CN106548086A - The method for deleting of confidential data in new technology file system - Google Patents
The method for deleting of confidential data in new technology file system Download PDFInfo
- Publication number
- CN106548086A CN106548086A CN201510601559.4A CN201510601559A CN106548086A CN 106548086 A CN106548086 A CN 106548086A CN 201510601559 A CN201510601559 A CN 201510601559A CN 106548086 A CN106548086 A CN 106548086A
- Authority
- CN
- China
- Prior art keywords
- file
- mft
- information
- items
- attributes
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F21/00—Security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F21/60—Protecting data
- G06F21/62—Protecting access to data via a platform, e.g. using keys or access control rules
- G06F21/6218—Protecting access to data via a platform, e.g. using keys or access control rules to a system of files or objects, e.g. local or distributed file system or database
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F2221/00—Indexing scheme relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/21—Indexing scheme relating to G06F21/00 and subgroups addressing additional information or applications relating to security arrangements for protecting computers, components thereof, programs or data against unauthorised activity
- G06F2221/2107—File encryption
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Computer Security & Cryptography (AREA)
- Bioethics (AREA)
- General Health & Medical Sciences (AREA)
- Computer Hardware Design (AREA)
- Health & Medical Sciences (AREA)
- Software Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Databases & Information Systems (AREA)
- Storage Device Security (AREA)
- Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
Abstract
The invention provides in a kind of new technology file system confidential data method for deleting, belong to information security field, beneficial effects of the present invention are as follows:1. parsing new technology file system mark needs the confidential document of erasing;2. the information such as the catalogue of confidential document, bitmap, registration table are marked;3. the physical storage address of confidential document is marked;4. all vestiges of erasing mark confidential document ensure the safety of confidential data.Based on above-mentioned means, the present invention can protect the safety of confidential data, it is ensured that confidential data is not recovered to utilize by illegal, adapts to all of enterprises and institutions, government, military project confidential data.
Description
Technical field
The invention belongs to field of information security technology, and in particular to confidential data in a kind of new technology file system
Method for deleting.
Background technology
In the 21 century that informationization is developed rapidly, computer technology is maked rapid progress, with daily life
Closely bound up, electronic information is the main carriers of data, and numerous enterprises and institutions, state security department use
Electronic data be all height concerning security matters, their data safety is also what is paid much attention to, all of concerning security matters
Data all arbitrarily cannot be read, once spreading, the impact for causing is inestimable, and USB flash disk, sd cards etc.
Used as the most frequently used mobile memory medium, the importance of the data confidentiality of its new technology file system for carrying is not
Say and explain, but for the data storage characteristic of new technology file system, stored concerning security matters in a computer
Data, even being deleted, it is also possible to restored it using data reconstruction method, so important concerning security matters
Data just have the possibility for being resumed, spreading, in order to avoid the generation of these phenomenons, it is proposed that a kind of to be directed to NTFS
The method that the confidential data of file system is thoroughly wiped, this method can be thorough by the physical location for having confidential data
Wipe at bottom, it is ensured that data are destroyed completely, without the possibility recovered.
The explanation of nouns being related to:
Normal file:In recording head information in the MFT items of file, opposing headers offset the mark of 0x16
Be worth for 0x01 or 0x03 when represent it is normal file;
Reverse-locate:It is that information in the MFT by file goes to position whether the corresponding parent directory of this document is deposited
Technology.
The content of the invention
The present invention is directed to the deficiencies in the prior art, there is provided the wiping of confidential data in a kind of new technology file system
Except method, can solve the problem that prior art is unable to complete deletion data for new technology file system and leads
Cause the problem of information leakage.
To solve problem above, the technical solution used in the present invention is as follows:Relate in a kind of new technology file system
The method for deleting of ciphertext data, comprises the following steps:
S1 reads all data files of the MFT records in the NTFS partition in concerning security matters storage medium;
S2 judges that the file type of confidential document to be erased is normal file or deletes file, if normal text
Part then skips to S3, otherwise skips to S4;
The parameters of S3 resolution files, including the MFT item information of file, the MFT item information of file parent directory,
The address data area of file;
MFT item information or file data area information of the S4 by deletion file, reverse-locate this document parent directory MFT
Information or file MFT information;
According to the result in S4, S5 judges that the parent directory information of file whether there is, if exist skipping to S6, otherwise
Skip to S7;
S6 marks the data zone content of file to be erased, then carries out the byte-by-byte erasing for filling out 0 or random character
Operation;
MFT items in S7 marks file to be erased and 90 attributes in the MFT items of file parent directory, A0 attributes,
Then carry out the byte-by-byte erasing operation for filling out 0 or random character;
S8 updates the bitmap letter of the MFT directory entries information and whole file system cluster usage record of whole file system
Breath.
Preferably, file record head of all data files of the MFT records described in S1 at least including MFT items
Information.
Preferably, S2's comprises the following steps that:Offset according to opposing headers in the recording head information in MFT items
The value of statistical indicant of 0x16 come judge with erasing confidential document file type be normal file or delete file,
If normal file then skips to S3, S4 is otherwise skipped to.
Preferably, the parameters described in S3 include MFT items 10,30,80,90, A0, B0 attribute
Information.
Preferably, S4's comprises the following steps that:In 10 and 30 attributes by the MFT item information for deleting file
The document reference number or file data area information of the parent directory recorded in opposing headers skew 0x00, it is reversely fixed
Position this document parent directory MFT information.
Preferably, S5's comprises the following steps that:According to result in S4, check in jumping to corresponding MFT items
Whether 90 or A0 attributes of the MFT items are related to the record of this document information, if exist skipping to S6, otherwise
Skip to S7.
Preferably, S6's comprises the following steps that:Marked by 80 attributes in the MFT items of file and B0 attributes
The data zone content of file to be erased, jumps to the address at data field place, the whole used by data field
The corresponding region of cluster number carries out the byte-by-byte at least 5 times erasing operations for filling out 0 or random character.
Preferably, S7's comprises the following steps that:Mark MFT items and file parent directory in file to be erased
90 attributes, A0 attributes in MFT items, when the MFT items of MFT items and file parent directory of file are wiped
It is different;Specifically, to MFT 90 or A0 attribute areas are only needed when the MFT of file parent directory is wiped
Each byte in domain carries out at least 5 times erasing operations for filling out 0 or random character, especially, in erasing A0
Wipe in index buffering area with regard to this document in needing to jump to A0 attributes corresponding index buffering area during attribute
All index entries;And be that the region that whole MFT is located all is entered when the MFT items of log file are wiped
The erasing operation that row fills out 0 or random character byte-by-byte at least 5 times, if the MFT has A0 attributes, also needs
Byte-by-byte at least 5 times are carried out to the cluster that the index buffering area corresponding to A0 attributes is located and fills out 0 or random character
Erasing operation.
Beneficial effects of the present invention are as follows:1. parsing new technology file system mark needs the confidential document of erasing;
2. the information such as the catalogue of confidential document, bitmap, registration table are marked;3. the physical store ground of confidential document is marked
Location;4. all vestiges of erasing mark confidential document ensure the safety of confidential data.Based on above-mentioned means, this
Invention can protect the safety of confidential data, it is ensured that confidential data is not recovered to utilize by illegal, adapts to all of
Enterprises and institutions, government, military project confidential data.
Description of the drawings
The flow chart of Fig. 1 embodiment of the present invention.
Specific embodiment
To make the objects, technical solutions and advantages of the present invention become more apparent, develop simultaneously reality referring to the drawings
Example is applied, the present invention is described in further details.
In order to describe the inventive method in detail, it is expanded on further with reference to accompanying drawing.
The present invention proposes a kind of method for deleting of confidential data in new technology file system, and the method is not only wiped
Normal file in NTFS partition, moreover it is possible to the file deleted in wiping NTFS.
Below by taking NTFS V3.1 versions as an example, the method for the present invention is elaborated.Specifically, including following
Step:
S1 reads the information of all MFT items in the NTFS partition in the storage medium of concerning security matters (mainly including MFT
The file record header of item), and parse the information such as file, the file for wherein recording;
S2 according in the recording head information in MFT items opposing headers skew 0x16 value of statistical indicant come judge band wipe
The file type of confidential document is normal file or deletes file, if normal file then skips to S3,
S4 is skipped to otherwise;
S3 resolution files parameters (it is main include MFT items 10,30,80,90, the attribute such as A0, B0
Information), the MFT item information of MFT item information, file parent directory including file, the data of file
Regional address;
In 30 attributes of the S4 by the MFT item information for deleting file, opposing headers offset the father's mesh recorded in 0x00
The document reference number or file data area information of record, reverse-locates this document parent directory MFT information;
Whether S5 checks 90 or A0 attributes of the MFT items according to result in S4 in jumping to corresponding MFT items
The record of this document information is related to, if exist skipping to S6, S7 is otherwise skipped to;
In MFT items of the S6 by file, 80 attributes and B0 attributes to be marking the data zone content with erasing file,
The address at data field place is jumped to, the corresponding region of whole clusters number used by data field is byte-by-byte
The erasing operation of 0 or random character is filled out repeatedly;
90 attributes, A0 attributes in MFT items of the S7 marks with MFT items and file parent directory in erasing file,
It is different when the MFT items of MFT items and file parent directory of file are wiped.Specifically, in erasing
Only need during the MFT of file parent directory to MFT 90 or each byte of A0 attribute regions carry out repeatedly
The erasing operation of 0 or random character is filled out, especially, needs to jump to A0 category when A0 attributes are wiped
Property it is corresponding index buffering area in wipe index buffering area with regard to this document all index entries;And
It is all to carry out byte-by-byte repeatedly filling out 0 by the region that whole MFT is located during the MFT items of erasing log file
Or the erasing operation of random character, if the MFT has A0 attributes, also need to corresponding to A0 attributes
The cluster that index buffering area is located carries out the byte-by-byte erasing operation for repeatedly filling out 0 or random character.
S8 updates the message bit pattern and the bitmap of whole file system cluster usage record of the MFT items of whole file system
Information.
One of ordinary skill in the art will be appreciated that embodiment described here is to aid in reader's reason
The implementation of the solution present invention, it should be understood that protection scope of the present invention is not limited to such especially old
State and embodiment.One of ordinary skill in the art can be made according to these technology enlightenments disclosed by the invention
Various other various concrete deformations and combination without departing from essence of the invention, these deformations and combination are still at this
In the protection domain of invention.
Claims (8)
1. in a kind of new technology file system confidential data method for deleting, it is characterised in that comprise the following steps:
S1 reads all data files of the MFT records in the NTFS partition in concerning security matters storage medium;
S2 judges that the file type of confidential document to be erased is normal file or deletes file, if normal text
Part then skips to S3, otherwise skips to S4;
The parameters of S3 resolution files, including the MFT item information of file, the MFT item information of file parent directory,
The address data area of file;
MFT item information or file data area information of the S4 by deletion file, reverse-locate this document parent directory MFT
Information or file MFT information;
According to the result in S4, S5 judges that the parent directory information of file whether there is, if exist skipping to S6, otherwise
Skip to S7;
S6 marks the data zone content of file to be erased, then carries out the byte-by-byte erasing for filling out 0 or random character
Operation;
MFT items in S7 marks file to be erased and 90 attributes in the MFT items of file parent directory, A0 attributes,
Then carry out the byte-by-byte erasing operation for filling out 0 or random character;
S8 updates the bitmap letter of the MFT directory entries information and whole file system cluster usage record of whole file system
Breath.
2. in a kind of new technology file system according to claim 1 confidential data method for deleting, its feature
It is that all data files of the MFT records described in S1 at least include the file record header of MFT items.
3. in a kind of new technology file system according to claim 2 confidential data method for deleting, its feature
It is that S2's comprises the following steps that:
Relating to erasing is judged according to the value of statistical indicant of opposing headers skew 0x16 in the recording head information in MFT items
The file type of ciphertext part is normal file or deletes file, if normal file then skips to S3, otherwise jumps
To S4.
4. in a kind of new technology file system according to claim 3 confidential data method for deleting, its feature
Be, the parameters described in S3 include MFT items 10,30,80,90, the information of A0, B0 attribute.
5. in a kind of new technology file system according to claim 4 confidential data method for deleting, its feature
It is that S4's comprises the following steps that:By relative in 10 and 30 attributes of the MFT item information for deleting file
The document reference number or file data area information of the parent directory recorded in head bias 0x00, reverse-locating should
File parent directory MFT information.
6. in a kind of new technology file system according to claim 5 confidential data method for deleting, its feature
It is that S5's comprises the following steps that:According to result in S4, in jumping to corresponding MFT items, the MFT is checked
Whether 90 or A0 attributes of item are related to the record of this document information, if exist skipping to S6, otherwise skip to S7.
7. confidential data method for deleting in a kind of new technology file system according to claim 6, its feature exist
In S6's comprises the following steps that:It is to be erased to mark by 80 attributes in the MFT items of file and B0 attributes
The data zone content of file, jumps to the address at data field place, and whole clusters number that data field is used are right
The region answered carries out the byte-by-byte at least 5 times erasing operations for filling out 0 or random character.
8. in a kind of new technology file system according to claim 7 confidential data method for deleting, its feature
It is that S7's comprises the following steps that:Mark the MFT of the MFT items and file parent directory in file to be erased
90 attributes, A0 attributes in, when the MFT items of MFT items and file parent directory of file are wiped
It is different;Specifically, to MFT 90 or A0 attribute regions are only needed when the MFT of file parent directory is wiped
Each byte carries out at least 5 times erasing operations for filling out 0 or random character, especially, in erasing A0 attributes
When need to jump to the corresponding index buffering area of A0 attributes in wipe institute in index buffering area with regard to this document
There is index entry;And wipe log file MFT items when be by whole MFT be located region all carry out by
The erasing operation that byte fills out 0 or random character at least 5 times, if the MFT has A0 attributes, also needs to A0
The cluster that index buffering area corresponding to attribute is located carries out the byte-by-byte at least 5 times erasings for filling out 0 or random character
Operation.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510601559.4A CN106548086A (en) | 2015-09-18 | 2015-09-18 | The method for deleting of confidential data in new technology file system |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN201510601559.4A CN106548086A (en) | 2015-09-18 | 2015-09-18 | The method for deleting of confidential data in new technology file system |
Publications (1)
Publication Number | Publication Date |
---|---|
CN106548086A true CN106548086A (en) | 2017-03-29 |
Family
ID=58362602
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN201510601559.4A Pending CN106548086A (en) | 2015-09-18 | 2015-09-18 | The method for deleting of confidential data in new technology file system |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN106548086A (en) |
Cited By (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109656888A (en) * | 2018-12-24 | 2019-04-19 | 山东中孚安全技术有限公司 | A kind of file complete deletion method and device based on linux file system |
CN111581163A (en) * | 2020-05-12 | 2020-08-25 | 山东省计算中心(国家超级计算济南中心) | Data traceless deletion method and system based on NTFS (New technology File System) |
Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1928870A (en) * | 2006-09-28 | 2007-03-14 | 珠海金山软件股份有限公司 | Method for completely crashing file data in NTFS roll |
CN102693387A (en) * | 2012-06-01 | 2012-09-26 | 北京理工大学 | Data wiping method for NTFS (new technology file system) |
-
2015
- 2015-09-18 CN CN201510601559.4A patent/CN106548086A/en active Pending
Patent Citations (2)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN1928870A (en) * | 2006-09-28 | 2007-03-14 | 珠海金山软件股份有限公司 | Method for completely crashing file data in NTFS roll |
CN102693387A (en) * | 2012-06-01 | 2012-09-26 | 北京理工大学 | Data wiping method for NTFS (new technology file system) |
Non-Patent Citations (1)
Title |
---|
白杨: "基于windows的磁介质数据清除技术的研究与实现", 《中国优秀硕士论文库》 * |
Cited By (3)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN109656888A (en) * | 2018-12-24 | 2019-04-19 | 山东中孚安全技术有限公司 | A kind of file complete deletion method and device based on linux file system |
CN111581163A (en) * | 2020-05-12 | 2020-08-25 | 山东省计算中心(国家超级计算济南中心) | Data traceless deletion method and system based on NTFS (New technology File System) |
CN111581163B (en) * | 2020-05-12 | 2022-03-08 | 山东省计算中心(国家超级计算济南中心) | Data traceless deletion method and system based on NTFS (New technology File System) |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
US7571176B2 (en) | Selective file erasure using metadata modifications | |
CN103279532B (en) | Many set elements duplicate removal also identifies the affiliated filtration system gathered and method thereof | |
CN101527142B (en) | Reading-writing method of data in redundant arrays of inexpensive disks (RAID) and equipment thereof | |
CN104899114B (en) | A kind of continuous time data guard method on solid state hard disc | |
CN104239438B (en) | File information storage method and fileinfo reading/writing method based on separation storage | |
CN109710455A (en) | Deletion file access pattern method and system based on FAT32 file system | |
CN100454307C (en) | Method for completely crashing file data in FAT roll | |
CN104572762B (en) | The method and apparatus for deleting and restoring video file | |
CN105068888A (en) | Oracle database based data recovery method | |
CN108062357A (en) | The deletion file access pattern method and storage medium of F2FS file system | |
CN105068887A (en) | SQLServer database based data recovery method | |
CN103645974A (en) | Method and device for recovering portable document format (PDF) file | |
CN104462433A (en) | Method for recovering data of FAT32 partition | |
CN106548086A (en) | The method for deleting of confidential data in new technology file system | |
CN106599115A (en) | Data protection method and device and terminal | |
Casey | Digital stratigraphy: contextual analysis of file system traces in forensic science | |
Zimmermann et al. | Forensic analysis of YAFFS2 | |
AlHarbi et al. | Forensic analysis of anti‐forensic file‐wiping tools on Windows | |
CN105184197A (en) | Method for completely erasing confidential data | |
CN107037988A (en) | A kind of flash memory safety deleting method and system based on file-level granularity | |
CN104281517B (en) | Log mode based memory space management method and device | |
CN109683819A (en) | A kind of content of disk file irreversibly soft delet method | |
CN105095352B (en) | Data processing method and device applied to distributed system | |
CN102968597B (en) | Disk data connection chain-based file crushing method | |
CN104731526B (en) | The method and device that a kind of discontented band is write |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination | ||
RJ01 | Rejection of invention patent application after publication | ||
RJ01 | Rejection of invention patent application after publication |
Application publication date: 20170329 |