On Thu, 14 Jan 2021 21:08:03 +0000 Chris Green cl@isbd.net allegedly wrote:
I'd love to hear details.
In my IT life (I started in the early 1970s) I've not come across such things, only the opposite!
I *know* that simply 'rm file' or 'del file' doesn't do all that much except allow the space to be overwritten but that's surely fairly well known.
You'd be surprised how stupid most people are, particularly criminals.
But that aside, as others have pointed out, modern jornaling filesystems actually make deletion of any kind rather problematic. And take a look at the sort of forensics tools used by professionals (particularly LEAs). Encase is probably the best known. That can even cope with decryption of deleted files. Also do some research on Device Configuration Overlay and Host Protected Areas on spinning rust. How big is that disk you are using? 500 Gig? Are you sure? Are you certain it isn't actually 900Gig and the disk controller (completely unbeknown to you or the the OS) is actually writing copies of "deleted" files to the HPA. Some manufacturers or suppliers have used the HPA to hide persistent code on laptops so that those laptops can report home when stolen. And since the HPA is not touched by the OS, even a complete reformat by the crims will not remove it and it can still report home.
It is widely reported that the NSA (for example) uses HPA to hide persistent code. Malicious rootkits have used the same appproach.
And if "secure" deletion were really that easy and effective, why would anyone bother to market hardware level devices such as 4Secure erase https://www.4secure-erase.com/? Devices which are certified (and used) by GCHQ amongst others.
But as I said above, most people are just stupid (or naive).
Mick
--------------------------------------------------------------------- Mick Morgan gpg fingerprint: FC23 3338 F664 5E66 876B 72C0 0A1F E60B 5BAD D312 https://baldric.net/about-trivia ---------------------------------------------------------------------