CN106548086A - The method for deleting of confidential data in new technology file system - Google Patents

The method for deleting of confidential data in new technology file system Download PDF

Info

Publication number
CN106548086A
CN106548086A CN201510601559.4A CN201510601559A CN106548086A CN 106548086 A CN106548086 A CN 106548086A CN 201510601559 A CN201510601559 A CN 201510601559A CN 106548086 A CN106548086 A CN 106548086A
Authority
CN
China
Prior art keywords
file
mft
information
items
attributes
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN201510601559.4A
Other languages
Chinese (zh)
Inventor
梁效宁
许超明
赵飞
朱星海
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
SICHUAN XLY INFORMATION SAFETY TECHNOLOGY Co Ltd
Original Assignee
SICHUAN XLY INFORMATION SAFETY TECHNOLOGY Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by SICHUAN XLY INFORMATION SAFETY TECHNOLOGY Co Ltd filed Critical SICHUAN XLY INFORMATION SAFETY TECHNOLOGY Co Ltd
Priority to CN201510601559.4A priority Critical patent/CN106548086A/en
Publication of CN106548086A publication Critical patent/CN106548086A/en
Pending legal-status Critical Current

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F21/00Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F21/60Protecting data
    • G06F21/62Protecting access to data via a platform, e.g. using keys or access control rules
    • G06F21/6218Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F2221/00Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/21Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
    • G06F2221/2107File encryption

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Bioethics (AREA)
  • General Health & Medical Sciences (AREA)
  • Computer Hardware Design (AREA)
  • Health & Medical Sciences (AREA)
  • Software Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Databases & Information Systems (AREA)
  • Storage Device Security (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)

Abstract

The invention provides in a kind of new technology file system confidential data method for deleting, belong to information security field, beneficial effects of the present invention are as follows:1. parsing new technology file system mark needs the confidential document of erasing;2. the information such as the catalogue of confidential document, bitmap, registration table are marked;3. the physical storage address of confidential document is marked;4. all vestiges of erasing mark confidential document ensure the safety of confidential data.Based on above-mentioned means, the present invention can protect the safety of confidential data, it is ensured that confidential data is not recovered to utilize by illegal, adapts to all of enterprises and institutions, government, military project confidential data.

Description

The method for deleting of confidential data in new technology file system
Technical field
The invention belongs to field of information security technology, and in particular to confidential data in a kind of new technology file system Method for deleting.
Background technology
In the 21 century that informationization is developed rapidly, computer technology is maked rapid progress, with daily life Closely bound up, electronic information is the main carriers of data, and numerous enterprises and institutions, state security department use Electronic data be all height concerning security matters, their data safety is also what is paid much attention to, all of concerning security matters Data all arbitrarily cannot be read, once spreading, the impact for causing is inestimable, and USB flash disk, sd cards etc. Used as the most frequently used mobile memory medium, the importance of the data confidentiality of its new technology file system for carrying is not Say and explain, but for the data storage characteristic of new technology file system, stored concerning security matters in a computer Data, even being deleted, it is also possible to restored it using data reconstruction method, so important concerning security matters Data just have the possibility for being resumed, spreading, in order to avoid the generation of these phenomenons, it is proposed that a kind of to be directed to NTFS The method that the confidential data of file system is thoroughly wiped, this method can be thorough by the physical location for having confidential data Wipe at bottom, it is ensured that data are destroyed completely, without the possibility recovered.
The explanation of nouns being related to:
Normal file:In recording head information in the MFT items of file, opposing headers offset the mark of 0x16 Be worth for 0x01 or 0x03 when represent it is normal file;
Reverse-locate:It is that information in the MFT by file goes to position whether the corresponding parent directory of this document is deposited Technology.
The content of the invention
The present invention is directed to the deficiencies in the prior art, there is provided the wiping of confidential data in a kind of new technology file system Except method, can solve the problem that prior art is unable to complete deletion data for new technology file system and leads Cause the problem of information leakage.
To solve problem above, the technical solution used in the present invention is as follows:Relate in a kind of new technology file system The method for deleting of ciphertext data, comprises the following steps:
S1 reads all data files of the MFT records in the NTFS partition in concerning security matters storage medium;
S2 judges that the file type of confidential document to be erased is normal file or deletes file, if normal text Part then skips to S3, otherwise skips to S4;
The parameters of S3 resolution files, including the MFT item information of file, the MFT item information of file parent directory, The address data area of file;
MFT item information or file data area information of the S4 by deletion file, reverse-locate this document parent directory MFT Information or file MFT information;
According to the result in S4, S5 judges that the parent directory information of file whether there is, if exist skipping to S6, otherwise Skip to S7;
S6 marks the data zone content of file to be erased, then carries out the byte-by-byte erasing for filling out 0 or random character Operation;
MFT items in S7 marks file to be erased and 90 attributes in the MFT items of file parent directory, A0 attributes, Then carry out the byte-by-byte erasing operation for filling out 0 or random character;
S8 updates the bitmap letter of the MFT directory entries information and whole file system cluster usage record of whole file system Breath.
Preferably, file record head of all data files of the MFT records described in S1 at least including MFT items Information.
Preferably, S2's comprises the following steps that:Offset according to opposing headers in the recording head information in MFT items The value of statistical indicant of 0x16 come judge with erasing confidential document file type be normal file or delete file, If normal file then skips to S3, S4 is otherwise skipped to.
Preferably, the parameters described in S3 include MFT items 10,30,80,90, A0, B0 attribute Information.
Preferably, S4's comprises the following steps that:In 10 and 30 attributes by the MFT item information for deleting file The document reference number or file data area information of the parent directory recorded in opposing headers skew 0x00, it is reversely fixed Position this document parent directory MFT information.
Preferably, S5's comprises the following steps that:According to result in S4, check in jumping to corresponding MFT items Whether 90 or A0 attributes of the MFT items are related to the record of this document information, if exist skipping to S6, otherwise Skip to S7.
Preferably, S6's comprises the following steps that:Marked by 80 attributes in the MFT items of file and B0 attributes The data zone content of file to be erased, jumps to the address at data field place, the whole used by data field The corresponding region of cluster number carries out the byte-by-byte at least 5 times erasing operations for filling out 0 or random character.
Preferably, S7's comprises the following steps that:Mark MFT items and file parent directory in file to be erased 90 attributes, A0 attributes in MFT items, when the MFT items of MFT items and file parent directory of file are wiped It is different;Specifically, to MFT 90 or A0 attribute areas are only needed when the MFT of file parent directory is wiped Each byte in domain carries out at least 5 times erasing operations for filling out 0 or random character, especially, in erasing A0 Wipe in index buffering area with regard to this document in needing to jump to A0 attributes corresponding index buffering area during attribute All index entries;And be that the region that whole MFT is located all is entered when the MFT items of log file are wiped The erasing operation that row fills out 0 or random character byte-by-byte at least 5 times, if the MFT has A0 attributes, also needs Byte-by-byte at least 5 times are carried out to the cluster that the index buffering area corresponding to A0 attributes is located and fills out 0 or random character Erasing operation.
Beneficial effects of the present invention are as follows:1. parsing new technology file system mark needs the confidential document of erasing; 2. the information such as the catalogue of confidential document, bitmap, registration table are marked;3. the physical store ground of confidential document is marked Location;4. all vestiges of erasing mark confidential document ensure the safety of confidential data.Based on above-mentioned means, this Invention can protect the safety of confidential data, it is ensured that confidential data is not recovered to utilize by illegal, adapts to all of Enterprises and institutions, government, military project confidential data.
Description of the drawings
The flow chart of Fig. 1 embodiment of the present invention.
Specific embodiment
To make the objects, technical solutions and advantages of the present invention become more apparent, develop simultaneously reality referring to the drawings Example is applied, the present invention is described in further details.
In order to describe the inventive method in detail, it is expanded on further with reference to accompanying drawing.
The present invention proposes a kind of method for deleting of confidential data in new technology file system, and the method is not only wiped Normal file in NTFS partition, moreover it is possible to the file deleted in wiping NTFS.
Below by taking NTFS V3.1 versions as an example, the method for the present invention is elaborated.Specifically, including following Step:
S1 reads the information of all MFT items in the NTFS partition in the storage medium of concerning security matters (mainly including MFT The file record header of item), and parse the information such as file, the file for wherein recording;
S2 according in the recording head information in MFT items opposing headers skew 0x16 value of statistical indicant come judge band wipe The file type of confidential document is normal file or deletes file, if normal file then skips to S3, S4 is skipped to otherwise;
S3 resolution files parameters (it is main include MFT items 10,30,80,90, the attribute such as A0, B0 Information), the MFT item information of MFT item information, file parent directory including file, the data of file Regional address;
In 30 attributes of the S4 by the MFT item information for deleting file, opposing headers offset the father's mesh recorded in 0x00 The document reference number or file data area information of record, reverse-locates this document parent directory MFT information;
Whether S5 checks 90 or A0 attributes of the MFT items according to result in S4 in jumping to corresponding MFT items The record of this document information is related to, if exist skipping to S6, S7 is otherwise skipped to;
In MFT items of the S6 by file, 80 attributes and B0 attributes to be marking the data zone content with erasing file, The address at data field place is jumped to, the corresponding region of whole clusters number used by data field is byte-by-byte The erasing operation of 0 or random character is filled out repeatedly;
90 attributes, A0 attributes in MFT items of the S7 marks with MFT items and file parent directory in erasing file, It is different when the MFT items of MFT items and file parent directory of file are wiped.Specifically, in erasing Only need during the MFT of file parent directory to MFT 90 or each byte of A0 attribute regions carry out repeatedly The erasing operation of 0 or random character is filled out, especially, needs to jump to A0 category when A0 attributes are wiped Property it is corresponding index buffering area in wipe index buffering area with regard to this document all index entries;And It is all to carry out byte-by-byte repeatedly filling out 0 by the region that whole MFT is located during the MFT items of erasing log file Or the erasing operation of random character, if the MFT has A0 attributes, also need to corresponding to A0 attributes The cluster that index buffering area is located carries out the byte-by-byte erasing operation for repeatedly filling out 0 or random character.
S8 updates the message bit pattern and the bitmap of whole file system cluster usage record of the MFT items of whole file system Information.
One of ordinary skill in the art will be appreciated that embodiment described here is to aid in reader's reason The implementation of the solution present invention, it should be understood that protection scope of the present invention is not limited to such especially old State and embodiment.One of ordinary skill in the art can be made according to these technology enlightenments disclosed by the invention Various other various concrete deformations and combination without departing from essence of the invention, these deformations and combination are still at this In the protection domain of invention.

Claims (8)

1. in a kind of new technology file system confidential data method for deleting, it is characterised in that comprise the following steps:
S1 reads all data files of the MFT records in the NTFS partition in concerning security matters storage medium;
S2 judges that the file type of confidential document to be erased is normal file or deletes file, if normal text Part then skips to S3, otherwise skips to S4;
The parameters of S3 resolution files, including the MFT item information of file, the MFT item information of file parent directory, The address data area of file;
MFT item information or file data area information of the S4 by deletion file, reverse-locate this document parent directory MFT Information or file MFT information;
According to the result in S4, S5 judges that the parent directory information of file whether there is, if exist skipping to S6, otherwise Skip to S7;
S6 marks the data zone content of file to be erased, then carries out the byte-by-byte erasing for filling out 0 or random character Operation;
MFT items in S7 marks file to be erased and 90 attributes in the MFT items of file parent directory, A0 attributes, Then carry out the byte-by-byte erasing operation for filling out 0 or random character;
S8 updates the bitmap letter of the MFT directory entries information and whole file system cluster usage record of whole file system Breath.
2. in a kind of new technology file system according to claim 1 confidential data method for deleting, its feature It is that all data files of the MFT records described in S1 at least include the file record header of MFT items.
3. in a kind of new technology file system according to claim 2 confidential data method for deleting, its feature It is that S2's comprises the following steps that:
Relating to erasing is judged according to the value of statistical indicant of opposing headers skew 0x16 in the recording head information in MFT items The file type of ciphertext part is normal file or deletes file, if normal file then skips to S3, otherwise jumps To S4.
4. in a kind of new technology file system according to claim 3 confidential data method for deleting, its feature Be, the parameters described in S3 include MFT items 10,30,80,90, the information of A0, B0 attribute.
5. in a kind of new technology file system according to claim 4 confidential data method for deleting, its feature It is that S4's comprises the following steps that:By relative in 10 and 30 attributes of the MFT item information for deleting file The document reference number or file data area information of the parent directory recorded in head bias 0x00, reverse-locating should File parent directory MFT information.
6. in a kind of new technology file system according to claim 5 confidential data method for deleting, its feature It is that S5's comprises the following steps that:According to result in S4, in jumping to corresponding MFT items, the MFT is checked Whether 90 or A0 attributes of item are related to the record of this document information, if exist skipping to S6, otherwise skip to S7.
7. confidential data method for deleting in a kind of new technology file system according to claim 6, its feature exist In S6's comprises the following steps that:It is to be erased to mark by 80 attributes in the MFT items of file and B0 attributes The data zone content of file, jumps to the address at data field place, and whole clusters number that data field is used are right The region answered carries out the byte-by-byte at least 5 times erasing operations for filling out 0 or random character.
8. in a kind of new technology file system according to claim 7 confidential data method for deleting, its feature It is that S7's comprises the following steps that:Mark the MFT of the MFT items and file parent directory in file to be erased 90 attributes, A0 attributes in, when the MFT items of MFT items and file parent directory of file are wiped It is different;Specifically, to MFT 90 or A0 attribute regions are only needed when the MFT of file parent directory is wiped Each byte carries out at least 5 times erasing operations for filling out 0 or random character, especially, in erasing A0 attributes When need to jump to the corresponding index buffering area of A0 attributes in wipe institute in index buffering area with regard to this document There is index entry;And wipe log file MFT items when be by whole MFT be located region all carry out by The erasing operation that byte fills out 0 or random character at least 5 times, if the MFT has A0 attributes, also needs to A0 The cluster that index buffering area corresponding to attribute is located carries out the byte-by-byte at least 5 times erasings for filling out 0 or random character Operation.
CN201510601559.4A 2015-09-18 2015-09-18 The method for deleting of confidential data in new technology file system Pending CN106548086A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN201510601559.4A CN106548086A (en) 2015-09-18 2015-09-18 The method for deleting of confidential data in new technology file system

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN201510601559.4A CN106548086A (en) 2015-09-18 2015-09-18 The method for deleting of confidential data in new technology file system

Publications (1)

Publication Number Publication Date
CN106548086A true CN106548086A (en) 2017-03-29

Family

ID=58362602

Family Applications (1)

Application Number Title Priority Date Filing Date
CN201510601559.4A Pending CN106548086A (en) 2015-09-18 2015-09-18 The method for deleting of confidential data in new technology file system

Country Status (1)

Country Link
CN (1) CN106548086A (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109656888A (en) * 2018-12-24 2019-04-19 山东中孚安全技术有限公司 A kind of file complete deletion method and device based on linux file system
CN111581163A (en) * 2020-05-12 2020-08-25 山东省计算中心(国家超级计算济南中心) Data traceless deletion method and system based on NTFS (New technology File System)

Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1928870A (en) * 2006-09-28 2007-03-14 珠海金山软件股份有限公司 Method for completely crashing file data in NTFS roll
CN102693387A (en) * 2012-06-01 2012-09-26 北京理工大学 Data wiping method for NTFS (new technology file system)

Patent Citations (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN1928870A (en) * 2006-09-28 2007-03-14 珠海金山软件股份有限公司 Method for completely crashing file data in NTFS roll
CN102693387A (en) * 2012-06-01 2012-09-26 北京理工大学 Data wiping method for NTFS (new technology file system)

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
白杨: "基于windows的磁介质数据清除技术的研究与实现", 《中国优秀硕士论文库》 *

Cited By (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN109656888A (en) * 2018-12-24 2019-04-19 山东中孚安全技术有限公司 A kind of file complete deletion method and device based on linux file system
CN111581163A (en) * 2020-05-12 2020-08-25 山东省计算中心(国家超级计算济南中心) Data traceless deletion method and system based on NTFS (New technology File System)
CN111581163B (en) * 2020-05-12 2022-03-08 山东省计算中心(国家超级计算济南中心) Data traceless deletion method and system based on NTFS (New technology File System)

Similar Documents

Publication Publication Date Title
US7571176B2 (en) Selective file erasure using metadata modifications
CN103279532B (en) Many set elements duplicate removal also identifies the affiliated filtration system gathered and method thereof
CN101527142B (en) Reading-writing method of data in redundant arrays of inexpensive disks (RAID) and equipment thereof
CN104899114B (en) A kind of continuous time data guard method on solid state hard disc
CN104239438B (en) File information storage method and fileinfo reading/writing method based on separation storage
CN109710455A (en) Deletion file access pattern method and system based on FAT32 file system
CN100454307C (en) Method for completely crashing file data in FAT roll
CN104572762B (en) The method and apparatus for deleting and restoring video file
CN105068888A (en) Oracle database based data recovery method
CN108062357A (en) The deletion file access pattern method and storage medium of F2FS file system
CN105068887A (en) SQLServer database based data recovery method
CN103645974A (en) Method and device for recovering portable document format (PDF) file
CN104462433A (en) Method for recovering data of FAT32 partition
CN106548086A (en) The method for deleting of confidential data in new technology file system
CN106599115A (en) Data protection method and device and terminal
Casey Digital stratigraphy: contextual analysis of file system traces in forensic science
Zimmermann et al. Forensic analysis of YAFFS2
AlHarbi et al. Forensic analysis of anti‐forensic file‐wiping tools on Windows
CN105184197A (en) Method for completely erasing confidential data
CN107037988A (en) A kind of flash memory safety deleting method and system based on file-level granularity
CN104281517B (en) Log mode based memory space management method and device
CN109683819A (en) A kind of content of disk file irreversibly soft delet method
CN105095352B (en) Data processing method and device applied to distributed system
CN102968597B (en) Disk data connection chain-based file crushing method
CN104731526B (en) The method and device that a kind of discontented band is write

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination
RJ01 Rejection of invention patent application after publication
RJ01 Rejection of invention patent application after publication

Application publication date: 20170329