Can eraser securely erase deleted files?

Plod

New Member
If I do a normal file delete in windows (not to the recycle bin) can eraser find that file and then securely delete it? By the way, I know I can do a free space wipe but that takes too long.
 
Hi :)

No Eraser cannot find an already deleted file. You would need to use a Hex Editor for that.

As for the free space wipe taking too long what erase method are you using ? A single pass random wipe is fairly quick and if you have a massive hard drive then leave it overnight.

A free space wipe is really your best option now.

I have just remembered that some data recovery software actually have an option to either recover or securely delete files. I am not sure as to their level of security compared to Eraser but if speed is more important to you than security you might give them a try.
 
Hello overwriter, thanks for the reply.

I'm not sold on a one pass erase as being secure. I want to do a Gutmann wipe, so as you can imagine, wiping a huge disc takes a looooooooong time. I'd never thought of using a hex editor to find the files. Do you know of one with built in secure erase too?
I have found a program that finds the files and then securely wipes them, it's called Restoration, but unfortunately it doesn't do a Gutmann wipe. If you or anyone else can suggest another program that can do this please let me know. Thanks.

BTW do you think requesting this as an eraser feature would be a good thing (it definitely would be for me :) )?
 
Hello overwriter, thanks for the reply.

You’re welcome. :)

I'm not sold on a one pass erase as being secure.

Can I ask why ? Have you ever read or heard of a case where data has been recovered from a modern hard drive after a single random pass from Eraser ?

I would think erasing with a single pass frequently is better than a 35 pass once.

I'd never thought of using a hex editor to find the files. Do you know of one with built in secure erase too?

Yes WinHex has a PRNG !

I have found a program that finds the files and then securely wipes them, it's called Restoration, but unfortunately it doesn't do a Gutmann wipe. If you or anyone else can suggest another program that can do this please let me know. Thanks.

Really this Guttmann thing is just soooo overkill. Even he himself says that his original paper is not relevant now. Please save yourself a lot of time and drive head wear and just use a single random pass. If you are really paranoid then you could do it twice.

If you have data on your hard drive that you believe warrants a 35 pass overwrite then I seriously think you should physically destroy that drive.

BTW do you think requesting this as an eraser feature would be a good thing (it definitely would be for me)

Yes you can make your request here.
http://www.cipherserver.com/phpbb2/view ... 48009b266e

:wink:
 
I've now done a bit more reading and it seems that the Gutmann method is overkill as long as the drive is over 15GB. I would still want to do a couple of wipes though just for peace of mind.

The WinHex program is interesting, I'm going to trial it and see how it goes.

Thanks again.
 
Hi Plod,

I am very glad to learn that you won’t be using the 35 pass method. You will save yourself a lot of time and drive wear ! :D


Plod said:
as long as the drive is over 15GB

Can you explain this to me please ?

Plod said:
The WinHex program is interesting, I'm going to trial it and see how it goes.

I think you will find it very useful. I have just realised that I perhaps shouldn’t have mentioned it as it is a commercial program but as there is a trial version of it for free I hope that’s ok.
 
Hi overwriter,

As far as I can tell the 15GB figure is where drives started to use PRML encoding which from what I read will theoretically, if not practically, make a single wipe pass all that is required to securely erase the disk. It is technically possible on drives lower than 15Gb capacity, to use a STM to detect previous data (because the repeatability of head alignment wasn't as good then), but it's still an normous task and I think only terrorists and the like would still be worried by it. It does mean though that, to be sure of a secure wipe, more wipes would definitely be needed for drives below 15Gb capacity.

Going back to my original problem though, I needed to get rid of about 15 small files which were buried in 480GB of free space, so even a single pass (and I would prefer to do three) still takes quite a long time and I would prefer to be able to just securely wipe the deleted files.
 
Hi Plod. :)

Thank you for your explanation, however it would seem more to do with reliable head alignment rather than disk capacity which is why I asked.

I needed to get rid of about 15 small files which were buried in 480GB of free space,

How small are they ? The reason I ask is that they may be stored in the MFT of an NTFS drive. Did you try WinHex ?

Seriously Plod, unless you are expecting an extensive forensic investigation of your hard drive I really don’t think you should worry so much. To find 15 “small” files amongst 480GB of single pass overwritten drive is just about impossible. Actually if you have a drive of that capacity I would think that the disk is so tightly packed that the heads would have a startling degree of accuracy. I wouldn’t think a multi overwrite should be necessary at all with a drive such as yours.

Please Plod stop agonising about this, just perform a single random pass overnight then you can wake up the next morning much more confident that your security breach is more than likely over. Trust me you will feel better about it. If you still feel nervous the next night do another single pass !!!!!

I know I am making light of your situation and I do appreciate you do seem extremely concerned about these files but honestly I am certain you will be ok with a single pass.

Your situation makes me think again about my Eraser feature request to catch all data in the recycle bin so the user is unable to get into your predicament.

:wink:
 
I would think the act of "overwriting unused disk space" would in fact be deleting already deleted files?
 
Good... just making sure 2 + 2 still equals 5 :shock:

I suppose there was some confusion as to what was "used" space verses "unused"
 
Hi windstrings

I believe plods concern was more he wanted to perform a 35 pass wipe on a small selection of previously deleted files without having to wait for the complete free space to be cleared.

I am going to name this idea / process “Intelligent Overwriting” ! This would allow the user to view deleted data on his drive and select files to overwrite whilst leaving less sensitive deleted files alone. This would help with plausible deniability.
 
Thats a great idea... especially if your sensitive files are basically under one directory..... the only problem is the physical location on the hardrive of files kept in a specific "file location" I don't believe coorespond to they?

I other works, file #1,2,3, and 4 kept in directory called "my stuff" may in fact be scattered all over the drive in physical location... especially if the drive is small, or even worse.... a thumb drive?

If it indeed had "intelligence" to know where the physical locations were and only delete or wipe those areas of "unused space", then that would be awesome.... I just don't know enough about it to know if thats feasible.... especially for a free program?
 
I understand what you are getting at here about the physical location of the “deleted” files on the disk. I am not so sure myself but I wonder if the entry is still in the MFT albeit deleted could Eraser get file locations from there ?

A program called Restorationclaims to be able to overwrite deleted data found using its viewer.
 
Erasing deleted files

Sorry to revive this topic, but has anything been done about this, because I think Plod's idea is a good one?

At work, we do not have our own PC's and just log on to whichever is available. I use a thumb drive to operate things such as Skype, Firefox, etc., and in the course of operating these programs, the software creates and deletes various temporary/cache files on the hard drive. I have installed eraser 5.3, on all of the machines so far (only able to do this as an individual user, no rights for service that may run in background), and erase the free space (using single pass :D ) if there is something I might not want others to see, but it would be much easier and less time consuming if I could search for and erase the individual files, or even just erase all of the files which might be recoverable instead of all the free space.

Obviously for my application maximum security is not necessary, so it is just a matter of time. Typically it can take anything from 20 to 40 mins to erase the free space on a disk, which is a lot of time if you have to wait and then log off the machine before you can go home or let someone else use it. On top of this erasing all the free space creates a substantial amount of unnecessary wear to the hard drive if you do this on a regular basis, as I sometimes find myself doing this several times a day.

Hope we can get some feedback on this, as I think there are many situations where people could use this type of functionality.

Cheers,

Mark
 
First we need published algorithms to find data. We could do a simple file header check - but that's not thorough. There's no defined way to search for remnants of deleted files because that's what they are - deleted. Even programs like Recuva are not able to guarantee 100% file recovery (certainly not with Eraser, haha)

Joel
 
Back
Top