Thursday, July 12, 2012

How To Securely Delete Files

Deleting a file through typical means, does not necessarily mean that you removed the file from your hard disk. With some tools or software, the file you just deleted can be easily recovered.

When you send a file to a recycle bin, the operating system only deletes a record of the files that you want to delete. Your actual files remain in memory of your hard disk.

What is at risk

These are some of the sensitive information:

    Personal information(name, address, birthday, etc).
    Social security number, tax records
    Bank account information, credit card information
    Customer's database
    Trade secrets
    Confidential documents

People interested in this sensitive information is either one of your family member that wants to steal credit card from you, your employees, or identity thieves. Financial loss could start from $4,000 up to $100 million depending on the kind of sensitive information stolen.

Repairs could take from $200 per individual and could last for more than a month depending on the kind of action done to repair the problem.

The concept of overwriting

The concept in making a file unrecoverable is to flip each magnetic domain as much as possible without writing the same pattern twice in a row. If the data is encoded directly, you can effortlessly choose the desired overwriting pattern of ones and zeros and then write it repeatedly. However, most disk use Run Length Limited (RLL) encoding so that the adjacent ones won't be overwritten.

To delete a hard disk permanently, you need to overwrite the disk many times in alternating patterns in order to expose it into a magnetic field that is oscillating fast enough so, it can do the flipping of the magnetic domain over a reasonable amount of time.

Methods of overwriting data

The methods are the different kinds of the algorithm used to overwrite a data.

The Peter Guttman Method. According to Peter Guttman, a Computer Scientist, based on his paper "Secure Deletion of From Magnetic and Solid State Memory", data should be written at least 35 times using carefully selected patterns to make each file unrecoverable. Unfortunately, if you have more than one file to overwrite, this would consume so much time.

The US D.O.D 5220-22.M Method. This is a suggested method for overwriting data by the US Department of Defence. To overwrite a file, you just need to do 7 overrides per file. Which means a faster method of overwriting media but a less secure approach.

NCSC-TG-025 Method. A software-based data sanitation method used to overwrite data for 3 passes. The first pass writes all files with zeros, second pass writes the data with 1 and the last pass overrides the data with random characters. Again a not highly secure approach but is the fastest method among the three.

NAVSO P-5239-26. A software-based sanitation method used by US Navy to sanitize sensitive information. It overrides the data for three times; first it overrides the file with a specified character of choice; next it writes the complement of the specified character, and lastly, it writes the file with random characters. Although it is what the US Navy uses to sanitize files, it is unclear today if NAVSO P-5239-26 is still used today or if they are implementing alternative sanitation methods or hardware-based sanitation.

How an overwritten file gets recovered

Magnetic Force Microscopy is a technique for imaging magnetization patterns with high-resolution with minimal sample preparation. This technique uses an extremely fine point that is mounted on a flexible cantilever. The tip "raster scans" the hard disk platters following the magnetic force vectors. These movements are measured through the cantilever thus allowing an accurate map of the magnetization-induced field to be produced. Using this method, the map is used to decode the bits of the drive thereby passing through the overwrite and seeing the real data itself.

Although not anyone can obtain a device that can perform MFM, future developments in file recovery can make this a possibility.

Overwriting is safer than deleting the file

There are a lot of software to recover deleted files but none exists on reading on an overwritten data. Therefore, overwriting is the most secure procedure to make the files unreadable, just make sure you do overwriting properly.


When you overwrite a sensitive file, you are saving yourself from the risks loss of sensitive information. There are several risks involved if you try to ignore having a sensitive data overwritten, so there is no reason to do such a task. Besides, having a data destroyed is cheaper than fixing the problem. I suggest that whether know you don't have personal information saved on your computer or if you have, always perform disk wiping since there are some files that are created without knowing it, but it's essential in the performance of the operating system.