with MBS? (overwriting 1, 3, 7 passes)
How would that work with modern OS and SSD?
You can open it in a Binarystream to overwrite, but how would you know the OS would reuse the same blocks on disk?
Well you write the file length to 0’s all, then do that about 7 times and then delete the file (marks the system that the space became available again). Do exactly the length of the file otherwise the system may store it somewhere else.
No need for MBS but maybe MBS can make a fast method doing so?
(this is the best and not guaranteed, as it can be that the system has a way to do this already)
This is for a magnetic hard drive
This always amuses me.
Writing a file is not like painting a wall… you cant scrape off a layer of zeroes and see the original file.
If you write to the same sectors on the disc, the original data cannot , cannot, cannot still be there.
The problem is that it may not write to the same location… it may write somewhere else and simply change the FAT table (or whatever) to point to the new location.
That would leave the old data lying around with nothing pointing to it, but still receoverable.
File shredding software should work by finding the original disc area and writing to that at a low level.
You might probably be better writing an encrypted file, and decrypting it when reading, so that it could not be casually examined with a low level too.
You cannot know where you write it unless the system does that for you, or your system allows to overwrite on the same location (which some may do).
This is how some known tools do this. The 7 times is because of some specific reason.
You mean secure delete? This lowlevel may not be available, or the system may have already it’s own functions available to do this directly. This is where MBS may come in handy…
exactly. so just saving a few times isnt great
It’s not but depending on your system it’s the way to go. Now which systems require which way is out of my knowledge. Again the best way is using system provided features.
Many such will tell you the same and actually works (on some versions/systems)
Very amussing some beliefs, like thinking that a magnetic disk store “ones and zeros”
During the magnetization process to write over the original data, a LOT of magnetic artifacts are left on the disk, enough to reconstruct the previous content in many cases.
1 Like
For windows you can try the sdelete tool from Microsoft.
https://docs.microsoft.com/en-us/sysinternals/downloads/sdelete
Or if you want to delete all the unalocated files on one drive, you can use the windows command tool Cipher with /w
Even the “professional” utilities that supposedly secure-delete are unreliable.
The issue is that modern drive controllers (both SSD and HDD) obfuscate the actual sectors. They can present logical sector values that may or may not perfectly correspond to physical sectors on the disk, this is done for wear leveling algorithms and other optimizations.
If someone truly wanted to recover your data and had enough resources to physically go into the hardware it could still be possible to reconstitute files despite an OS-level “secure delete.”
With a spinning disk drive this made a difference. It doesn’t work at all with SSD drives. An ssd drive won’t write to the same blocks over and over again, if you free the block and then write the file again, or change the block on the file it will often move the entire block to a new location so as to even out the wear and tear on the SSD which only lives for a finite number of write cycles. And this happens as you’re working with the file. There may be bits of it all over the place by the time you want to delete the file so even if you could write to specific locations on the disk, you have no way to know where the last block was before you wrote that last byte to it and closed the file. So you can’t rely on that at all. If someone needs a truly secure delete then the only option is to recommend full disk encryption or insist they are using a spinning hard drive where such things are still possible. But on a spinning hard drive the forensics people can recover the data you think you overwrote in many cases anyway so even there it’s not really a solution. It only foils simpler “undelete” tools but will not protect you from someone with a court order or who’s willing to hire a data recovery company.
2 Likes
I agree.
This was only important for HDD (spinning disk). The reason (AIUI) was that with a special controller board, it is possible to move the head left or right by a fraction of a track width and try to see if there is any residual magnetism left from the original data. If your special controller board can read that it may be able to recover the data that supposedly you overwrote. Doing it seven times just increased the chance that the residual magnetism, if any would no longer be readable.
But you have to have the special hardware to be able to do that, and in any case it’s meaningless for an SSD.
1 Like
…so again, if you want the data to be secure, before and after deletion, the simplest way is to read and write an encrypted version.
That way, even if bits of it are ‘all over the drive’ or recoverable by any means, ‘they’ first have to realise that what has been recovered means something, then how to glue the bits together, and then work out what the encryption method was.
1 Like