Administrator Guide

Secure Delete

3 min read

CloudShark provides a secure delete mechanism for environments which require the secure deletion of files.

Files deleted without secure delete may still be recoverable using data recovery software. Enabling secure delete in CloudShark can make this more difficult by overwriting the deleted file multiple times.

There are some important considerations when using secure delete and on certain systems enabling secure delete may not perform a secure delete with no warning to the user. Be sure to read the Important Considerations section below before enabling secure delete. Secure deletion works by overwriting the location where the file was stored 25 times. Because of this secure delete will take longer when enabled.

Enabling Secure Delete

Secure delete can be enabled from the settings page in the CloudShark Administration menu.

This feature is disabled by default as the effectiveness of secure delete is dependent on the system and this may take longer than a standard delete. See the Important Considerations section below to determine if your system can support secure delete.

When secure delete is enabled the user will be prompted to confirm that the file should be deleted before any files are removed. The delete button will change from Delete to Secure Delete when this is enabled.

Files Securely Deleted

Capture files are removed from the disk when there are no more CloudShark sessions that use the same capture file. When a capture file is removed from the disk any audio files extracted using the VoIP Calls Analysis Tool will also be securely deleted.

Administrators are also able to add and manage RSA keys to allow users to decrypt SSL traffic within a capture file. These RSA keys are stored in a file on disk and when an administrator deletes the RSA key this file will also be securely deleted.

Secure deletion is additionally used when an Auto-Import location is created that is configured to delete the files after they have been imported into CloudShark.

Important Considerations

Secure delete may not work as expected on some systems due to a number of reasons. Solid state drives use a different method for storing files than hard disk drives which makes the techniques used for secure delete ineffective. If you are using a sold state drive, please read this article: Issues regarding solid state drives and secure delete.

CloudShark uses the shred Linux command to securely delete files. In addition to the issues when securely deleting files from an SSD there are other considerations, including the file system type, that cause secure delete to work unexpectedly. When a file is deleted, the shred command is executed with the -zufn25 options. These options will overwrite the location where the file was stored 25 times and add a final overwrite of all zeros at the end. This causes the secure delete to take longer when enabled, especially for larger capture files. The additional overwrites may also decrease the longevity of your hard drive. Unless secure deletion is required in your environment it is recommended to be disabled.

More information about these options and the risks of using secure delete can be found in the shred documentation.