Feeds

Clearing swap and hibernation files properly

Two neglected open books

  • alert
  • submit to reddit

Build a business case: developing custom apps

Privacy workshop Most privacy-conscious users are familiar with deleting files securely, that is, destructively with overwriting and with wiping free space on their disks. But two items that often get overlooked are the swap file (or swap partition), and the hibernation file.

Let's start with the swap file. This is an area of your hard disk where data previously held in RAM is written, and later read, to "free up" physical memory and make it available for other tasks. Data swapped from RAM to disk is sometimes called "virtual memory". Your computer can read from RAM much faster than it can read from the disk, but RAM is expensive, whereas disk space is comparatively cheap and usually plentiful. Thus, it's not unusual for a system to have a swap file of 1GB or more.

Unfortunately, your swap file knows a lot about you. Pretty much anything you do with your computer can leave traces there. Files you've opened and their contents, websites you've visited, online chats you've had, emails you've sent and received, virtually anything can end up archived in it for quite a long time - months, and even years. You can delete, even wipe securely, the original data, and still your swap file might tell on you by retaining duplicate traces of your computing behaviour. Forensics practitioners consider the swap file to be a real bonanza of data traces, because swapping is an automatic, background process that users - even privacy-conscious ones - can't control completely.

So, what data gets swapped to disk? No one can say: it depends on conditions and memory needs peculiar to each system. Not all data is swapped to disk, but virtually any data might be swapped - even passwords, potentially.

In fact, it's possible that the plain text versions of encrypted files could turn up in the swap file: perhaps the content was swapped to disk before encrypting or after decrypting - that is, when a user is viewing or editing the plain-text content of these files. A good encryption utility will have its own viewer and editor designed to prevent swapping the plain-text data. But are you certain that it works as it should? And what happens if you copy and paste between two decrypted files, or between two files that you intend to encrypt later? Clipboard contents can certainly be swapped.

So, what are the solutions? First, and most obviously, don't use a swap file or swap device. If you've got plenty of RAM, you might not need anything more. Some Windows applications, games, etc, require a swap file even when there is an abundance of RAM, so not everyone can use this option. But Linux users can almost always get away with not using a swap partition if they have plenty of RAM, say 1GB or more.

The next approach is to perform a manual, secure wipe of the swap file on a regular schedule with the help of an inexpensive utility like BCWipe for Windows users, or a free utility like LinuxWipeTools for Tuxers.

The essential guide to IT transformation

More from The Register

next story
Rupert Murdoch says Google is worse than the NSA
Mr Burns vs. The Chocolate Factory, round three!
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
Know what Ferguson city needs right now? It's not Anonymous doxing random people
U-turn on vow to identify killer cop after fingering wrong bloke
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.