1. Field of the Invention
The present invention is directed to deletion of information from storage media, and more particularly, to secure and reliable deletion of information from magnetic storage drives.
2. Background Art
It is well known in the art that deletion of a file using operating system commands, or deletion of some other unit of information, from a hard disk drive does not actually erase the bits. Normally, a file allocation table (FAT), or some other mechanism used by the operating system to keep track of file locations, is modified, to indicate that the space previously occupied by the file is now empty, and can be written into by the operating system or by application programs. The information that was previously stored at that location may eventually be overwritten. However, this may take a finite period of time, while the information still remains at its previous location on the hard drive, and can be recovered. Additionally, even overwriting the freed-up sectors with new information does not necessarily reliably erase the information, since techniques exist that permit recovery of the bits stored on the hard drive even after several writes to that particular bit location.
Normally, an operating system will return an error upon an attempt to read a file that has been deleted. However, there are many utilities available that access particular regions, or sectors, on the disk drive directly, bypassing the operating system.
In fact, various utilities exist, such as Norton Unerase™, that do precisely that—look for “empty” sectors on the hard drive, and attempt to restore the files that were nominally deleted.
In other words, it is not sufficient to rely on operating system mechanisms to ensure that a “deleted” file can never be recovered. For security reasons, this state of affairs is frequently unacceptable.
The conventional approach to addressing this problem is to use various utilities that identify unused, or empty, sectors on a hard disk drive, and then write new information to those sectors repeatedly and/or randomly and/or based on some algorithm, in order to ensure that the original file content is securely erased. There are several problems with the conventional approach. First, the overhead associated with it is fairly high. For large network drives, for instance, 100 gigabyte drives, if 50% of the drive has to be “wiped” (i.e., securely erased) in this manner, this process can take hours. In the meantime, the areas being wiped are unavailable to the operating system for storage.
Second, this process does not wipe in-line file information. In-line file information is information that is stored within the file structure directory itself (as opposed to being part of the “general” data files). Also, frequently, very small files are written to the directory itself, for faster access.
Third, the conventional approach does not erase so-called “sub-cluster” files, in other words, files that are very small, e.g., a few bytes in size, several of which can be stored in the same sector.
Accordingly, there is a need in the art for a reliable and secure deletion of both file contents and any metadata associated with the file, such as file size, creation date, and other file attributes, to a point where recovery of such information is impossible.