On December 2, 2008 06:19, in comp.os.linux.security, Neil Jones
(castellan2004-nschap@remove-this.yahoo.com) wrote:

> I have been using Eraser software which overwrites the file with random
> data several times to make it unrecoverable. Recently, I have attended
> the Forensics class offered by SANS. When it came to the topic of
> metadata, some of the classmates mentioned that Eraser works only at the
> application level. This confused me a bit.
>
> My question now is, does Eraser delete the data and metadata as well?

What do you mean by "metadata"? (I know what /I/ mean, and it is crucial
that you first have an idea of what "metadata" consists of before you ask
whether or not Eraser deletes it.)

> If not, then how do you delete metadata?

It depends on the metadata.

For filesystem-related metadata (such as permission bits, access timestamps,
data locations on disk, etc.) you /delete/ the file (remove its entry from
the directory and free it's inode) at a minimum. You may also want to
manipulate the inode table so that the inode is completely blanked out, or
at least immediately reused, and you may want to manipulate any affected
directories so that the directory entry is blanked out or immediately
reused.

For other sorts of metadata (what sorts could there be?), you need to take
other steps.


> How do you cleanup the metadata at the file system level?
> I use Eraser on Vista and Linux.

For the proper answers to these and other "Eraser"-related questions, you
really should contact the vendor of the "Eraser" package. That looks like
support@east-tec.com to me.

--
Lew Pitcher

Master Codewright & JOAT-in-training | Registered Linux User #112576
http://pitcher.digitalfreehold.ca/ | GPG public key available by request
---------- Slackware - Because I know what I'm doing. ------