Choosing a tool for irrevocable destruction of documents in the electronic archive

Destruction of documents, the archival storage period of which has expired, and the further storage of which is not required - one of the elements of the archive of any organization. For the destruction of paper documents, methods of physical destruction are used - incineration, chemical processing, shredding, which guarantee the impossibility of information recovery. For documents stored in electronic form, other methods are used: destruction of data on the carrier or destruction of the data carrier itself. There are plenty of data destruction tools, but not all of them have proven to be applicable to automate the destruction of documents in an archive.



Task



When introducing an electronic archive in an organization, we had to automate the destruction of electronic archive documents. The archive itself is a Directum system, in which, using the built-in IS-Builder development tool, a large amount of logic has been written for receiving documents into the archive from source systems, converting electronic signature formats, granting and revoking access rights to entire cases or individual documents. The texts of archive documents are stored on a magnetic carrier, and when carrying out the routine deletion procedure from the carrier, the files of only those documents whose storage period has expired must be irrevocably deleted. That is, the destruction of an entire medium was out of the question, and the task was to find a suitable tool for destroying document data on the medium.



Since the process of deleting documents is also implemented in IS-Builder, we were looking for a tool for deleting files that can be controlled from code in the built-in programming language of the Directum system. From a performance point of view, a requirement was imposed on the tool: the tool should spend no more than one second destroying a one megabyte file. As for the algorithm used by the tool for data destruction, it is mandatory to comply with GOST R 50739-95, and support for several algorithms is encouraged for a choice. Also, the tool should be free and free for commercial use.



Most of the tools, information about which we could find by searching on the Internet, did not meet the requirements, since they were utilities only with a graphical interface, without the possibility of programmatic interaction. For a more detailed study, only:



  • Sysinternals SDelete utility;
  • Eraser is a utility with an interesting approach to destruction;
  • Well, we also put our hopes on the implementation of the tool directly on IS-Builder.


How we tested



For testing, we have prepared a small partition on the hard drive to make it easier to take a look at our theater of operations. On this disk, we created files, destroyed them in different ways and then looked at what was left of them. Destruction is considered successful if it is performed at a speed not lower than the required one, and no fragments of the original file can be found. And to make the comparison between the tools honest, the same algorithm was used in all tools to destroy files, which is supported by all of them - DOD 5220.22-M, which formally meets the requirements of GOST.



To monitor the results of destruction, we used the following tools:



  • WinHex is a shareware utility that gains access to media content at a low level, allowing you to search for data by a piece of content and restore it;
  • DiskView – Sysinternals. , – «» .


IS-Builder



The essence of the DOD 5220.22-M algorithm is quite simple, and we implemented it in the built-in programming language of the Directum system. As an input, the algorithm receives the name of the file and asks the file system for its size in bytes. Then a buffer of the calculated size is generated three times and written to the specified file. The beauty of the approach is that the destruction algorithm can be implemented absolutely any, with any number of passes and the most inconceivable rewriting patterns. In addition, since the tool is implemented on IS-Builder without dependencies on external software, there are absolutely no difficulties with its integration into the application development of the Directum system. And it works quickly. It just doesn't destroy data! WinHex found not just fragments of the original file on the disk, but the entire file and successfully restored it. It revealed,that at the moment of writing the first buffer to the disk, the file location on the disk changes: the original file was located at the beginning of the section, but ended up in the middle or at the end. We found this out using DiskView. The original clusters, although marked free, still contain data. This, of course, is no good. We used different methods of writing to the file, the result is the same everywhere, the data can be found and restored. It turns out that we can generate a buffer for rewriting, but we cannot write it to disk correctly. And since it was not possible to find working schemes, I had to say goodbye to the idea of ​​getting by with the tools built into Directum.The original clusters, though marked as free, still contain data. This, of course, is no good. We used different methods of writing to the file, the result is the same everywhere, the data can be found and restored. It turns out that we can generate a buffer for rewriting, but we cannot write it to disk correctly. And since it was not possible to find working schemes, I had to say goodbye to the idea of ​​getting by with the tools built into Directum.The original clusters, though marked as free, still contain data. This, of course, is no good. We used different methods of writing to the file, the result is the same everywhere, the data can be found and restored. It turns out that we can generate a buffer for rewriting, but we cannot write it to disk correctly. And since it was not possible to find working schemes, I had to say goodbye to the idea of ​​getting by with the tools built into Directum.



SDelete



docs.microsoft.com/en-us/sysinternals/downloads/sdelete



Sysinternals SDelete implements only one delete algorithm (DOD 5220.22-M), but you can specify the number of rewrite passes, destroy the directory tree with all its contents, and even perform a "cleanup "Unallocated disk space. SDelete is a command line utility and has only a few switches, so it's easy to invoke it from IS-Builder calculations:



SDelete = "C:\Sysinternals\SDelete\sdelete.exe"
Command = Format('"%s" -p 1 "%s"'; ArrayOf(SDelete; Filename))
ExecuteProcess(Command; smNormal; wmYes)


As a result of using the utility, the files disappeared from the disk almost without a trace: using WinHex, it was possible to detect only traces of the file name rewriting, but the contents could not be found and restored. At the same time, the utility worked rather quickly (deleting a 1 megabyte file = 0.2 seconds) and deservedly took the lead.



Eraser



eraser.heidi.ie



Free GUI utility. What sets Eraser apart from the rest is its work with a kill queue. If you want to delete something, then you must create the corresponding task and add it to the queue. Each task in the Eraser queue is a collection of information:



  • about the object of destruction - it can be a specific file or directory, the contents of the user's "Recycle Bin", unallocated disk space. It can also be a safe movement of files or folders, or a complete cleanup of a partition on a hard drive;
  • about the destruction algorithm - Eraser knows several ready-made rewriting algorithms, and also offers the ability to create your own, setting the required number of passes and specifying for each of them its own data template for rewriting;
  • about start time - the task can be executed immediately after being placed in the queue, according to the schedule, when the operating system boots, or manually.


The Eraser process running in the background is busy processing the queue and executing tasks. Thus, data destruction in Eraser is always an asynchronous process, very much like server events in Directum.



Controlling the utility using command line switches also works, and for a long time, although work on the command line has not yet been officially announced and is in the status of a developed functionality:



Eraser = "C:\Program Files\Eraser\Eraser.exe"
Command = Format('"%s" erase /method="ecbf4998-0b4f-445c-9a06-23627659e419" /quiet file="%s"'; ArrayOf(Eraser; Filename))
ExecuteProcess(Command; smNormal; wmYes)


File destruction with Eraser completed successfully. It was not possible to estimate the speed of work due to the asynchronous destruction. From the point of view of use in applied development, the suspended status of work in the command line is confusing, but the ability to create arbitrary destruction methods looks interesting.



results



If it were not for the annoying file with writing the buffer to disk, the implementation on IS-Builder would look like a million, but, alas, it did not reach the finish line. The other two tools performed much better, with the SDelete utility looking the most advantageous. It does not require installation, although it has minimal, but sufficient functionality and good performance.



All Articles