CN102968597A - Disk data connection chain-based file crushing method - Google Patents
Disk data connection chain-based file crushing method Download PDFInfo
- Publication number
- CN102968597A CN102968597A CN2012104351597A CN201210435159A CN102968597A CN 102968597 A CN102968597 A CN 102968597A CN 2012104351597 A CN2012104351597 A CN 2012104351597A CN 201210435159 A CN201210435159 A CN 201210435159A CN 102968597 A CN102968597 A CN 102968597A
- Authority
- CN
- China
- Prior art keywords
- file
- allocation table
- disk
- address pointer
- bunch
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Granted
Links
Images
Abstract
The invention provides a disk data connection chain-based file crushing method, which comprises the following steps of: looking up a file allocation table and a family address pointer through a file to be crushed; performing crushing deletion on the found file allocation table and the family address pointer; and overwriting the available space of a disk. According to the disk data connection chain-based file crushing method provided by the invention, through performing the crushing deletion on the file allocation table and the family address pointer, the file cannot be normally recovered, and a recovery tool cannot look up the crushed file through the stored information of the disk. On the basis, the file allocation table and the family address pointer in the disk and a free space are overwritten, and therefore, the file can be thoroughly cleared and crushed. Only a disk sector with an address pointer and the family address pointer in the file allocation table in the disk is overwritten, and therefore, not only is the crushing efficiency improved but also the damage risk of the disk is lowered.
Description
Technical field
The invention belongs to field of information security technology, be specifically related to a kind of based on data in magnetic disk connection chain file breaking method.
Background technology
Data security is one of key problem of information security, data security comprises that not only data encryption, access control, backup and recovery etc. to keep data integrity as many work of purpose, also comprise destroying fully the data destroying work that data integrity is purpose.Data destroying refers to adopt various technological means that the data in the computer memory device are thoroughly deleted, and avoids unauthorized user to utilize residual data to recover primary data information (pdi), to reach the purpose of protection critical data.Because the different in kind of information carrier is compared with paper document, the destroy technology of data file is more complicated, and program is more loaded down with trivial details, and cost is more high.In fields such as national defence, administration, commerce, exist the data that a large amount of needs are destroyed for security requirements, only take correct destruction mode, just can reach the destruction purpose.
The data structure of hard disk mainly is comprised of zones such as firmware district, Main Boot Record, each partition system leader record, file allocation table, file directory district, data fields.File allocation table is a file addressing system, and the directory area is used for cooperating the accurate locating file of file allocation table, and the data field is for store data, and it has occupied most of space of hard disk.One group of disk sheet is arranged in the hard disk, magnetic track is concentric circles at disc and distributes, move around on the surface of the disc regional of access hard disk of read-write head, so file can be distributed on each position of disk randomly, the various piece of identical file not necessarily can sequentially be deposited.Leave data on the disk in take bunch as allocation unit, large file may take nearly thousands of, tens thousand of bunches, be dispersed on the whole disk.The file subsystem of operating system is responsible for the organization and management of file various piece, its ultimate principle is the file starting point entrance with similar first bunch, comprises the pointer of cluster address under the sensing again, thereby finds the lower cluster of file, the rest may be inferred, until the end mark of file occurs.From above principle as can be known, data are to leave at random the data field in, and are destroyed as long as the data field does not have, and data are not just destroyed fully, just have the possibility of recovering.
In the routine use process, the user often adopts the ways such as deletion, disk format, file pulverizing to destroy data, and this is the way that is absolutely unsafe.Below be the safety analysis to these several destruction modes:
1. deleted file.In fact, the real erasing disk data field information of deletion action.Operating system is owing to consider all many-sided factors such as operating efficiency, the employed delete command of user, just the file directory item is done a delete flag, they in file allocation table shared bunch be labeled as empty bunch, any change is not carried out in the data field.Some data recovery tools softwares utilize this point just, walk around file allocation table, and directly deleted file is recovered in the reading out data district, and therefore the method for this destruction data is least safe.
2. disk format.Format is divided into the polytypes such as high-level formatting, low-level formatting, quick formatting, partition format.In most cases, the format of domestic consumer's employing can not have influence on the data field on the hard disk.Format only is for operating system creates a brand-new empty file index, is " not using " state with all sector marks, and allowing operating system think does not have file on the hard disk.Therefore, adopt also can unformat data in the rear data field of data recovery tools software.
3. fdisk.For " fdisk " this operation, operating system has also just been revised hard disk master boot record and system boot sector, and the data field of the overwhelming majority is not modified.
4. use file to pulverize software.For satisfying the needs of the thorough deleted file of user, occur some special called files on the net and pulverized software, some anti-viral softwares have also increased the file crushing function, the but mostly not authentication by specialized agency of these softwares, its confidence level and safe coefficient are all doubtful, all right for the treatment of general private data, and can not be for the treatment of the data with level of confidentiality.
In sum, when taking the routine operations such as deletion, format to come " destruction " data, in fact data are not really destroyed, and before new data write the same storage space of hard disk, these data can keep always, thereby have the risk by other people deliberately recover.
Summary of the invention
In order to overcome above-mentioned the deficiencies in the prior art; the invention provides a kind of based on data in magnetic disk connection chain file breaking method; by disk file assignment table, a bunch address pointer deletion are pulverized; guarantee that the file of pulverizing can not normally be recovered, the recovery instrument can not be by the disk storage information searching to the file of pulverizing.And proposed on this basis disk file assignment table and bunch address and remaining space are override, thorough removing and the pulverizing of pulverizing have been realized, the disk sector that only overrides for the address in the disk file assignment table and bunch address overrides, and the efficient of the pulverizing that not only improves, has also reduced the risk of disk failures.
In order to realize the foregoing invention purpose, the present invention takes following technical scheme:
Provide a kind of based on data in magnetic disk connection chain file breaking method, said method comprising the steps of:
Step 1: by ff file allocation table and bunch address pointer that will pulverize;
Step 2: the file allocation table and bunch address pointer that find are pulverized deletion;
Step 3: the free space that overrides disk.
In the described step 1, described file allocation table represents memory disk file space information, and it comprises information unappropriated, that distributed or that be labeled as bad dish bunch; The gauge outfit of described file allocation table accounts for three list items, wherein first byte is the magnetic disk media specifier, the FFFFH of default in the second byte and the 3rd byte, DOS take bunch as unit to the file allocation disk space, each bunch accounts for a list item in file allocation table, a bunch numbering is the table item No., in file allocation table, No. 0 list item and No. 1 list item are gauge outfits, since No. 2 list items; Described file allocation table always is placed on after the dos boot record, if file allocation table then takies adjacent sectors greater than a sector, two file allocation table copies connect together to deposit and are linked to be integral body.
File allocation table is read in the buffer zone of DOS, the file allocation table of system leaves in the sector that the logical one sector begins, judge the file allocation table of storage file according to information, and by calling the file allocation table information of disk stream function judgement file in disk, one of each file including points to file starting cluster address pointer, comprise in the file allocation table field of starting cluster and point to next bunch pointer, the rest may be inferred, to the last one with end-of-file mark bunch, and bunch address pointer information of the allocation table of log file.
In the described step 2, during the operation file deletion, after physical file was deleted, the allocation table of disk file and bunch address pointer data still existed, by file allocation table and bunch address pointer information of disk stream function record deleted file.
Bunch address pointer information of allocation table of the file by record, acquiescence is created in deleted file and fills with the file that under the path is 0 or 1, the link of oppositely giving this file with bunch address pointer of the allocation table of file again, until the allocation table of the new file that creates and deleted file and the corresponding data of bunch address pointer overlap, file in this new establishment of deletion, change file allocation table and bunch address pointer information of deleted file by scale-of-two, it all is empty making the file allocation table of deleted file in the disk and bunch address pointer.
In the described step 3, cover the free space of disk by indirect method.File allocation table in the disk and a bunch address pointer are override, in disk, create the file according to disk or drive size, the establishment form is 0 or 1 filling file, the file of establishment is infinitely increased, until disk or drive do not have available remaining space, delete again crushing operation, the file that creates and file allocation table and a bunch address pointer are emptied return 0.
Compared with prior art, beneficial effect of the present invention is:
1. the based on data file security is pulverized, and has proposed overriding of a file data district pulverized and finished in disk file assignment table, a bunch address pointer deletion;
2. on the basis that the data file security is pulverized, the present invention proposes based on disk file assignment table, a bunch address pointer deletion and pulverize, newly-increased remaining space is pulverized, and the file of pulverizing is thoroughly removed;
3. use file to pulverize and the pulverizing of disk remaining space, pulverize and finish overriding of a file data district with disk file assignment table, a bunch address pointer deletion and improve the high efficiency that file is pulverized, the risk of reduction disk failures improves availability and security.
Description of drawings
Fig. 1 is based on data in magnetic disk connection chain file breaking method process flow diagram.
Embodiment
Below in conjunction with accompanying drawing the present invention is described in further detail.
Such as Fig. 1, provide a kind of based on data in magnetic disk connection chain file breaking method, said method comprising the steps of:
Step 1: by ff file allocation table and bunch address pointer that will pulverize;
Step 2: the file allocation table and bunch address pointer that find are pulverized deletion;
Step 3: the free space that overrides disk.
In the described step 1, described file allocation table represents memory disk file space information, and it comprises information unappropriated, that distributed or that be labeled as bad dish bunch; The gauge outfit of described file allocation table accounts for three list items, wherein first byte is the magnetic disk media specifier, the FFFFH of default in the second byte and the 3rd byte, DOS take bunch as unit to the file allocation disk space, each bunch accounts for a list item in file allocation table, a bunch numbering is the table item No., in file allocation table, No. 0 list item and No. 1 list item are gauge outfits, since No. 2 list items; Described file allocation table always is placed on after the dos boot record, if file allocation table then takies adjacent sectors greater than a sector, two file allocation table copies connect together to deposit and are linked to be integral body.
File allocation table is read in the buffer zone of DOS, the file allocation table of system leaves in the sector that the logical one sector begins, judge the file allocation table of storage file according to information, and by calling the file allocation table information of disk stream function judgement file in disk, one of each file including points to file starting cluster address pointer, comprise in the file allocation table field of starting cluster and point to next bunch pointer, the rest may be inferred, to the last one with end-of-file mark bunch, and bunch address pointer information of the allocation table of log file.
In the described step 2, during the operation file deletion, after physical file was deleted, the allocation table of disk file and bunch address pointer data still existed, by file allocation table and bunch address pointer information of disk stream function record deleted file.
Bunch address pointer information of allocation table of the file by record, acquiescence is created in deleted file and fills with the file that under the path is 0 or 1, the link of oppositely giving this file with bunch address pointer of the allocation table of file again, until the allocation table of the new file that creates and deleted file and the corresponding data of bunch address pointer overlap, file in this new establishment of deletion, change file allocation table and bunch address pointer information of deleted file by scale-of-two, it all is empty making the file allocation table of deleted file in the disk and bunch address pointer.
In the described step 3, cover the free space of disk by indirect method.File allocation table in the disk and a bunch address pointer are override, in disk, create the file according to disk or drive size, the establishment form is 0 or 1 filling file, the file of establishment is infinitely increased, until disk or drive do not have available remaining space, delete again crushing operation, the file that creates and file allocation table and a bunch address pointer are emptied return 0.
Should be noted that at last: above embodiment is only in order to illustrate that technical scheme of the present invention is not intended to limit, although with reference to above-described embodiment the present invention is had been described in detail, those of ordinary skill in the field are to be understood that: still can make amendment or be equal to replacement the specific embodiment of the present invention, and do not break away from any modification of spirit and scope of the invention or be equal to replacement, it all should be encompassed in the middle of the claim scope of the present invention.
Claims (7)
1. one kind based on data in magnetic disk connection chain file breaking method, it is characterized in that: said method comprising the steps of:
Step 1: by ff file allocation table and bunch address pointer that will pulverize;
Step 2: the file allocation table and bunch address pointer that find are pulverized deletion;
Step 3: the free space that overrides disk.
2. according to claim 1 based on data in magnetic disk connection chain file breaking method, it is characterized in that: in the described step 1, described file allocation table represents memory disk file space information, and it comprises information unappropriated, that distributed or that be labeled as bad dish bunch; The gauge outfit of described file allocation table accounts for three list items, wherein first byte is the magnetic disk media specifier, the FFFFH of default in the second byte and the 3rd byte, DOS take bunch as unit to the file allocation disk space, each bunch accounts for a list item in file allocation table, a bunch numbering is the table item No., in file allocation table, No. 0 list item and No. 1 list item are gauge outfits, since No. 2 list items; Described file allocation table always is placed on after the dos boot record, if file allocation table then takies adjacent sectors greater than a sector, two file allocation table copies connect together to deposit and are linked to be integral body.
3. according to claim 2 based on data in magnetic disk connection chain file breaking method, it is characterized in that: file allocation table is read in the buffer zone of DOS, the file allocation table of system leaves in the sector that the logical one sector begins, judge the file allocation table of storage file according to information, and by calling the file allocation table information of disk stream function judgement file in disk, one of each file including points to file starting cluster address pointer, comprise in the file allocation table field of starting cluster and point to next bunch pointer, the rest may be inferred, to the last one with end-of-file mark bunch, and bunch address pointer information of the allocation table of log file.
4. according to claim 1 based on data in magnetic disk connection chain file breaking method, it is characterized in that: in the described step 2, during the operation file deletion, after physical file is deleted, the allocation table of disk file and bunch address pointer data still exist, by file allocation table and bunch address pointer information of disk stream function record deleted file.
5. according to claim 4 based on data in magnetic disk connection chain file breaking method, it is characterized in that: bunch address pointer information of allocation table of the file by record, acquiescence is created in deleted file and fills with the file that under the path is 0 or 1, the link of oppositely giving this file with bunch address pointer of the allocation table of file again, until the allocation table of the new file that creates and deleted file and the corresponding data of bunch address pointer overlap, file in this new establishment of deletion, change file allocation table and bunch address pointer information of deleted file by scale-of-two, it all is empty making the file allocation table of deleted file in the disk and bunch address pointer.
6. according to claim 1 based on data in magnetic disk connection chain file breaking method, it is characterized in that: in the described step 3, cover the free space of disk by indirect method.
7. according to claim 6 based on data in magnetic disk connection chain file breaking method, it is characterized in that: the file allocation table in the disk and a bunch address pointer are override, in disk, create the file according to disk or drive size, the establishment form is 0 or 1 filling file, the file of establishment is infinitely increased, until disk or drive do not have available remaining space, delete again crushing operation, the file that creates and file allocation table and a bunch address pointer are emptied return 0.
Priority Applications (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210435159.7A CN102968597B (en) | 2012-11-05 | 2012-11-05 | Disk data connection chain-based file crushing method |
Applications Claiming Priority (1)
| Application Number | Priority Date | Filing Date | Title |
|---|---|---|---|
| CN201210435159.7A CN102968597B (en) | 2012-11-05 | 2012-11-05 | Disk data connection chain-based file crushing method |
Publications (2)
| Publication Number | Publication Date |
|---|---|
| CN102968597A true CN102968597A (en) | 2013-03-13 |
| CN102968597B CN102968597B (en) | 2015-06-24 |
Family
ID=47798733
Family Applications (1)
| Application Number | Title | Priority Date | Filing Date |
|---|---|---|---|
| CN201210435159.7A Active CN102968597B (en) | 2012-11-05 | 2012-11-05 | Disk data connection chain-based file crushing method |
Country Status (1)
| Country | Link |
|---|---|
| CN (1) | CN102968597B (en) |
Cited By (4)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104239518A (en) * | 2014-09-17 | 2014-12-24 | 华为技术有限公司 | Repeated data deleting method and device |
| CN107203643A (en) * | 2017-06-20 | 2017-09-26 | 郑州云海信息技术有限公司 | A kind of method and system for deleting file |
| CN109471598A (en) * | 2018-11-16 | 2019-03-15 | 深圳市得微电子有限责任公司 | Data deleting method and device of storage equipment and computer readable storage medium |
| CN111459890A (en) * | 2020-03-10 | 2020-07-28 | 奇安信科技集团股份有限公司 | File crushing method and device based on domestic operating system and electronic equipment |
Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1359071A (en) * | 2001-11-29 | 2002-07-17 | 上海格尔软件股份有限公司 | Method for completely deleting files on hard disk |
| CN1928868A (en) * | 2006-09-19 | 2007-03-14 | 珠海金山软件股份有限公司 | Method for completely crashing file data in FAT roll |
| CN1959677A (en) * | 2006-11-29 | 2007-05-09 | 北京中星微电子有限公司 | Method for arranging items of directory in file system |
| US20080222207A1 (en) * | 2004-01-21 | 2008-09-11 | Tomoaki Ito | Data Cleaning Program |
| CN102354302A (en) * | 2011-09-28 | 2012-02-15 | 奇智软件(北京)有限公司 | Method and device for erasing disk |
-
2012
- 2012-11-05 CN CN201210435159.7A patent/CN102968597B/en active Active
Patent Citations (5)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN1359071A (en) * | 2001-11-29 | 2002-07-17 | 上海格尔软件股份有限公司 | Method for completely deleting files on hard disk |
| US20080222207A1 (en) * | 2004-01-21 | 2008-09-11 | Tomoaki Ito | Data Cleaning Program |
| CN1928868A (en) * | 2006-09-19 | 2007-03-14 | 珠海金山软件股份有限公司 | Method for completely crashing file data in FAT roll |
| CN1959677A (en) * | 2006-11-29 | 2007-05-09 | 北京中星微电子有限公司 | Method for arranging items of directory in file system |
| CN102354302A (en) * | 2011-09-28 | 2012-02-15 | 奇智软件(北京)有限公司 | Method and device for erasing disk |
Cited By (10)
| Publication number | Priority date | Publication date | Assignee | Title |
|---|---|---|---|---|
| CN104239518A (en) * | 2014-09-17 | 2014-12-24 | 华为技术有限公司 | Repeated data deleting method and device |
| WO2016041384A1 (en) * | 2014-09-17 | 2016-03-24 | 华为技术有限公司 | Duplicate data deletion method and device |
| CN104239518B (en) * | 2014-09-17 | 2017-09-29 | 华为技术有限公司 | Data de-duplication method and device |
| US10564880B2 (en) | 2014-09-17 | 2020-02-18 | Huawei Technologies Co., Ltd. | Data deduplication method and apparatus |
| US11531482B2 (en) | 2014-09-17 | 2022-12-20 | Huawei Technologies Co., Ltd. | Data deduplication method and apparatus |
| CN107203643A (en) * | 2017-06-20 | 2017-09-26 | 郑州云海信息技术有限公司 | A kind of method and system for deleting file |
| CN109471598A (en) * | 2018-11-16 | 2019-03-15 | 深圳市得微电子有限责任公司 | Data deleting method and device of storage equipment and computer readable storage medium |
| CN109471598B (en) * | 2018-11-16 | 2021-12-10 | 深圳市得一微电子有限责任公司 | Data deleting method and device of storage equipment and computer readable storage medium |
| CN111459890A (en) * | 2020-03-10 | 2020-07-28 | 奇安信科技集团股份有限公司 | File crushing method and device based on domestic operating system and electronic equipment |
| CN111459890B (en) * | 2020-03-10 | 2023-12-15 | 奇安信科技集团股份有限公司 | File crushing method and device based on domestic operating system and electronic equipment |
Also Published As
| Publication number | Publication date |
|---|---|
| CN102968597B (en) | 2015-06-24 |
Similar Documents
| Publication | Publication Date | Title |
|---|---|---|
| US9171005B2 (en) | System and method for selective file erasure using metadata modifcations | |
| US9753934B2 (en) | Method and system for metadata modification | |
| US8244989B2 (en) | Secure erasure of a target digital file including use of replacement data from used space | |
| KR101247006B1 (en) | Nonvolatile disk cache for data security | |
| TWI396973B (en) | Method and system for providing continuous data protection for virtual volume | |
| CN102902672B (en) | Method and device for cleaning file system | |
| US8818950B2 (en) | Method and apparatus for localized protected imaging of a file system | |
| US20080313217A1 (en) | Method and apparatus for exchanging sub-hierarchical structures within a hierarchical file system | |
| JP2007012058A (en) | File system for storing transaction records in flash-like media | |
| CN106527992A (en) | Method and device for destroying data in storage equipment | |
| CN101763317A (en) | Data eliminating method of magnetic medium | |
| CN101853275A (en) | Data management method of FAT file system and system | |
| CN104239438A (en) | File information storage method and file information read-write method based on separate storage | |
| CN102968597B (en) | Disk data connection chain-based file crushing method | |
| CN104751076A (en) | Method for recovering disk data | |
| TW200844744A (en) | Near instantaneous backup and restore of disc partitions | |
| CN104050014A (en) | Efficient storage management method based on virtualization platform | |
| CN102508743B (en) | Multi-point backup and real-time protection method for Linux file system | |
| CN105404468A (en) | Green NAND solid-state disk application and driver therefor | |
| CN104346105B (en) | It is a kind of to be used for the method for data in complete deletion storage device | |
| CN101241454B (en) | Novel system protection and rapid restoration accomplishing method | |
| RU96433U1 (en) | FILE REMOVAL SYSTEM (FILE SHREDDER) | |
| EP3516494B1 (en) | Data erasure method and apparatus | |
| CN110188003A (en) | A kind of data reconstruction method for after loss defect entries in hard disk | |
| Krenhuber et al. | Forensic and anti-forensic on modern computer systems |
Legal Events
| Date | Code | Title | Description |
|---|---|---|---|
| C06 | Publication | ||
| PB01 | Publication | ||
| C10 | Entry into substantive examination | ||
| SE01 | Entry into force of request for substantive examination | ||
| C14 | Grant of patent or utility model | ||
| GR01 | Patent grant |