Does Oracle or Symantec DLP "backfill" or "overwrite" deleted records?

book

Article ID: 160220

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

When records are deleted, are provisions made to "shred", "backfill", or "overwrite" the record space on disk?  Can the record still be recovered from disk?

Resolution

The standard installation of Symantec DLP does not "backfill", "shred", "overwrite" or obfuscate records that have been deleted on disk in any way.  After a record is deleted, the space it occupied eventually becomes available for reuse.  New records can then be written to the space.  From the database perspective, a record that has been both deleted and committed is gone.

If the space that a deleted record occupied is not reused, then the data is still present and can be accessed via non-database means, such as using an editor.  TECH218827 addresses this in greater detail.

That this data is still available in no way means that it is recoverable and/or viable.  Deleted data is to be considered lost and no effort will be made to recover it by means fair or foul.

Oracle provide database encryption methodology, but use of these Oracle features are specifically not supported by Symantec DLP Technical Support.

 

NOTE:  The data itself is encrypted by the DLP application before it is sent to the database.  So any attempt to manually inspect the data in the deleted records in the database would be useless without the encryption key from the Enforce server.