Whether you are a corporate or home user, you expect confidential data to remain private.
When modifying, editing, printing, or deleting a document, most would assume that all
unwanted traces of the data are entirely erased. This is not true.
When a file is
deleted, only the information that points to that document is eliminatedthe file
still resides on the drives free-space! Also, when a document is created, edited, or
printed, Windows creates and maintains portions of the file in various locations on the
hard drive. Free space, file slack, RAM slack, swap files, .TMP files, and spool files all
contain data that many mistakenly believe is removed when the Recycle Bin is emptied. And
with any one of the several data recovery software programs on the market (such as
PowerQuests Lost & Found), these files can be easily recovered by others!
SecureClean addresses these problems by completely eliminating unwanted data.
SecureClean thoroughly scans your system in search of data that you specify as unwanted.
The cleaning process then securely overwrites the data to the same standards developed by
the US Department of Defenseeliminating all traces of the files. And to insure the
cleaning process is successful, SecureClean allows users to verify that clusters
containing previously deleted files are completely clean.
SecureClean is the safe, effective, and thorough way of keeping your system clean of
unwanted PC data.
swap file space
TMP and spool files
When Windows deletes a file, or when you delete a file from your recycle bin or from a
command prompt, that file is not destroyed. When a file is deleted, only a pointer
to the file is deleted while the contents of the file stay intact. This means that
even though you cannot see a file from your desktop, it may still exist in the free space
on your drive. All deleted files become part of the drives free space and that free
space can be read by any average user with tools readily available for download from the
Your drives free space contains delete e-mail, documents, images, etc, which can all be
recovered and read! Prove it to yourself.
Windows formats your drives to one of two types, NTFS or FAT. Both of these formats
divide up the drive space into clusters or file allocation units. You can think of a
cluster as a bucket that can only hold a certain amount. The size of the cluster, or
what it can hold, ranges from 512 bytes to 64k and is always a power of 2. Each file
on you computer is stored in these clusters. A file 12 bytes long would be stored in
one cluster and a file 500k long would be stored in many clusters. Only one file can
be stored in a cluster, meaning files cannot share clusters.
File slack is the space between the last byte in a file and the end of the last cluster
holding the file. Let's look at a simple example.
What if we had a text file that only contained 12 characters, or in other words 12 bytes.
And let's say that we stored the file on a drive that had clusters which were 32k
(32768 bytes) in size. This would mean that we would have some extra space in our
cluster, 32768 - 12 = 32756. We would have 32756 extra bytes of space in the
cluster. This extra space contains whatever the cluster held before we starting
using it, meaning it could contain parts of a deleted document. This extra space is
file slack and it can be read by anyone with physical access to your disk!
To understand RAM slack, first read file slack.
When a data is written to a disk, it is written in 512 byte blocks. Because
of the physical nature of the drive it never writes less than 512 bytes. This means
that if I wrote a 12 byte file to my disk, the drive would actually write my 12 bytes plus
500 bytes of what ever happened to be in memory (RAM) at the time of the write. Even
though this amount is small, the RAM slack could still contain sensitive information such
as a password, a persons name, a phone number, etc.
swap file space
To be able to run multiple programs at the same time with a finite amount of physical
memory, Windows creates a temporary file called a Swap File. Windows uses this file
to expand your computer's physical memory. Windows swaps an application's data to
and from the swap file as needed based on memory usage. Because this file contains
application data, it can contain things like passwords, pieces of documents, e-mail, or
anything in memory. However, this file is not securely destroyed when Windows
terminates and this data is left in the drive's free space which can be read by anyone
with physical access to your drive.
TMP and spool
Many programs create .TMP (temporary) files on your computer while they are
running. These files are only needed while the program is running, however,
these files generally contain large copies of your data without you even knowing it!
This means that when these files are deleted, they become part of your drives free
space which can still be read. They could contain parts of your most sensitive data!
An example of such a program is MS Word. When MS Word is running, it saves
parts of the currently loaded document into .TMP files stored in the same directory as the
document, but with hidden attributes so that you do not see them. To see the
contents of these files, uses Symantec's Disk Editor or other such program. You will
see that these files contain large amounts of your main document.
Other temp files are sometimes not deleted regularly by applications and Windows
and reside as files undeleted on the drive. These files generally reside in the
Windows' TEMP and SPOOL folders. Both of these folders could contain parts of or
complete documents available to anyone using the computer.