Making it hard to recover your files

Sometimes deleting a file is not enough. Sometimes you don't want people reading your own mail on your old computer, but you can't low level format it just to be sure that it's actually, physically deleted. How do you do that?

The theory: deleting a file on Windows

When you delete a file on Windows by pressing the DEL key, the file is not actually removed from your hard disk but it's copied (not exactly, but kind of) to a different location called the Recycle Bin. This makes it possible for you to undelete the file at a later moment just by dragging the file from the Recycle Bin to some other point of the file system.

When you perform an "Empty recycle bin" action, the file is removed from the recycle bin area and the file is not accessible anymore to the file system. This is a "deleted file" on Windows.

What does not happen at this very moment is that the file system actually "cleans" the file from the hard disk. The space taken by the now deleted file will be added to a list of available disk space, and when (and if) the file system will ever need that disk space, data inside it will be actually overwritten.

Meanwhile, there is a number of rescue utilities that - by using this misunderstanding - let people easily recover files deleted by unknowing users. Our point now is to make it hard for people using such a software to extract files from our computers.

The practice: overwriting deleted files

From what we have learned so far, we understand that we need to make sure the file system has a need for space in order for our old file(s) to be actually overwritten.

First, you'll have to empty your browser cache and empty your recycle bin. Deleting the contents of your TEMP directory might also help, so that you maximise the amount of free space on your system.

Then, the easiest way to do it is to fill all unused disk space on your machine with something dull and boring. Any data CD will do - a linux distro, a shareware CD, all of this stuff may be copied over and over again on your hard disk until it's all filled up like an egg. When you have nearly zero bytes free, you simply delete it all and empty the recycle bin. Whatever you had on your hard disk should be now gone forever.

As an alternative, if you have Perl running on your machine, this simple one-liner will try and fill all available drive space by growing a file called 'fr.txt':

perl -e"open F, '>fr.txt'; while() { print F chr rand( 20 ) + 65; }"

When you have nearly zero bytes free, just interrupt it and delete fr.txt. Now all of your files should be dead and gone.

To permanently obliterate a file, you must trash every past residence it has occupied. How thoroughly you trash and how far back you look should depend on just how paranoid you are.

For the mildly concerned, overwriting the file "at least once" may be enough. You might get away with just defragmenting your hard disk, if it's relatively fragmented and relatively full. This is likely to foil the most primitive recovery efforts.

Much more adviseable and barely more difficult is to use a software application designed for file wiping. PGP includes such a tool among its other goodness. (I'll leave encryption as a separate topic; this isn't about general security, just file trashing.) When you "wipe" a file with PGP you are overwriting it with garbage, many times. PGP also includes a convenient option which does this to all free space on your disk. The documentation can tell you more, but essentially you are not only changing all of the stored bits but are also attempting to confuse the natural magnetic memory of the hard disk. This makes recovering your ex-data impossible for commercial products and very difficult/expensive for serious snoops (like TLAs, and other conspiracy interests).

If you're really paranoid you should consider the possibility that, while your file may be a dim memory, information from the file may be entangled elsewhere. Possible locations include crash recovery backups (Microsoft Office is notorious for creating these), your swap file (depending on your operating system), and even as a kind of stress pattern in your RAM. Anyone who cares this much should be doing their research elsewhere, but suffice to say the only sure way to permanently obliterate a file is to physically destroy the computer. Set up thermite or other demolition materials so you can quickly slag all hardware if the secret police come knocking.

Finally, if you're selling a computer or otherwise passing it on intact, basic common sense is to keep the hard drives. Given the pace of industry, the new owner can probably get something better for less. You can easily keep using the disks in your new computer, or you can introduce them to your friends Fire, Acid, and Hammer.