What is Wipe and Clean Encryption – An Overview of Anti-Forensics
Before looking at what wipe and clean encryption is, we will consider two factors. The first is anti-forensics and the second is the computer's method of file saving/deletion. Wipe and Clean encryption forms the basics of anti-forensics. You probably have heard about Computer Forensics- it deals with the science of gathering data by studying the storage devices of a computer.
Computer Forensics helps in gathering tidbits and logs of different files to recover reliable data (mostly to solve cyber crimes). Anti-forensics is just the opposite. The basics of anti-forensics deal with deleting data in a way that no one can trace it. Wipe and Clean encryption is a method that helps with this. Let us study the method of how an operating system stores and deletes data, taking Windows as an example.
All operating systems format the hard disk into several plates, tracks, and sectors for easier maintenance of the files you create, edit, or delete (the link helps you understand how Windows stores files and how to speed up your computer). When you save a file, Windows looks for the nearest free space and notes down the plate, track, and sector number in its File Allocation Table (also called FAT for short). If the free space falls short, Windows stores the remaining part of the file at the next available free space. When you open a file, Windows consults the FAT and notes down the address of the beginning of file so that it can gather the data and present it to you in a readable format.
When you delete any file, Windows removes the data corresponding to the file from the File Allocation Table. Other operating systems also work in a similar fashion except that Windows does not completely remove the information until you empty the Recycle Bin. If you delete a file under Windows and it goes to Recycle Bin, its address is just marked in the FAT and not erased.
Coming to the point, when you delete a file under any operating system, only the address of the file is removed from the FAT. The data remains on the hard disk as long as the operating system does not overwrite the file (data). As a single file may span several clusters, it is possible that the operating system will overwrite some parts of the files and leave others - making it possible for others to recover data using any data recovery tools. This is where the basics of anti-forensics come into the scene.
Wipe and Clean Encryption is a method to securely delete your private data in a way that it is unrecoverable. The most common method is to overwrite the data using different patterns. In some cases, such as Read Only Memory (a CD-R, for example), overwriting is not possible. Wipe and Clean Encryption would not serve the purpose here. The only method is physical destruction of the storage device.