Vishal Gupta 4 Report post Posted August 17, 2005 Can You Ever Really Erase a Computer File? What if you use Evidence Eliminator? Robert Johnson, who used to be the publisher of Newsday, was indicted for possessing child pornography and for attempting to destroy evidence. A pair of incriminating movies were found on Johnson's office computer, even though he had apparently used a program called "Evidence Eliminator" to wipe 12,000 files from its hard drive. Can you ever really erase a computer file? It's not easy. When you delete a file from a standard desktop computer, the file first gets moved to the "recycle bin" or the "trash," which means only that you've placed the intact data in a new directory. You erase the file when you empty your recycle bin. But even then, much of the information remains on the hard disk. Exactly how much depends on the type of computer you're using and which operating system you have. Here's how it works: The information in each file you create gets stored on your computer's hard disk, where it's spread across multiple "data clusters," or chunks of space that each have a particular address. The computer keeps track of where to look for each file; pieces of a single document, for example, might be stored in clusters all over the disk. If possible, a computer will store files in contiguous clusters, so all the information is kept close together. When you delete a file, all you've really done is tell the computer that it can reuse the clusters assigned to that file for something new. The data in those clusters remains intact, until the computer reassigns and overwrites those chunks of disk space with new files. Experts say that the original data can remain intact for weeks or months, depending on the particulars of the system. To make things easier for computer-forensics specialists, standard Windows desktop machines even save basic information about the deleted file, like what it was called, how big it was, and which clusters it used. (Machines running Unix don't preserve quite as much information.) But even without every chunk of original data, specialists can scan for particular kinds of deleted files or pull bits of text from a deleted file that has been partially overwritten. So, what do programs like Evidence Eliminator do? They first "delete" a file in the conventional sense, and then they overwrite it with zeroes, ones, or random data. Finally, they erase the record of where the original file was stored on the disk. More advanced programs might overwrite the original with something less conspicuous than a string of zeroes, like an ordinary text file. But even if you do wipe your disk successfully—and overwrite each of your deleted files—traces of the original data remain. Writing to a magnetic disk is not as precise as one might think; when you overwrite a file, the new version doesn't completely cover up the old. The leftover data can be read out with certain imaging techniques, like magnetic-force microscopy and magnetic-force scanning tunneling microscopy. Computer forensics experts say it's possible to recover data beneath dozens of layers of overwriting, and privacy fanatics talk about wiping their disks up to 35 times over to be absolutely safe. Share this post Link to post Share on other sites
ashoksoft 83 Report post Posted August 18, 2005 ever heard of Low level format ? Share this post Link to post Share on other sites
kshah 452 Report post Posted August 20, 2005 low level formate as well as chnge location of fat from begining of disk yo end of disk Share this post Link to post Share on other sites
Utsav 0 Report post Posted August 20, 2005 It's true that no file is ever deleted in th true sense. It's like using an eraser to wipe off the texxt written on a paper with a PENCIL! But, at the same time overwriting may cause the impressions get faded. Formatting and overwritning may logically erase the data but too much formatting will lead to a permanent damage to the drive's integrity. Share this post Link to post Share on other sites
ashoksoft 83 Report post Posted August 20, 2005 U can also go in for disk level mods... tried it once ages back using Norton Disk Edit.... change the structure of the deleted file (generally with a name like _filename.extension ... ages back on a 486, when that was the trend. But wonder if those tricks might work on Non-Fat16/32 (or 12 on floppys) disks... never even tried on FAT32. But we do have multiple overwriters / open copiers like file incernators, and well ... a real fool proof method to ensure that the data is really erased is to Slow LLFormat (not just the FAT reset using debug) the disk!!! Till date... I could never recover anything lost that way!! Cheers Ashok PS : BTW : Just thought I will add to the knowledge of someone around ... a very simple (and ancient) way to break the BIOS passwords on Award (and sometimes on other BIOS) was to use debug... (Used to work on most of my old machines (including a IBM Lappy) try this Debug -o 70 2e -o 71 ff -q This resets the BIOS without opening the battery! (in most of the cases) Share this post Link to post Share on other sites
