Most filesystems consist of the data for the files, and meta-information. The meta-information includes file names, directory and link information, file attributes such as owner, modify times, icon, datatype, and information about where to find the data blocks for a given file. (In many traditional Unix filesystems, this is stored in the directory files and the i-nodes; in other filesystems, especially those used on MacOS or MS Windows, the internal arrangement might be different.)
Usually when you simply delete a file, all that happens is that the meta-information is changed to make the file seem to disappear. The actual data blocks are re-marked as being "free" but the data in the blocks is still intact, at least until those blocks are grabbed for some other file's needs. Sometimes, the memory of the freshly deleted metadata is kept around for disaster recovery use. This is the most common, and the fastest way to delete the file, and is pretty much the same speed for all files, no matter how big.
There are many "undelete" programs that can attempt to reconstruct deleted files, and they are often very effective. Sometimes this is by intention; when you worry more about losing the data than about someone else getting the data, you tend to make duplicate copies, one way or another. Also, there have been many accidents where programs allocate disk space for file data, but then erroneously read them before writing, incorporating the contents of previously deleted files, available to anybody who happens to be watching. In fact, certain cracking programs intentionally do just that. These could all be security risks, depending on your situation. These are typical exploits done by crackers who intrude over a network, for instance, or by casual insiders who are exploring beyond their authorization level.
If you "wipe" the file, the data blocks are overwritten with meaningless data before being abandoned. In addition, extra steps might be taken to obliterate the meta-information. This is usually effective on local magnetic disks for destroying the data against the common exploits listed above. But nothing is ever totally secure.
When Interrogator does a Wipe, by default, it overwrites the file with value 255 bytes (all 1's). (It might also take other steps in order to conceal the fact that it existed.) This is significantly slower than a simple deletion and slows with greater file length, as you would imagine, with a speed comparable to rewriting the file again completely.
As with other Wipe functions available with other software, it can be thwarted, or it might not work even under normal circumstances. A file-serving system might cache disk data for efficiency. Overwriting file data, and then deleting the file, might be abbreviated to just a simple deletion in a misguided attempt to "optimize". Extra copies of the file might have existed elsewhere, because often programs make extra copies, a temporary version in /tmp for instance. The swap partition might have extra copies of some of the data, a leftover image from RAM. The RAM itself can retain copies of data; under certain virtual memory systems, newly allocated blocks might contain old data in the same way as files might.
Even if these issues are behind you, there is always a chance that a well-funded adversary can seize your hard disk and analyze it in a laboratory. This is possible, for instance, if you are arrested for a high-profile crime in a developed country. Or it could be as simple as an industrial spy stealing your laptop. (A common criminal would probably just ignore the data and sell the laptop.) If your fears are this steep, there are many other security precautions you should also take, because usually there are easier ways to steal your data.
If you are worried about this level of erasure, though, some Wipe systems overwrite the data multiple times. Again, this might be sabotaged by disk caching systems that combine them to one write. It has been said that every bit ever written on any magnetic disk can theoretically be recovered, given enough effort. It has been suggested that one throw one's hard disk into a vat of molten steel in order to really ensure that the bits are gone.
See also Execute Permission and Read Permission.
Documentation >
Glossary >
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0123456789 punctuation |
|
||||