File wiping
File wiping is the process of overwriting a file, sometimes multiple times, to ensure its total deletion. Wiping a file is akin to shredding a document using a paper shredder.
Reasons for use
File wiping is useful for confidentiality, because
files are not entirely deleted using the operating system's default delete
function. Typically, standard delete functions consist of marking the space
occupied by the file as free and updating file system metadata structures,
leaving the actual file contents intact on the physical medium. If the file
system continues to be used, eventually this space will be assigned to other
files and overwritten. However, if the file system has not been used intensively
since the file was deleted, recovery or forensic tools have a good likelihood of
retrieving deleted data in part or in whole by accessing the medium at low
level.
Some research in the field of magnetic storage media has indicated that it is
theoretically possible to recover information from magnetic disks even after an
overwrite, using hardware methods. File wiping with multiple overwrite passes
was devised as an attempt to defeat such methods.
How it works
File Wipe programs work not only by unlinking a
file but also specifically overwriting them with garbage data. For very high
security installations, overwriting the file several times is advised. Many
government institutions have specific protocols for file deletion. For instance,
the U.S. DoD specification 5220.22 standard says a file must be overwritten
three times. Some researchers believe that the U.S. DoD standard is weak, yet
others believe the standard was created for archaic MFM/RLL encoding, being
written in 1995.
Wiping a file takes a considerably longer amount of time than just deleting it.
Very large files, typically over 100MB, can take a prohibitively long amount of
time to remove.
Besides destroying file's contents, some file wiping software also makes an
attempt to ensure that, once wiping has been performed, no information about the
file is left in the file system's metadata, such as directory entries. FAT file
system, for example, only replaces the first character of the filename in the
corresponding directory entry, when a file is removed. This may be a problem if
the user doesn't want to leave traces, such as partial file name and, possibly,
creation and modification dates on the physical medium. The solution to this
problem is to wipe deleted entries in the directory containing the file after
wiping the file itself.
Reference: Wikipedia.org