File shredders and recovery software

[jj1984]

Hello everyone,

I've been using a file shredder for some time called Eraser.

Recently, I started using a file recovery program called Recuva.

I'm not, however, interested in these programs specifically; I'm interested in how these types of programs work.

Recuva is able to show a list of erased files on a drive.

Many are unrecoverable because they have been overwritten.

But, Recuva still shows the name of the overwritten file.

Some of these files have "normal" names like acpi.mod.

But, some have strange names like 67Ims{bmdY7l9uQ[q(.

Are these strange names the result of the file having been erased with a shredder?

Also, how can you shred a file and leave absolutely no trace whatsoever?

Leaving behind file names is like leaving a meta-data trail.

The recovery software can tell the name of the file that overwrote an earlier file.

How?

How can the recovery software find the name of the file that was there originally after it was overwritten?

Is it possible to shred a drive and leave no trace of anything at all in such a way that if you were to try to run a recovery program focusing on that drive it would return nothing at all?

Also, I noticed that Recuva has a gradation of file designations referring to how well a file can be recovered.

If a file is 'excellent', it hasn't been overwritten at all and can be fully recovered.

But, there are also 'unrecoverable' and 'very poor' designations as well.

The 'excellent' and 'unrecoverable' designations make sense to me.

Either a file can be recovered or not.

But the 'very poor' designation doesn't make sense to me.

How could a file be somewhere in between?

Is it because only some of the file's clusters have been overwritten but not all of them?

Thanks.

 

[Agent Smith]

Are these strange names the result of the file having been erased with a shredder?

More than likely. But I think it has more to do with the hard drive's index table.

Is it possible to shred a drive and leave no trace of anything at all in such a way that if you were to try to run a recovery program focusing on that drive it would return nothing at all?

Yes. To an extent. There are three great programs to do this. One is called DBAN. If using that the entire disk is wiped clean. You really only need to run 7 wipes. The other is Bleachbit. I've never used Bleachbit before, but a famous politician has. LOL! I'm not sure about Bleachbit, but you don't want to run DBAN on a SSD. For that use PartedMagic.

But to avoid all of this crap, just encrypt the entire computer. Preferably before you start obtaining and using data. Like once you first install the OS. But you can still encrypt the computer. I personally use the old and now defunct Truecrypt. It has undergone a very intense audit, and I followed that process closely since I use Truecrypt for everything and have been using it for years. The conclusion of the audit shows no backdoors in the software or any major security flaws that would allow someone to see your data while the computer was off. They did report Truecrypt having some sloppy code, but that's about it. Now there are a few "flaws" with Truecrypt. There is the old maid hack. And that involves having the computer on. Any computer regardless of what encryption it uses is an open door. So it's a moot point. So long as the data is protected while the computer is off you're good to go.

A fork of Truecrypt is Veracrypt. But since it has not undergone an audit I won't use it. And even if I did, I would only use the version that undergone the audit.

As always password complexity and length matter. My password is well over 15 characters long and contains upper and lower case letters, numbers and symbols all committed to memory. If you want to create a damn good password. Use the first letter of some music lyrics and add some numbers and symbols. Just off the top of my head and for simplicity sake. Lets take the song Happy Birthday. So the song is: "happy birthday to you, happy birthday to you, happy birthday dear Agent Smith, happy birthday to you." So use the first letter of each word like so. HBTYHBTYHBDDASHBTY -- add some numbers like 87687 and add some symbols like ^&%. For a password that looks like this: HBTYHBTYHBDDASHBTY87687^&%

Pretty damn complicated, no? LOL! And it's easy to remember too! Just the song, numbers and symbols. And since on a keyboard the number keys correspond to symbols you actually just have to remember a second set of numbers except you press and hold the shift key. Keep in mind the letters don't all have to be caps. I just did that for simplicity sake.

Another thing you have to take into consideration about using full blown encryption is side channel attacks and malware.

Anyways....

I've used both Recuva and Eraser. Eraser is by far the best, simplest data shredder I've used. And with using Recuva afterwards I couldn't find any traces of what I shredded. Although, my Eraser options might have been set different than yours. Here are my settings.

I suppose using the option to replace files would be more beneficial. But I don't need it since I encrypt the whole computer. In fact, I really don't need to use Eraser.

You asked about the difference between unrecoverable, recoverable and poor. To understand that you need to know that data that is trashed is never deleted. It's just simply marked to be written over with new data. Depending on how many times that data gets written over will yield the quality of the data that can be recovered. Thus the reason why Microsoft calls the trash can the Recycle Bin. But I renamed mine.

I should rename it to something else like the Soros Bin. I've had it named Obama Bin for 8 years now. LOL!