'Un-delete' programs? Secure deletion of free space on HDD?

Hi, I have a few questions about secure deletion of HDDs.

1: I currently have a program called "Restoration Version 2.5.14" installed on my machine. It has a function called "Delete completely". This is the function's description from it's readme:

Usually I will only run this one time, once, possibly twice a month. Is this secure enough? Are there any other 'un-delete' programs which offer the same function but provide more solid results? Would performing this function several times a month be sufficient?

2: Are there any other 'un-delete' programs you guys would recommend? I downloaded Restoration by recommendation of someone at another forum, but I'd prefer recommendations from the people at this forum.

Thankyou in advance to anyone who may be able to help.

PS: I've posted here a couple of times under the name Privacy, but I've forgotten my password and the e-mail address I signed up with.

 

I also forgot to ask... I am using TweakUI for Windows 98, should I turn off the Paranoia controls (ie; "deleting" the recent docs, etc.) and let MRU-Blaster get them instead? If MRU-Blaster uses secure deletion for the MRUs, that is.

Thankyou in advance, again.

 

Hey,

I'm afraid I am not too knowledgeable on this but the feature that that product quote was mentioning is termed in computer forensics as "slack space" deletion. AFAIK, there is some disagreement about what all is necessary to fully delete data (some products will write alternate passes of different characters in a loop and there is disagreement on how many passes are necessary). I think that many, if not most, products of this type are more or less intended to defeat software-driven attempts to recover data but would not defeat a determined effort to recover data via HD dissassembly and low-level recovery using special hardware. HOWEVER, this is not something I am too knowledgeable about so I would recommend that you maintain your healthy skepticism when reviewing product specs. You might want to search around for Computer Forensics sites to see if anything can be gleaned from them.

Good Luck!

 

Thankyou for the reply. I didn't actually think about those kind of sites, I will definitely search some computer forensics sites and try to wrap my head around it.

 

If your program only makes one pass while erasing the data (and doesn't take too long) - run it daily.

Once a week run it using at least seven passes.

Before running it anytime, make sure you've "deleted" all un-neccessary stuff from your browser's temp internet files/history, firewall logs you don't want kept, scan logs from whatever AV/AT's you use (unless you just want to keep those for some reason - examine them carefully if you do). D/l managers, especially, are famous for keeping a list of every single thing you've d/l'ed when using them - find that and check it out.

Basically, every single program you use can hold information that you're not really aware of unless you've looked at all their logs, back-ups, etc.. This kind of stuff needs to be "deleted" before wiping so that all that gets taken care of during a "free-space" over-write. HTH Pete

Note: If you're running MRU-Blaster Scheduler (set to every five minutes), you don't have to worry about changing anything in "TWeakUI" - MRU-Blaster will have already done its' thing before you shutdown/re-start.

 

Hi, thanks very much for the replies.

spy1, Restoration only makes one pass which takes about an 45m-1h. I've started running this once a day whenever I'm not actually using my PC. Thanks also for the tip about ridding all un-necessary temp/log files, I hadn't been doing that before running this program. D'oh!

I have done some reading on computer forensics sites and have learnt, somewhat, about slack space, shadow data, etc. It's all pretty scary stuff to think things like shadow data exist. I'm glad I know it's there, and I'm no longer ignorant to the fact, but it's still pretty scary.

Finally, I found a program called East-tec Eraser 2003 which has the same feature as Restoration but with a lot more configuration options. I'm trialing the software for the next 30 days to see if I like it or not.

PS: I don't have time right now (I'm pusing it by just typing out this long-winded response ) so I will register again the next time I post.

 

Found that e-mail address which I signed up with! OK.

This East-Tec Eraser 2003 program seems OK, at least it's configuration options. One thing that bothered me was that after wiping it seems create a file in my C:\ directory and then just "deletes" it. The filename is something like 'D213Kd.wip' (not necessarily those numbers and letters, I just can't remember them 100%). After running East-Tec Eraser I then ran Restoration and it picks up this file, and this file only.

Is it possible this file could contain information about what was previously wiped? It'd be great if someone could check this out and let me know if this poses any sort of security risk? Thankyou in advance.