Abstract
Many of today’s privacy-preserving tools create a big file that fills up a hard drive or USB storage device in an effort to overwrite all of the “deleted files” that the media contain. But while this technique is widespread, it is largely unvalidated.
We evaluate the effectiveness of the “big file technique” using sector-by-sector disk imaging on file systems running under Windows, Mac OS, Linux, and FreeBSD. We find the big file is effective in overwriting file data on FAT32, NTFS, and HFS, but not on Ext2fs, Ext3fs, or Reiserfs. In one case, a total of 248 individual files consisting of 1.75MB of disk space could be recovered in their entirety. Also, file metadata such as filenames are rarely overwritten. We present a theoretical analysis of the file sanitization problem and evaluate the effectiveness of a commercial implementation that implements an improved strategy.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Redacting with confidence: How to safely publish sanitized reports converted from word to pdf. Technical Report I333-015R-2005, Architectures and Applications Division of the Systems and Network Attack Center (SNAC), Information Assurance Directorate, National Security Agency (2005)
Acronis, Inc., http://www.acronis.com/
Apple Computer, Inc. Apple Disk Utility (2006)
Bauer, S., Priyantha, N.B.: Secure data deletion for Linux file systems. In: Proc. 10th Usenix Security Symposium, San Antonio, Texas, Usenix, pp. 153–164 (2001)
Burke, P.K., Craiger, P.: Digital Trace Evidence from Secure Deletion Programs. In: Proceedings of the Second Annual IFIP WG 11.9 International Conference on Digital Forensics, Orlando, Florida (January 2006)
Carrier, B.: The Sleuth Kit & Autopsy: Forensics tools for Linux and other Unixes (2005)
Chow, J., Pfaff, B., Garfinkel, T., Christopher, K., Rosenblum, M.: Understanding data lifetime via whole system simulation. In: Proc. of the 13th Usenix Security Symposium, Usenix (August 9–13, 2004)
Microsoft Corporation. How To Use Cipher.exe to Overwrite Deleted Data in Windows (July 2004)
Microsoft Corporation. Windows 2000 Security Tool: New Cipher.exe Tool (March 2004), http://www.microsoft.com/downloads/release.asp?releaseid=30925
Di Crescenzo, G., Fergurson, N., Impagliazzo, R., Jakobsson, M.: How to forget a secret. In: Meinel, C., Tison, S. (eds.) STACS 1999. LNCS, vol. 1563, pp. 500–509. Springer, Heidelberg (1999)
CyberScrub LLC, http://www.cyberscrub.com/
Cleaning and sanitization matrix, ch.8 (January 1995)
EAST Technologies, http://www.east-tec.com/
Garfinkel, S.L.: Design Principles and Patterns for Computer Systems that are Simultaneously Secure and Usable. PhD thesis, MIT, Cambridge, MA (April 26, 2005)
Garfinkel, S.L., Malan, D.J., Dubec, K.-A., Stevens, C.C., Pham, C.: Disk imaging with the advanced forensic format, library and tools. In: Research Advances in Digital Forensics (Second Annual IFIP WG 11.9 International Conference on Digital Forensics), Springer, Heidelberg (2006)
Trant, G.: Eraser, http://www.heidi.ie/eraser/
Geiger, M.: Evaluating Commercial Counter-Forensic Tools. In: Proceedings of the 5th Annual Digital Forensic Research Workshop, New Orleans, Louisiana (August 2005)
Guidance Software, Inc. EnCase Forensic
Gutmann, P.: Secure deletion of data from magnetic and solid-state memory. In: Sixth USENIX Security Symposium Proceedings, San Jose, California, July 22-25, Usenix (1996) (Online paper has been updated since presentation in 1996)
IDM Computer Solutions, Inc., http://www.ultrasentry.com/
Mark Russinovich. SDelete (2003)
Russinovich, M., Cogswell, B.: Filemon for Windows
Microsoft. Cipher.exe security tool for the encrypting file system (January 31, 2006)
NeoImagic Computing, Inc., http://www.neoimagic.com/
Onley, D.S.: Pdf user slip-up gives dod lesson in protecting classified information. Government Computer News 24 (April 16, 2005)
Poulsen, K.: Justice e-censorship gaffe sparks controversy. In: SecurityFocus (October 23, 2003)
Robin Hood Software Ltd., http://www.evidence-eliminator.com/
Rowe, N.C.: Automatic detection of fake file systems. In: International Conference on Intelligence Analysis Methods and Tools (May 2005)
Shankland, S., Ard, S.: Document shows SCO prepped lawsuit against BofA. In: News.Com (March 4, 2004)
Stone, K., Keightley, R.: Can Computer Investigations Survive Windows XP? Technical report, Guidance Software, Pasadena, California (December 2001)
Webroot Software, Inc., http://www.webroot.com/
WhiteCanyon, Inc., http://www.whitecanyon.com/
Young, W.D., Boebeit, W.E., Kain, R.Y.: Proving a computer system secure. The Scientific Honeyweller 6(2), 18–27 (1985); Reprinted in Abrams, M.D., Podell, H. J.(eds.): Computer and Network Security, IEEE Computer Security Press, New York (1986)
Zorn, B.: Comparing mark-and sweep and stop-and-copy garbage collection. In: LFP 1990: Proceedings of the 1990 ACM conference on LISP and functional programming, pp. 87–98. ACM Press, New York (1990)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2006 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Garfinkel, S.L., Malan, D.J. (2006). One Big File Is Not Enough: A Critical Evaluation of the Dominant Free-Space Sanitization Technique. In: Danezis, G., Golle, P. (eds) Privacy Enhancing Technologies. PET 2006. Lecture Notes in Computer Science, vol 4258. Springer, Berlin, Heidelberg. https://doi.org/10.1007/11957454_8
Download citation
DOI: https://doi.org/10.1007/11957454_8
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-68790-0
Online ISBN: 978-3-540-68793-1
eBook Packages: Computer ScienceComputer Science (R0)