Tech Explained

Simplifying technology… for everyone

How secure file deletion software’s work

How
w secure file deletion software’s work
By Selva Kumar

For more visit How-to-guides @ tech-explained.blogspot.com

explained.blogspot.com
 Tech Explained
Simplifying technology… for everyone

How secure file deletion software’s work

Hard Disk – An introduction

A hard disk/hard drive/HDD is a non-volatile

volatile device
used to store digital media. A typical HDD consists of
platters on which data is recorded magnetically. To
understand how secure file deletion software’s
softw work,
it is necessary to understand the structure of a HDD.
A HDD structure consists of 1) Track,
ack, 2) Geometrical
sector, 3) Track sector and 4) Cluster.

A Sector is what is used for user recorded data. A sector is made up of three basic
units – 1) The sector header, 2) The data field, and 3) The error correcting code
field. The sector header is used for internal synchronization and data
identification, the data field stores user recorded data and the ECC field contains
algorithms for error checking potential errors.

How operating systems delete files and folders

Operating systems do not actually delete files or

folders. The files or folders are actually moved to a
temporary location (Recycle Bin or Trash), hidden
safely from the user for recovery. When the Recycle
bin or Trash is emptied, the files are removed from
the temporary location,, after which they are gone
forever (Atleast the user thinks so).

A file stored on a hard disk sector is marked “Read only”

only”.. In simple terms, a sector
cannot be overwritten.
rwritten. When the Recycle Bin or Trash is emptied, the sector is
marked as “Write” ie; the data field in the sector becomes available for storing
new data thereby overwriting the old data
data. Considering the number of sectors
per track and the size of hard disks today, it may take forever for a sector to be

For more visit How-to-guides @ tech-explained.blogspot.com

explained.blogspot.com
 Tech Explained
Simplifying technology… for everyone

How secure file deletion software’s work

overwritten and the permanently

rmanently deleted file resides in the sector data field
which can be easily recovered using recovery softwares.

How secure file deletion software’s work

Secure file deletion software’s employ a number

of techniques to securely wipe of the data from
the sector permanently and forever. These
software’s make use of complicated algorithms
to overwrite the data in the sector data field. A
list of the algorithms used is provided below in a
separate section. For now we shall explain the
general techniques employed.

The first onee involves encrypting the file with a secure key. The key in case
of secure file deletion software’s is randomly generated. The software’s
software’ generally
encrypt the file a number of times with randomly generated keys,, thereby making
the file non-recoverable. The second technique involves writing the file with
binary 1’s and 0’s and sometimes a random character. Secure deletion software’s
employs various wiping schemes that involve encryption and binary writing. These
wiping schemes involve various stages called “Passes”. Each pass performs a
secure overwriting of the file rendering it irrecoverable by any sophisticated
recovery software available
available. Disk wipers also work on the same principle.

Wiping schemes employed

• 1 Pass: Overwriting with zeros.

• pass): Overwriting with zeros and verification.
British HMG IS5 (Baseline) (1 pass) verification
• P50739-95 (2 passes): 1 pass zeroes and 1 pass random byte.
Russian GOST P50739
• passes): 1 pass with zeroes1 pass ones and 1
British HMG IS5 (Enhanced) (3 passes)
random bytes with verification
verification.

For more visit How-to-guides @ tech-explained.blogspot.com

explained.blogspot.com
 Tech Explained
Simplifying technology… for everyone

How secure file deletion software’s work

• US Army AR380-19 passes): 1 pass random bytes, 1 pass certain bytes

19 (3 passes)
and 1 pass previous byte compliment with verification.
5220.22-M (3 passes): 1 pass zeroes with
• US Department of Defense DoD 5220.22
verification, 1 pass ones with verification and 3 pass random bytes with
verification.
5220.22-M (E) (3 passes): 1 pass certain
• US Department of Defense DoD 5220.22
bytes, 1 pass complement and 3 pass random bytes.
• NAVSO P-5239-26 26 (RLL) : 3 passes overwriting algorithm with last pass
verification
• NAVSO P-5239-26 26 (MFM) : 3 passes overwriting algorithm with last pass
verification
5220.22-M(ECE) (7 passes) : 1 pass certain
• US Department of Defense DoD 5220.22
bytes, 2 pass compliment
compliment, 2 passes random character,1 pass character,
character
1pass complement and 1 pass random character.
• Canadian RCMP TSSIT OPS OPS-II (7 passes) : three alternating patterns of
zeroes and ones and the last pass - with random character (with
(wit last pass
verification)
passes): 3 alternating patterns
• German VSITR (7 passes terns of zeroes and ones and 1
pass character.
passes): 1 pass ones, 1 pass zeroes and 5 passes random
• Bruce Schneier (7 passes
characters.
passes): 35 passes with various patterns.
• Peter Gutmann (35 passes

For more visit How-to-guides @ tech-explained.blogspot.com

explained.blogspot.com