Can I securely delete a file this way?

Question

Let's say I have a 10 MB file and go through these steps:

1. Open it in my favorite programming language for Read/Write
2. Erase everything in the stream
3. Write exactly 10 MB of random back to the same stream
4. Save the changes to disk
5. Delete the file through normal means

Can I be certain that the new 10 MB successfully overwrote the old 10 MB on a sector level in the hard drive? Or is it possible that the "erase everything in the stream" step deletes the old file and potentially writes the new 10 MB in a new location?

Answer 1

The data may still be accessible by a professional who knows what they're doing and can access the raw data on the disk (i.e. without going through the filesystem).

Your program is basically equivalent to the Linux shred command, which contains the following warning:

CAUTION: Note that shred relies on a very important assumption: that the file system overwrites data in place. This is the traditional way to do things, but many modern file system designs do not satisfy this assumption. The following are examples of file systems on which shred is not effective, or is not guaranteed to be effective in all file system modes:

• log-structured or journaled file systems, such as those supplied with AIX and Solaris (and JFS, ReiserFS, XFS, Ext3, etc.)

• file systems that write redundant data and carry on even if some writes fail, such as RAID-based file systems

• file systems that make snapshots, such as Network Appliance's NFS server

• file systems that cache in temporary locations, such as NFS version 3 clients

• compressed file systems

There's other situations as well, such as SSDs with wear leveling.

Answer 2

no, since on any modern file system commits are atomic, you can be almost 100% certain the 10Mb did not overwrite the old 10Mb, and that's before we consider journaled file systems that actually guarantee this.

Answer 3

Short answer: No.

This might depend on your language and OS. I have a feeling that the stream calls are passed to the OS and the OS then decides what to do, so I'd lean towards your second question being correct just to err on the safe side. Furthermore, magnetic artifacts will be present after a deletion which can still be used to recover said data. Even overwriting the same sectors with all zeros could leave behind the data in a faded state. Generally it is recommended to make several deletion passes. See here for an explanation or here for an open source C# file shredder.

For Windows you could use the SDelete command line utility which implements the Department of Defense clearing and sanitizing standard:

Secure delete applications overwrite a deleted file's on-disk data using techiques that are shown to make disk data unrecoverable, even using recovery technology that can read patterns in magnetic media that reveal weakly deleted files.

Of particular note:

Compressed, encrypted and sparse are managed by NTFS in 16-cluster blocks. If a program writes to an existing portion of such a file NTFS allocates new space on the disk to store the new data and after the new data has been written, deallocates the clusters previously occupied by the file.