简体繁体 English

如何删除文件以使删除不可逆转？

[英]How to delete a file such that the delete is irreversable?

原文 2011-09-08 10:59:04 4 6 c++/ windows/ delete-file/ erase

I want to delete a sensitive file (using C++), in a way that the file will not be recoverable. 我想以一种文件无法恢复的方式删除敏感文件（使用C ++）。

I was thinking of simply rewriting over the file and then delete it, Is it enough or do I have to perform more actions ? 我想只是重写文件然后删除它，是否足够或我是否必须执行更多操作？

6 个解决方案

Here is an interesting paper: 这是一篇有趣的论文：

http://www.filesystems.org/docs/secdel/secdel.html http://www.filesystems.org/docs/secdel/secdel.html

It adresses some issues with overwriting of files. 它解决了覆盖文件的一些问题。 Especially you can't be sure that the newly written data was written to the same location and that it's impossible to recover data that was overwritten just a very few times or even once (on modern media). 特别是您无法确定新写入的数据是否写入同一位置，并且无法恢复仅被覆盖过几次甚至一次的数据（在现代媒体上）。

Worst case scenario, you can't be sure of having done it without physically destroying the drive. 最糟糕的情况是，你不能确定在没有物理破坏驱动器的情况下完成它。 It's possible that you're running on a journaling filesystem, that keeps the original whenever you modify a file to allow disaster recovery if the modification is interrupted by power failure or whatever. 您可能正在运行日志文件系统，该文件系统会在您修改文件时保留原始文件，以便在电源故障或其他情况下中断修改时允许进行灾难恢复。 This might mean that modifying a file moves it on the physical drive, leaving the old location unchanged. 这可能意味着修改文件会将其移动到物理驱动器上，从而保持旧位置不变。

Furthermore, some filesystems deliberately keep the old version around as long as possible to allow it to be recovered. 此外，一些文件系统故意尽可能长时间地保留旧版本以允许它被恢复。 Consider for example shadow storage copies on Windows, when you modify a disk block that's part of a file that's part of a system restore point, the new data is written to a new block, and the old one is kept around. 例如，在Windows上考虑影子存储副本，当您修改作为系统还原点一部分的文件的一部分的磁盘块时，新数据将写入新块，旧数据块将保留。

There's APIs to disable shadow storage copies for a file, directory or the whole disk (don't know the details, might require admin privilege). 有一些API可以禁用文件，目录或整个磁盘的影子存储副本（不知道详细信息，可能需要管理员权限）。

Another gotcha is filesystem-level compression. 另一个问题是文件系统级压缩。 If you overwrite a file with random data, chances are you make it less compressible and hence larger on disk even though it's still the same logical size. 如果使用随机数据覆盖文件，则可能会使其压缩性降低，因此即使磁盘仍然是相同的逻辑大小，它也会更大。 So the filesystem might have to relocate it. 所以文件系统可能不得不重新定位它。 I don't know off-hand whether Windows guarantees to continue using the old blocks for the start of the new, larger file or not. 我不知道Windows是否保证继续使用旧块来启动新的更大的文件。 If you overwrite with zeros, you make it more compressible, the new data might fail to reach as far as the end of the old data. 如果用零覆盖，则使其更易于压缩，新数据可能无法达到旧数据的末尾。

If the drive has ever been defragged (IIRC Windows nowadays does this in the background by default), then nothing you do to the file necessarily affects copies of the data in previous locations. 如果驱动器已经过碎片整理（现在IIRC Windows默认情况下会在后台执行此操作），那么您对该文件所做的任何操作都不一定会影响以前位置的数据副本。

shred and similar tools simply don't work under these fairly common conditions. 在这些相当常见的条件下， shred和类似的工具根本不起作用。

Stretching a point, you can imagine a custom filesystem where all changes are journalled, backed up for future rollback recovery, and copied to off-site backup as soon as possible. 通过拉伸点，您可以想象一个自定义文件系统，其中所有更改都被记录，备份以备将来回滚恢复，并尽快复制到异地备份。 I'm not aware of any such system (although of course there are automatic backup programs that run above the filesystem level with the same basic effect), but Windows certainly doesn't have an API to say, "OK, you can delete the off-site backup now", because Windows has no idea that it's happening. 我不知道任何这样的系统（虽然当然有自动备份程序在文件系统级别上运行，具有相同的基本效果），但是Windows当然没有API说“好的，你可以删除现在进行异地备份“，因为Windows不知道它正在发生。

This is even before you consider the possibility that someone has special kit that can detect data on magnetic disks even after it's been overwritten with new data. 甚至在您考虑某人有可能检测磁盘上的数据的特殊工具包之前，即使在被新数据覆盖之后也是如此。 Opinions vary how plausible such attacks really are on modern disks, which are very densely packed so there's not a lot of space for residuals of old values. 意见不同，这种攻击在现代磁盘上实际上是多么合理，因为现有磁盘非常密集，因此旧值的残差没有太多空间。 But it's academic, really, since in most practical circumstances you can't even be sure of overwriting the old data short of unmounting the drive and overwriting each sector using low-level tools. 但这是学术性的，实际上，因为在大多数实际情况下，你甚至不能确保覆盖旧数据，而不是卸载驱动器并使用低级工具覆盖每个扇区。

Oh yeah, flash drives are no better, they perform re-mapping of logical sectors to physical sectors, a bit like virtual memory. 哦，是的，闪存驱动器并不是更好，它们执行逻辑扇区到物理扇区的重新映射，有点像虚拟内存。 This is so that they can cope with failed sectors, do wear-leveling, that sort of thing. 这样他们就可以应对失败的部门，做到磨损等等。 So even at low level, just because you overwrite a particular numbered sector doesn't mean the old data won't pop up in some other numbered sector in future. 因此，即使在低级别，仅仅因为您覆盖特定编号的扇区并不意味着将来某些其他编号扇区中不会弹出旧数据。

0's and 1's aren't really 0's and 1's. 0和1不是真正的0和1。 Residual magnetism and other techniques (which I doubt are being used by the users you're trying to keep the contents from) can be used to recover data after it was overwritten. 剩余磁性和其他技术（我怀疑你试图保留内容的用户正在使用它们）可以用来在被覆盖后恢复数据。

Take a look at this entry , could be what you're looking for. 看一下这个条目，可能就是你要找的东西。

EDIT: 编辑：

To back-up my statement: 为了支持我的陈述：

One standard way to recover data that has been overwritten on a hard drive is to capture and process the analog signal obtained from the drive's read/write head prior to this analog signal being digitized. 恢复已在硬盘驱动器上覆盖的数据的一种标准方法是在该模拟信号被数字化之前捕获并处理从驱动器的读/写头获得的模拟信号。 This analog signal will be close to an ideal digital signal, but the differences will reveal important information. 该模拟信号将接近理想的数字信号，但差异将揭示重要信息。 By calculating the ideal digital signal and then subtracting it from the actual analog signal, it is possible to amplify the signal remaining after subtraction and use it to determine what had previously been written on the disk. 通过计算理想的数字信号，然后从实际的模拟信号中减去它，可以放大减法后剩余的信号，并用它来确定先前写在磁盘上的信号。

I think this might work for sure. 我认为这可能肯定有用。

Delete the file first, then just start creating a file which would fill up the remaining spaces in disc . 首先删除文件，然后开始创建一个文件，填满光盘中的剩余空格。 This will override all the data present in the disk then if you delete the the file you have created then it is safe to say that your file can't be recovered. 这将覆盖磁盘中存在的所有数据，如果删除了您创建的文件，则可以安全地说您的文件无法恢复。

Instead of creating a single big file , creating many files with the same size or little less of the file you want to delete will be best. 创建与您要删除的文件大小相同或更少的文件不是创建单个大文件，而是最好。 And repeating this for many times will increase the amount of data to overload. 多次重复此操作会增加过载的数据量。

You should overwrite it using some randomly generated bytes, using a decent random number generator or cryptographic function that generates garbage. 你应该使用一些随机生成的字节覆盖它，使用一个像样的随机数生成器或生成垃圾的加密函数。

To be really sure all is overwritten, you could overwrite the same memory area of the deleted file several times. 要确保所有内容都被覆盖，您可以多次覆盖已删除文件的相同内存区域。

Its better to shred the data first before overwriting. 在覆盖之前最好先切碎数据。 So get the memory address and swap the locations. 因此，获取内存地址并交换位置。 After that over write the data. 之后再写入数据。