Secure dele­tion

Erasing data for good is more dif­fi­cult than you would think, because there are var­ious ways to delete and erase! The most secure solu­tion - to phys­i­cally destroy a data car­rier - is not gen­er­ally very prac­tical. But there are alter­na­tives.

You securely delete data by...

  • using some spe­cific tools to over­write any shared data sec­tions on your mag­netic hard drive or data tapes (sev­eral times).
  • using some spe­cific tools to over­write the whole storage area of elec­tronic data car­riers such as USB sticks, SD cards or SSD hard drives once.
  • phys­i­cally destroying optical data car­riers such as CD-R/RW or DVD-R/RW.
  • encrypting the whole storage area or sen­si­tive con­tent of all kinds of data car­riers and destroying the key mate­rial.
  • phys­i­cally destroying data car­riers.

With the right soft­ware, files deleted without taking spe­cial mea­sures can often be restored. That’s because data cannot actu­ally be deleted, but merely over­written with other data. The dif­fi­culty con­sists in trying to cover all the filing loca­tions.

To defin­i­tively and irrev­o­cably delete con­fi­den­tial data, you will need spe­cial tools and a process adapted to the type of data car­rier involved.

Mag­netic data car­riers, such as hard drives or data tapes

Spe­cial soft­ware will over­write the whole area of your hard drive or data tape where the data to be deleted were stored with (random) data pat­terns - usu­ally sev­eral times. This process will erase data for good.

There are sev­eral prod­ucts on the market, both avail­able com­mer­cially or for free, for instance:

 

  • Eraser: Chip online” offers a Work­shop an. Down­load: eraser.heidi.ie
  • Secure Eraser: You can find some good instruc­tions on the Com­put­er­bild mag­a­zine web­site. Down­load: www.secure-eraser.com
  • DBAN: Securely delete the whole con­tents of your hard drive, for instance before selling or dis­posing of your com­puter. Down­load: www.dban.org

Elec­tronic data car­riers such as SSD hard drives, USB sticks or SD cards

For tech­nical rea­sons, it is not pos­sible to securely delete indi­vidual files on elec­tronic data car­riers such as USB sticks, SD cards or SSD hard drives.

One option is to com­pletely over­write the whole data car­rier. How­ever, all the con­tents are lost in the process. Alter­na­tively, you can encrypt your data (see below).

Optical data car­riers such as CD-R/RW or DVD-R/RW

As far as data dele­tion is con­cerned, too little atten­tion is paid to optical data car­riers such as CD-R/RW or DVD-R/RW. After use, they are often dis­carded as-are in the dustbin - and your sen­si­tive data with them.

Due to tech­nical prob­lems (CD-R/DVD-R) or the small value of these data car­riers (CD-RW/DVD-RW), it is often impos­sible to delete these data securely.

To phys­i­cally destroy these data car­riers is both a secure and prac­tical method.

Phys­ical destruc­tion of data car­riers

To phys­i­cally destroy them is a secure method of erasing data car­riers of all kinds. You can for instance drill a hole into a hard drive or smash a USB stick with a hammer to destroy its storage chip. A more pro­fes­sional and guar­an­teed process com­plying with DIN stan­dard 66399 is offered by com­mer­cial providers.

Phys­i­cally destroying data car­riers of course also destroys their value. For more expen­sive data car­riers, such as larger SSD drives or devices with per­ma­nently installed data car­riers such as smart­phones or tablets, this is not gen­er­ally a prac­tical solu­tion. In these cases, data encryp­tion is a good alter­na­tive.

Pro­tect by encrypting

The most secure and also most flex­ible alter­na­tive to erasing any type of data car­rier is to encrypt data worth pro­tecting and to thus render con­fi­den­tial con­tents unread­able for any third par­ties. In con­trast to data dele­tion, this pro­tec­tion is effec­tive over the whole data life­cycle and even sub­se­quently. This is because once you delete the key mate­rial, all data are lost irrev­o­cably.

To make sure that no unpro­tected con­tents are ever stored on any data car­rier at any time, the whole data car­rier should be encrypted as soon as you start using it. There is a variety of pro­grammes avail­able for this, too:

  • Win­dows Ulti­mate / Pro / Enter­prise ver­sions:
    Use the inte­grated “Bit­Locker” soft­ware
  • Other Win­dows ver­sions:
      “Ver­aCrypt” is free of charge, pow­erful and easy to operate. Down­load: www.veracrypt.fr

Data can be irrev­o­cably destroyed by phys­i­cally destroying data car­riers. It is more prac­tical though to use spe­cial soft­ware to “delete by over­writing”. Another alter­na­tive to this - effec­tive over the whole life­cycle of data and beyond that, too - is to pro­tect data by encrypting them.

Fur­ther infor­ma­tion for those inter­ested:

It is not suf­fi­cient to simply delete via the recycle bin or by for­mat­ting

With com­puters, files are gen­er­ally moved to the recycle bin first. From there, you can recover your data if needs be, and they are seem­ingly deleted for good once you empty the bin. The latter how­ever does not really “delete” the actual files, but only the direc­tory link to the file. This ren­ders the file “invis­ible” to users, and those areas of the hard drive con­taining the files to be deleted are ear­marked for over­writing. These data keep existing until another file is written to the area marked for over­writing.

It is a sim­ilar case when for­mat­ting data car­riers. When quick for­mat­ting, ref­er­ences to all files are removed from the direc­tory. Yet, the file con­tents sur­vive with this process - even if in the shape of orphaned files.

It is more effec­tive to run a com­plete disk format. With today’s oper­ating sys­tems, this will com­pletely over­write all storage spaces with zeros. It is there­fore de facto impos­sible to recover any files by rea­son­able means.

You can there­fore recover deleted data which have not been over­written. This can be very helpful if you inad­ver­tently delete a file you still need. How­ever, for secu­rity rea­sons - for instance if you wish to delete a con­fi­den­tial file for good - this is not desir­able.

To delete an indi­vidual file or a com­plete data car­rier for good, you may need spe­cial soft­ware. The process depends on the type of the data car­rier or the type of recording process used here:

Mag­netic hard drives

On mag­netic hard drives, the filing loca­tion of any file is pre­cisely defined. Spe­cial soft­ware is there­fore able to locate this spe­cific hard disk area and to over­write it - usu­ally even sev­eral times, to be on the safe side. This process will erase data for good.

If you are thinking of dis­posing of or selling your com­puter, you should either remove its data car­riers or at least make sure you delete all data on its hard drive. After all, you really don’t want the buyer of your device to be able to retrieve your sen­si­tive data. It is eas­iest to use a bootable CD with suit­able tools which will over­write the whole hard drive, for instance DBAN for Win­dows.

USB sticks and SD cards

For tech­nical rea­sons, on so-called flash storage media such as USB sticks or SD memory cards, it is pos­sible for the same con­tents to be stored in sev­eral filing loca­tions. This results in the auto­matic cre­ation of copies. When deleting by over­writing, only the copy last used will be deleted - the others remain.

You should there­fore note that you can only ever securely delete data from a flash storage unit by irrev­o­cably erasing the whole medium. There is basi­cally no way you can securely delete indi­vidual files from USB sticks and SD cards.

SSD hard drives

Files on SSD hard drives now built into newer com­puters can there­fore not reli­ably be deleted with the soft­ware men­tioned above. This has tech­nical rea­sons: To ensure the memory cells wear out evenly, the stored con­tents on this hard drive are auto­mat­i­cally reor­gan­ised from time to time. This cre­ates “lost” data copies which cannot be specif­i­cally over­written. It is there­fore not pos­sible to reli­ably delete data by over­writing.

Some SSD hard drive man­u­fac­turers offer inte­grated func­tions which find and pur­port­edly irrev­o­cably delete such lost data on this type of data car­rier. How­ever, it is nigh on impos­sible to check that is func­tion actu­ally works and is really reli­able.

In addi­tion to the phys­ical destruc­tion of the data car­rier, it is the same here with regard to files. You can only securely delete them if you delete the whole storage area of this data car­rier.

Another secure alter­na­tive is to encrypt indi­vidual sen­si­tive files or even the whole storage area of this data car­rier to start with. Without key mate­rial, third par­ties are then unable to read con­fi­den­tial con­tents. This also has the advan­tage that your sen­si­tive data are even pro­tected if your device (for instance your laptop) is stolen or lost - no access without your key!

Optical storage media

With writable optical storage media, a laser engraves data into a reflec­tive layer in a hole pat­tern. Depending on this layer, you can either repeat this process just the once (R) or sev­eral times (RW).

Due to the tech­nical dif­fi­cul­ties and the low value of these data car­riers, it is the most prac­tical solu­tion to destroy these data car­riers to delete your data.

Mag­netic data tapes

Mag­netic data tapes are often used to back up a whole data col­lec­tion to retain them over extended periods of time. They there­fore enable “looking into the past” - to even retrieve data long believed lost.

Mag­netic data tapes back up con­tents to be stored in sequen­tial data sets. These gen­er­ally form an unchange­able unit pro­vided with integrity pro­tec­tion. You cannot delete indi­vidual files from these. When deleting data, you have to destroy the whole data set instead.

What else would you like to learn about security when e-banking?

Reg­ister for a course now
and learn more:

Basic courses

This basic course will point out cur­rent threats on the Internet and con­veys mea­sures as to how you can pro­tect your­self by taking some simple mea­sures.

fur­ther infor­ma­tion

Prac­tical courses

Learn and prac­tice the most impor­tant mea­sures for your com­puter and e-banking secu­rity on com­puters pro­vided by us.

fur­ther infor­ma­tion

Send this to a friend