Cyber Security Issues: When Is A Deleted File Deleted?

I’ve Deleted it, I’ve Dropped it in the Trash

When considering cyber security issues sooner or later you are going to consider, when is a deleted file really deleted. That is once you realise that merely dropping the file into the trash or selecting delete doesn’t actually delete the file it just sort of hides it on the system, usually by marking the space that it occupies on the disk as empty. You can also think of it as removing the index for it from the list of contents so that it can’t easily be found again.

To securely erase a file or whole disk it is necessary to overwrite the space that file occupied at least once, although the accepted best practice would say three times. However in the case of magnetic hard disks this might still not be enough to remove all traces of the file. This is because the act of writing to a magnetic disk can result in magnetic traces being recorded in the spaces between the tracks where the file was written. These magnetic traces can then be recovered by specialist data recovery tools to reconstruct the erased file. I like to think of it as the “recording gap” problem.

When Do We Need To Securely Erase A File?

Okay so does that really matter? Why would we care if a file we thought was deleted could be recovered? The most obvious need for secure file erasure is to protect one’s self from identity theft. If you are upgrading your computer and selling on your old PC then it makes sense to securely delete any personal information that it might have stored over the years. There are many other scenarios I can think of; Maybe you have held commercially sensitive information regarding your employer, or personal details of others or even lists of passwords you use to access web sites and other digital programs. In fact the list of reasons to securely erase a disk can be enormous. This area of cyber security is often overlooked. While we are thinking about this are there any differences to be considered when securely erasing a standard magnetic hard disk (HDD) as opposed to a solid-state disk (SSD)?

Is There One Answer for both HDD and SSD Disks?

No! There is not one secure erase solution for both types of disk. That is because of the different ways that these disks are written to by the system. With an HDD disk you can reliably locate the file you wish to securely delete and then over-write this area with 0s or 1s, but this doesn’t deal with the “recording gap” problem. With SSD disks the problem of secure deletion is multiplied by the fact that a written file is scattered over the disk in such a way that there is not a reliable method of finding all of the data when you wish to over-write one file. Some SSDs take care of deleted files with TRIM, but because an SSD’s only initial reaction to a deleted file is to forget where that file is located rather than erasing it, files will sit scattered around an SSD for some time. Deleting files immediately would cause extra wear on an SSD, which is why they tend not to do it. Add to this the fact that some SSDs have additional storage space that is used when writing files to the disk that cannot be accessed by the user. Old files and so-called “deleted files” can exist in this area. Complicated or what!? Is there a definitive answer?

The Definitive Answer

Well fortunately there is. It’s called encryption, now before you start saying, hold on a minute that is going to have performance issues for my system or what if I get a system crash or problem doesn’t encryption add to my grief? Well let’s look at those concerns one at a time. Firstly modern encryption algorithms are very efficient and fast these days such that you should not notice the extra computing that takes place to change clear text to encrypted text. With regard to the concerns of system crashes and encrypted drives this can be solved by either partial virtual drive encryption or file encryption. After all why would you want to encrypt everything on your hard drive?

If you want a file securely deleted there is no better answer, in my opinion than to use encryption to solve the issue. Think about it… If you delete an encrypted file and destroy or remove the decryption key you have effectively put that file beyond recovery.

Leave a Reply