|One Step Ahead
April 22, 2008, Volume 54, No. 30
Another tip in a series provided by the Offices of Information Systems & Computing and Audit, Compliance & Privacy.
Secure Deletion of Sensitive Information
No matter which operating system you use, it actually takes some thought and effort to make certain that a sensitive file you no longer need is completely deleted from your system. (And then, you’ll need to think about where backup copies may exist, and how to securely dispose of them as well.)
Simply dragging a file to the Recycle or Trash folder on your desktop is very much analogous to crumpling up a piece of paper and tossing it into the wastebasket—it’s a trivial matter to retrieve and restore the information.
Even if you “empty” the Trash, with most operating systems the space containing the file data is simply marked as unused and the data itself remains in place until the system overwrites it with new file data. Should your system be stolen or compromised, there are readily available forensic tools that can retrieve data from deleted files with minimal time and effort.
Windows and Mac OS X come with built-in capability to “shred” unneeded yet sensitive files in such a way that the data cannot be recovered, even by forensic professionals. Many Unix and Linux versions also come with comparable utilities, and there are many commercial products that are available either as stand-alone products such as Digg or as part of larger software suites such as PGP. If the file is stored on removable read-only media such as CDs or DVDs, many shredders for home and office use can physically destroy them in a secure fashion.
For help with secure file deletion, please contact your LSP. For a detailed discussion of secure file deletion, visit
To receive weekly OneStepAhead tips via email, send email to firstname.lastname@example.org with the following text in the body of the message: sub one-step-ahead <your name>.
For additional tips, see the One Step Ahead link on the Information Security website: www.upenn.edu/computing/security/.