none
Does the Kill or Delete statement erase all traces of a file, if not, then how do you do that?

Answers

  •  Dim RND As New Random
            Dim fs As FileStream = New FileStream("C:\Users\Public\Important.docx", FileMode.Open)
            For I As Long = 0 To fs.Length
                fs.WriteByte(CByte(RND.Next(0, 128)))
            Next

    Thanks for all contributors, it seems Acamar is the only one with an answer i can use, as I want to do this file by file for a particular folder.

    No one seems to dispute this code although more than one pass may be required

    Whilst all the technical stuff mentioned is interesting reading, it is beyond my level of expertise, so any other comments re actually using code to erase a file would be appreciated

    • Marked as answer by x38class Monday, July 29, 2013 3:53 AM
    Sunday, July 28, 2013 5:40 AM

All replies

  • Does the Kill or Delete statement erase all traces of a file, if not, then how do you do that?

    No it does not.  To remove the file contents you should write random data into the file and then erase it.

    That does not guarantee, however, that Windows has not kept some copies somewhere else, such as the recycle bin or as part of a backup or system restore point.

    Saturday, July 27, 2013 5:38 AM
  • That seems all too easy, how do you write random data to a jpg,doc,docx,xls & other files?
    Saturday, July 27, 2013 5:43 AM
  • That seems all too easy, how do you write random data to a jpg,doc,docx,xls & other files?

            Dim RND As New Random
            Dim fs As FileStream = New FileStream("C:\Users\Public\Important.docx", FileMode.Open)
            For I As Long = 0 To fs.Length
                fs.WriteByte(CByte(RND.Next(0, 128)))
            Next
        End Sub
    The file type doesn't matter.   That process will prevent access to the contents of the file through a utility that recovers the data from a deleted file.  It does not guarantee that the contents are not elsewhere on the disk.
    Saturday, July 27, 2013 7:26 AM
  • Does the Kill or Delete statement erase all traces of a file, if not, then how do you do that?

    Get a book called "Windows Internals". 

    This book will teach you the intricate binary structure of an NTFS volume. 

    Once you have learned how NTFS stores files on the hard drive, you can then start tracing those data runs and deleting the actual file content, because actual file content isn't really deleted off of your hard drive when you put it in the recycle bin, or even when you empty it.  If you're using the Guttman method, then you will need to do 35 passes of 1's and 0's.

    The space that the information consumes is just marked available. Meaning the data is still there, until it is overwritten, even if you re-partition your hard drive.

    If your drive is a magnetic drive, there are technologies that can recover data that has even been overwritten, using magnetic force microscopes.

    Depending on the level of concern about what it is that you are trying to "Securely Delete", you would have to pass your hard drive across a degausser until you hear a snap, then you could throw it away.



    “If you want something you've never had, you need to do something you've never done.”

    Don't forget to mark helpful posts and answers ! Answer an interesting question? Write a new article about it! My Articles
    *This post does not reflect the opinion of Microsoft, or its employees.


    Saturday, July 27, 2013 7:58 AM
    Moderator
  • Does the Kill or Delete statement erase all traces of a file, if not, then how do you do that?

    http://bleachbit.sourceforge.net/documentation/shred-files-wipe-disk

    http://en.wikipedia.org/wiki/Van_Eck_phreaking


    Please BEWARE that I have NO EXPERIENCE and NO EXPERTISE and probably onset of DEMENTIA which may affect my answers! Also, I've been told by an expert, that when you post an image it clutters up the thread and mysteriously, over time, the link to the image will somehow become "unstable" or something to that effect. :) I can only surmise that is due to Global Warming of the threads.


    Saturday, July 27, 2013 3:33 PM
  • If you're using the Guttman method, then you will need to do 35 passes of 1's and 0's.

    The space that the information consumes is just marked available. Meaning the data is still there, until it is overwritten, even if you re-partition your hard drive.

    If your drive is a magnetic drive, there are technologies that can recover data that has even been overwritten, using magnetic force microscopes.

    Depending on the level of concern about what it is that you are trying to "Securely Delete", you would have to pass your hard drive across a degausser until you hear a snap, then you could throw it away.

    Apparently, with more modern HDDs, the Guttman method is overkill: HTG Explains: Why You Only Have to Wipe a Disk Once to Erase It. And, to save people from having to read and understand Windows Internals, it wouldn't necessarily work at all with NTFS compressed, encrypted or sparse files, according to the "How SDelete Works" section of Mark Russinovich's SDelete v1.61.

    If the data on the entire drive needs to be destroyed, then rather than trying to use a degausser, it's more fun to disassemble the drive. Then you can literally scrub the data away, with steel wool. And, in some ways the most important bit, you get two very strong magnets to play with :) Unless it's an SSD, of course.

    --
    Andrew

    Saturday, July 27, 2013 5:45 PM
  • I have Windows Internals and I think it's crap. Why? Because I worked for a corporation that wrote a leading 32 and 64 bit operating system that ACTUALLY discussed internals in our book not pretended they did. By the way one of the authors of Windows Internals used to work in VMS Development with me. He must be awful frustrated.

    Renee


    "MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me


    • Edited by Renee Culver Sunday, July 28, 2013 12:41 AM fufu
    Sunday, July 28, 2013 12:39 AM
  • THIS is an interesting question and attention should be paid to it.

    Renee


    "MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me

    Sunday, July 28, 2013 1:11 AM
  • THIS is an interesting question and attention should be paid to it.

    Renee


    "MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me


    i rather like the windows internals book and have "Actually" read a great deal of it.i found it to reveal quite a deal of information that cannot be found elsewhere.

    “If you want something you've never had, you need to do something you've never done.”

    Don't forget to mark helpful posts and answers ! Answer an interesting question? Write a new article about it! My Articles
    *This post does not reflect the opinion of Microsoft, or its employees.

    Sunday, July 28, 2013 1:31 AM
    Moderator
  • I have two copies of that book and find it to be a waste to discuss internals in the total absence of code which cannot be listed. Obviously its a question of habituation levels. Windows never release listings and therefore since you have only worked with Windows I'm sure you found it educational.

    In contrast, I worked for a company that released the sources to the Exec and find Windows pale and highly deficient in that.

    Renee


    "MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me

    Sunday, July 28, 2013 1:53 AM
  •  Dim RND As New Random
            Dim fs As FileStream = New FileStream("C:\Users\Public\Important.docx", FileMode.Open)
            For I As Long = 0 To fs.Length
                fs.WriteByte(CByte(RND.Next(0, 128)))
            Next

    Thanks for all contributors, it seems Acamar is the only one with an answer i can use, as I want to do this file by file for a particular folder.

    No one seems to dispute this code although more than one pass may be required

    Whilst all the technical stuff mentioned is interesting reading, it is beyond my level of expertise, so any other comments re actually using code to erase a file would be appreciated

    • Marked as answer by x38class Monday, July 29, 2013 3:53 AM
    Sunday, July 28, 2013 5:40 AM
  • No one seems to dispute this code although more than one pass may be required

    The number of passes is not relevant for that task - it only becomes relevant at a much higher level of security.   If someone wants to retrieve that data after it has been overwritten for the file, they will have several other options that would almost certainly be successful before they need to worry about the history that erased bits leave behind. 

    If you want protection against anything beyond a simple file recovery utility then you should use one of the available products that implement more advanced techniques - writing it yourself in VB is too complex.   

    Sunday, July 28, 2013 6:30 AM
  • Thanks Acamar for your additional info, you say:

    "you should use one of the available products that implement more advanced techniques - writing it yourself in VB is too complex"

    I am writing a program in VB that over time will erase/delete many sensitive files depending on how the parameters are passed to my program, so what you are saying it is impossible to add a thread to my program to use a third party plugin/dll or whatever.

    Incidentally your code was missing fs.close, my poor attempt (knowing no better) to erase a file using vb is as follows which may be of some use to others


    Function EraseFile(ByVal File2Erase As String, ByVal Passes As Integer)
    
    
            Dim b As Integer
    
            If File.Exists(File2Erase) Then
                For b = 1 To Passes
                    Dim Rnd As New Random
                    Try
                        Dim fs As FileStream = New FileStream(File2Erase, FileMode.Open)
                        For i As Long = 0 To fs.Length
                            fs.WriteByte(CByte(Rnd.Next(0, 128)))
                        Next
                        fs.Close()
                        
                    Catch ex As Exception
                        MsgBox("Cannot Erase " & File2Erase)
                        End
                    End Try
                Next
                        Try
                            System.IO.File.Delete(File2Erase)
                        Catch ex As Exception
                            MsgBox("Cannot Delete " & File2Erase)
                            End
                        End Try
            Else
                MsgBox(File2Erase & " Does Not exist")
                End
            End If
            
        End Function



    • Edited by x38class Sunday, July 28, 2013 7:11 AM error in coding
    Sunday, July 28, 2013 6:51 AM
  • I am writing a program in VB that over time will erase/delete many sensitive files depending on how the parameters are passed to my program, so what you are saying it is impossible to add a thread to my program to use a third party plugin/dll or whatever.

    The code that you are using will overwrite the contents of the file.   That means that if anyone recovers that file then they will get garbage.  If there has been a previous copy of that file somewhere else in your system - for instance if it was a WORD file and WORD kept a backup that was only deleted after you saved your new version - then that other copy may still be recoverable, because WORD does not do the sort of overwriting that you have now implemented.  The same things applies to most other programs: an image editor probably creates a new version of the file each time it is edited, without overwriting the original file when it gets deleted.  So the contents of that previous copy might still be recoverable.  That's why I indicated that if you are concerned about file security then you should use a  proper disk (not file) erasing utility that ensures those old copies can't be reconstructed.

    Typically the erasing procedure is implemented as a system utility that runs in the background and follows up on all file operations, ensuring that data is overwritten when it is no longer part of a file.  That's what would be too complex for VB.

    Depending on what disk eraser utility you choose to use, it is quite possible that you can control or manage it in some way from a VB application - it depends entirely on what you choose to use.

    One option that is possible from VB is to write a program that fills up the disk with garbage files and then deletes them all. But while it would be possible to write it, it would be impractical to use it. And it would still not be 100% effective.

    Sunday, July 28, 2013 10:54 AM
  • Let's go into this a bit. Deleting an NTFS file does not delete the information stored in the file. Deletion deletes the pointers to the file - only. The information is still on the disk.

    Renee


    "MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me

    Sunday, July 28, 2013 12:25 PM
  • No one seems to dispute this code

    Hey! I do! Please note what I referred to about NTFS compressed, encrypted or sparse files.

    --
    Andrew

    Sunday, July 28, 2013 5:54 PM
  • No one seems to dispute this code although more than one pass may be required

    For some programs you may also need to do this to the .tmp files they create to save your work to as you edit files with them. For Microsoft Word 2010 the supposed default location would be:

    C:\Documents and Settings\(YourUserName)\Application Data\Microsoft\Word


    Please BEWARE that I have NO EXPERIENCE and NO EXPERTISE and probably onset of DEMENTIA which may affect my answers! Also, I've been told by an expert, that when you post an image it clutters up the thread and mysteriously, over time, the link to the image will somehow become "unstable" or something to that effect. :) I can only surmise that is due to Global Warming of the threads.

    Sunday, July 28, 2013 6:47 PM
  • If you really want the file unrecoverable, write 5 passes

    Pass #1 - all zeros

    Pass #2 - all 0xFF

    Pass #3 - 0x55

    Pass #4 - 0xAA

    Pass #5 - Random Data 0 -=> FF

    Unless your data controls the fate of mankind, it is gone forever. From what I have read, Magnetic Force Microscopy is phenomenally expensive.

    For 99.99999 % of all cases, Acamar's solution is more than adequate.

     

    Monday, July 29, 2013 1:00 AM
  • If you really want the file unrecoverable, write 5 passes

    Pass #1 - all zeros

    Pass #2 - all 0xFF

    Pass #3 - 0x55

    Pass #4 - 0xAA

    Pass #5 - Random Data 0 -=> FF

    Unless your data controls the fate of mankind, it is gone forever. From what I have read, Magnetic Force Microscopy is phenomenally expensive.

    For 99.99999 % of all cases, Acamar's solution is more than adequate.

     

    It can get more complicated than that your data get everywhere on the disk ... cache ... memory pages may go on the disk .. if you hibernated you computer, data in memory goes on the disk ... temp files of all kind gets created and erased ... the NTFS may change the data from one segment to an other leaving artifact. ... If you ever defragmented your disk, now you have file artifacts everywhere.

    There are no real way to be sure that the data is all gone ... unless you burn the dam thing

    But, well, ... unless you are wary that your disk get to be recovered in a lab, just overwrite it once and delete the file.


    • Edited by Crazypennie Monday, July 29, 2013 2:17 AM 123546
    Monday, July 29, 2013 2:16 AM
  • All contributors comments are much appreciated, I hope this topic has created a solution/options for other users.

    I think Acamars code will suffice for my purposes

    Monday, July 29, 2013 3:56 AM
  • For Devon Nullman

    Thank you for your suggestion, however filestream & bytes are not my area of expertise, could you give me an example on the fs.writebyte line of code to implement your 5 suggestions, thanks

    Monday, July 29, 2013 6:33 AM
  • could you give me an example on the fs.writebyte line of code to implement your 5 suggestions, thanks

    You are already using byte writing code. Just replace the random expression with 0, 255, 85 and 170 respectively.
    Monday, July 29, 2013 7:03 AM
  • thanks, acamar, much appreciated
    Monday, July 29, 2013 8:41 AM
  • GOOD ANSWER!!!!!

    Renee


    "MODERN PROGRAMMING is deficient in elementary ways BECAUSE of problems INTRODUCED by MODERN PROGRAMMING." Me

    Monday, July 29, 2013 2:26 PM