The present invention relates to computer storage devices such as, but not limited to, magnetic disk drives, and in particular to a computer storage device that implicitly determines whether blocks of the storage device are alive.
Computer storage devices, such as disk drives, store the data of logical data files in one or more blocks defined on a storage medium. The mapping of the data of the logical data files to the blocks is normally done by a “file system” being a program running as part of the computer operating system. The interface between the file system and the computer storage device is normally “narrow” providing only simple block-level read instructions and block-level write instructions, each indicating a block number and whether data is to be read from the block or written to the block.
When a logical data file is deleted, the blocks that were used by the data file are left unchanged on the storage medium and overwritten on an individual basis only when a given block is later required to store the data of a different data file. This approach avoids unnecessary activity by the storage device (in erasing blocks on the storage medium), but is a problem when computers are used in sensitive or classified environments, for example, by the government or businesses handling confidential information such as consumer credit or healthcare information. The data of deleted data files can be recovered from the storage medium simply by reading those blocks that have not yet been overwritten by later stored data files.
A “secure” deleting of data files, that is, a deletion that eliminates both the logical data file and that erases the data of the data file stored on the storage medium, can be implemented by modifying the file system to erase blocks (by overwriting the blocks with an obscuring pattern) whenever the logical data file associated with the blocks is deleted. Currently, the common file systems used by the vast majority of computers (e.g., the file systems associated with the Windows and Linux operating systems) do not provide this feature. Third-party tools exist today that claim to perform secure deletion by adding extensions to the file system, but such tools are fundamentally unreliable for the reasons below:
True secure delete for magnetic disks requires “off-track writes”, that is, a writing of data on either side of track boundaries—something that requires control of disk hardware not normally available to the file system through its narrow interface with the disk. True secured deletion may also require multiple overwrites of the blocks with different patterns of data. If such multiple overwrites of a block are implemented by the file system, the storage device may buffer these repeated instructions in non-volatile RAM and collapse them to a single write defeating the intended purpose. Finally, some storage devices flexibly remap the blocks designated by the file system to different physical blocks on the storage medium (“block migration”). An overwrite of a free block by the file system may be redirected to a different block leaving stray copies of deleted data.
Conceivably, current standard file systems could be rewritten to allow secure deletion and the interfaces of storage devices could be redesigned so that the file system could perform the necessary low-level control of the storage device. Such a coordinated, parallel modification of software and hardware, in order to accommodate an initially small group of users requiring secure deletion, is unlikely.