Method and apparatus for real-time secure file deletion
First Claim
1. A method for real-time secure data deletion in a system having an NTFS file system comprisingmonitoring read calls using a read filter and recognizing and storing pointer to NTFS metafile and page files;
- monitoring write calls using a write filter and performing real-time secure data deletion of buffers;
monitoring file creation operations and performing real-time secure data deletion of user files when the file is to be overwritten;
monitoring set information operations and performing real-time secure data deletion for truncated, shrunk or deleted user files;
performing real-time secure data deletion of truncated data responsive to recognition of an allocation operation where an old end-of-file is greater than zero and the new allocation is equal to zero;
performing real-time secure data deletion of shrunk data responsive to recognition of an end-of-file operation where an old end-of-file is greater than a new end-of-file; and
performing real-time secure data deletion of deleted data responsive to recognition of a delete disposition operation when an old end-of-file is greater than zero.
12 Assignments
0 Petitions
Accused Products
Abstract
A method and apparatus are provided that enhance file system calls to a file system structure of an operating system. In particular, file system calls can be enhanced to provide real-time secure file deletion on an ongoing basis. A file system call that is intended to perform a function with respect to data stored on a storage device is intercepted. It is then determined whether the file system call is of a type that should be processed. If not, the original file system call is passed on through the file system. If the file system call should be processed, supplemental processing is performed to enhance the original file system call and the file system call is transparently returned to the calling system application. In embodiment, real-time secure file deletion is implemented using a vendor supplied driver (VSD) executing within the installable file system (IFS) of WINDOWS 95. Further, a method and system are disclosed for real-time secure data deletion in a system having an NTFS file system. Read calls are monitored using a read filter and pointers to NTFS metafiles and page files are recognized and stored. Write calls are monitored using a write filter and real-time secure data deletion of buffers is performed. File creation operations are monitored and real-time secure data deletion of user files is performed when the file is to be overwritten. Further, set information operations are monitored and real-time secure data deletion is performed for truncated, shrunk or deleted user files.
-
Citations
2 Claims
-
1. A method for real-time secure data deletion in a system having an NTFS file system comprising
monitoring read calls using a read filter and recognizing and storing pointer to NTFS metafile and page files; -
monitoring write calls using a write filter and performing real-time secure data deletion of buffers; monitoring file creation operations and performing real-time secure data deletion of user files when the file is to be overwritten; monitoring set information operations and performing real-time secure data deletion for truncated, shrunk or deleted user files; performing real-time secure data deletion of truncated data responsive to recognition of an allocation operation where an old end-of-file is greater than zero and the new allocation is equal to zero; performing real-time secure data deletion of shrunk data responsive to recognition of an end-of-file operation where an old end-of-file is greater than a new end-of-file; and performing real-time secure data deletion of deleted data responsive to recognition of a delete disposition operation when an old end-of-file is greater than zero.
-
-
2. A system for real-time secure data deletion in a system having an NTFS file system, comprising:
-
a storage device; a memory; a processor executing an operating system that provides a file system for managing data on the storage device, and the processor executing a driver within the file system such that the apparatus operates to monitor read calls using a read filter and recognize and store pointers to NTFS metafiles and page files; to monitor write calls using a write filter and perform real-time secure data deletion of buffers; to monitor file creation operations and perform real-time secure data deletion of user files when the file is to be overwritten; and to monitor set information operations including performing real-time secure data deletion of truncated, shrunk or deleted user files; performing real-time secure data deletion of truncated data responsive to recognition of an allocation operation wherein an old end-of-file is greater than zero and the new allocation is equal to zero; performing real-time secure data deletion of shrunk data responsive to recognition of an end-of-file operation where an old end-of-file is greater than a new end-of-file; and performing real-time secure data deletion of deleted data responsive to recognition of a delete disposition operation where an old end-of-file is greater than zero.
-
Specification