How do I really erase a file?
Frank Lindqvist
original file with some garbage to be sure that the file can not be
restored. Any ideas?
Thx
Frank Lindqvist
Thomas Stutz
> original file with some garbage to be sure that the file can not be
> restored. Any ideas?
Use the WipeFile() function from P. Below :
http://www.swissdelphicenter.ch/en/showcode.php?id=823
tom
Uffe Kousgaard
f: file of byte;
i: integer;
begin
assignfile(f,'file.txt');
reset(f,1);
for i:= 1 to filesize(f) do write(f,trunc(256*random));
closefile(f);
end;
"Frank Lindqvist" <fr...@lindqvist.net> wrote in message
news:3ca034c9$1_2@dnews...
Ekkehard Domning
the sample code works for "normal" Hackers fine.
Uffe Kousgaard schrieb:
>
> var
> f: file of byte;
> i: integer;
> begin
> assignfile(f,'file.txt');
> reset(f,1);
> for i:= 1 to filesize(f) do write(f,trunc(256*random));
> closefile(f);
> end;
But security has allways to ask with how many Power (Manpower, Money,
...) somebody want to findout what the originally Contents was.
Since Bits on a Harddisk are stored "analog" You can do an analysis how
strong the Bit currently is.
Example:
This Disk is empty the Bitvalue is measured at 0%
Now You write a 1 and measure again the Value is now 80%
If You now write a 0 the Value moves to 20%
On an digital View everthing below 50% is zero so the return is a
"zero", everthing is well, from the analoge view 20% says there ist a
"zero" on a place where a "one" was before!!
The Source of WipeFile (see backward in the Thread) does the writing
three Times and is much more saver.
>
> "Frank Lindqvist" <fr...@lindqvist.net> wrote in message
> news:3ca034c9$1_2@dnews...
> > I am writing a encryption program and I would like to be write over
> the
> > original file with some garbage to be sure that the file can not be
> > restored. Any ideas?
Best regards
Ekkehard
--
DomIS Internet Solution - Ekkehard Domning
Im "mCC": Industriestr. 17 - 49740 Haselünne
Mail: e...@domis.de Internet: http://www.domis.de
Iain Macmillan
In article <3CA06F55...@domis.de>, Ekkehard Domning <e...@domis.de>
wrote:
> ...) somebody want to findout what the originally Contents was.
> Since Bits on a Harddisk are stored "analog" You can do an analysis how
> strong the Bit currently is.
> Example:
> This Disk is empty the Bitvalue is measured at 0%
> Now You write a 1 and measure again the Value is now 80%
> If You now write a 0 the Value moves to 20%
Wow, really!
Do you have any code at all (not necessarily Delphi/OP, as I guess it needs
port i-o commands) that can retrieve this 'bit strength' value?
> The Source of WipeFile (see backward in the Thread) does the writing
> three Times and is much more saver.
Well that is easily fixed.
For i:=1 to 3 do UffesProc;
<g>
-Iain.
Johnnie
Wouldn't be smarter to fill with ones instead of zeros isn't the result
the same but will never give the smart hacker the possibility to extract
any usefull data from the file? wouldn't that improove the speed?
regards
Johnnie.
Kent Briggs
Frank Lindqvist wrote:
>
> I am writing a encryption program and I would like to be write over the
> original file with some garbage to be sure that the file can not be
> restored. Any ideas?
After overwriting the original data, you must call
flushfilebuffers() before the final erase. Otherwise, Windows
will ignore the wipe stream built up into the write cache and
just do the erase, thus allowing a recovery program to unerase
it later. You can use my Directory Snoop program
(http://www.briggsoft.com/dsnoop.htm) to test your unerase
routine by examining the file's clusters before and after your
wipe routine to make sure they really were wiped. A few years
ago, I used my program to exposed about a dozen "wiping"
programs that never actually wiped anything at all.
--
Kent Briggs, kbr...@briggsoft.com
Briggs Softworks, http://www.briggsoft.com
Mike Williams
> the same but will never give the smart hacker the possibility to extract
> any usefull data from the file? wouldn't that improove the speed?
I doubt that writing a 0 would be faster than writing a 1. To thoroughly
eliminate a file the standard practice is to write over it several times
(perhaps 8) with different byte patterns.
-Mike
Ekkehard Domning
Iain Macmillan schrieb:
> > Example:
> > This Disk is empty the Bitvalue is measured at 0%
> > Now You write a 1 and measure again the Value is now 80%
> > If You now write a 0 the Value moves to 20%
>
> Wow, really!
> Do you have any code at all (not necessarily Delphi/OP, as I guess it needs
> port i-o commands) that can retrieve this 'bit strength' value?
since this A/D-Conversion is done in the read/write Head of the Harddisk
(or in the following schmidt-trigger gate) there is no way to do this by
a program.
I saw that the FBI work together with a German company, to recover Data
from Harddisks rescued from the WTC desaster. What they do is, open the
harddrive remove the disk(s) and place them on a new drive with new
read/write heads. Since this has to be done under very clean enviroment,
You want have a chance to do so too.
Years ago we had a crashed HDD and needed the Data back, so I opened the
drive mounted the read/write head again an read the whole disk. After
that I tried how long the disk will survive -> after less than 3 hours
the disk was unable to read with an OS, Norton does a few hours longer.
Back to the Question/Comment: To read the analog Bit value from a disk
You have to split the analog signal from the read/write head and patch
Your own A/D-Converter, synchronize the bit values to the Sector and so
on. Not a very easy Job.
Aeternus Doleo
> Do you have any code at all (not necessarily Delphi/OP, as I guess it
needs
> port i-o commands) that can retrieve this 'bit strength' value?
You can't get analog values from a digital device. But bigtime lab analysis
can recover those values. Degauss a disk for total annihilation of data.
Iain Macmillan
In article <3CA1846E...@domis.de>, Ekkehard Domning <e...@domis.de>
wrote:
> since this A/D-Conversion is done in the read/write Head of the Harddisk
> (or in the following schmidt-trigger gate) there is no way to do this by
> a program.
That is a pity. It looked like a chance for a super recovery utility.
Or even a way to store 2 data in the same physical location.
> I saw that the FBI work together with a German company, to recover Data
> from Harddisks rescued from the WTC desaster. What they do is, open the
> harddrive remove the disk(s) and place them on a new drive with new
> read/write heads.
This seems to suggest that the disk platter itself was just about OK but
that the heads were broken.
> Since this has to be done under very clean enviroment,
> You want have a chance to do so too.
Well I've seen an electrician I know changing (cheap) disks. His environment
could not be described as clean! .. He *said* it worked!
> Years ago we had a crashed HDD and needed the Data back, so I opened the
> drive mounted the read/write head again an read the whole disk.
I once managed to make a last-ditch backup of a HDD that was giving 'Drive
Failure' on startup, by plugging in another drive of the same type,
rebooting, then with the computer running change back to the old drive, and
start copying the files. I think it was just track 0 of the HD that failed,
so the files could be read OK.
> Back to the Question/Comment: To read the analog Bit value from a disk
> You have to split the analog signal from the read/write head and patch
> Your own A/D-Converter, synchronize the bit values to the Sector and so
> on. Not a very easy Job.
No, too difficult for me, a software engineer!
(I just had to learn a little hardware for people that say 'you know about
computers right? so how do I upgrade chips/disks.. etc')
In the context of the original poster's question it sounds too difficult for
most 'malicious hackers' too.
Thanks anyway
-Iain.
John Herbster
> ... In the context of the original poster's question it
> sounds too difficult for most 'malicious hackers' too. ...
I cannot interpret enough from Frank's question to determine the boundaries
of his context.
"write over the original file with some garbage
to be sure that the file can not be restored."
I would like to ask him if "cannot be restored" precludes using special
electronics.
Of course there are also backup tapes and Trojan monitors to also worry
about.
Gwen Carpenter
says...
Your DirSnoop program is really cool!
Frank might also need to worry about whether or not his file got written
to the windows swap file... the virtual ram thingie is a big problem when
you want to be absolutely certain that no copy of a file is left on disk.
Frank Lindqvist
do you have any ideas, what to do with the windows swap-file?
Frank
"Gwen Carpenter" <gacarpe...@NOSPAMyahoo.com> schrieb im Newsbeitrag
news:MPG.170c60e38...@newsgroups.borland.com...
Frank Lindqvist
have posted to help me.
Frank
P.S. I was more thinking about normal hackers, so overwritting the file once
(but why not several times) should be fine enough.
"Frank Lindqvist" <fr...@lindqvist.net> schrieb im Newsbeitrag
news:3ca034c9$1_2@dnews...
RB
"Frank Lindqvist" <fr...@lindqvist.net> skrev i en meddelelse
news:3ca2be26_1@dnews...
| Hi Gwen,
|
| do you have any ideas, what to do with the windows swap-file?
|
| Frank
I suppose you can erase the swap-files the same way as any other file.
But you must (re)boot to a dos prompt first.
If your file-eraser only works under windows, it might be possible just to
rename the swap-file from a (re)boot dosprompt, and then erase the renamed
file under windows.
RB