rainbowzc

  博客园 :: 首页 :: 博问 :: 闪存 :: 新随笔 :: :: :: 管理 ::
http://www.microsoft.com/technet/sysinternals/Utilities/SDelete.mspx

SDelete v1.51

By Mark Russinovich

endurer 翻译

Published: November 1, 2006

Introduction

介绍

One feature of Windows NT/2000's (Win2K) C2-compliance is that it implements object reuse protection. This means that when an application allocates file space or virtual memory it is unable to view data that was previously stored in the resources Windows NT/2K allocates for it. Windows NT zero-fills memory and zeroes the sectors on disk where a file is placed before it presents either type of resource to an application. However, object reuse does not dictate that the space that a file occupies before it is deleted be zeroed. This is because Windows NT/2K is designed with the assumption that the operating system controls access to system resources. However, when the operating system is not active it is possible to use raw disk editors and recovery tools to view and recover data that the operating system has deallocated. Even when you encrypt files with Win2K's Encrypting File System (EFS), a file's original unencrypted file data is left on the disk after a new encrypted version of the file is created.

Windows NT/2000's (Win2K)C2-要求的特性之一是实施对象重用保护。这意味着当一个应用程序分配文件空间或虚拟内存时,它不能查看Windows NT/2K为其分配的资源中以前存储的数据。在把两类资源分给一个应用程序前,Windows NT会零填充内存和对存放文件的磁盘扇区置零。然而,对象重用不会指令一个之前未删除的文件占用的空间清零。这是因为Windows NT/2K设计时假定操作系统控制着对系统资源的访问。然而,当操作系统不活动时,使用raw 磁盘编辑程序和恢复工具查看或恢复操作系统已重分配的数据是可能的。甚至当你用 Win2K的加密文件系统(EFS)加密文件时,在新的加密版本的文件被创建后,原始未加密的文件数据被留在磁盘上。

The only way to ensure that deleted files, as well as files that you encrypt with EFS, are safe from recovery is to use a secure delete application. Secure delete applications overwrite a deleted file's on-disk data using techiques that are shown to make disk data unrecoverable, even using recovery technology that can read patterns in magnetic media that reveal weakly deleted files. SDelete (Secure Delete) is such an application. You can use SDelete both to securely delete existing files, as well as to securely erase any file data that exists in the unallocated portions of a disk (including files that you have already deleted or encrypted). SDelete implements the Department of Defense clearing and sanitizing standard DOD 5220.22-M, to give you confidence that once deleted with SDelete, your file data is gone forever. Note that SDelete securely deletes file data, but not file names located in free disk space.

确保被删除文件,以及你用EFS加密的文件免于恢复的安全方法是使用安全删除应用程序。安全删除应用程序覆写被删除文件的磁盘数据,用所示技术来使磁盘数据不可恢复,即使使用可以读取残存被删除文件的磁性媒体的式样的恢复技术。SDelete (Secure Delete) 就是这样的一个应用程序。你既可以使用SDelete来安全地删除现存文件,也可以安全删除存在于磁盘中未分配部分的一些文件数据(包括你已删除或加密的文件)。SDelete实施美国国防部资料摧毁标准DOD 5220.22-M,给予你一旦用SDelete删除,文件数据就永远消失的信心。注意,SDelete安全地删除文件数据,但不含位于自由磁盘空间中的文件名。

SDelete works on Windows 95, 98, NT 4.0 and Win2K.

SDelete运行于Windows 95, 98, NT 4.0 and Win2K。

SDelete Usage

SDelete的用法

SDelete is a command line utility that takes a number of options. In any given use, it allows you to delete one or more files and/or directories, or to cleanse the free space on a logical disk. SDelete accepts wild card characters as part of the directory or file specifier.

SDelete是一个带若干选项的命令行工具。按所给用法,你可以删除一个或多个文件和/或目录,或者净化逻辑磁盘上的自由空间。

Usage: sdelete [-p passes] [-s] [-q] <file or directory>
sdelete [-p passes] -z [drive letter]

-p passes

Specifies number of overwrite passes

指定覆写趟数。

-s

Recurse subdirectories

处理子目录。

-q

Don't print errors (quiet)

不显示错误

-z

Cleanse free space

净化自由空间

How SDelete Works

SDelete如何工作

Securely deleting a file that has no special attributes is relatively straight-forward: the secure delete program simply overwrites the file with the secure delete pattern. What is more tricky is securely deleting Windows NT/2K compressed, encrypted and sparse files, and securely cleansing disk free spaces.

安全删除无特别相对简单易懂的属性的文件:安全删除程序用安全删除典范简单地覆写。巧妙之处在于安全删除Windows NT/2K压缩的、加密的,和稀疏的文件,安全净化磁盘自由空间。

Compressed, encrypted and sparse are managed by NTFS in 16-cluster blocks. If a program writes to an existing portion of such a file NTFS allocates new space on the disk to store the new data and after the new data has been written, deallocates the clusters previously occupied by the file. NTFS takes this conservative approach for reasons related to data integrity, and in the case of compressed and sparse files, in case a new allocation is larger than what exists (the new compressed data is bigger than the old compressed data). Thus, overwriting such a file will not succeed in deleting the file's contents from the disk.

压缩的、加密的,和稀疏(的文件)被NTFS管制于16-簇块中。如果一个程序写这样的文件的现存部分,NTFS分配新磁盘空间来存储新数据,并在新数据写入后,重新分配该文件原来占用的簇。NTFS采取此保守方法的原因关系到数据完整性,例如压缩的和稀疏的文件,假使新分配的大于现存的(新压缩数据大于旧的压缩数据)。因此,在从磁盘中删除文件的内容时,覆写这样的文件将不成功。

《endurer注:1。such a:(+形容词+名词)这样
2。for reason:因为...理由
3。in the case of:万一(就...来说,至于)
4。in case:假使,以防万一;如果,万一》

To handle these types of files SDelete relies on the defragmentation API. Using the defragmentation APISDelete can determine precisely which clusters on a disk are occupied by data belonging to compressed, sparse and encrypted files. Once SDelete knows which clusters contain the file's data, it can open the disk for raw access and overwrite those clusters.

要处理这类文件,SDelete依靠磁盘碎片整理API。利用磁盘碎片整理API,SDelete可以精确地判断磁盘中被属于压缩的、稀疏和加密的文件的数据占用的簇。一旦SDelete知道哪些簇包含这种文件的数据,它可以打开磁盘以raw访问和覆写这些簇。

Cleaning free space presents another challenge. Since FAT and NTFS provide no means for an application to directly address free space, SDelete has one of two options. The first is that it can, like it does for compressed, sparse and encrypted files, open the disk for raw access and overwrite the free space. This approach suffers from a big problem: even if SDelete were coded to be fully capable of calculating the free space portions of NTFS and FAT drives (something that's not trivial), it would run the risk of collision with active file operations taking place on the system. For example, say SDelete determines that a cluster is free, and just at that moment the file system driver (FAT, NTFS) decides to allocate the cluster for a file that another application is modifying. The file system driver writes the new data to the cluster, and then SDelete comes along and overwrites the freshly written data: the file's new data is gone. The problem is even worse if the cluster is allocated for file system metadata since SDelete will corrupt the file system's on-disk structures.

清理自由空间存在另外的挑战。因为 FAT 和 NTFS 没有为应用程序提供直接定位自由空间的意思,SDelete要二选一。第一个是它可以,像针对压缩的、稀疏,和加密的的文件那样,打开磁盘以以raw访问和覆写自由空间。此方法遭遇一个很大的问题:即使SDelete被编码,能够计算NTFS 和 FAT驱动器的自由空间部分(有些不是小事情),它也将冒与系统发生的激活文件操作发生冲突的危险。例如,说SDelete判断一个簇是自由的,就在这时文件系统驱动程序(FAT, NTFS)决定把该簇分配给另一应用程序正在修改的一个文件。文件系统驱动程序写新数据到该簇,然后 SDelete 出现并覆写刚写入的数据:文件的新数据没了。此问题更糟的是,如果该簇被分配给文件系统元数据,从而SDelete将破坏磁盘文件系统结构。

《endurer注:1。suffer from:遭受(因...而蒙受损害)
2。capable of:能够
3。run the risk of:冒...的危险
4。in collision with:与-相撞(在与-冲突中)
5。take place:发生
6。come along:一道走;出现;来临;快来
7。even worse:更糟的是
8。metadata:n. [计]元数据》

The second approach, and the one SDelete takes, is to indirectly overwrite free space. First, SDelete allocates the largest file it can. SDelete does this using non-cached file I/O so that the contents of the NT file system cache will not be thrown out and replaced with useless data associated with SDelete's space-hogging file. Because non-cached file I/O must be sector (512-byte) aligned, there might be some left over space that isn't allocated for the SDelete file even when SDelete cannot further grow the file. To grab any remaining space SDelete next allocates the largest cached file it can. For both of these files SDelete performs a secure overwrite, ensuring that all the disk space that was previously free becomes securely cleansed.

第二种方法,也是SDelete采用的,是不直接覆写自由空间。首先,SDelete分配一个最大的文件。SDelete使用非缓存文件I/O来进行,这样NT文件系统缓存的内容将不会被抛出和被与SDelete相关的大空间文件的无用数据替代。因为非缓存文件I/O必须是对齐扇区(512字节),可能存在一些不能为SDelete文件分配的遗留空间,尤其是SDelete不能再扩大文件时。要获取剩余空间,SDelete下一次分配最大缓存文件。针对这些文件,SDelete执行安全覆写,确保所有以前自由的磁盘空间变得安全净化。

《endurer注:1。thrown out: 抛出(说出,撵走,拒绝,显示,发出,派出,打扰,封杀出局)
2。left over:留下(剩下,推迟处理)
3。even when:即使当》

On NTFS drives SDelete's job isn't necessarily through after it allocates and overwrites the two files. SDelete must also fill any existing free portions of the NTFS MFT (Master File Table) with files that fit within an MFT record. An MFT record is typically 1KB in size, and every file or directory on a disk requires at least one MFT record. Small files are stored entirely within their MFT record, while files that don't fit within a record are allocated clusters outside the MFT. All SDelete has to do to take care of the free MFT space is allocate the largest file it can - when the file occupies all the available space in an MFT Record NTFS will prevent the file from getting larger, since there are no free clusters left on the disk (they are being held by the two files SDelete previously allocated). SDelete then repeats the process. When SDelete can no longer even create a new file, it knows that all the previously free records in the MFT have been completely filled with securely overwritten files.

在NTFS驱动器上,SDelete的工作在分配和覆写两个文件后不一定完了。SDelete还必须用一些可装入MFT记录的文件填充一些现存的NTFS主文件表(MFT)的自由部分。一个MFT记录常规大小是1KB。存储在磁盘上的小文件要求至少一个MFT记录,然后不能装入一个记录的文件被分配在MFT外的簇中。SDelete所要做的是分配最大的文件,注意自由MFT空间-当文件占据了MFT记录中的所有可用空间,NTFS将防止文件变得更大,因为没有自由簇留在磁盘(它们被SDelete先前分配的两个文件占用了)。SDelete接着重复这个过程。当不能再创建新文件时,SDelete就知道MFT中原先所有的自由记录已经被完整用安全覆写文件填充。

To overwrite file names of a file that you delete, SDelete renames the file 26 times, each time replacing each character of the file's name with a successive alphabetic character. For instance, the first rename of "foo.txt" would be to "AAA.AAA".

要覆写你删除的文件的文件名,SDelete将文件改名26次,每次用连续的字母字符替换文件名的每个字符。例如,“foo.txt”的第一次改名将是“AAA.AAA”。

The reason that SDelete does not securely delete file names when cleaning disk free space is that deleting them would require direct manipulation of directory structures. Directory structures can have free space containing deleted file names, but the free directory space is not available for allocation to other files. Hence, SDelete has no way of allocating this free space so that it can securely overwrite it.

SDelete在清理磁盘自由空间时不能安全删除文件名的原因是,删除他们将要求直接处理目录结构。目录结构可能有包含被删文件的自由空间,但自由目录空间不能分配给其它文件。因此,SDelete无法分配此自由空间以安全覆写。

posted on 2008-06-25 09:16  ct  阅读(2625)  评论(0编辑  收藏  举报