Secure File Delete in C_问答_开发者_运维开发者技术经验分享

Secure File Deleting in C

I need to securely delete a file in C, here is what I do:

use fopen to get a handle of the file
calculate the size using lseek/ftell
get random seed depending on current time/or file size
write (size) bytes to the file from a loop w开发者_运维技巧ith 256 bytes written each iteration
fflush/fclose the file handle
reopen the file and re-do steps 3-6 for 10~15 times
rename the file then delete it

Is that how it's done? Because I read the name "Gutmann 25 passes" in Eraser, so I guess 25 is the number of times the file is overwritten and 'Gutmann' is the Randomization Algorithm?

You can't do this securely without the cooperation of the operating system - and often not even then.

When you open a file and write to it there is no guarantee that the OS is going to put the new file on the same bit of spinning rust as the old one. Even if it does you don't know if the new write will use the same chain of clusters as it did before.

Even then you aren't sure that the drive hasn't mapped out the disk block because of some fault - leaving your plans for world domination on a block that is marked bad but is still readable.

ps - the 25x overwrite is no longer necessary, it was needed on old low density MFM drives with poor head tracking. On modern GMR drives overwriting once is plenty.

Yes, In fact it is overwriting n different patterns on a file

It does so by writing a series of 35 patterns over the region to be erased.

The selection of patterns assumes that the user doesn't know the encoding mechanism used by the drive, and so includes patterns designed specifically for three different types of drives. A user who knows which type of encoding the drive uses can choose only those patterns intended for their drive. A drive with a different encoding mechanism would need different patterns.

More information is here.

@Martin Beckett is correct; there is so such thing as "secure deletion" unless you know everything about what the hardware is doing all the way down to the drive. (And even then, I would not make any bets on what a sufficiently well-funded attacker could recover given access to the physical media.)

But assuming the OS and disk will re-use the same blocks, your scheme does not work for a more basic reason: fflush does not generally write anything to the disk.

On most multi-tasking operating systems (including Windows, Linux, and OS X), fflush merely forces data from the user-space buffer into the kernel. The kernel will then do its own buffering, only writing to disk when it feels like it.

On Linux, for example, you need to call fsync(fileno(handle)). (Or just use file descriptors in the first place.) OS X is similar. Windows has FlushFileBuffers.

Bottom line: The loop you describe is very likely merely to overwrite a kernel buffer 10-15 times instead of the on-disk file. There is no portable way in C or C++ to force data to disk. For that, you need to use a platform-dependent interface.

MFT(master File Table) similar as FAT (File Allocation table), MFT keeps records: files offsets on disk, file name, date/time, id, file size, and even file data if file data fits inside record's empty space which is about 512 bytes,1 record size is 1KB.

Note: New HDD data set to 0x00.(just let you know)

Let's say you want overwrite file1.txt OS MFT finds this file offset inside record. you begin overwrite file1.txt with binary (00000000) in binary mode.

You will overwrite file data on disk 100% this is why MFT have file offset on disk. after you will rename it and delete.

NOTE: MFT will mark file as deleted, but you still can get some data about this file i.e. date/time : created, modified, accessed. file offset , attributes, flags.

1- create folder in c:\  and move file and in same time rename in to folder( use rename function ) rename file to 0000000000 or any another without extention 

2- overwrite file with 0x00 and check if file was overwrited

3- change date/time

4- make without attributes

5- leave file size untouched OS faster reuse empty space.

6- delete file

7- repeat all files (1-6)

8- delete folder

or

(1, 2, 6, 7, 8)

9- find files in MFT remove records of these files.

The Gutmann method worked fine for older disk technology encoding schemes, and the 35 pass wiping scheme of the Gutmann method is no longer requuired which even Gutmann acknowledges. See: Gutmann method at: https://en.wikipedia.org/wiki/Gutmann_method in the Criticism section where Gutmann discusses the differences.

It is usually sufficient to make at most a few random passes to securely delete a file (with possibly an extra zeroing pass).

The secure-delete package from thc.org contains the sfill command to securely wipe disk and inode space on a hard drive.