Eraser (software)

from Wikipedia, the free encyclopedia

Eraser ( Engl. For eraser ), Wiper or shredder designated software , with the help of data from an electronic irretrievably storage medium deleted. The functionality of the data carrier is not impaired.

Basics

The recovery of deleted data is possible in the normal case, since the deletion of a file simply notes in the file system that the corresponding data area is now free again. However, the data itself remains physically on the hard drive until the area is overwritten with new data.

Once deleted, files can be restored by special programs under certain circumstances . In addition, companies specializing in data recovery and IT forensics offer their services to restore files that have supposedly been lost.

So-called erasers are supposed to protect the files by “secure deletion” from being able to recover deleted data through special interventions. To prevent such a restoration, the area on the data memory that has been released by the previous deletion must be overwritten. How often and in what form the corresponding areas have to be overwritten is highly controversial.

functionality

Erasers overwrite the file to be deleted one or more times with random or selected characters. In some cases, erasers also change the associated directory entry in the file system . Depending on the software and setting, this is done according to one or more of the diverse algorithms and recommendations of state supervisory authorities:

  • The Federal Office for Information Security recommends overwriting the data six times in its "BSI Guidelines on the Protection of VS Confidentiality When Using IT ". The bit patterns of the previous run are reversed. In the final deletion run, "01010101" is overwritten again.
  • Similar methods are described in the US Navy regulations "US NAVSO P-5239-26 (RLL)" and "US NAVSO P-5239-26 (MFM)".
  • An algorithm recommended by the US Department of Defense first overwrites the data three times in two passes and then overwrites it again with pseudo data.
  • According to the Gutmann method introduced in 1996 , data should be overwritten 35 times.
  • Two other well-known deletion methods are "Russian GOST P50739-95" and " Bruce Schneier 's Algorithm"

The algorithms mentioned above are used, for example, in the Unix programs Wipe and Shred (Unix) . Darik's Boot and Nuke is a Linux -based live system for the irrevocable deletion of data. By means of under Windows executable encryption software AxCrypt , files can be safely deleted after the above-named algorithms. The function is also implemented in the disk utility of macOS .

Number of overwrite processes

A scientific study presented at the end of 2008 looked into this question with regard to hard drives . Data were overwritten under “controlled conditions and the magnetic surfaces then examined with a magnetic force microscope ”. The study showed that regardless of the age and storage size of the storage medium being checked, the probability of restoring the data after being overwritten was "practically zero". It was only possible to reconstruct a single bit in 56% of all cases if the position of the data sought was clear. For a complete byte , the probability dropped to 0.97%.

literature

  • Craig Wright, Dave Kleiman, Shyaam Sundhar: Overwriting Hard Drive Data: The Great Wiping Controversy. In: R. Sekar, AK Pujari (Ed.): Information Systems Security. 4th International Conference, ICISS 2008, Hyderabad, India, December 16-20, 2008. Proceedings. Springer-Verlag GmbH, Berlin et al. 2008, ISBN 978-3-540-89861-0 , pp. 243-257 ( Lecture Notes in Computer Science 5352), online (PDF; 487 kB), doi : 10.1007 / 978-3- 540-89862-7_21 .

Individual evidence

  1. ^ Peter Gutmann: Secure Deletion of Data from Magnetic and Solid-State Memory. University of Auckland , July 22, 1996, accessed April 14, 2020 .
  2. Harald Bögeholz: Secure deletion: overwrite once is sufficient. In: Heise online . January 16, 2009, accessed April 14, 2020 .