04/22/08, One Step Ahead - Almanac, Vol. 54, No. 30

Click for weather forecast

Subscribe:
E-Almanac

Mobile
Version

RSS
Feed

Printer
Friendly

Email
Page

Calendar

Almanac Between Issues

One Step Ahead
April 22, 2008, Volume 54, No. 30	Print Issue

Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.

Secure Deletion of Sensitive Information

No matter which operating system you use, it actually takes some thought and effort to make certain that a sensitive file you no longer need is completely deleted from your system. (And then, you’ll need to think about where backup copies may exist, and how to securely dispose of them as well.)

Simply dragging a file to the Recycle or Trash folder on your desktop is very much analogous to crumpling up a piece of paper and tossing it into the wastebasket—it’s a trivial matter to retrieve and restore the information.

Even if you “empty” the Trash, with most operating systems the space containing the file data is simply marked as unused and the data itself remains in place until the system overwrites it with new file data. Should your system be stolen or compromised, there are readily available forensic tools that can retrieve data from deleted files with minimal time and effort.

Windows and Mac OS X come with built-in capability to “shred” unneeded yet sensitive files in such a way that the data cannot be recovered, even by forensic professionals. Many Unix and Linux versions also come with comparable utilities, and there are many commercial products that are available either as stand-alone products such as Digg or as part of larger software suites such as PGP. If the file is stored on removable read-only media such as CDs or DVDs, many shredders for home and office use can physically destroy them in a secure fashion.

For help with secure file deletion, please contact your LSP. For a detailed discussion of secure file deletion, visit
www.sans.org/reading_room/whitepapers/incident/631.php.

_______________________________________

To receive weekly OneStepAhead tips via email, send email to listserv@lists.upenn.edu with the following text in the body of the message: sub one-step-ahead <your name>.

For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.

Almanac - April 22, 2008, Volume 54, No. 30