11
Specifically, does type nul > somefile overwrite the entire file on disk? I saw a batch script website recommend generating an FTP script on the fly and then "securely" erasing it with the command in title. Is there any merit to this?
wes
Posted 2011-04-12T15:01:19.067
Reputation: 645
9
What does “type nul > somefile” do to “somefile” in Windows?
First, somefile is opened for writing – this automatically causes the file to be truncated to 0 bytes. The data still remains on disk, just marked as "free" in the bitmap
Then the contents of nul are written to somefile – in this case, exactly zero bytes, since you cannot read anything from nul. The old data is not overwritten.
The file is closed.
I saw a batch script website recommend generating an FTP script on the fly and then "securely" erasing it with the command in title. Is there any merit to this?
It's not any more "secure" than del somefile. It doesn't even remove the data from disk.
To erase a file securely, use a wipe utility such as sdelete or Eraser. Although, is a FTP script actually worth secure-wiping?
user1686
Posted 2011-04-12T15:01:19.067
Reputation: 283 655
2
It 'might' overwrite the file with zeros, but even if it did, that's hardly a secure erase. You would be better off using SDelete for this if you can.
Christi
Posted 2011-04-12T15:01:19.067
Reputation: 915
1
Deleting a file will not prevent third party utilities from un-deleting it again, however you can turn any file into a zero-byte file to destroy the file allocation chain like this:
TYPE nul > C:\examples\MyFile.txt
DEL C:\examples\MyFile.txt
Source half way down the page
Moab
Posted 2011-04-12T15:01:19.067
Reputation: 54 203
How does that differ from only DELeting the file? In either case the OS is going to eventually overwrite that space on disk, yes? – wes – 2011-04-12T15:43:38.217
1Eventually, yes but when, next year? No way to know when. – Moab – 2011-04-12T19:03:26.983
My point in asking being to determine what immediate/beneficial effects "destroying the file allocation chain" has in comparison to simply deleting the file. – wes – 2011-04-13T14:04:38.170
Immediate destruction of the data (file) so you cannot use software to recover it like you can when you simply delete it, at least that is my take. – Moab – 2011-04-13T15:07:09.203
Is there any way to recover that file/original data which was updated with type nul > filename? – Isaiah4110 – 2017-11-16T19:46:45.997
1"Is a FTP script actually worth secure-wiping" - Well, it exposes a password in plaintext on a remote machine. – wes – 2011-04-12T15:37:22.580
2@wes: If you cannot ensure physical and OS security of the machine to prevent recovery of said script, then you equally cannot ensure that the FTP traffic is not being sniffed... But a few suggestions. Switch to a more secure protocol - SFTP or at least FTP/TLS. In addition, make a separate directory for the password-containing file (either the script, or the client's config file) and enable the EFS encryption for it. All new files inside would be automatically encrypted at OS level. Both of the protocols support public key authentication as an alternative, too. – user1686 – 2011-04-12T16:48:42.507
And note that on SSDs all bets are off; currently you simply cannot erase those as the actual bits on the device are decoupled by at least one abstraction layer from the OS. – Joey – 2011-04-13T04:52:02.037
Therefore the only solution is not to store plaintext credentials to disk in the first place. – user1686 – 2011-04-13T05:44:08.757