WEBVTT

00:01.020 --> 00:06.750
So far as we are going through the course, we interacted with the file system quite often.

00:06.960 --> 00:13.860
We also learned how to download and upload files, how to share files securely with friends and contacts,

00:14.100 --> 00:20.340
how to remove metadata that can be used to anonymize us or get information about us.

00:20.610 --> 00:27.450
So before moving to the next section, I think there is still one missing piece, which is how to properly

00:27.450 --> 00:30.480
delete files and wipe storage media.

00:31.200 --> 00:38.160
Now in general, in operating systems, when you right click a file and delete it, or even if you delete

00:38.160 --> 00:44.910
it and empty your recycle bin or your trash, the file doesn't actually get deleted.

00:45.090 --> 00:52.950
What happens is the operating system marks the file or marks the space that the file was occupying on

00:52.950 --> 00:55.620
the storage device as available.

00:56.100 --> 01:04.830
So the data of that file will still exist on your storage device until that space is overwritten with

01:04.830 --> 01:05.790
other data.

01:06.360 --> 01:12.900
That's why we see so many tools that are very easy to use that you can use to recover deleted files.

01:13.470 --> 01:18.660
Now, these are very simple tools that you can download from the Internet for free, so you can only

01:18.660 --> 01:21.780
imagine what a resourceful adversary can do.

01:22.560 --> 01:30.120
So because deleting a file doesn't actually delete the content of it or its data unless it's overwritten

01:30.120 --> 01:31.170
with other data.

01:31.200 --> 01:38.130
There are tools that will randomly fill up that space of that file with random data so that it's more

01:38.130 --> 01:40.200
difficult to recover that file.

01:40.740 --> 01:45.590
Now, Thales comes with such tools preinstalled, as you'd expect.

01:45.600 --> 01:48.030
So if we go to our file manager.

01:49.150 --> 01:51.390
And go to the file that we want to delete.

01:51.400 --> 01:54.760
So in my case, it's in files.

01:56.670 --> 01:58.380
It's this image right here.

01:58.680 --> 02:04.200
Now I can right click the image and just click on Move to Trash, which will literally just move it

02:04.200 --> 02:07.230
to trash similar to any other operating system.

02:07.230 --> 02:10.340
And then I'd have to go to the trash, right click and empty.

02:10.350 --> 02:16.920
And like I said, this will still not delete the content of this image or the data of this image from

02:16.920 --> 02:17.850
my storage.

02:18.720 --> 02:25.380
The better option to go to if you want to securely remove this file is to click on Wipe right here.

02:26.190 --> 02:33.090
Now if you click on that and expand the options in here, you'll see that it will ask you for the number

02:33.090 --> 02:41.880
of passes of random data that will be executed to overwrite the location that contains the data of this

02:41.880 --> 02:42.540
image.

02:42.870 --> 02:47.820
So by default, this is set to two, which should be good enough for most hard disks.

02:48.210 --> 02:54.390
You can set it to 38 for older ones, or one which is not very secure, which will only protect you

02:54.390 --> 02:58.080
from the very simple software that you can download on the internet.

02:58.710 --> 03:06.960
Now, this method will work on hard drives, but it won't work on USB sticks or solid state drives.

03:07.200 --> 03:12.660
Now, if you don't know the difference between hard drives and solid state drives, then I highly recommend

03:12.660 --> 03:14.760
you go and do some reading on that.

03:14.790 --> 03:21.060
I will include links in the resources of this lecture, but basically the way that solid state drives

03:21.060 --> 03:23.130
work, they don't have sectors.

03:23.130 --> 03:26.130
They use cells in order to store your data.

03:26.220 --> 03:33.630
And even if we use a tool similar to this tool right here in order to overwrite a specific location

03:33.630 --> 03:41.190
of this solid storage device, the logic inside the storage device will probably overwrite the request

03:41.190 --> 03:45.840
that we make in order to increase the life of the device.

03:46.620 --> 03:52.530
Therefore, you might use this click on wipe and think that it works, but it might actually not work

03:52.530 --> 03:54.090
as you would expect it.

03:54.540 --> 04:01.710
So you can only properly rely on this method if you're using a hard drive and not a solid state drive

04:01.710 --> 04:03.420
or a USB device.

04:03.990 --> 04:11.280
Now that's for removing one specific file, but what if we wanted to clean all the free space or all

04:11.280 --> 04:13.920
of the available space on the system?

04:14.460 --> 04:19.770
Now, this is only relevant if you're using persistence, obviously, and you might want to do this

04:19.770 --> 04:23.100
because you've deleted a number of files insecurely.

04:23.100 --> 04:28.620
So by literally moving them to trash and empty in the trash and then the contents of these files, like

04:28.620 --> 04:32.430
I said, will still be recoverable from your storage device.

04:32.970 --> 04:38.910
Therefore, what you want to do is you want to right click any empty space in your file manager, click

04:38.910 --> 04:45.540
on wipe available disk space and you'll get a very similar window to the one that we just got with the

04:45.540 --> 04:46.530
same options.

04:46.530 --> 04:53.490
And once you set the options, you click on wipe and that'll clean and that'll securely clean the available

04:53.490 --> 04:56.930
disk space so it won't delete the files that you have.

04:56.940 --> 05:03.450
It will only clean the available disk space, filling it with random data to make sure that it can't

05:03.450 --> 05:06.300
be used to recover the files that you deleted.

05:06.300 --> 05:09.740
So it will only clean the files that you deleted.

05:09.740 --> 05:16.620
It won't affect anything that you already have on your storage device that you did not delete yourself.

05:17.310 --> 05:24.210
Now this is great, but again, it won't work as expected when it comes to solid state devices and to

05:24.210 --> 05:27.870
USB devices for the same reason that I mentioned earlier.

05:28.440 --> 05:35.640
Therefore, if you're using a solid state device or a USB device and you want to securely delete all

05:35.640 --> 05:39.150
of the data that you have on it, then you have two options.

05:39.150 --> 05:42.360
First option is physically destroy that device.

05:42.360 --> 05:46.560
So you can burn it, put it in a microwave, do whatever you want, really.

05:46.800 --> 05:52.650
Or the other option is to securely format the device and wipe it.

05:53.100 --> 05:56.430
And I'm going to show you how to do that in the next lecture.