Chapter 15: Erasing Files and Hard Drives Securely


When is a deleted file not a deleted file? When you use Windows Vista to delete the file, of course! Although it may seem strange, the built-in processes by which Windows Vista normally deletes files and folders don't actually remove the items from your hard drive in a permanent manner. In fact, many of the files that you believe to have been deleted for all eternity can actually be recovered quite easily with the right software tools in hand. That's good news if you've accidentally deleted a file and now want to attempt to recover it, but very bad news if you have some expectation that deleted items are actually permanently erased for good.

From a security perspective, the ability to permanently erase files so that they cannot be recovered is a necessary feature. Unfortunately, Windows Vista does not include any built-in tools or utilities that are capable of deleting files in such a manner. In fact, if you rely on features like the Recycle Bin to delete files, then you need to be aware that there's always the potential for a user with the right tools and expertise to reclaim all or some portion of every file you've deleted. In a nutshell, Windows Vista offers nothing in the way of tools capable of securely erasing data.

Thankfully, a number of third-party tools can help to bridge this security lapse. In this chapter you learn how to use Eraser, a free tool designed to erase securely files, folders, and even free disk space to levels that meet or exceed even U.S. government standards. Furthermore, you learn how to cover your Internet and program activity trails, stopping others from learning which files you've been working with or which web site you've been visiting. Finally, for cases where you've purchased a new PC and are getting ready to donate or hand down your old one, you learn how to securely erase your old hard drive to ensure that your personal data is erased, once and for all.

Traditional Ways of Deleting Files

In the world of Windows Vista, files and folders are typically deleted by sending them to (and then emptying) the Recycle Bin. On a larger scale, you can delete entire disks using techniques like formatting drives, or even deleting them completely. In the following sections you learn more about these methods, including why they are not considered secure alternatives in cases where you need to erase files, folders, or even the contents of a hard drive permanently.

Using the Recycle Bin

Windows Vista is an operating system rife with second chances, and perhaps no feature illustrates this as clearly as the aptly named Recycle Bin. When you select the option to delete a file or folder in Windows Explorer, Windows Vista automatically moves the item to the Recycle Bin, where it sits until you make the decision to get rid of it for good. In other words, files that you delete aren't actually deleted until you give the word that the Recycle Bin should be emptied.

Note 

Although Windows Vista moves most files deleted with Windows Explorer to the Recycle Bin, not all deleted files are dealt with in this manner. In cases where you delete a very large file or folder, Windows Vista may deem it too large for the Recycle Bin and let you know that it intends to bypass this step and delete the file for good. Additionally, when you delete files from the command line using the DEL command, they are deleted immediately, rather than being sent to the Recycle Bin.

In many ways, this is a good thing. If you accidentally choose the option to delete a file and then realize that you've made a mistake, you can open the Recycle Bin, click the file in question, and select Restore to undo the error and return the file to its original location (see Figure 15-1). When you empty the Recycle Bin, however, Windows Vista considers the file to be gone for good.

image from book
Figure 15-1: You can restore files sent to the Recycle Bin if you delete a file in error.

Although a file you empty from the Recycle Bin may appear to be deleted for good, in actual fact, it may still exist. That's because of the way that Windows Vista deletes files - instead of physically deleting or erasing the areas of disk space in which the file resided, the space is simply marked as available or not currently in use. Other programs (and Windows Vista) now look at that space as they would any other area of uninhabited disk space, and can use it for storage if necessary.

This methodology is the primary reason why you can often recover deleted files with specialized undelete software. Instead of relying on the information that Windows Vista provides, these tools scan parts of the hard disk marked as available, looking for accessible files. In cases where the disk space that a file once occupied is not used to store other data, these programs can typically access the deleted file for recovery purposes.

Formatting and Deleting Partitions

In much the same way that Windows Vista doesn't go to the trouble of ensuring that files emptied from the Recycle Bin are actually permanently deleted for good, formatting or deleting a partition offers no guarantees that the files stored on a drive are permanently inaccessible. In the case of formatting an existing drive (see Figure 15-2), Windows Vista simply deletes the contents of the drive's partition table, marking all areas of the drive as empty and accessible. As with deleting a file, the contents of the drive are still present, and potentially recoverable with undelete tools.

image from book
Figure 15-2: Formatting a disk makes the disk appear to be empty, but files may still be recoverable even after the fact.

The same is true when a partition is actually deleted using a tool like Disk Management or FDISK. Here again, Windows Vista doesn't erase or destroy the contents of the partition. Instead, it fools programs (and even itself) into believing that the partition no longer exists, allowing you to use the newly freed space for the purpose of creating new partitions or extended existing ones.

image from book
Recovering Deleted Files

Whether you see the way that Windows Vista deletes files as a good thing or a bad thing is largely a function of where you're standing. If you've accidentally deleted a file and want the best chance of recovery, then the method offers promise. If you want to permanently erase files, then the Windows Vista methodology isn't a suitable solution.

Assuming that you have deleted files (using the Recycle Bin or other methods outlined in the previous sections) that you now want to restore, your best chance of recovery is using specialized undelete software. These programs scan your hard disk looking for deleted files, providing lists of those you can potentially recover. An example of one such program is File Scavenger (http://www.quetek.com), as shown in the following figure.

image from book

As part of its scanning process, File Scavenger lists all deleted files that it finds, and assigns each a status that outlines the relative probability that you can recover the file. For example, the chances of recovering a file marked good are high, whereas you have little chance of restoring a file marked poor.

Whether you can actually restore a file is largely a function of whether any portion of the disk space it inhabited is now being used to store another file. If the disk space has been reused, the chances of a successful recovery are quite low. This is one of the reasons why you need to be careful to keep disk activity to a minimum after you accidentally delete a file. If you don't, the likelihood that the disk space will be reused is much higher.

For this reason, make a point of installing undelete programs like File Scavenger before you need them. If you try and install these programs after accidentally deleting a file, it's possible that the disk space used to install the program might end up being the same disk space inhabited by your deleted file, making recovery next to impossible.

image from book



PC Magazine Windows Vista Security Solutions
PC Magazine Windows Vista Security Solutions
ISBN: 0470046562
EAN: 2147483647
Year: 2004
Pages: 135
Authors: Dan DiNicolo

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net