Sometimes it is actually wise to be a little paranoid. Often the reason
is because we do not have full and accurate information about how
something works, and what is actually happening. When promoting new
technology like computers, you really wouldn't expect the big players to
be telling us all about the downsides of their products in the TV
commercials, now would you?
Before Ralph Nader, car manufacturers in
the 1960's were not out there telling their customers about the dangerous
flaws in their vehicle designs, now were they? Without true and accurate
information, real knowledge, we are always behaving and making choices in
the dark, so to speak. In this new information age of the Internet,
where our
personal privacy, computer security, and hard cash is at stake, a healthy
dose of paranoia may well be a good
thing. The fastest growing business on the Internet today is cyber-crime,
underpinned by credit card theft and personal identity theft, plus
secondly thru blackmail and the theft of confidential or secret material.
Today,
almost every person, and definitely every business no matter how small, has
secret, confidential, or other sensitive
information they need to keep private. The increased connectivity of the
Internet has shown that fast moving changes in technology, such as virus
worms, can extract data from a PC and forward it anywhere on Earth in a
flash. It is therefore NOT paranoid, but a wise and very practical
approach, to want to take steps to protect that sensitive information from falling into the wrong
hands. Criminal elements always seem to be a step ahead of the law, so
given the Governments of the day have an incredible capacity to process
collected information on Internet activities, one can only imagine how
defenseless our own computer systems really are. This isn't about
"if you don't have anything to hide" you shouldn't really have a
problem. All of us, are progressively moving in a direction of using this
Information Technology and computers, more and more in our daily lives.
No doubt you are one of them already, and your computer hard drives, old
and new, may well contain valuable
business trade secrets, financial business plans, intimate personal
pictures or maybe xxx adult porn files. You may have private diaries,
online chat records, and other types of confidential
letters and material stored on your computer hard drive somewhere today. In these
circumstances you clearly need to know, that the computer "delete functions" do not
really destroy, or what is known as securely "erase", that is
totally destroy, any of that information on your hard drives.
 |
So, what is going on with file data stored on a
hard drive?
|
In the
past, most people felt that DOS system commands were final and a "secure"
manner
of data file deletion on a hard drive. Later, as more knowledge became
available about how computers, and particularly the hard drive worked, it
was realized that these offered very little "true"
deletion of files or the other history data records being stored. Only a
few knowledgeable computer geeks, knew anything about this.
When you delete a file, the operating system
does not destroy the file contents from the disk - it only deletes some
"references" on the file from some system tables. The file contents
remains on the disk until another command overwrites that same "space" on
the hard drive. Almost any software
data recovery tool, can restore that file or data, if it hasn't been overwritten yet.
Advanced forensic hardware recovery tools, may even restore overwritten files by analyzing
latent magnetic traces.
Because of this, personally sensitive or confidential information
is laying unprotected on your hard drive and it is almost impossible to
prevent this from falling into the wrong hands if your system physically
or on the Internet is not totally secured. As operating systems and
program applications became more complicated, new hard disk utilities were
created that were able to "overwrite" the
related disk sectors. We were told then, this would make recovery of
deleted file data impossible. It seemed that these would surely be enough,
but sadly this wasn't the case either. These new
"secure" deletion utilities were still considered too weak and unreliable
for their use to be allowed within the Government and Military services.
Why were these earlier hard drive deletion/erasing tools not acceptable
for use ? The reason is, the government
and their top end IT consultants knew all about the weaknesses of
these earlier programs. And unfortunately, many of these ineffective hard
drive "cleaner" utilities, are still being sold today to unsuspecting
consumers. Please see this page for more info:
HARD DRIVE CLEANER WARNING
|
|
There are
several key areas of concern when understanding file deletion:
|
When a file is written to a hard disk, or a floppy disk, it has a certain number of sectors or
clusters allocated to it. The area of disk space provided, is always
larger than the file size itself. Deleting the file alone, leaves a space which
will still contain sensitive data about the file.
There are a number of ways in which this sensitive file data can be
deposited without a user knowing it. It is in the nature of a computer, to
always be updating one file or another. Every time a file is updated or
"saved", new copies are created and written wherever there is sufficient
space.
Software applications [ the many different programs on your
pc such as Microsoft Office ]
can create huge numbers of such files. When a file is eventually
deleted, only the LAST FILE IMAGE is actually deleted from hard
disk. All other previous file "images" then
appear as free disk space according to the computer system, but in
fact, those file copies/images, plus the additional recorded data about
those files, are still fully present on the hard drive........ and are
fully recoverable! This type of file data is continually
being created, unseen and
unknown about by the average user. That is until a disk is viewed with the appropriate
recovery software;
then is all is revealed! Even when partially overwritten by the computer
system later, these files can
still clearly be identified for what they are and can make interesting reading! Now, if the
above wasn't already enough of a surprise, most program applications, and
especially MS Office programs like Word, also create "temporary" files as part of their
normal operation. But these files are not as temporary as they may sound,
because they are never physically deleted in the file system or the hard
drive by the application, or the computer system itself. At least not
without specifically being done so by the user. Of course, they never tell
you to do that, do they?
Current file deletion
utilities, attempt to address this problem of "data remanence",
with varying degrees of success. If you are using Windows, like 95% of
people do, then most of these cheap hard drive cleaner programs offer very
little or no security at all........ with the exception of Evidence
Eliminator's hard drive utility for Windows. However, if you have
the skills to run utilities in the old "DOS" environment, they can
offer a lot, such as good DOS utilities like Eraser by Sami Tolvanen. But
so much depends on their intended use and what you expect to achieve
whether they are successful. As a companion to
programs like "PGP encryption", they can be excellent and
totally capable of destroying all those
plaintext files duplicate file image and data permanently forever.
Great care still needs to be taken in this
regard however. It is best to never save an edited plaintext or word
document type file using the basic "save" function but to use "save
as" option instead. This step ensures all versions will then remain
available for deletion. And make sure you choose a
file deletion utility program with the ability to perform "multiple"
overwrites. If you wish to deter only casual snoopers, such as
inexperienced office workers or family members, then maybe one overwrite
may be sufficient. For those who require their hard drive disks to
withstand the scrutiny of targeted or opportunistic investigations by
internet hackers, criminals, private investigators, or potential Police
forensic services; then three times should be the absolute minimum and
still may not be enough. The U.S. Department of
Defense recommendation is DoD 5220.22-M. This is a 7 pass extended
character rotation wipe method. The highest security level for erasing
hard drive data is called the "Gutmann Standard". This is a highly secure
(but slow) 35 pass wipe method, based on the advanced work by Computer
Scientist, Peter Gutmann. Please read his paper here:
"Secure Deletion of Data from Magnetic and Solid-State
Memory"
 |
What to do about private,
sensitive, or confidential private material you want destroyed?
|
People who for whatever reason have strictly
confidential material stored on computer systems and hard drives should
consider these precautions as not being
excessive. Some would say that there is no chance of recovering data that
has been overwritten just once or twice. These folks simply don't know the true extent to which "data remanence"
can be
investigated and recovered! Complete file deletion,
what is known as secure erasing by rewrite, can never be absolute; but more a sliding grayscale. Once
magnetic media have been exposed to a structured magnetic field, it is in
reality, very difficult to ever totally disguise the fact. This applies
especially to present drive heads, and high coercivity media, and who
knows what the latest developments are that may not yet have become public. When a write function is carried out, magnetic domains are created by the
millions for each data bit that is written. There is a limit as to how great
the write current can be, or adjacent data will be corrupted. Increasing
the spacing between adjacent data bit representations, would lower the
total capacity of the media. Modern high coercivity magnetic coatings
allow much greater data densities [therefore much larger sized hard
drives], but they are also more difficult to magnetize. Consequently, when a rewrite is carried out, a significant number of these
tiny molecular domains remain in their original orientation. This
orientation is never the exactly the same twice. The precise orientation
of the domain would have been influenced by adjacent bit representations.
Each precise orientation being individualized like a finger print.
With
each subsequent rewrite, less of these "permanent" domains remain, and so
a molecular history is encoded by a scale of relative molecular domain
numbers. In an age where molecular polarity is such a vital area of
science, it should come as no surprise that special techniques exist for
it's determination. The obvious value of being able to recover data, is
not lost to the intelligence and forensic services of any developed
nation. So with a knowledge of what methods are available for the analysis of
magnetic media, how do governments treat their own data ? In the UK, the
"Ministry Of Defense" has it's own idea of what constitutes the
declassifying of magnetic media; hard disks for example. They require that
the surface of all hard disk platters be ground off, and the dust securely
stored for twelve years! The dust is still officially classified even
after this period. Things are little different in the United States. A US
naval document entitled OPNAVINST 5239.1A states that disks that are
"unclassified", can either have their surfaces sanded away, or dissolved
by acid !!! So, who's really paranoid about securely erasing hard
drives? No one. It's just plain common sense these days.
 |
So what does
Evidence Eliminator do to solve the situation here?
|
Well, Evidence Eliminator is a specialty tool for
specific use on Windows systems that are in continual use. This unique
secure hard drive erasing process is designed to get underneath Windows
controls, locate and destroy unwanted files all stored computer history
within the Operating system and stored without your knowledge on the hard
drive. Evidence Eliminator does what no other secure
hard drive erasing utility is able to do. It defeats all known forensic
analysis software recovery and investigation tools such as Encase. It
should be considered your essential first line of defense on a "working"
Windows PC. Evidence Eliminator's hard drive cleaner
routines are considered the ultimate in user convenience. No more totally
erasing the hard drive, re-formatting then repeatedly re-installing your
operating system and the programs over again. Evidence
Eliminator will not totally erase ALL data on a hard drive, as it requires
Windows to be operational. For situations such as selling or replacing
hard drives in a computer, then secure DOS utilities, like Eraser
mentioned above, need to be employed to finish the job.
If the data remaining on a hard drive is highly
critical that it be ABSOLUTELY and PERMANENTLY destroyed, then either the
hard drive media should be physically Degaussed, rendering the drive
unusable, [see below links] OR if in any doubt, the only totally
guaranteed method of data destruction is the physical incineration of the
hard drive "disc media".
|
