filesystemsimplementationinformation-hiding

Data destruction


There are many file shredders programs that one can use in order to delete permanently one file. What I want to know is some implementation details. For example, considering Gutmann algorithm, how it should work with file and file system? Should an application iterate over all hdd cluster in order to overwrite them? Or it will be enough to open one file, change it content in some way and after that to delete it?

Vice versa, how to restore deleted file? I have not found a lot of information for these topics.

I will be very thankful for your replies.


Solution

  • You could look at the source code of the shred utility which is a part of the GNU core utils found on Linux.The basic idea is to make multiple passes over the disk blocks.There are also some assumptions made about the way the underlying files system commits these writes. See info coreutils 'shred invocation' for more information.

    Restoring deleted files are done best when you know the internal layout of the file system in question and how the delete operation is implemented on it. For example, many drivers for the FAT file system just mark the directory entry as deleted but leave the file's content in tact. (Until and unless it is over-written by new files that you create). So you could just take a dump of the disk and scan through the raw data looking for what you want.