By Eric Beasley
As the Tech Editor for A Miner Detail, the responsibility falls on me to explain the technology side of things. Luckily for me, Presidential Candidate Hillary Clinton has created a prime atmosphere for discussing technology related issues. Especially in the information security field.
Yesterday, Congressman Trey Gowdy was interviewed on Fox News and he mentioned an application called BleachBit. It was at the end of the interview and he was unable to further explain. Fortunately, I’m here to explain what this application does and why you should care.
Each operating system handles information a little bit differently. Since most people use Windows, I will be skipping over the discussions of OS X and Unix derivatives. However, I still have to explain magnetism and file systems. So think back to pre-common core middle school science.
Traditional hard drives have platters inside. These platters look a lot like a thicker version of a CD or DVD. To store information, a small hand (think record player) moves around the sectors of the platter to read and write information onto the platter. These platters contain millions of tiny little magnets that the hand can align to a certain magnetic value, positive or negative. That positive or negative value is translated by the computer into binary 1 or 0. This is called a “bit”. Eight bits equal a “byte”, which is used to represent a single character.
When you create a document and save it on your hard drive, a little section of that hard drive platter is magnetized based on the information that you saved. The tiny magnets are aligned based on what you typed, translated into binary. Your operating system and/or application translates that data. Windows then maps out the location of the hard drive in which this data is stored based on a few parameters; the platter in which data is stored, the track of the disk, and the sector of the track.
When you double click on the icon for your file, Windows tells itself “The information is located on platter 2, track 7, sector 2, let me open that for you” and your data appears on screen.
Now that you know how a file is created, saved on your hard drive, and re-opened, what happens when you delete a file?
On Windows, when you delete a file it appears in your recycle bin. That means that the operating system knows where the data is, but it will not be present in Windows Explorer with all your other files. Once you empty the recycle bin, Windows forgets where the file is stored. It forgets the location of the data on the hard drive, nothing more.
This is how computer forensics works. That information, the magnetic representation of computer data, stays on the hard drive until it is overwritten by another piece of data. If the data has not been overwritten, then the information can be recovered with a variety of forensic utilities.
Applications like BleachBit, cCleaner, and Shred scour the hard drive platter for information that Windows has “forgotten.” When they find these files, they perform an overwrite of the hard drive address (platter, track, sector) so that the magnetic representation of data has been changed. Therefore, the data is not recoverable.
Now, there are differing theories and academic studies on the effectiveness of such overwriting. Some folks claims one overwrite is effective enough. Some prefer 7, which is the DoD standard. Some prefer 35 overwrites. There does exist theoretical models in which overwritten data can be recovered, techniques that involve tens of millions of dollars worth of equipment and some skilled physicists. These methods are as realistic as Warp Drive.
Tech Talk Note: The IT inclined are screaming about solid state drives right now. Solid state drives do not use magnetic platters and are another topic altogether.
In regards to the Trey Gowdy interview, his comment basically means that Mrs. Clinton undertook extraordinary steps to delete information, above and beyond what the average user would do. She did not merely delete files and empty the recycle bin, she utilized a disk wiping utility called BleachBit to ensure that the files were not recoverable using digital forensic methods.