What exactly means to forensically delete a file? To answer this question we must first know how a deleted file is recovered. By forensic we mean every advanced technique, that goes beyond the “recover from the bin” to restore a deleted file. Under certain circumstances, a file could also be restored from the RAM. Knowing this it goes without saying, that to delete a file and be fairly sure it would not be restored, is a multi-layered approach.
The topic is complex, and it cannot be dismissed in a blog post. However, we can outline the very basic concept. Since a file can be recovered also if it has been deleted, the basic idea is to alter the file before deleting it. Why is this so important? Files are often recovered using a previous version, or using the meta keys sotred in the system. Therefore, altering a file at a given time, will leave likewise altered tracks. The file can still be recoevered but will be unreadable.
Obfuscation
A very simple approach is to encrypt the file, prior deleting it. You can for example run various encrypting iterations, and the original file content will be absolutely unrecoverable. Simple in words but not easy to implement, in fact, our encryption keys could be equally recovered. Obfuscation is a good step but it alone will not be enough. An important aspect to consider, is what type of files we need to securely delete. How often, is it a routine or an occasional procedure?
Do I have time to securely delete my files, or do I need a way to quickly delete them? There are multiple aspects to consider before providing a reliable pattern, evaluating personal habits indeed play an important role. While we can achieve a reasonably secure solution, using commercial or free softwar,e for example, for home-users. A company or professional will more probably require a custom solution, tailored to its specific needs and use cases.
Security comes first
Imagine having a very secure routine to safely delete your files, to then realize your PC is infected with a tailored malware that steals your files, or log your key presses. Would that be functional? It would just be a waste of time and money. The very first step is to educate yourself, and implement good practices to secure your workstation data. To this purpose, please refer to my article: “Securing your workstation: The Browser” for a very fundamental starting point.
Let’s say your workstation is secure, you have good behavior in terms of security, but for some reason you need to safely delete a file or a folder.This option is often at the end of the data lifecycle, if you need to preserve and eventually later recover the data, the matter just gets more complex. This would be good material for another article.
Use the right tools
While it would be impossible to provide a per-persona solution, a very effective tool for home-users and above is given by BleachBit free software. Without going into technicalities, what this software does, is to overwrite the files before deleting them. In some specific cases, this might not be a bulletproof solution, but offer a really good balance between privacy and the costs involved in implementing a customized pattern.
The multi-layered approach is a staple to safely delete personal data. This kind of pattern can only be designed by security professionals who can evaluate the environment, use cases, and the specific needs involved. Do you want to go deeper into the topic? Feel free to drop us a line, describing your needs and use case. While a customized solution indeed offer more security, it is generally not suited for home-users, professionals or small businesses due to the costs involved.