0

Can File Shredder be used to purge specifically Temporary Internet Files rather than the whole disk?

Is there any option to just shred the Temporary Internet Files, and nothing else?

Is this a good way to make cache unrecoverable (read: harder to recover)?

Anders
  • 65,052
  • 24
  • 180
  • 218
Yashveer Singh
  • 3
  • 4
  • What part of this question cannot be answered by looking at the [documentation of File Shredder?](https://www.fileshredder.org/fileshredder-help.php). If it is all clear from the documentation please remove the question. If not restrict it to the points which are not clear. – Steffen Ullrich Nov 25 '20 at 17:02
  • Steffen, sorry for acting stupidly, I am encountering all these things for the first time and I myself don't use computer much, I am a neurosurgeon by profession, so I need to ask questions that possibly look laughable or stupid, please pardon me for that. I read the guide where it was mentioned that the "files had to be chosen, directly implying that individual files can be shredded. However, not being a computer-savvy person, and having discussed the things about Cache and its secure deletion throughout today, I have an image in my mind that the disc space (used or unused) is an extremely... – Yashveer Singh Nov 25 '20 at 17:14
  • ....vast jungle where data can be written, deleted, and sometimes, overwritten. I learnt from all of you that it is not necessary that deleted data is overwritten directly, in fact, it may take months or years to get overwritten as new data can simply be written on untouched space. You also taught me that it is not the case that "cache" is a different thing, rather it is just a file and it's deletion and overwriting doesn't work the way that misleading website described. – Yashveer Singh Nov 25 '20 at 17:14
  • Having learnt all this computer stuff within such a short span of 1 day, I really doubt anything I read. My question is more like, *is there really any such thing that only a particular piece of data (cache file) can be made to be shredded? Is it possible to pick a certain set from the tremendously vast jungle and to shred that "very-specific" data?* If you could just say, "yes there exists such a thing in the tech world", it will give me confidence in my understanding. Thanks – Yashveer Singh Nov 25 '20 at 17:14
  • If you are so concerned about deleting the data completely, the only safe solution is to get rid of the medium (the HDD, SSD, etc.). So, depending on the level of paranoia or danger: level 1) forget about it; level 2) overwrite the disk and reinstall everything; level 3) destroy the disk and buy a new one. – reed Nov 25 '20 at 18:04
  • @reed How many times overwriting is necessary to guarantee that no forensic recovery software in the world could ever recover anything? Time is not an issue. At all. But is a guarantee possible, say, after 50 cycles of overwriting? I get the notion that nothing is guaranteed in infosec but does a guarantee exist for 50 overwritings? – Yashveer Singh Nov 25 '20 at 18:10
  • @YashveerSingh increasing the number of overwrites wont help here,i casually went through their page,if the program works as it says,it should be good enough.If you want absolute certainity like say 100%.you will have to physically destroy the disk,but in my opinion,you wont need that. – yeah_well Nov 25 '20 at 18:15
  • You should edit the question and mention what exactly are you trying to achieve here.Why and which files do you want deleted and why.People would be able to give much better answers.Maybe deleting isnt even the solution to your problems – yeah_well Nov 25 '20 at 18:16
  • @VipulNair I thought the more it is overwritten, the more difficult to recover it, eventually making it practically impossible to recover anything? I am asking cache questions for a friend, nothing for my personal use, by the way. – Yashveer Singh Nov 25 '20 at 18:18
  • @YashveerSingh such an attack would be either theoretical/extremely costly/would require the physical disk,hence infeasable, – yeah_well Nov 25 '20 at 18:20
  • Overwriting the disk once is enough for all practical purposes, although in modern drives some data might remain in areas that can't be overwritten (but it should just be small fragments of data, unlikely to be relevant) – reed Nov 25 '20 at 18:21
  • Just to mention its HDD not SSD – Yashveer Singh Nov 25 '20 at 18:24
  • @reed So File Shredder has the ability to shred only those files that I choose? Like Cache files specifically? That will be the answer of this question. – Yashveer Singh Nov 25 '20 at 18:25
  • I'm sorry, have no idea how File Shredder works. If you really aren't willing to wipe your entire HDD, File Shredder might be enough for you. As I said, it depends on your needs (risks / costs / benefits) – reed Nov 25 '20 at 18:42
  • 1
    @YashveerSingh the link you provide in your question has a link to the documentation and how to use it. That answers your question. You don't need to be an expert. You just need to read what you already have in front of you. – schroeder Nov 25 '20 at 19:57
  • @reed and Vipul Nair, but [this](https://security.stackexchange.com/a/147582/246285) person on Security SE believes that at least 7 overwrites are needed? This is contradictory from what you advise. – Yashveer Singh Nov 26 '20 at 06:41
  • Meanwhile, I did some more research and found [this](https://docs.bleachbit.org/doc/shred-files-and-wipe-disks.html) website. It says what all of you are saying here, so I guess what @Rapli Andras advises is incorrect. – Yashveer Singh Nov 26 '20 at 07:07

1 Answers1

0

File Shredder

The File Shredder is actually useless. It only gives an impression of security. It can be useful only in a very rare case when file was write to the disk once and has never been copied. In the reality there can be multiple copies of the whole file or copies of its fragments. Just a few examples:

  • A file was written to the disk then was edited. An editor can create multiple snapshot of particular file versions or snapshots of file parts. What you see is the most recent version. The data from previous versions can remain on the disk for a long time. If you have much free space on the disk, then the probability is high that these copies or their fragments remain for a long time. The File Shredder does not know anything about previous versions and will not delete/overwrite their data on the disk.
  • If you opened the file in some application, it was loaded into memory, the whole file or some parts of it. If the operating system swapped memory later on, then the loaded part of the file was written to the disk. Thus the data from the file can remain on the disk for a long time. The File Shredder does not know anything if memory with file content was written to the disk.

Overwriting

The files that were just deleted in the Windows File Explorer can be restored in many cases by many advanced users. There are free and commercial tools for this. But if the data were overwritten at least once, restoring such data can be very expensive, because this needs special expensive equipment. Only some companies and government agencies can afford such equipment. Besides the necessity to have the expensive equipment the attacker need to disassemble your disk. That's why if you want to protect deleted data from "normal" attackers that don't have such expensive equipment and don't have possibility to disassemble your disk, then a single overwriting will be sufficient.

Just think what value your secrets have and who can be interested in paying a lot of money for buying or renting special equipment, who can be interested in stealing and disassembling your disk. If you believe that nobody is going to pay a lot of money for your secrets, then a single overwriting will be sufficient.

mentallurg
  • 10,256
  • 5
  • 28
  • 44
  • Thank you for your answer mentallurg! – Yashveer Singh Nov 26 '20 at 07:14
  • *" Besides the necessity to have the expensive equipment the attacker need to disassemble your disk. That's why if you want to protect deleted data from "normal" attackers that don't have such expensive equipment and don't have possibility to disassemble your disk, then a single overwriting will be sufficient."* --- You mean it is impossible for a hacker sitting in a different city or country to recover shredded/overwritten files without actually physically coming to my residence, seizing my PC, stealing and disassembling the disk? Can you say your claim with a guarantee? – Yashveer Singh Nov 26 '20 at 07:16
  • @YashveerSingh: Exactly. Restoring of files that were "simply" deleted is *theoretically* possible even if smb. has remote access to your computer. But restoring any information after it was *overwritten* by other data is only possible with special equipment. One would extract disks, put them into special equipment which is very sensitive and can register even smallest magnetic fields, and only the then (if one have luck) some information can be restored. – mentallurg Nov 26 '20 at 09:04
  • Thanks for confirming your assertion. You mentioned the word *theoretically*, is it in the sense: just in theory but hardly in practice, OR, theoretically yes so practically yes as well? – Yashveer Singh Nov 26 '20 at 10:12
  • By *theoretically* I mean that it is possible, but if some special conditions are met. For instance, if you deleted a file, and if there is a lot free space on the disc, and if you don't do any operations that use disk intensively, e.g. you you don't copy 1 000 000 files from one directory to another, then the *probability* is higher, that the place that was occupied by the deleted file was not used for other files. In such case you (or smb. els) can restore the deleted file... – mentallurg Nov 26 '20 at 18:36
  • ... But the longer is the time after file was deleted, the higher is the possibility that the whole file or the important part of it was overridden by data of other files. Then restoring is impossible. And what is important we can only speak about *probability*. In some cases even if there is a lot of free space the deleted file can still be overridden and thus not restorable. In other cases even if there is little free space on the disk it can be possible to restore some deleted files. – mentallurg Nov 26 '20 at 18:40
  • Thanks for clarifying! I guess you are referring to HDDs when you said *"In some cases even if there is a lot of free space the deleted file can still be overridden and thus not restorable."* and SSDs in the latter case? – Yashveer Singh Nov 26 '20 at 18:42
  • Not only HDD. Same is true for any media. E.g. if there is a USB stick of say 16 GB and that has 14-15 GB free, i.e. 80-90% free, the probability to restore is higher. If only 1 GB is free, the probability is lower. – mentallurg Nov 26 '20 at 18:46
  • You mean 1 GB untouched and free right? ...as opposed to "freed up by deletion". – Yashveer Singh Nov 26 '20 at 18:48
  • I mean that 1 GB is not used by any files. – mentallurg Nov 26 '20 at 18:49
  • But if only 1 GB is "not used by any files", then there is no chance of overwrite. Overwrite comes into play when a once-existing file is deleted to create/free up space. – Yashveer Singh Nov 26 '20 at 18:51
  • Let us [continue this discussion in chat](https://chat.stackexchange.com/rooms/116696/discussion-between-mentallurg-and-yashveer-singh). – mentallurg Nov 26 '20 at 18:53