FILE SECURITY AND PROTECTION

We used to keep several kinds of files in our computer machine. Among these files, there are some that contains very sensitive and confidential information that it is not everybody is required to have direct access to such files. To provide a mechanism that can limit the number of people to get direct access to these files are one of the critical features that needs to be available in every system.

Every sensitive data needs some security and protection mechanisms in our computer system. Hence, the information in this article will guide us on it.

Also, the article will explain the Backup mechanism and some of the benefits on why we should create a backup for data in our computer. The recovery of the lost data due to some unforeseen disaster will also be discuss, and concluded by mentioning and explaining some of the tools we could use to perform the recovery operation on the lost data in storage devices.

1 - PASSWORD AND ENCRYPTION

Passwords

A password, sometimes called passcode is secret data, typically a string of characters, usually used in authenticating access to and secure a digital system. Adding passwords helps ensure that computers or data can only be accessed by those granted the right to view or access them. Password protection is a lot like locking something in a safe place. The password needs to be kept secret and is only intended for specific user. In computer systems, each password is associated with a specific username since many individuals may be accessing the same system. Also, computer files can be protected from unauthorized access with a password.

Fernando Corbató is considered the father of the password after conceiving and applying the concept of a password to his CTSS (Compatible Time-Sharing System).

Some application programs also provide a means of password to secure the contents inside file created with the software. Applications like MS-Word and Excel have the password features included that you can use to protect the contents of the file from been access by an unauthorized person. Let try this feature of passwording file using MS-word processor.

Applying Password in MS Word File

For this example, we will use Microsoft Word 2016. Though, the process is similar for most recent versions of the Office application suites.

Firstly, open the Office Word document you would like to protect and follow the steps below.

1. Go to File → Info → Protect Document → Encrypt with Password.
   

   First step for passwording a document file.

2. Create a password for the file, retype it again for confirmation, and click on the OK button.
   

   Creating a password for the document file to be passwording.

3. Save the file to make sure the password takes effect.

MS Word would now indicate that the document is protected. Each time you try to open the document, you will be prompted to enter the password before you can get access to its contents.

Encryption

Another way to keep files and data safe in computer is through the use of encryption. Encryption is the process of encoding messages of information so that it can only be viewed by authorized individuals. Encryption is sort of like taking a secret document and scrambling all the contents of that document, so it is virtually unreadable by anyone not authorized to read it. When a document is unencrypted, it’s stored in what we might call plain text. Anyone can read it. When it’s encrypted, it’s in cipher text. To see the document in its original form, the user must provide a key of sorts that unscrambled the message. In the case of file and folder encryption in Windows operating system, the key is to be logged into the correct user account. Even on the same computer, the secret document may as well be gibberish to a different Windows user.

Here are some of the benefits behind the idea of encrypting sensitive data and information in our computer system:

• Privacy: Encryption ensures that no one can read communications or data at rest except the intended recipient or the rightful data owner. This prevents attackers, ad networks, Internet service providers, and in some cases governments from intercepting and reading sensitive data.
• Security: Encryption helps prevent data breaches, whether the data is in transit or at rest. If a corporate device is lost or stolen and its hard drive is properly encrypted, the data on that device will still be secure. Similarly, encrypted communications enable the communicating parties to exchange sensitive data without the data been leaked.
• Data integrity: Encryption also helps prevent malicious behaviour, such as on-path attacks. When data is transmitted across the Internet, encryption (along with other integrity protections) ensures that what the recipient receives has not been tampered with on the path.
• Authentication: Public key encryption, among other things, can be used to establish that a website’s file owner owns the private key listed in the website's TLS certificate. This allows users of the website to be sure that they are connected to the real and trusted website.
• Regulations: For all these reasons, many industry and government regulations require companies that handle user data to keep that data encrypted.

Now that we have read the significance of encrypting our files in the computer system, let look at the steps to follow to encrypt a file or folder in Windows operating system.

Note: Windows Home Edition does not allow you to encrypt files, the option is not accessible.

Encrypting File/Folder in Windows Operating System:

1. Navigate to the folder/file you want to encrypt.
2. Right click on the item. Click on Properties option, and click on Advanced button.
   

   First step to Encrypt a file using Windows10 OS.

3. Check on the Encrypt contents to secure data check box, and then click on OK.
   

   Second step for encrypting a file.

4. Click Apply, and click on OK.
   

   Third step for encrypting a file.

5. The operating system will ask whether you want to encrypt the file only, or its parent folder and all the files within it as well. It is recommended that you opt for full folder encryption, just to be on the safe side.
6. Now, once you navigate to the encrypted folder, you will see a small yellow lock on the file icon. Also, when you add new content to that folder, it will automatically be encrypted too.
   

   Encrypted file icon with a yellow lock symbol on it.

To be clear, Windows file encryption protects your files against anyone who gets their hands on your computer. The encryption is tied to your Windows account, so when you are logged in, the files decrypt on the fly by the operating system. However, if someone were to log in through another account, they would not be able to access files that were encrypted under your username.

Your files are accessible through your account, and if someone gets unauthorized access to your computer while it’s logged in, encryption is practically useless. This is why it is very crucial to create a strong login password in the first place.

Password Encryption

Another option for protecting data and information inside the computer system is the combination of password protection and encryption. The primary benefit of using both is having two-layers of security. Now, our secret document is safe and it’s inscrutable.

If someone has the right password to unlock the file or folder, they still won’t be able to make sense of it if they’re not logged on as the authorized user. 7zip application program is an example of application software that has these features for files and folders.

2 - BACKUP

Consider what might happen if you accidently lost your data due to some disaster or problems encountered in the computer system. Backup is a copy of file or other item of data made in case the original is lost or damaged. In information technology, a backup, or data backup is a copy of computer data taken and stored elsewhere so that it may be used to restore the original file after a data loss event. Backing up your data regularly can help in ensuring you are never been trapped.

Files Back up Options

There are several numbers of available options to back up our data. It is good to understand the types of backups and get one that suits our need. Backing up individual folders and files it’s as easy as copying them from the source storage media, your computer's hard disk, to the destination storage. The destination storage can be an offline storage media or online storage media, also called a cloud storage.

• External hard drives: As the name sounds, an external hard drive is connected to the computer on the outside via cables or wirelessly, and copy the files to be backup onto the external drive. Examples of external hard drives include USB flash drives and solid-state drives, also known as SSDs. External drives have some advantages. They’re portable, easy to use, and capable of storing large files. Plus, they can be moved from one computer to another computer, making it easier to transport data.
• Cloud backup: Cloud backup allows users to make a back up of their data to storage hardware that’s in a remote location. Users can access their data anytime on any device via the internet.
  Cloud storage makes it easy to manage your data. Most cloud storage services provide a large amount of storage space and encrypt the content for data security. Examples of cloud services that can be used for backup includes Google Drive and Microsoft OneDrive.
• Flash drives: Flash drives are small portable storage devices mostly used to transfer files from one device to another device. They’re also called pen drives, thumb drives, or jump drives.
  Unlike cloud storage, flash drives do not have additional security features should your drive be lost or stolen.
• Backup services: Online backup service is a method of data backup and storage in which a service provider handles the stored data. A backup service can help people and companies manage their data better.
  Most services offered encryption and protect the data from loss caused by technological malfunction or cybercrime. Examples of a Backup service companies include:
  1. Acronis True Image
  2. Backblaze
  3. Carbonite Safe
  4. IDrive Personal
  5. SpiderOak One
  6. Zoolz Cloud Backup.

3 - Data recovery

In computing, data recovery is a process of retrieving inaccessible, lost, corrupted, damaged, or formatted data from secondary storage, removable media or files, when the data stored in them cannot be accessed in a usual way. The data is most often salvaged from storage media such as internal or external hard disk drives (HDDs), solid-state drives (SSDs), USB flash drives, and other electronic devices. The most common data failure scenario that leads to data recovery involves an operating system failure, malfunction of a storage device, logical failure of storage devices, accidental damage, or deletion.

Recovery may be required due to physical damage to the storage devices or logical damage to the file system that prevents it from being mounted and usable by the host operating system (OS).

I - Physical Damage

A wide variety of failures can cause physical damage to storage media, which may result from human errors and natural disasters. For example, a hard disk drive can suffer from a multitude of mechanical failures, such as head crashes, Printed Circuit Board (PCB) failure and failed motors.

Physical damage to a hard drive, even in cases where a head crash has occurred, does not necessarily mean there will be permanent loss of data. The techniques employed by many professional data recovery companies can typically recover most, if not all, of the data that had been lost when the failure occurred.

II - Logical Damage

The logical damage refers to situations in which the error is not in the physical or hardware part of the storage device, and it requires software-level solutions. There are generally four (4) ways a data can get lost through logical damage, and the fortunate thing is that most of the data lost due to the logical damage, if not all, can be made recoverable. These logical damages could be either of the followings:

• Corrupt partitions and file systems, media errors
  In some cases, data on a hard disk drive can be unreadable due to damage to the partition table or filesystem, or to sporadic media errors. In the majority of these cases, at least a portion of the original data can be recovered by repairing the damaged partition table or file system using specialized data recovery software such as Testdisk and ddrsecue software. ddrescue software can be used to image media despite sporadic errors, and image raw data when there is partition table or file system damage. This type of data recovery can be performed by people without expertise in drive hardware as it requires no special physical equipment or access to platters, just follow the software instructions.
  Sometimes data can be recovered using relatively simple methods and tools, though more serious cases can require expert intervention, particularly if parts of files are irrecoverable.
• Data Overwritten
  After data has been physically overwritten on a hard disk drive, it is generally assumed that the previous data are no longer possible to recover. During 1996 – 2001 some computer scientists presented a paper that suggested overwritten data could be recovered by the use of magnetic force microscopy. Substantial criticism has followed, primarily dealing with the lack of any concrete examples of significant amounts of overwritten data being recovered, there is no practical evidence that overwritten data in hard disk drive (HDD) can be recovered. The majority of research has shown to support that overwritten data in hard disk drive (HDD) cannot be recovered.
  The recovering of an already overwritten data can be made possible if the storage medium is a Solid-State Disk (SSD). Solid-state drives (SSD) overwrite data differently from hard disk drives (HDD) which makes at least some of their data easier to recover. Most SSDs used flash memory technology to store data in pages and blocks, referenced by logical block addresses (LBA) which are managed by the flash translation layer (FTL). When the FTL modifies a sector, it writes the new data to another location and updates the map so the new data appear at the target LBA. This leaves the pre-modification data in place, with possibly many generations, and recoverable by data recovery software.
• Logical bad sector
  In the list of logical failures of hard disks, logical bad sector is the most common in which data files cannot be retrieved from a particular sector of the media drives. To resolve this, software is used to correct the logical sectors of the media drive. If this is not enough, the hardware containing the logical bad sectors must be replaced.
• Lost, deleted, and formatted data
  Sometimes, data present in the physical drives (Internal/External Hard disk, USB Flash drives, etc.) gets lost, deleted and formatted due to circumstances like virus attack, accidental deletion or accidental use of SHIFT+DELETE.
  Typically, the contents of deleted files are not removed immediately from the physical drive. Instead, references to them in the directory structure are removed, and thereafter space the deleted data occupy is made available for later data overwriting. In the mind of end users, deleted files cannot be discoverable through a standard file manager, but the deleted data still technically exists on the physical drive. In the meantime, the original file contents remain, often in a number of disconnected fragments, and may be recoverable if not overwritten by another data files. In these cases, data recovery software is used to recover/restore the data files.

NOTE:

The term data recovery is also used in the context of forensic applications or espionage, where data which have been encrypted or hidden, rather than damaged, are recovered. Sometimes data present in the computer gets encrypted or hidden due to reasons like virus attack which can only be recovered by some computer forensic experts.

Phases For Making Data Recovery

Salvaging data from a physically damaged hardware can involve multiple techniques. Some damages can be repaired by replacing parts in the hard disk. This alone may make the disk usable, but there may still be logical damage. A specialized disk-imaging procedure is used to recover every readable bit from the surface. Once this image is acquired and saved on a reliable medium, the image can be safely analysed for logical damage and will possibly allow much of the original file system to be reconstructed.

NOTE:

Most physical damage of hard disk cannot be repaired by an end user. For example, opening a hard disk drive in a normal environment can allow airborne dust to settle on the platter and become caught between the platter and the read/write head. When these dust particles get caught between the read/write heads and the platter, they can cause new head crashes that further damage the platter and thus compromise the recovery process. Furthermore, end users generally do not have the hardware or technical expertise and equipment required to make these repairs. It is better to involve the data recovery companies to salvage important data with the more reputable ones, companies that have cleanrooms facility.

There are usually four (4) phases when it comes to successful data recovery, though that can varies, depending on the type of data corruption and recovery required. The phases are:

• Phase 1: Repair the hard disk drive
  The hard drive is repaired in order to get it running in some form, or at least in a state suitable for reading the data from it. For example, if heads are bad, they need to be changed; if the PCB is faulty, then it needs to be fixed or replaced; if the spindle motor is bad, the platters and the heads should be moved to a new drive.
• Phase 2: Image the drive to a new drive or a disk image file
  When a hard disk drive fails, the worth of getting the data off the drive is the top priority. The longer a faulty drive is used, the more likely further data loss is to occur. Creating an image of the drive will ensure that there is a backup copy of the data on another drive, on which it is safe to perform testing and recovery procedures without harming the source data.
• Phase 3: Logical recovery of files, partition, MBR and filesystem structures
  After the drive has been cloned to a new drive, it is suitable to attempt the retrieval of lost data. If the drive has failed logically, there are a number of reasons for that. Using the clone, it may be possible to repair the partition table or master boot record (MBR) in order to read the file system's data structure and retrieve stored data.
• Phase 4: Repair damaged files that were retrieved
  Data damage can be caused when, for example, a file is written to a sector on the drive that has been damaged. This is the most common cause in a failing drive, meaning that data needs to be reconstructed to become readable. Corrupted documents can be recovered by several software methods or by manually reconstructing the document using a hex editor. Note: A hex editor is a computer program that allows for manipulation of the fundamental binary data that constitutes a computer file.

4 - File recovery and troubleshooting tools

Recovery of digital data files are possible with a computer system that have the necessary tools available in it that was designed specifically for such operations. A reasonable amount of data that has been lost due to logical damages can be possibly recovered even if it is not up to 100% of the missed data.

Data recovery cannot always be done on a running system. As a result, a bootable disk, live CD, live USB, or any other type of live distro containing a minimal operating system. We will list some of the software programs and tools designed specifically to make a recovery of lost data or files from a storage device, these tools can also be used to repair the damage data after the recovery process.

• Windows Preinstallation Environment (WinPE): Is a customizable Windows Boot DVD, made by Microsoft and distributed for free. It can be modified to boot to any of the programs listed.
• SystemRescueCD: It is an Arch Linux based live CD. It is useful for repairing unbootable computer systems and retrieving data after a system crash.
• Finnix: Is a Debian-based Live CD with a focus on being small and fast, it is useful for computer and data rescue.
• Data Recovery Wizard: Data recovery wizard is Windows file recovery utility created by EaseUS Inc.
• GetDataBack: It is a data recovery software developed by Runtime Software. It can be used to recover data from external and internal hard disks, flash cards, USB drives, etc. with the FAT, ExFAT, NTFS, Ext, HFS+ and APFS file systems, although different variants of the program are needed for each file system.
• IsoBuster: IsoBuster is a data recovery computer program by Smart Projects. It can recover data from damaged file systems or physically damaged disks including optical discs, hard disk drives, USB flash drives and solid-state disks. It has the ability to access deleted data on multisession optical discs, and allows users to access disc images (including ISO, BIN and NRG) and to extract files in the same way that they would from a ZIP archive. IsoBuster is also often used by law enforcement and data forensics experts.
• Recuva: It is an undeletion program for Windows OS. Recuva can recover files deleted from internal and external hard disk drives, USB flash drives, memory cards, portable media players or all random-access storage mediums with a supported file system. Recuva was developed by Piriform Ltd.
• TestDisk: Is a free and open-source data recovery tool. It is primarily designed to help recover lost data storage partitions and/or make non-booting disks bootable again when these symptoms are caused by faulty software, certain types of viruses, or human error (such as accidentally erasing a partition table). TestDisk can be used to collect detailed information about a corrupted drive, which can then be sent to a technician for further analysis.
• Windows File Recovery: Windows File Recovery is a command-line software tool from Microsoft to recover deleted files. It is freely available from Windows 10 version 2004 (May 2020 Update) and later from the Microsoft Store. Windows File Recovery can recover files from a local hard disk drive (HDD), USB flash drive, or memory card such as an SD card. It can work to some extent with solid-state drives (SSD).
• EnCase: It is a suite of forensic tools developed by Guidance Software (now acquired by OpenText), that is used for imaging and forensic analysis for UNIX, Linux, and Windows systems. Encase is traditionally used in forensics to recover evidence from seized hard drives. Encase allows the investigator to conduct in depth analysis of user files to collect evidence such as documents, pictures, internet history and Windows Registry information.
• The Sleuth Kit (TSK): Is a library and collection of Unix and Windows-based utilities for extracting data from disk drives and other storage, so as to facilitate the forensic analysis of computer systems. It forms the foundation for Autopsy, a better-known tool that is essentially a graphical user interface to the command line utilities bundled with The Sleuth Kit.
  The Sleuth Kit is capable of parsing NTFS, FAT/ExFAT, UFS 1/2, Ext2, Ext3, Ext4, HFS, ISO 9660 and YAFFS2 file systems either separately or within disk images stored in raw, Expert Witness or AFF formats. The Sleuth Kit can be used to examine most Microsoft Windows, most Apple Macintosh OSX, many Linux and some other UNIX computers.
• Clonezilla: Clonezilla is a free and open-source disk cloning, disk imaging, data recovery, and deployment computer program. CloneZilla was developed by the NCHC Free Software Labs in Taiwan.
• ddrescue: GNU ddrescue is a data recovery tool. It copies data from one file or block device (hard disk, CD-ROM, etc.) to another, trying hard to rescue data in case of read errors. GNU ddrescue was designed by Antonio Diaz.
• Team Win Recovery Project (TWRP): Is a free and open-source recovery system for Android devices. It is an open-source software custom recovery image for Android-based devices. It provides a touchscreen-enabled interface that allows users to install third-party firmware and back up the current system, which the functions are often unsupported by stock recovery images. It is, therefore, often installed when flashing, installing, or rooting Android devices, although it isn't dependent on a device being rooted prior to installation.

Good passwords are essential to keeping computer systems secure. It’s vital to have a secure system in place for storage and processing of your information. A leak or hack could result in serious issues such as identity theft, financial loss and losing confidential information – as well as placing your company in danger of being prosecuted.

Making backups of collected data is critically important in file management. Backups protect against human errors, hardware failure, virus attacks, power failure, and natural disasters. Backups can help save time and money if these failures occur.

Several recovery software programs are available out there, designed for salvaging data and files that has been lost in the storage device of computer. These recovery tools can be used to recover the damage file or a file that has been deleted mistakenly, and also to make repair of the damage files caused by logical errors.