Blogs >> Technology >>
Data Remenance
Data remanence is the residual representation of
data that has been in some way nominally erased or removed. This
residue may be due to data being left intact by a nominal delete
operation, or through physical properties of the storage medium. Data
remanence may make inadvertent disclosure of sensitive information
possible, should the storage media be released into an uncontrolled
environment (e.g., thrown in the trash, or given to a third-party).
Over time, various techniques have been developed to counter data remanence. Depending on the effectiveness and intent, they are often classified as either clearing or purging/sanitizing. Specific methods include overwriting, degaussing, encryption, and physical destruction. Many operating systems, file managers, and other software provide a facility where a file is not immediately deleted when the user requests that action. Instead, the file is moved to a holding area, to allow the user to easily revert a mistake.
Even when an explicit deleted file retention facility is not provided or when the user does not use it, most computers do not actually remove the contents of a file when it is deleted. Instead, they simply remove the file's entry from the file system directory. The contents of the file -- the actual data -- remain on the storage medium. The data will remain there until the operating system reuses the space for new data. In some systems, enough filesystem metadata is also left behind to enable easy undeletion by commonly available utility software. Even when undelete has become impossible, the data, until it has been overwritten, can be read by software that reads disk sectors directly. Computer forensics often employs such software.
Likewise, reformatting, repartitioning or reimaging, a system is not always guaranteed to write to every area of the disk, though all will cause the disk to appear empty to most software.
Finally, even when the storage medium is overwritten, physical properties of the medium may make it possible to recover the previous contents using laboratory techniques.
Over time, various techniques have been developed to counter data remanence. Depending on the effectiveness and intent, they are often classified as either clearing or purging/sanitizing. Specific methods include overwriting, degaussing, encryption, and physical destruction. Many operating systems, file managers, and other software provide a facility where a file is not immediately deleted when the user requests that action. Instead, the file is moved to a holding area, to allow the user to easily revert a mistake.
Even when an explicit deleted file retention facility is not provided or when the user does not use it, most computers do not actually remove the contents of a file when it is deleted. Instead, they simply remove the file's entry from the file system directory. The contents of the file -- the actual data -- remain on the storage medium. The data will remain there until the operating system reuses the space for new data. In some systems, enough filesystem metadata is also left behind to enable easy undeletion by commonly available utility software. Even when undelete has become impossible, the data, until it has been overwritten, can be read by software that reads disk sectors directly. Computer forensics often employs such software.
Likewise, reformatting, repartitioning or reimaging, a system is not always guaranteed to write to every area of the disk, though all will cause the disk to appear empty to most software.
Finally, even when the storage medium is overwritten, physical properties of the medium may make it possible to recover the previous contents using laboratory techniques.
|
|
