As we grow from adolescence to adulthood, myth upon myth that created our reality falls by the wayside. Santa Claus and the Easter Bunny… gone. The Tooth Fairy… gone. An interest free credit card… gone.As we grow from adolescence to adulthood, myth upon myth that created our reality falls by the wayside. Santa Claus and the Easter Bunny… gone. The Tooth Fairy… gone. An interest free credit card… gone. And now you feel you have come to grips with the real world, that you’ve settled in and that you’ve been around the block a few times, therefore you are “dry” behind the ears? WRONG!!! I will dispel one of the biggest myths of the 20th century that carried over into the 21st… DELETE DOESN’T MEAN ERASE. Oh shit! Is that the sound of panic? It should be. Wake up to this reality my friends. Every typed thought, musing, email, chat conversation, letter, invoice, and maniacal plot to take over the world is still on your hard drive. “How can this be?!,” you ask…

Back in the old days hard drives were small. My first Tandy box didn’t even come with a fixed drive. It was preconfigured with a 3 ½” floppy that I quickly upgraded to a dual drive system. Smokin’! But I digress… hard drives were small because the operating systems were small, and didn’t take up a lot of physical space. But, as the evolution of Windows created the demand for more and more disk space, the drive size grew exponentially. You will realize the relevance of this in just a moment.

Files and data are never really eliminated. They are “wiped” or “overwritten”. Imagine writing some secrets on a blackboard, such as the thermonuclear launch codes. The Chinese are down the hall, and they’re coming up fast. With no eraser in sight, what do you do? Grab the chalk and scribble over the code. This is essentially the same as deletion. And it used to work when drives were small. When you “delete” a file, all you are really doing is marking the space the data occupies (the cluster) available to be overwritten. The 20MB drives of yesteryear virtually assured this process, as there was not much space on the drive to begin with. But with systems like Windows XP with 30, 40 or 50 GB drives standard, there is little, if any chance that discarded data will ever be overwritten.

Well, many ask, “If the files are still there, why can’t I find them?” Good question Grasshopper. The first character of the file name is changed, thus designating the file as available to be overwritten. There are a number of off-the-shelf recovery programs available to help you reclaim your data.

But what if you really want to delete files, folders and other data for good? This is possible, but bear in mind nothing is “always.” Before we get into various techniques of the science of Secure File Deletion, please allow a quick analogy. The lock on your front door keeps out the casual intruder. Extra locks and deadbolts will no doubt provide additional layers of security. But while you may repel crackheads, petty thieves or ex-girlfriends, the SWAT team is coming in. Always remember this adage: Security is a process, not a product.

I will try to keep this technical stuff out of egghead territory, but here are the basics. (You will need a third party utility to perform these tasks.) First, data must be identified and overwritten to prevent recovery, and the more times it is overwritten with various random patterns, the more difficult it is to retrieve. On one end is the single character pass, usually 1’s or 0’s. This is quick and will foil the snoop at the CompUSA working on your machine. At the other extreme is the Gutmann 35 Random Character Overwrite Technique, designed to stop magnetic force microscopy. There are many acceptable methods in between. We usually recommend a process known as 3+7+3, which is very secure and much quicker than the Gutmann.

While overwriting data may prevent recovery, other issues, such as file attributes, are available for forensic discovery, such as file name, size, and creation/modification date. Prior to and after a disk wiping operation it is a good idea to run a Windows system defragmentation program. This will destroy file references stored in the file allocation table.

A capable erasure program must also address file slack. This is a non-negotiable requirement. Here is the reason: files occupy a physical area known as a “cluster” of fixed size. The cluster may be partially overwritten, but what about the area that was not? This is known as “file slack” and is a very real liability. Another program requirement is the overwriting of unallocated space – areas that contain data marked as “deleted” but not yet overwritten. This allows a program to go back and permanently erase “previously deleted” data.

Finally, you must deal with the “swap” or “paging” file. These are essentially the same thing, but based upon your OS have differing monikers. These are usually dynamic physical areas of your hard drive that serve as physical memory when RAM runs low. They can and do contain absolutely any type of data you can imagine. They are “locked” and inaccessible to the user. Here is an example of your potential liability: Imagine writing a letter in Word 97 or 2000 and never saving that literature in any way. Guess what? According to Microsoft Knowledge Base Article Q211632, fifteen temporary files are created in the fabrication of this document! For secure cleansing of the swap file a good first step is to set it to a fixed size, roughly 2 ½ times the amount of RAM, and set minimum and maximum size to the same value.

In conclusion, to affirmatively erase data from your computer, you need to utilize available software. Hitting the delete button alone is in most instances inadequate.

Bill Adler is President of CyberScrub LLC, an Atlanta, GA based security firm specializing in privacy software, policy, compliance and solutions. CyberScrub Pro is an award winning Internet privacy tool available for the affiliate marketer at www.cyberscrub.com/affiliates. Bill can be reached at: ba@cyberscrub.com.