All geek questions in one place

How to get the physical location of a file on your hard drive

I want the shedder file to completely delete the file, writing zeros to its physical areas.

Files can be stored on the hard disk in chunks, and not always in the whole block.

When I talk about physical areas. I mean the physical partitions that are stored in the file, or any link to those partitions that I can execute "write zeros".

Better in C #.

+4
source share
3 answers

Unfortunately, this is not entirely possible in C # and not in C / C ++, even if you are writing a kernel-mode driver.

Quote from the Bleachbit documentation :

Shredding an individual file properly suggests that its location can be fully known, but basically it can only be known in one ideal case. An ideal case has three characteristics:

  • File size has never been reduced due to editing. Imagine starting with a 3 MB spreadsheet, editing it up to 1 MB (using the spreadsheet application) and asking the cleaning application to remove the 1 MB version: the cleaner does not have the ability to find out where 2 MB was missing on the physical hard disk. (Remember: file systems often do not store files continuously, so you cannot assume that the missing part was immediately after the known part.)
  • The file never moved. Imagine spreadsheet software saving a document by writing a new copy to a temporary file, deleting the old copy and renaming the temporary file to the original name. In this case, the cleaner application does not know where any of the old tables are located.
  • The file system overwrites files to the same place. This is a good guess. On Windows NTFS and Linux, the most common ext3 configuration (which is the default for Ubuntu 9.10 and other Linux distributions) overwrites files in one place, but transparent disk compression, encryption, and sparse files cannot overwrite files in place.

Next: When a region of a modern hard drive is damaged, it automatically reassigns a bad sector to a spare one. These operations are performed at the discretion of the drive’s firmware, and neither the operating system nor applications are aware of this, therefore cleaning the disk ignores the damaged area.

Having said that, you can (although not easily) find out which sectors of the disk the file currently occupies. This requires, however, that your application (at least partially) understand the file system used and how this file system stores files on the underlying medium.

Finally, the question remains: what additional security would you gain by indicating all sectors that your file occupies and filling them with 0s, instead of doing

using(var fs = new System.IO.FileStream(@"m:\delme.zip", FileMode.Open, FileAccess.Write, FileShare.None)) { var zeros = new byte[fs.Length]; fs.Write(zeros, 0, zeros.Length); }
+6
source

Typically, there is no .NET API for this. Most likely, you are looking at manually reading FS structures from disk and analyzing file distribution structures and using interop to switch to a low-level IO block.

You might want to try to write zeros to a file without changing its length and observing what happens. Most likely, the file will not be redistributed. I really don't know if this is the case, and I suspect it depends on the OS, OS version, FS, and maybe even differs between SSDs and hard drives.

Also, consider the case where the file you are trying to destroy was recently redistributed by the OS. Some of the areas that were used by the file are now marked as "empty", but the data still exists. There is (almost) no way to find out that these areas / were not actually β€œshredding” the entire disk.

Also, for paranoids between us: writing zeros (or units or garbage) in the file area does NOT guarantee that old data will become unrecoverable. Physical destruction of the disk can do the trick, but there is no API for that;)

+1
source

I'm not sure you can do this. According to This , you can use unmanaged code for this.

0
source

Source: https://habr.com/ru/post/1390186/

More articles:


All Articles