2

I'm working on a project to Encrypt files using AES encryption with a key generated from SHA-256 from a keyword.

My idea to claim this was to

first : read all bytes from a file

second : encrypt bytes

third : write encrypted bytes on same file

I had some reasons to write encrypted bytes on same file. one was to prevent data recovery. as far as I know, the standard way to do this is to write encrypted data on new file and then remove old file. but I know old file can still be recovered and thats the problem "If old non-encrypted data can be recovered, what is the use of encryption?"

In my experience, I could always reach last version of files when I recovered them, not the history of file changes.

for example I have text file with "This text" in it, and I change it to "This text is changed". When I recovered my files, I could just see a text file containing "This text is changed". (Can old version still be recovered ?!) . so this became my logic to rewrite encrypted data on same file which I'm sure its too risky and buggy !! but would this fulfill my wish ?

I've posted my codes and logics in stackoverflow here . Then answers made me search more about data recovery. I also could read this article about data recovery. If I'm not wrong, file systems on HHDs will just remove a pointer to the file not the file itself so it can be recovered. Thats where I thought I have to rewrite on same file but answers in stackOverFlow told me its useless.

So can you give me details how I can at least HELP preventing old and non-encrypted file from being recovered ?

Also same article wrote something about SSD hard drive, which I think might be my answer (I read if I rewrite data on SSD hard drives it might be completely unrecoverable). How would I do this ?

Thanks.

Any information about how can I overwrite the left space (in case I change my output and write encrypted files to elsewhere) and preventing data recovery could be helpful.

FYI: I code with JAVA... examples can help me too

Community
  • 1
Sep GH
  • 121
  • 3
  • 1
    I think you have it backwards - thanks to wear leveling, even if you rewrite the "same" blocks on an SSD, the controller may write the data someplace completely different, leaving the old data intact (which may or may not be recoverable using low level tools). Even a magnetic hard drive might remap sectors leaving your unencrypted data subject to recovery, even if you overwrite all free space. The best way to prevent data from being recovered is to not write it in plain text in the first place. – Johnny Jan 12 '16 at 06:54
  • @Johnny Thanks for your helpful information. I also liked your idea about not to write it in plain text in the first place, but thats not gonna happen easily, considering we are encrypting files that already exist in HDD or anywhere, so after all they are reachable. And I wonder where could Decryptor put its output ?! anywhere we save decrypted output, it is recoverable too, right ? any ideas about how to solve it ?! – Sep GH Jan 12 '16 at 07:19
  • Johnny's comment is correct for SSDs. It may be messy but there could be some old data still around like that. Is full disk encryption not an option? Some SSDs also have always-on encryption built in. I guess we could use some more requirements. You want to prevent data recovery... Does that include someone running data recovery software on a running and logged in system? Or just on the removed drive? Do you need to encrypt only individual files in one area and not the rest of the data? – Datarecovery.com MK Jan 13 '16 at 15:46
  • Oh I'll also say that you may not have enough control with Java to know where the original file was located and to be able to modify that area. This is because the OS handles operation of the storage and Java has to go through that. The OS may not have any functionality to provide that information. – Datarecovery.com MK Jan 13 '16 at 15:52
  • @Datarecovery.comMK I'm thinking for solutions to prevent it when _even_ someone is running a data recovery software on a logged in and running system. (although information about removed drive might help too). and yes , I want to encrypt only individual files not all data/partition/hard. This is what my program is focusing on. so this should work on both encrypted or non-encrypted hard drives. – Sep GH Jan 13 '16 at 15:53
  • @Datarecovery.comMK , well , that was predictable . what should I focus to learn to achieve this ?! I dont mean what programming language, because I guess C++ or C itself can do it somehow ... but about removing data and make it unrecoverable . Also trusted Command-line tools or C libraries might help because I can execute them in my own program. I just want to make I've done my best to make data inaccessible ! I've heard a government could recover data which were rewrited for 8-9 passes at least !! and that hurts – Sep GH Jan 13 '16 at 15:58
  • Ok good additional information there. Now we know for sure what you are trying for. – Datarecovery.com MK Jan 13 '16 at 17:27
  • Actually I think it might be possible with Java, but may be problematic still and difficult. I was thinking of learning the offset of a file (and any fragmented chunks) on the physical drive and the length prior to encrypting. Then when finished writing an encrypted version, you could jump to that offset on the physical drive and write data to overwrite the old file. This would take more research to do right and might be dangerous (if there are concurrent changes happening to the same data from other operations). I've done reading of physical drives in Java just fine. Not perfect, but works. – Datarecovery.com MK Jan 13 '16 at 17:27
  • @Datarecovery.comMK Uhuh ! Thank you for your information :) And can you also provide me some more research topics or Libraries or etc... ?! – Sep GH Jan 13 '16 at 18:59
  • Let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/34259/discussion-between-sepehr-gh-and-datarecovery-com-mk). – Sep GH Jan 13 '16 at 19:01

1 Answers1

2

Most encryption software like bitlocker or Truecrypt will offer you to overwrite the space that's left with random bytes, resulting in the file being deleted.

Another option is using a fileshredder. Look for any shredder using the Gutmann method

Lucas Kauffman
  • 54,169
  • 17
  • 112
  • 196
  • Thanks . Do you know any file shredder which works with command line for both windows and linux ? Also a Java library for shredding can be helpful so that I can use it in my own program. – Sep GH Jan 13 '16 at 06:45