7

Possible Duplicate:
C# - Deleting a file permanently

Hello,

I am using C# .NET Framework 2.0. I have a question relating to file shredding.

My target operating systems are Windows 7, Windows Vista, and Windows XP. Possibly Windows Server 2003 or 2008 but I'm guessing they should be the same as the first three.

My goal is to securely erase a file.

I don't believe using File.Delete is secure at all. I read somewhere that the operating system simply marks the raw hard-disk data for deletion when you delete a file - the data is not erased at all. That's why there exists so many working methods to recover supposedly "deleted" files. I also read, that's why it's much more useful to overwrite the file, because then the data on disk actually has to be changed. Is this true? Is this generally what's needed?

If so, I believe I can simply write the file full of 1's and 0's a few times.

I've read: http://www.codeproject.com/KB/files/NShred.aspx http://blogs.computerworld.com/node/5756 http://blogs.computerworld.com/node/5687 Securely deleting a file in C#.NET

Community
  • 1
  • 1
Jason
  • 6,878
  • 5
  • 41
  • 55
  • This should do the trick: http://www.ameri-shred.com/equipment/industrial/hard-drive.html – Flipster Dec 30 '10 at 07:08
  • 2
    @FlipScript: You'd think so, but even that might not be good enough. A lot of data fits in a 3/4" strip. [The DOD uses words like "incinerate", "pulverize", and "melt".](http://www.zdelete.com/dod.htm) – Ben Voigt Dec 30 '10 at 07:15

4 Answers4

5

I'm afraid that you are facing a complex issue. I would suggest not to try to solve it by your own.

Note that beside ensuring a physical overwrite of the file (which may be over LAN, flash, or whatever), you'll have to take care of any application caches, windows hibernate files, windows recovery files, windows swap file, and all copies or older erased versions of this files (swap all empty space, or worse, space that contained cache before, and may have been allocated to other files since) - all in the correct order.

I think that your chances can be better if you are able to store your files on a dedicated logical (or even physical) drive, which is not used by the OS or by other applications, and if you'll convince Windows not to swap the memory you are using to hold the file, while in RAM (using VirtualLock()). Still, you should erase swap, cache, etc.

On top of that, you should integrate a product like Eraser into your application (Eraser is Free software and its source code is released under GNU General Public License).

Lior Kogan
  • 19,919
  • 6
  • 53
  • 85
  • 1
    Re-using an existing solution is good advice, but I wouldn't pick anything that claims to securely erase individual files -- it just isn't possible. – Ben Voigt Dec 30 '10 at 07:30
  • @ Ben Voigt: Reading Eraser chang log, you can see how much effort they've put into it over the years - dealing with different drives and scenarios. I guess that there may be some very special configurations in which secure erase is impossible, however, it will probably do the work well for standard systems. – Lior Kogan Dec 30 '10 at 07:58
2

From what I've read , the solution to actually making the data no longer visible seems to be overwriting the file with 0's and 1's.

contactmatt
  • 18,116
  • 40
  • 128
  • 186
  • 2
    Not only does overwrite-with-zero not obliterate the data beyond recovery, but there's no reason to think that this actually overwrites the data. If it's on a flash drive, there's almost certainly a write-leveling algorithm active and the block you wrote to is different from the one holding the previous content. And if it isn't a flash drive, the file has probably been moved around by defragmentation, leaving copies of the content in other blocks on the disk. – Ben Voigt Dec 30 '10 at 06:37
1

If the file you're erasing securely was yours to begin with, you may want to consider encrypting it in the first place. Then even if it is recovered after deletion, information will not be disclosed (assuming you can control the keys).

Ran
  • 5,989
  • 1
  • 24
  • 26
  • 1
    I didn't mention that because I thought it would be unrelated to the question. Yes, I feel safe already since the file is encrypted (I'm choosing AES 256 bit using a SHA 512 algorithm). Still, the friend I'm programming this for still demands that I do everything I can to erase it. After all this searching, it seems I should just call SDelete.exe from SysInternals and let it handle all the work. – Jason Dec 30 '10 at 06:32
  • So you should concentrate on destroying the swapfile, which might contain copies of the decrypted data, and files containing the decryption key. But, for reasons mentioned in my comments, the linked questions, etc., running the disk manufacturer's secure erase command or physical destruction of the disk are the only two ways to be sure. – Ben Voigt Dec 30 '10 at 06:59
0

You could open the file and overwrite it using a stream cipher multiple times. Overwriting it 7 times and then deleting it seems to be the norm :)

johnnyRose
  • 7,310
  • 17
  • 40
  • 61
SharePoint Newbie
  • 5,974
  • 12
  • 62
  • 103
  • 1
    Overwriting the file doesn't necessarily overwrite the section of the disk that held the old data. – Ben Voigt Dec 30 '10 at 06:56
  • Nor does it overwrite any temp or cached copies the application or OS might have made such as those in the swap file etc that Lior pointed out. – NotMe Dec 30 '10 at 15:24