Secure File Deletion

Via the SANS Information Security Reading Room RSS feed, I found a paper by John Mallery entitled “Secure File Deletion: Fact or Fiction?”. This paper provides a good introduction to the issue in Windows of deleted files hanging around as well as other places sensitive information can hide such as the Windows Swap and Page Files and temporary files. He provides a good review of available tools for securely deleting files and wiping disks.

ON a related note, the Microsoft Switzerland Security Blog post a link to the article “Forensic Analysis of Microsoft Windows Recycle Bin Records“. The introduction states:

Contrary to popular belief, when a file is deleted from a computer it is not really deleted. This is especially true for Microsoft Windows Operating Systems. Windows utilizes a repository for deleted files called the Recycle Bin. The existence of the Recycle Bin allows a user to retrieve a document he accidentally deleted. In order for Windows to undelete a file in this manner, certain information must be stored in records so that the original information about the file may be restored, such as the file name.

Although it’s not information I expect to need, it is useful information for a forensic investigator.

Update: Jesper Johansson blogged today, 08/25/2006, about using the cipher /w:<drive letter> command which is built into Windows XP and higher and does a three-write pass over a drive to wipe all free space. This was in response from a query in Susan Bradley’s blog. Susan’s blog entry also pointed to a paper by Simson L. Garfinkel and Abhi Shelat on disk sanitation standards.


Steve Mullen has been involved in information technology for over 35 years. He is also actively involved in the music program (voice and English hand bells) and Vestry of St. Anne’s Episcopal Church in Damascus, MD.

Posted in Blog, Microsoft, Security, Technology

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

August 2006
« Jul   Sep »
%d bloggers like this: