8

When transferring ownership of a computer from one party to another, it's advisable to perform steps to clean out personal data from the hard drive. Depending on needs, the type of data, and/or level of paranoia, this can consist of anything from a simple format to using a program that replaces the disk with all zeros, formatting 6 times, or in the most sensitive of cases, destroying the hard disk and replacing it with a new one.

Consider that I'm not a government agency protecting sensitive data, but at the same time, I don't want the next person using the computer to be able to easily access my data.

If I have a laptop that I use, let's say, for work, and on that computer I use a virtual machine for personal stuff, when transferring ownership of the computer, would deleting the virtual machine be good enough security for the average person, or would I still need to format the drive? Where does using a virtual machine fit in on this scale?

Hendrik Brummermann
  • 27,118
  • 6
  • 79
  • 121
jmort253
  • 181
  • 6

1 Answers1

5

The virtual machine usually stores its virtual hard disk as a normal file on the host operating system's filesystem.

Think of a filesystem like a warehouse. The warehouse contains a large number of boxes (files) and a manifest that lists all of the boxes (the file table). When you delete a file, it doesn't actually destroy the data, it just deletes the entry from the manifest. When the next box comes into the warehouse, the manifest is checked, and the file is put into a free location. If that location already has a box in it, that old box is thrown out. As such, if you can scan through the warehouse instead of the manifest, you could check for boxes that aren't on the manifest, allowing you to extract contents of the boxes even though you "deleted" them.

So, if you delete the virtual machine's virtual disk file, the data will still remain on the disk. Since the virtual disk file is structured in terms of its own headers and the internal filesystem, it shouldn't be difficult to find and extract file data from within the virtual machine's filesystem. Formatting often doesn't solve this problem, as it just overwrites the file table with an empty one - the data is still there.

There are two ways to properly destroy files:

  • Overwrite the disk sectors that contain the data with zeros.
  • Encrypt the file data at runtime, then destroy the key when you want to delete the file.

The first option takes longer when you want to destroy the data, and puts more stress on the disk, as you have to overwrite every sector. The second option provides fast secure deletion, and increased protection during day-to-day use, but has a performance hit on the CPU. In fact, SSDs use the second option to reduce write-wear on the flash devices during a re-format - they store a master key, encrypt everything on the drive with it, then destroy and re-generate the key when given a re-format command.

So, if you're looking to destroy data securely, either perform a proper low-level wipe using shred, or encrypt the disk using TrueCrypt and throw away the key when you want to get rid of the drive.

Polynomial
  • 132,208
  • 43
  • 298
  • 379
  • So, if I had a dynamically allocated virtual disk, and I encrypted it before deleting it, would that suffice? – jmort253 Dec 26 '12 at 06:06
  • @jmort253 At that point you're better off using [`shred`](http://en.wikipedia.org/wiki/Shred_%28Unix%29) or [`sdelete`](http://superuser.com/questions/86824/how-to-secure-delete-file-or-folder-in-windows) - encrypting it at that point is just needless computation. – Polynomial Dec 26 '12 at 22:11
  • Do all SSDs use the second option or does some of them not use encryption at all? and how can I tell before buying one? – Mario Awad Jan 03 '13 at 15:21
  • All modern SSDs use that mechanism. It's transparent to the OS. – Polynomial Jan 03 '13 at 15:39
  • Hi Polynomial, thanks for the answers so far. So if I'm on a Mac, you're saying I don't need to do anything except just use shred or sdelete from the terminal of my Mac to then delete the virtual disk? I was slightly confused by the first bullet point in your answer, as wouldn't overwriting the disk sectors involve formatting the entire Mac OS partition, not just the virtual disk? – jmort253 Jan 07 '13 at 08:28
  • If you're using an SSD, your OS should automatically detect that a standard volume format operation should be done via the proper SSD-specific firmware command. This will wipe the entire SSD by resetting the internal encryption key, rendering all data useless and unrecoverable at the hardware level. If you're only trying to destroy the virtual machine, that's a different story. When I say "overwriting sectors", I mean overwriting the sectors on the host disk that are used to store the virtual disk file - `shred` / `sdelete` will do that job fine. – Polynomial Jan 07 '13 at 08:42