Securely deleting a file in C#.NET

Question

In a project I am doing I want to give users the option of \'securely\' deleting a file - as in, overwriting it with random bits or 0\'s. Is there an easy-ish way of doing this

Answer 1

It wouldn't be secure at all. Instead you may wish to look at alternative solutions like encryption.

One solution would be to encrypt the contents of the data file. A new key would be used each time the file is updated. When you want to "securely delete" the data simply "lose" the encryption key and delete the file. The file will still be on the disk physically but without the encryption key recovery would be impossible.

Here is more detailed explanation as to why "secure" overwrites of files is poor security:

Without a low level tool (outside of .net runtime) you have no access to the physical disk location. Take a filestream on NTFS, when you "open a file for write access" you have no guarantee that the "updated" copy (in this case random 101010 version) will be stored in the same place (thus overwriting the original file). In fact most of the time this is what happens:

1) File x.dat is stored starting at cluster 8493489 2) You open file x.dat for write access. What is returned to you by the OS is merely a pointer to the file stream abstracted by not just the OS but the underlying file system and device drivers (hardware RAID for example) and sometimes the physical disk itself (SSD). You update the contents of the file with random 1 & 0s and close the filestream.

3) The OS likely may (and likely will) write the new file to another cluster (say cluster 4384939). It will then merely update the MFT indicating file x is now stored at 4384939.

To the end user it looks like only one copy of the file exists and it now has random data in it however the original data still exists on the disk.

Instead you should consider encrypting the contents of the file with a different key each time file is saved. When the user wants the file "deleted" delete the key and file. The physical file may remain but without encryption key recovery would be impossible.

Answer 2

You could invoke sysinternals SDelete to do this for you. This uses the defragmentation API to handle all those tricky edge cases.

Using the defragmentation API, SDelete can determine precisely which clusters on a disk are occupied by data belonging to compressed, sparse and encrypted files.

If you want to repackage that logic in a more convenient form, the API is described here.

Answer 3

I'd first try simply to open the file and overwrite its contents as I would normally do it. Pretty trivial in C#, I won't even bother to write it. However I don't know how secure that would be. For one thing, I'm quite certain it would not work on flash drives and SSD's that use sophisticated algorithms to provide wear leveling. I don't know what would work there, perhaps it would need to be done on driver level, perhaps it would be impossible at all. On normal drives I just don't know what Windows would do. Perhaps it would retain old data as well.

Answer 4

You can't securely delete a file on a journaling filesystem. The only non-journaling system still in heavy use is fat32. On any other system, the only way to securely delete is to shred the entire hard drive.

EDIT

The reason secure delete doesn't work, is that that data used to overwrite a file might not be stored in the same location as the data it is overwriting.

It seems Microsoft does provide a secure delete tool, but it does not appear to be something that you can use as a drop in replacement.

The only good way to prevent deleted file recover, short of shredding the disk, would be to encrypt the file before it is written to disk.

Answer 5

Gutmann erasing implementation