1
00:00:01,000 --> 00:00:06,000
So far as we are going through the course, we interacted with the file system quite often.

2
00:00:06,000 --> 00:00:13,000
We also learned how to download and upload files, how to share files securely with friends and contacts,

3
00:00:14,000 --> 00:00:20,000
how to remove metadata that can be used to anonymize us or get information about us.

4
00:00:20,000 --> 00:00:27,000
So before moving to the next section, I think there is still one missing piece, which is how to properly

5
00:00:27,000 --> 00:00:30,000
delete files and wipe storage media.

6
00:00:31,000 --> 00:00:38,000
Now in general, in operating systems, when you right click a file and delete it, or even if you delete

7
00:00:38,000 --> 00:00:44,000
it and empty your recycle bin or your trash, the file doesn't actually get deleted.

8
00:00:45,000 --> 00:00:52,000
What happens is the operating system marks the file or marks the space that the file was occupying on

9
00:00:52,000 --> 00:00:55,000
the storage device as available.

10
00:00:56,000 --> 00:01:04,000
So the data of that file will still exist on your storage device until that space is overwritten with

11
00:01:04,000 --> 00:01:05,000
other data.

12
00:01:06,000 --> 00:01:12,000
That's why we see so many tools that are very easy to use that you can use to recover deleted files.

13
00:01:13,000 --> 00:01:18,000
Now, these are very simple tools that you can download from the Internet for free, so you can only

14
00:01:18,000 --> 00:01:21,000
imagine what a resourceful adversary can do.

15
00:01:22,000 --> 00:01:30,000
So because deleting a file doesn't actually delete the content of it or its data unless it's overwritten

16
00:01:30,000 --> 00:01:31,000
with other data.

17
00:01:31,000 --> 00:01:38,000
There are tools that will randomly fill up that space of that file with random data so that it's more

18
00:01:38,000 --> 00:01:40,000
difficult to recover that file.

19
00:01:40,000 --> 00:01:45,000
Now, Thales comes with such tools preinstalled, as you'd expect.

20
00:01:45,000 --> 00:01:48,000
So if we go to our file manager.

21
00:01:49,000 --> 00:01:51,000
And go to the file that we want to delete.

22
00:01:51,000 --> 00:01:54,000
So in my case, it's in files.

23
00:01:56,000 --> 00:01:58,000
It's this image right here.

24
00:01:58,000 --> 00:02:04,000
Now I can right click the image and just click on Move to Trash, which will literally just move it

25
00:02:04,000 --> 00:02:07,000
to trash similar to any other operating system.

26
00:02:07,000 --> 00:02:10,000
And then I'd have to go to the trash, right click and empty.

27
00:02:10,000 --> 00:02:16,000
And like I said, this will still not delete the content of this image or the data of this image from

28
00:02:16,000 --> 00:02:17,000
my storage.

29
00:02:18,000 --> 00:02:25,000
The better option to go to if you want to securely remove this file is to click on Wipe right here.

30
00:02:26,000 --> 00:02:33,000
Now if you click on that and expand the options in here, you'll see that it will ask you for the number

31
00:02:33,000 --> 00:02:41,000
of passes of random data that will be executed to overwrite the location that contains the data of this

32
00:02:41,000 --> 00:02:42,000
image.

33
00:02:42,000 --> 00:02:47,000
So by default, this is set to two, which should be good enough for most hard disks.

34
00:02:48,000 --> 00:02:54,000
You can set it to 38 for older ones, or one which is not very secure, which will only protect you

35
00:02:54,000 --> 00:02:58,000
from the very simple software that you can download on the internet.

36
00:02:58,000 --> 00:03:06,000
Now, this method will work on hard drives, but it won't work on USB sticks or solid state drives.

37
00:03:07,000 --> 00:03:12,000
Now, if you don't know the difference between hard drives and solid state drives, then I highly recommend

38
00:03:12,000 --> 00:03:14,000
you go and do some reading on that.

39
00:03:14,000 --> 00:03:21,000
I will include links in the resources of this lecture, but basically the way that solid state drives

40
00:03:21,000 --> 00:03:23,000
work, they don't have sectors.

41
00:03:23,000 --> 00:03:26,000
They use cells in order to store your data.

42
00:03:26,000 --> 00:03:33,000
And even if we use a tool similar to this tool right here in order to overwrite a specific location

43
00:03:33,000 --> 00:03:41,000
of this solid storage device, the logic inside the storage device will probably overwrite the request

44
00:03:41,000 --> 00:03:45,000
that we make in order to increase the life of the device.

45
00:03:46,000 --> 00:03:52,000
Therefore, you might use this click on wipe and think that it works, but it might actually not work

46
00:03:52,000 --> 00:03:54,000
as you would expect it.

47
00:03:54,000 --> 00:04:01,000
So you can only properly rely on this method if you're using a hard drive and not a solid state drive

48
00:04:01,000 --> 00:04:03,000
or a USB device.

49
00:04:03,000 --> 00:04:11,000
Now that's for removing one specific file, but what if we wanted to clean all the free space or all

50
00:04:11,000 --> 00:04:13,000
of the available space on the system?

51
00:04:14,000 --> 00:04:19,000
Now, this is only relevant if you're using persistence, obviously, and you might want to do this

52
00:04:19,000 --> 00:04:23,000
because you've deleted a number of files insecurely.

53
00:04:23,000 --> 00:04:28,000
So by literally moving them to trash and empty in the trash and then the contents of these files, like

54
00:04:28,000 --> 00:04:32,000
I said, will still be recoverable from your storage device.

55
00:04:32,000 --> 00:04:38,000
Therefore, what you want to do is you want to right click any empty space in your file manager, click

56
00:04:38,000 --> 00:04:45,000
on wipe available disk space and you'll get a very similar window to the one that we just got with the

57
00:04:45,000 --> 00:04:46,000
same options.

58
00:04:46,000 --> 00:04:53,000
And once you set the options, you click on wipe and that'll clean and that'll securely clean the available

59
00:04:53,000 --> 00:04:56,000
disk space so it won't delete the files that you have.

60
00:04:56,000 --> 00:05:03,000
It will only clean the available disk space, filling it with random data to make sure that it can't

61
00:05:03,000 --> 00:05:06,000
be used to recover the files that you deleted.

62
00:05:06,000 --> 00:05:09,000
So it will only clean the files that you deleted.

63
00:05:09,000 --> 00:05:16,000
It won't affect anything that you already have on your storage device that you did not delete yourself.

64
00:05:17,000 --> 00:05:24,000
Now this is great, but again, it won't work as expected when it comes to solid state devices and to

65
00:05:24,000 --> 00:05:27,000
USB devices for the same reason that I mentioned earlier.

66
00:05:28,000 --> 00:05:35,000
Therefore, if you're using a solid state device or a USB device and you want to securely delete all

67
00:05:35,000 --> 00:05:39,000
of the data that you have on it, then you have two options.

68
00:05:39,000 --> 00:05:42,000
First option is physically destroy that device.

69
00:05:42,000 --> 00:05:46,000
So you can burn it, put it in a microwave, do whatever you want, really.

70
00:05:46,000 --> 00:05:52,000
Or the other option is to securely format the device and wipe it.

71
00:05:53,000 --> 00:05:56,000
And I'm going to show you how to do that in the next lecture.