Asp Forum - How to wipe free HD space - microsoft.public.vb.general.discussion

Norm

10/10/2011 7:22:00 PM

I have an app for my own use, written in VB6 sp6b that wipes or shreds
files, but am not sure how you would go about writting over free space.
Would you create a file the size of the free space and then write over
it, deleting it when done? Or is there a simpler, better way to do
this? I have googled and searched Planet Source code, but did not find
anything pertaining to free HD space. Maybe I was not using the right
phrase. Any help would be appreciated.

Thanks,
Norm

28 Answers

ralph

10/10/2011 9:09:00 PM

On Mon, 10 Oct 2011 12:21:52 -0700, Norm Fowler <NormF4@Spoof.com>
wrote:

>I have an app for my own use, written in VB6 sp6b that wipes or shreds
>files, but am not sure how you would go about writting over free space.
>Would you create a file the size of the free space and then write over
>it, deleting it when done? Or is there a simpler, better way to do
>this? I have googled and searched Planet Source code, but did not find
>anything pertaining to free HD space. Maybe I was not using the right
>phrase. Any help would be appreciated.
>

[ Warning! A very unsatisfactory response follows.]

What you suggested is exactly what you would have to do - access every
block/sector/'space' on the HD that isn't being used and write
something to it. But consider this ...

1) On any average loaded HD blocks not used will translate to a lot of
'Free Space'. Touching them all will take time.

2) You will have to create a master list of blocks 'written to' and
blocks 'yet to do'. That is a lot of blocks to track. Takes a ton of
time. Everytime you do some work that writes or uses the disc you'll
have to rerun your utility to update its list of blocks. Takes a ton
of time during "down" periods to keep up.

4) I assume you want to go this extra step to thwart attackers with
more sophisticated disk utilities to 'read' any data in these 'free
blocks'. Unfortunately many of these utilities can recover data that
has been simply overwritten with 1s or 0s. It takes several passes
writing random bits to do the job throughly. Takes a ton of time. (Not
to the mention the little nooks and grannies an Application running in
the outer ring can't get to.)

Generally speaking simply wiping and shreding files periodically is
essentially the same as writing random data to 'now currently
available space' (aka new Free Space). If you use file encryption you
make your HD about as secure as you can reasonably expect within a
reasonable length of time. (To protect from the attackers mentioned in
#4 above - remove the HD and melt it down. <g>)

There are moderately priced utilities that will do a more through job.
However, as noted above they will take hours if not days to run.

-ralph

Bob Butler

10/10/2011 9:19:00 PM

"ralph" <nt_consulting64@yahoo.net> wrote in message
news:nej6979iv1rrar3r833v7n716223nvlggv@4ax.com...
<cut>
> to the mention the little nooks and grannies

Never mention little grannies! <g>

Norm

10/10/2011 10:11:00 PM

Bob Butler formulated the question :
> "ralph" <nt_consulting64@yahoo.net> wrote in message
> news:nej6979iv1rrar3r833v7n716223nvlggv@4ax.com...
> <cut>
>> to the mention the little nooks and grannies
>
> Never mention little grannies! <g>

I no longer have a little grannie <g>

Thanks for the information Ralph. I usually donate my old computers to
a charity and wanted to make sure all my information was off the hard
drive before I gave it away. I have used some of the wipe programs that
are available and you are right it does take a long time to write
random data several times on all the free space. I thought that maybe
if I had my own program did a little everyday I could keep ahead of it.
lol But I am not sure I want to take that much time each day, it
already takes enough time just doing backups. I will probably just
continue with the way I have been doing it. When I give away a computer
it usually does not contain a large hard drive. lol

Norm

ralph

10/10/2011 10:24:00 PM

On Mon, 10 Oct 2011 14:18:58 -0700, "Bob Butler"
<bob_butler@cox.invalid> wrote:

>
>"ralph" <nt_consulting64@yahoo.net> wrote in message
>news:nej6979iv1rrar3r833v7n716223nvlggv@4ax.com...
><cut>
>> to the mention the little nooks and grannies
>
>Never mention little grannies! <g>
>

lol

Yeah, I meant "nook 'n crannies".

(Things like pagefile and registry..)

-ralph

Jim Mack

10/10/2011 10:36:00 PM

> I have an app for my own use, written in VB6 sp6b that wipes or shreds
> files, but am not sure how you would go about writting over free space.
> Would you create a file the size of the free space and then write over
> it, deleting it when done? Or is there a simpler, better way to do this?
> I have googled and searched Planet Source code, but did not find anything
> pertaining to free HD space. Maybe I was not using the right phrase. Any
> help would be appreciated.

I think the (newer, XP+) Defrag API may give you a way of accessing
free space, which is where I'd start. Just creating and filling a file
the size of the free space would probably be painful.

Plus, on NTFS volumes small files are written right in the MFT, and
those entries wouldn't be touched by creating one huge file. Again, the
Defrag API should give you that.

Unfortunately that API is somewhat opaque and ill-documented. Your
simpler bet might be to find a free tool that does this for you.
CCleaner is one such, and it does a whole lot more too.

http://www.piriform.co...

--
Jim

Norm

10/10/2011 10:47:00 PM

On Mon, 10 Oct 2011 18:36:26 -0400, Jim Mack wrote:

>> I have an app for my own use, written in VB6 sp6b that wipes or shreds
>> files, but am not sure how you would go about writting over free space.
>> Would you create a file the size of the free space and then write over
>> it, deleting it when done? Or is there a simpler, better way to do
>> this? I have googled and searched Planet Source code, but did not find
>> anything pertaining to free HD space. Maybe I was not using the right
>> phrase. Any help would be appreciated.
>
> I think the (newer, XP+) Defrag API may give you a way of accessing free
> space, which is where I'd start. Just creating and filling a file the
> size of the free space would probably be painful.
>
> Plus, on NTFS volumes small files are written right in the MFT, and
> those entries wouldn't be touched by creating one huge file. Again, the
> Defrag API should give you that.
>
> Unfortunately that API is somewhat opaque and ill-documented. Your
> simpler bet might be to find a free tool that does this for you.
> CCleaner is one such, and it does a whole lot more too.
>
> http://www.piriform.co...

Jim,

Thanks for the information I will see what I can find on the defrag API.
I have used CCleaner before, but really wanted to do it myself if
possible.

Norm

Tony Toews

10/11/2011 12:18:00 AM

On Mon, 10 Oct 2011 16:08:49 -0500, ralph <nt_consulting64@yahoo.net>
wrote:

>4) I assume you want to go this extra step to thwart attackers with
>more sophisticated disk utilities to 'read' any data in these 'free
>blocks'. Unfortunately many of these utilities can recover data that
>has been simply overwritten with 1s or 0s. It takes several passes
>writing random bits to do the job throughly.

Are you sure about that? Do you know of some utilities that actually
work that state that?

Tony
--
Tony Toews, Microsoft Access MVP
Tony's Main MS Access pages - http://www.granite.ab.ca/ac...
Tony's Microsoft Access Blog - http://msmvps.com/blo...
For a convenient utility to keep your users FEs and other files
updated see http://www.autofeup...

(Mike Mitchell)

10/11/2011 5:35:00 AM

On Mon, 10 Oct 2011 22:47:25 +0000 (UTC), Norm Fowler
<NormF4@spoof.com> wrote:

>On Mon, 10 Oct 2011 18:36:26 -0400, Jim Mack wrote:
>
>>> I have an app for my own use, written in VB6 sp6b that wipes or shreds
>>> files, but am not sure how you would go about writting over free space.
>>> Would you create a file the size of the free space and then write over
>>> it, deleting it when done? Or is there a simpler, better way to do
>>> this? I have googled and searched Planet Source code, but did not find
>>> anything pertaining to free HD space. Maybe I was not using the right
>>> phrase. Any help would be appreciated.
>>
>> I think the (newer, XP+) Defrag API may give you a way of accessing free
>> space, which is where I'd start. Just creating and filling a file the
>> size of the free space would probably be painful.
>>
>> Plus, on NTFS volumes small files are written right in the MFT, and
>> those entries wouldn't be touched by creating one huge file. Again, the
>> Defrag API should give you that.
>>
>> Unfortunately that API is somewhat opaque and ill-documented. Your
>> simpler bet might be to find a free tool that does this for you.
>> CCleaner is one such, and it does a whole lot more too.
>>
>> http://www.piriform.co...
>
>Jim,
>
>Thanks for the information I will see what I can find on the defrag API.
>I have used CCleaner before, but really wanted to do it myself if
>possible.

I believe the latest version of BCWipe (www.jetico.com) has the option
(or maybe does it as standard) to securely wipe any deleted file
transparently. That is, it installs some kind of daemon that watches
for files being deleted, then steps in. Anyway, the web site will tell
you all you need to know. I reckon BCWipe is overpriced, though, for a
utility. Other than that, I echo what Jim Mack has said re CCleaner.

MM

ralph

10/11/2011 8:43:00 AM

On Mon, 10 Oct 2011 19:17:43 -0500, Tony Toews
<ttoews@telusplanet.net> wrote:

>On Mon, 10 Oct 2011 16:08:49 -0500, ralph <nt_consulting64@yahoo.net>
>wrote:
>
>>4) I assume you want to go this extra step to thwart attackers with
>>more sophisticated disk utilities to 'read' any data in these 'free
>>blocks'. Unfortunately many of these utilities can recover data that
>>has been simply overwritten with 1s or 0s. It takes several passes
>>writing random bits to do the job throughly.
>
>Are you sure about that?

Yes.

> Do you know of some utilities that actually
>work that state that?

No reputable Disk Recovery company will provide any kind of guarantee
"sight unseen" except for the common problems like a reformatted HD,
file or partition deletions, a corrupted disk, etc.

I personally know of only one case where data was retrieved after a HD
was deliberately wiped with the open source "Eraser" (IIRC). This was
not done with purchased software, but by sending the disk off to a
company that specializes in such recoveries. I don't know how much
data was recovered and only the vaguest idea of how it was done, but
it led to an arrest and successful prosecution.

I doubt that recovery is 100% successful in all cases and I definitely
doubt the process is anywhere near as easy as they show on TV.
However, I am certain that such recovery requires specialized
equipment and software, and a high level of expertise.

This all leads to the inevitable questions, the same questions that
apply to ANY security issue:

"How secure do you need or want it to be?"
(What's your comfort level and who is the possible attacker?)
"How much effort and expense are you willing to spend to reach that
level of security?"
"How much effort and expense is an attacker wiling to spend to breach
that level of security?"

In the OP's case that means how likely is it the recipient will run a
recovery utility or send the HD to a Forensic specialist? Or how much
embarrassment would result if they did? <bg>

-ralph

Mike Williams

10/11/2011 11:17:00 AM

"Tony Toews" <ttoews@telusplanet.net> wrote in message
news:en27971eoamou4phv7gp21hia7vg7cj2t2@4ax.com...
> On Mon, 10 Oct 2011 16:08:49 -0500, ralph <nt_consulting64@yahoo.net>
> wrote:
>>4) I assume you want to go this extra step to thwart attackers
>>with more sophisticated disk utilities to 'read' any data in these
>>'free blocks'. Unfortunately many of these utilities can recover
>>data thaT has been simply overwritten with 1s or 0s. It takes
>>several passes writing random bits to do the job throughly.
>
> Are you sure about that? Do you know of some utilities
> that actually work that state that?

Such recovery methods are possible because of the effect of magnetic
hysterisis. This is something that has been known about for a great many
years, even since before I was a lad (!), and it affects all sorts of
magnetic devices such as electricity transformers, fork lift truck drive
motors and many electronic drive pulse control circuits (some of my own
specialities many years ago!) and of course it affects computer hard disk
drives.

The magnetic fields of the hard disk platters effectively store data at the
bit level and if you change the magnetic state of a 'bit' from a state that
represents 'zero' to a state that represents 'one' then the resultant
magnetic field of that bit will not be quite the same as the resultant
magnetic field of a bit that was already 'one', due to the magnetic
hysterisis effect. The same reasoning applies when the bit was originally
'one'. Effectively, this means that no matter what digit (one or zero) you
apply to a 'bit' on the platter it will still retain a 'memory' of what it
was before you did so. In other words, you can write either a fixed pattern
or a random pattern to the disk and it will still retain a 'memory' of what
the pattern was before you did so. This retained memory is very slight, but
it is detectable by special software and special hardware. The easiest way
(using your own computer) to make it extremely difficult or even impossible
for such methods to 'recover what was there before' is to write random data
not just oncce but many times. Each time you write a new set of random data
over the previous set of random data it becomes more and more difficult for
magnetic hysterisis methods to discover 'what was there before', and to all
intents and purposes it eventually becomes impossible.

Mike

microsoft.public.vb.general.discussion

How to wipe free HD space

Norm

ralph

Bob Butler

Norm

ralph

Jim Mack

Norm

Tony Toews

(Mike Mitchell)

ralph

Mike Williams

x Login to ForumsZone